GitOps principles meet Terraform: What works and why
Exploring GitOps principles with Terraform
In this episode of Argo Unpacked, Kostis Kapelonis from Codefresh walks us through the Codefresh GitOps courses, and explores a hot topic: Does Terraform fit the GitOps model?
What are the GitOps principles?
There are 4 core principles of GitOps, which define what makes a system truly GitOps-driven:
Declarative Descriptions – All system state must be described declaratively.
Versioned and Immutable – The desired state is stored in Git with full history.
Pulled Automatically – The system automatically pulls and applies changes from Git.
Continuously Reconciled – The system continuously compares the live state with the Git state and corrects drift.
These principles ensure Git is the single source of truth and that systems self-heal based on the declarative desired state.
Why Terraform doesn’t fully fit the GitOps model
Terraform is a popular Infrastructure-as-Code tool, but many mistake using Terraform as fully implementing GitOps. Terraform, as used by most organizations, doesn't fully implement GitOps for several reasons:
Imperative Execution: Terraform requires a terraform apply command, usually triggered manually or by CI. This breaks the principle of automatic pull and reconcile.
State File Outside Git: Terraform stores live state in backend files, not in Git. This violates the "Git as source of truth" principle.
No Continuous Reconciliation: Once applied, Terraform doesn't watch for drift or continuously reconcile state unless explicitly re-run.
Terraform can be used in a GitOps-friendly way, but it requires extra tooling and discipline—it’s not GitOps out of the box.
See the short video >
Introducing the Codefresh GitOps courses
The Codefresh courses teach you how to build modern GitOps workflows using Argo CD, Kubernetes, Helm, and even Terraform (in a GitOps-aligned way). They includes:
GitOps fundamentals and principles
Real-world examples and best practices
Integration of infrastructure and application workflows
