Gitops - Tag - vo.rs

ArgoCD: GitOps with a Dashboard You Might Actually Use

Mon, 11 Aug 2025 09:00:00 +0000

I came to GitOps grudgingly. The pitch — “Git is the single source of truth, the cluster reconciles itself to match” — sounded like the kind of slogan that survives precisely one production incident. Then I tried to debug a drifting Kubernetes cluster the old way, kubectl apply-ing manifests by hand and trying to remember which of three engineers had hotfixed what, and I came round. ArgoCD is the tool that converted me, mostly because of one thing the others don’t do nearly as well: it shows you the state of the world.

Kubernetes Secrets Management: SOPS, Sealed Secrets, or External Secrets

Thu, 19 Dec 2024 10:00:00 +0000

Kubernetes Secrets are not secret. That’s the first thing nobody tells you. A Secret object is base64-encoded YAML sitting in etcd, and base64 is encoding, not encryption — anyone with get secrets on the namespace can read it back in plaintext with a single command. Encryption at rest in etcd helps a little, but the real problem turns up the moment you adopt GitOps: now you want everything in a repo, and committing a base64 blob of your database password to Git is the kind of decision that ends careers. So you reach for tooling. There are three serious contenders, and I’ve run all of them in anger.

GitOps with Flux: Letting Git Be Your Cluster's Source of Truth

Tue, 12 Mar 2024 09:00:00 +0000

There’s a particular kind of dread that comes from not knowing what’s actually running in your cluster. You applied a manifest weeks ago, then patched something live to fix an outage, then someone else tweaked a config map, and now the YAML in your repo and the reality in the cluster have quietly diverged. Nobody can say with confidence what’s deployed, which means nobody can rebuild it from scratch. That drift is the enemy, and GitOps is the cure.