How does GitOps differ from a traditional push-based CI/CD deploy?
CI/CD & GitOps · Basic level
Answer
Traditional CI/CD often pushes changes directly from a pipeline into the cluster. GitOps makes the pipeline update Git, and a cluster-side controller pulls from Git and applies the desired state. That reduces deployment credentials in CI and gives a cleaner audit trail.
Technical explanation
The desired state should be declarative enough for an agent to converge without manual runbook steps.
Git history becomes the audit trail for who requested, reviewed, and approved an environment change.
GitOps separates build from deploy: CI produces immutable artifacts, while the GitOps controller reconciles declarative desired state into the cluster.
Argo CD status has two dimensions: sync status indicates desired versus live state; health status indicates whether live resources appear operationally healthy.
Use projects, RBAC, repository allowlists, destination restrictions, sync windows, and admission policies to constrain what an Application may deploy.
Prefer reviewed Git changes over direct kubectl changes; direct changes create drift and bypass audit, policy, and promotion workflow.
Hands-on example
1. Model the desired state for: How does GitOps differ from a traditional push-based CI/CD deploy in a GitOps repository, for example environments/staging/apps/payments and environments/prod/apps/payments.
2. Create an Argo CD Application that points to repoURL, targetRevision, path or chart, destination server, namespace, and project; render with Helm/Kustomize before merging.
3. Open a pull request that changes only the desired version or values, require review and policy checks, then merge to let Argo CD detect OutOfSync state.
4. Run argocd app get payments and argocd app diff payments, then sync manually or let automated sync reconcile; verify sync status, health status, events, and Kubernetes rollout status.
5. Test rollback by reverting the Git commit or promoting the previous artifact digest, then watch Argo CD reconcile the cluster back to the known-good desired state.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More CI/CD & GitOps interview questions
- What is CI/CD, and what is the difference between continuous delivery and continuous deployment?
- What are the goals of a CI pipeline beyond just running tests?
- What is Jenkins, and what is the difference between a controller and an agent?
- What is the difference between a freestyle job and a pipeline job in Jenkins?
- What is the difference between a declarative and a scripted Jenkins pipeline?
- What is a Jenkinsfile, and why keep your pipeline as code in the repo?
- Explain the structure of a declarative pipeline (agent, stages, steps, post).
- What is the post section used for, and what are its conditions (success, failure, always)?