← Blog

GitOps Is Not Enough

GitOps solves the source-of-intent problem. It does not solve the operational correctness problem. The gap between a successful sync and a working system is where most platform failures actually live.

GitOps gave infrastructure teams something concrete to point at. The repository is the source of truth. Changes go through pull requests: reviewed, approved, tracked in version history. The cluster state reconciles to what the repository describes. When something is wrong, you have a clear reference point, what the repository says should be there, and what is actually running. That is a genuine improvement over the alternatives.

The pattern has become standard enough that most platform engineering conversations assume GitOps as a baseline. But treating it as an operations model rather than a delivery mechanism creates a specific blind spot that tends to surface at the wrong moment.

What GitOps actually solves

GitOps solves the source-of-intent problem. Before it, the authoritative description of what should be running lived in the head of whoever last touched the environment, in a pipeline that ran on a schedule, or in a state file that reflected the last apply regardless of whether that apply was intentional. GitOps moves intent into a version-controlled repository with a review process.

That is a real improvement. It makes changes visible, reversible, and attributable. For teams that were previously running infrastructure by hand or through unstructured pipelines, adopting GitOps is a meaningful step forward.

What it does not solve is whether the resulting infrastructure behaves correctly. A repository can describe a desired state with complete fidelity. It cannot tell you whether DNS is resolving, whether replicas are in sync, whether the failover path works, or whether the application can serve traffic in the configuration it is receiving.

The gap between sync and correct

Most GitOps tooling reports on sync status. The repository and the cluster are reconciled. The operator sees a green indicator and moves on.

Reconciled is not the same as correct. A deployment can sync successfully and still fail in ways that sync status does not capture.

GitOps sync: ✓ reconciled (3/3 resources)

Application health:
  ✗ database connection: timeout after 5s
  ✗ replica lag: 47s (threshold: 10s)
  ✓ ingress: responding

The repository described what should be deployed. The sync applied it. The application is not healthy. None of that is visible in the sync status, because sync status is about reconciliation, not about whether the resulting system behaves the way it needs to.

This is not a criticism of GitOps tooling. Reporting sync status is what it is designed to do. The gap is in treating a successful sync as the final measure of operational correctness.

What GitOps leaves to the operator

After a sync completes, a set of operational questions remains unanswered.

Are the services healthy? Are dependencies reachable? Is the data layer in the expected state? For a database promotion, is the new primary actually accepting writes? For a network change, are routes resolving correctly?

In many teams, these questions get answered manually. Someone checks the dashboards. Someone runs a health check command. Someone confirms the application is behaving as expected. That verification matters. It is also informal, inconsistent, and not captured anywhere.

The version history shows what changed. It does not show whether the change produced a correct result. In a post-incident review, that gap becomes visible in an uncomfortable way.

The operations layer GitOps does not provide

GitOps is a delivery mechanism. It takes a declared desired state and reconciles the running system to match it. That is a well-defined and valuable job.

The operations layer is separate. It answers whether the declared state is actually correct for the operational context, whether the environment produced by reconciliation behaves as required, and what evidence exists to support that conclusion.

HybridOps treats GitOps as one component of the delivery layer, not the whole operational model. Modules declare intent. ArgoCD drives reconciliation. Post-apply probes verify that the resulting environment is in the expected state. The run record captures not just what was applied, but what the verification probes returned. The GitOps sync is one step in a longer operational sequence, not the end of it.

A concrete improvement

Teams that want to close the gap between sync and correctness tend to start in the same place: define what correct means for each operation, and check it automatically.

That does not require replacing the GitOps workflow. It requires adding a verification step after the sync completes. Health probes, connectivity checks, data-layer assertions, whatever a human would verify manually after a change, expressed in a form the platform can run and record consistently.

The repository remains the source of intent. The verification layer is the evidence that intent produced a correct result. Both are necessary. Neither replaces the other.

GitOps moved intent into version control. The next problem is moving verification out of someone’s head and into the platform.

Book a call

Share a little context so we can make the session useful from the start.