← All posts

Why GitOps Is Worth the Setup Cost

gitopskubernetesdevopsargocd

Why GitOps Is Worth the Setup Cost

Every few months I have some version of the same conversation with a team that is evaluating GitOps. They have looked at ArgoCD or Flux, seen the YAML, and are asking whether it is worth the trouble.

My answer is almost always yes — but the reasoning matters, because the benefits are not the ones usually advertised.

What GitOps Actually Gives You

The obvious sell is "infrastructure as code in Git." But most teams already have some Terraform and some deployment scripts checked in. That is not GitOps.

The useful part of GitOps is the control loop: a controller that continuously compares what is in Git against what is actually running, and brings reality into alignment. This changes the relationship between your Git history and your cluster state in a way that pure push-based deployments do not.

Here is what that buys you in practice:

Drift detection and correction. Someone ran kubectl edit at 2am to patch a live issue and forgot to update the Helm chart. A week later, the deployment diverges from what anyone expects. With a GitOps controller running, that drift either gets corrected automatically or shows up as an alert. Without it, you find out when something breaks.

Auditable, rollback-friendly deployments. Every deployment is a Git commit. Rolling back is git revert. The audit trail is free. For teams in regulated industries — fintech, healthcare, anything with compliance requirements — this alone is worth significant operational overhead.

Deployment without cluster credentials in CI. This one is underrated. In a push-based model, your CI system needs credentials to push images and update deployments in the cluster. Those credentials are a meaningful attack surface. In a pull-based GitOps model, the controller inside the cluster pulls changes. Your CI system only needs permission to push to a Git repository — which you probably already manage carefully.

The Real Setup Cost

The friction is real. You need:

  • A controller running in the cluster (ArgoCD or Flux — both are solid)
  • A clear opinion on your repository structure (app repo vs. config repo vs. monorepo)
  • A deployment process that writes the new image tag back to the Git repo
  • Team buy-in on "if it's not in Git, it doesn't exist"

That last point is the hardest. People are used to being able to make quick changes directly against a cluster. GitOps adds a layer of discipline that feels slow at first.

In my experience, teams start getting the benefits around four to six weeks after initial setup — once the workflows are muscle memory and the alerts are tuned. Before that point it genuinely does feel like overhead.

When It Makes Sense

GitOps pays off fastest when:

  • You have more than one environment (dev, staging, production) and want consistent promotion
  • You care about auditability (compliance, post-mortems, "what exactly changed at 3:47pm")
  • Multiple people are making deployment changes — coordination overhead compounds quickly without a single source of truth
  • You have had drift-related incidents before

It is probably overkill if:

  • You are a one-person team deploying a single service
  • You are still figuring out your architecture and everything changes weekly
  • You have no Kubernetes yet and are deploying to EC2 or Lambda

Where to Start

If you are evaluating GitOps for the first time, I would recommend:

  1. Start with ArgoCD if you want a UI and a gentler learning curve. Start with Flux if you want something more GitOps-native and less opinionated about tooling.
  2. Pick one application first. Do not try to migrate everything at once. Get one service deploying through the controller, tune the workflow, then expand.
  3. Separate your app repo and config repo early. Mixing application code and deployment manifests in the same repository creates friction as the team grows.

The setup cost is real. The operational benefits compound. For most teams shipping production software on Kubernetes, it is worth it.