Exploring GitOps principles with Terraform

In this episode of Argo Unpacked, Kostis Kapelonis from Codefresh walks us through the Codefresh GitOps courses, and explores a hot topic: Does Terraform fit the GitOps model?

Watch the full episode >

What are the GitOps principles?

There are 4 core principles of GitOps, which define what makes a system truly GitOps-driven:

Declarative Descriptions – All system state must be described declaratively.
Versioned and Immutable – The desired state is stored in Git with full history.
Pulled Automatically – The system automatically pulls and applies changes from Git.
Continuously Reconciled – The system continuously compares the live state with the Git state and corrects drift.

These principles ensure Git is the single source of truth and that systems self-heal based on the declarative desired state.

Watch this short video for more details >

Why Terraform doesn’t fully fit the GitOps model

Terraform is a popular Infrastructure-as-Code tool, but many mistake using Terraform as fully implementing GitOps. Terraform, as used by most organizations, doesn't fully implement GitOps for several reasons:

Imperative Execution: Terraform requires a terraform apply command, usually triggered manually or by CI. This breaks the principle of automatic pull and reconcile.
State File Outside Git: Terraform stores live state in backend files, not in Git. This violates the "Git as source of truth" principle.
No Continuous Reconciliation: Once applied, Terraform doesn't watch for drift or continuously reconcile state unless explicitly re-run.

Terraform can be used in a GitOps-friendly way, but it requires extra tooling and discipline—it’s not GitOps out of the box.

See the short video >

Introducing the Codefresh GitOps courses

The Codefresh courses teach you how to build modern GitOps workflows using Argo CD, Kubernetes, Helm, and even Terraform (in a GitOps-aligned way). They includes: