Gitless GitOps
Decouple Flux from Git by leveraging container registries as the single source of truth for app images, Helm charts, Kubernetes configs, and provenance attestations.
Advantages
No Git Server Dependency
Production clusters pull from container registries instead of Git. No Git credentials or SSH network access required.
Air-Gapped Friendly
Deploy in disconnected or restricted environments. Mirror OCI artifacts to private registries for complete isolation.
Enhanced Security
OIDC-based authentication, Cosign signatures, and provenance verification ensure only trusted artifacts are deployed.
Immutable Artifacts
Versioned, signed OCI artifacts provide integrity verification and reproducible deployments across environments.
Faster Sync
Pull pre-packaged artifacts instead of cloning repositories. Reduced network overhead and faster reconciliation.
Monorepo Scalability
Independent versioning per component. Build and publish artifacts from monorepos without performance degradation.
How it Works
In traditional GitOps, Flux connects directly to Git repositories to pull manifests and reconcile cluster state. With Gitless GitOps, the workflow changes:
Git remains the source of truth for developers. During CI, manifests are packaged as OCI artifacts and pushed to container registries. Flux then pulls these artifacts to reconcile cluster state, eliminating the need for Git access in production.