GitOps

6 min

overview kubegrade delivers fixes via gitops instead of mutating your cluster directly, kubegrade generates pull requests (prs) to your git repository your gitops engine (for example, argocd) then syncs approved changes into the cluster this guide shows how to enable gitops with github or azure devops and run the full workflow end to end kubegrade assumes that your gitops repository follows a clear, environment‑oriented structure so it can discover and link workloads correctly recommended conventions (adapt as needed) one repo for infra + apps, with a top‑level clusters/ directory per environment each environment has its own kustomization yaml or helm release definitions that reference shared app and infra components application‑specific configuration (values, overlays) lives under apps/\<service>/ and is referenced from the environment’s config kubegrade uses your configured paths to map clusters and workloads to the corresponding git directories, so consistent naming is important github integration this section describes how to connect a gitops repository to kubegrade prerequisites a connected kubernetes cluster in kubegrade (agent installed and reporting) a git provider account and repository github ability to create a personal access token (pat) with repo scope azure devops ability to create a pat and know your organization name a gitops engine set up to sync from your repository (for example, argocd) configuration steps option a github what you will do create a github personal access token (pat) with repo permissions provide the pat and repository details in kubegrade to enable pr generation create a github pat in github, create a personal access token with scope repo (full control of private repositories) limit the token lifetime and repository access as appropriate for your security policies copy the token value securely connect in kubegrade open kubegrade and navigate to integrations → gitops → github enter your repository details (owner, repo name, default branch) and paste the pat save to validate connectivity and permissions (repo read/write, pull request creation) option b azure devops (preview/workaround) azure devops integration is currently in a preview/workaround phase you will use a pat and organization name to connect capabilities are evolving and may change create an azure devops pat from azure devops, create a personal access token with permissions to read and write code and create pull requests for the target project/repository note your organization name and the project/repository you plan to use connect in kubegrade open kubegrade and navigate to integrations → gitops → azure devops enter your organization name and paste the pat select the project and repository, then save expect minor ui or capability changes while in preview operator and repo setup (outside kubegrade) flux deploy flux into the cluster and configure it with the azure devops repo url (https or ssh) provide credentials (pat or ssh key) to let flux pull from azure devops argo cd register the azure devops repo as a git source and create application resources pointing at environment‑specific paths