# Gitless GitOps

Decouple Flux from Git by leveraging container registries as the single source of truth
for app images, Helm charts, Kubernetes configs, and provenance attestations.

## Advantages

- **No Git Server Dependency** — Production clusters pull from container registries instead of Git. No Git credentials or SSH network access required.
- **Air-Gapped Friendly** — Deploy in disconnected or restricted environments. Mirror OCI artifacts to private registries for complete isolation.
- **Enhanced Security** — OIDC-based authentication, Cosign signatures, and provenance verification ensure only trusted artifacts are deployed.
- **Immutable Artifacts** — Versioned, signed OCI artifacts provide integrity verification and reproducible deployments across environments.
- **Faster Sync** — Pull pre-packaged artifacts instead of cloning repositories. Reduced network overhead and faster reconciliation.
- **Monorepo Scalability** — Independent versioning per component. Build and publish artifacts from monorepos without performance degradation.

## How it Works

In traditional GitOps, Flux connects directly to Git repositories to pull manifests
and reconcile cluster state. With Gitless GitOps, the workflow changes:

```
DevOps (push configs) --> Git (source of truth) --> CI/Build (package & sign) --> Registry (OCI artifacts) --> Flux (cluster fleet)
```

Git remains the source of truth for developers. During CI, manifests are packaged
as OCI artifacts and pushed to container registries. Flux then pulls these
artifacts to reconcile cluster state, eliminating the need for Git access in production.

## Resources

- [Reference Architecture by ControlPlane](https://fluxcd.control-plane.io/guides/d2-architecture-reference/) — multi-cluster fleet management with Flux Operator and OCI Artifacts
- [RBC Capital Markets Case Study](https://www.cncf.io/blog/2025/05/22/streamlining-application-deployment-on-kubernetes-at-rbc-capital-markets-a-journey-with-fluxcd/) — streamlining application deployment on Kubernetes at scale

## Next Steps

- [Sync from OCI Artifacts](https://fluxoperator.dev/docs/instance/sync.md#sync-from-a-container-registry) — configure FluxInstance to pull from container registries
- [Gitless Image Automation](https://fluxoperator.dev/docs/resourcesets/image-automation.md) — automate deployments based on semver policies
- [OCIRepository CRD](https://fluxoperator.dev/docs/crd/ocirepository.md) — configure OCI artifact sources with workload identity
- [Local Development Setup](https://github.com/controlplaneio-fluxcd/flux-operator-local-dev) — set up a local Docker registry to deploy apps with Flux