GitOps vs Pipeline Deploy

Two deployment models.

GitOps and pipeline deploys are different

Pipeline deploy: CI runs `kubectl apply` or `terraform apply`. CI has cluster credentials.

GitOps: a controller in the cluster (Argo CD, Flux) pulls from git and applies. Cluster pulls; CI doesn't push.

GitOps inverts the trust model. The cluster trusts git, not the CI pipeline.

When GitOps wins

Multi-cluster: 10+ clusters across regions. Pulling from a shared git repo is the only sane shape.

Compliance: declarative state in git is auditable. Drift detection is built-in.

Disaster recovery: rebuilding a cluster is `argocd app sync`. The cluster reconstructs itself.

When pipeline deploy wins

Single cluster, simple ops. The CI pipeline is enough.

Non-Kubernetes deploys: serverless, EC2, on-prem servers. GitOps tools focus on Kubernetes.

Imperative steps: GitOps is declarative; some deploys need imperative orchestration (database migrations, traffic shifts).

Hybrid is increasingly common

GitOps for Kubernetes manifests. CI pipeline for everything else.

Or: CI builds and pushes images, updates a manifest repo, GitOps deploys the new image.

Avoids over-investing in either pattern.

How to pick

Single Kubernetes cluster, small team: pipeline deploy. GitOps is overkill.

Multi-cluster or compliance-driven: GitOps with Argo CD or Flux.

Mixed workloads: hybrid. Pick GitOps for k8s, keep pipelines for the rest.