_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

GitOps — Patterns a Anti-patterns

07. 11. 2025 1 min read intermediate

DevOps Intermediate

GitOps — Patterns a Anti-patterns

GitOpsArgoCDFluxBest Practices 6 min read

GitOps architektonické vzory. Monorepo vs polyrepo, environment promotion, secrets management.

Repo Strategie

  • App repo + Config repo (doporučeno)
  • Monorepo — jednodušší pro malé týmy
  • Repo per environment — maximální izolace
├── apps/
│   ├── api-gateway/
│   │   ├── base/
│   │   │   ├── deployment.yaml
│   │   │   ├── service.yaml
│   │   │   └── kustomization.yaml
│   │   └── overlays/
│   │       ├── dev/
│   │       ├── staging/
│   │       └── prod/
├── infrastructure/
│   ├── cert-manager/
│   └── monitoring/
└── clusters/
    ├── dev/
    ├── staging/
    └── prod/

Environment Promotion

  1. CI buildne image → push s tagem (git SHA)
  2. CI updatne image tag v overlays/dev/
  3. GitOps sync do dev
  4. Automatické testy
  5. PR z dev do staging overlay
  6. Review + merge → sync do staging
  7. PR do prod → merge → sync do prod

Secrets v GitOps

  • Sealed Secrets — šifrované v Gitu (Bitnami)
  • SOPS — Mozilla SOPS s age/KMS
  • External Secrets Operator — sync z Vault/AWS SSM/Azure KV
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: api-keys
spec:
  refreshInterval: 1h
  secretStoreRef:
    name: azure-keyvault
    kind: ClusterSecretStore
  target:
    name: api-keys
  data:
    - secretKey: DATABASE_URL
      remoteRef:
        key: prod-database-url

Anti-patterns

  • ❌ Ruční kubectl apply vedle GitOps → drift
  • ❌ Secrets v plaintextu v Gitu
  • ❌ Přeskakování environments
  • ❌ Žádný drift detection
  • ❌ Příliš velké PR — nereviwovatelné

Summary

GitOps vyžaduje disciplínu v repo struktuře, environment promotion a secrets managementu. Nikdy necommitujte secrets v plaintextu.

Need Help with Implementation?

Our team has experience designing and implementing modern architectures. We’re happy to help.

Free Consultation

Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

Backbone.js — finally structured JavaScript

Backbone.js brings Models, Views and Collections to frontend JavaScript. How to organize a growing client-side codebase.

CSS3 transforms and animations — the end of jQuery animate

CSS3 transitions, transforms and animations replace JavaScript animations. Better performance, cleaner code and...

ITIL v3 — IT service management in Czech practice

Implementing ITIL v3 in Czech companies. Service Desk, Incident Management, Change Management and real-world...