In theory, GitOps is neutral. A robot pulls from Git and makes reality match. Everyone gets to review, and every change is versioned. Feels fair. Right?
But in practice, GitOps introduces a very specific kind of power dynamic: the gatekeeper pattern.
Most of the time, it’s the infra or platform team that sets up GitOps. They define the rules—how environments are structured, how approvals work, which tools are allowed. And once that system is live, every change has to go through them.
It sounds like collaboration. In reality, it’s almost always a one-way review.
A backend developer wants to change a config file. They need a review from someone on the platform team. A frontend dev wants to bump a service version. They open a PR. They wait. A product engineer wants to expose a new route for testing. Same story. PR. Wait. Fix a nit. Wait again.
But it doesn’t go the other way. It almost never goes the other direction.
Infra changes things, merges to main, the bot deploys it. No one outside the infra team is reviewing their changes. No one’s stopping their PRs with a comment. They own the system, and everyone else is a guest.
That’s not collaboration. That’s control. """
Obviously, the level of auditing and reviewing for infrastructure changes in a Prod environment make no sense for a Sandbox environment, and there’s nothing in GitOps that implies these need to be the same.
Ideally at every phase of development, you have very legible infrastructure that can be shared and iterated on by a team. The CI pipelines backing this should offer rapid turnaround times, and things should be easy to test.
All things which the general GitOps concept still works in tandem with.
cranberryturkey•1h ago
RockieYang•1h ago
tony-vlcek•1h ago
> At its core, GitOps is simple. You write down how you want the system to look in code and a bot makes the world match that. Your infrastructure lives in Git. You deploy by committing. You roll back by reverting. The robots take it from there.
RockieYang•1h ago
elp•49m ago
For version 1/MVP work, you absolutely shouldn’t bother with this. It’s a complete waste of resources when you should be focusing on growth or launching the product. Compared to doing it by hand, it’s slower, clumsier, and just another layer of complexity your team has to deal with.
On the other hand, for long-running, stable systems, it’s awesome! We know exactly who rolled out a change and when. From the commit messages, we know why the change happened—even years later. We also make a point of adding Jira (Hawk Tuah) ticket numbers so we can track the details more easily. And if something goes wrong, it’s simple to roll back to an older version.
This approach is perfect for large, long-term maintenance systems—but poison for a brand-new project.
RockieYang•45m ago