GitOps at Fleet Scale: Decentralization vs. Control

September 26, 2025 Alan Shimel CNCF GitOps standards, decentralized GitOps, federated GitOps model, GitOps scalability, Kubernetes GitOps scaling, OpenShift GitOps preview, Red Hat agent-based GitOps

by Alan Shimel

In the cloud-native world, everything eventually hits a scaling wall. Kubernetes started small and ended up orchestrating fleets of clusters. Observability grew from a handful of dashboards to terabytes of traces. And now GitOps — long hailed as the answer to configuration drift — is facing the same scaling dilemma.

The promise of GitOps is simple: Declare desired state in Git, let automation reconcile it, and watch configuration chaos fade into history. That model works beautifully when you’ve got a handful of clusters. But what happens when you’re running hundreds of clusters across regions, edges, and clouds? Suddenly, the tidy “single source of truth” feels less like a guarantee and more like a bottleneck.

That’s the tension Red Hat addressed with its recent technology preview of an agent-based GitOps architecture for OpenShift. Instead of one massive Argo CD server trying to control every cluster, Red Hat’s model deploys lightweight agents into clusters that pull configuration and reconcile state locally. The central control plane still defines policies and maintains visibility, but the agents handle day-to-day execution.

As the Red Hat team explained:

“To address the GitOps scalability, security and operations challenges in fleet scenarios, Red Hat introduced a new agent-based Argo CD architecture … These agents pull desired state configurations from a centralized Argo CD control plane, applying updates locally without requiring the central server to maintain direct control over each cluster.”

It’s a deceptively simple change that opens up the same old debate: How much should you centralize, and how much should you push out?

Why Decentralization Makes Sense

At fleet scale, the arguments for decentralization are strong:

Latency and resilience: Local agents can reconcile state even when the central control plane is unreachable.
Autonomy: Regional or business-unit teams don’t have to wait for a monolithic control server.
Scalability: Offloading sync work reduces pressure on the central Argo CD instance.
Security boundaries: Agents can be scoped with least privilege, limiting blast radius.

In other words, decentralization lets clusters act independently without losing alignment with Git.

Why Centralization Still Matters

But anyone who’s run more than a handful of clusters knows the dark side of too much autonomy:

Governance and compliance: Enterprises can’t afford inconsistent policy enforcement.
Drift detection: If every cluster operates semi-independently, how do you prove they’re all actually running the declared state?
Auditability: Regulators and auditors don’t accept “trust us, the agents did the right thing.”
Operational complexity: Variations at the edge compound testing and support.

Centralization offers guardrails. It ensures the fleet remains coherent — even when individual clusters want to run wild.

The Middle Ground: Federated GitOps

That’s why the most realistic path forward is neither extreme but a federated model:

Central repositories define golden paths, policies, and non-negotiables.
Local agents execute those policies with enough autonomy to handle local failures and edge cases.
Observability ties the two together, surfacing drift and compliance gaps before they metastasize.

Red Hat’s preview is an early shot at this balance. It’s not just about scale — it’s about power dynamics: Who decides what’s fixed, who decides what’s flexible, and how you enforce both.

The CNCF Angle

This shift matters well beyond OpenShift. GitOps has become a first-class practice in the CNCF ecosystem, anchored by Argo and Flux. As more vendors experiment with agent models, the questions get bigger:

Should CNCF projects build standard APIs for fleet-level GitOps?
How do policy engines (Kyverno, OPA) and observability stacks (Prometheus, OpenTelemetry) fit into this architecture?
Do we need a “GitOps Federation Working Group” the same way we needed SIG-Multicluster for Kubernetes?

These are not academic debates. They decide whether GitOps remains a developer-friendly practice or hardens into yet another heavyweight ops framework.

Shimmy’s Take

Fleet-scale GitOps isn’t really about YAML or repos — it’s about control. Who has it, who gives it up, and how you trust teams to exercise it.

If you go all-in on centralization, you stifle the very agility that cloud native promised. If you go all-in on decentralization, you invite chaos and drift. The answer, as always, is balance: Guardrails, not gates.

Platform teams should define the rules of the road. Local clusters and agents should drive within those lanes. Observability should be the referee that makes sure nobody cheats.

Red Hat’s agent-based GitOps preview is a step toward that equilibrium. It won’t be the last word — expect Flux, Argo and others to follow suit. But it’s a signal that the GitOps conversation is maturing.

At fleet scale, GitOps is no longer just about declaring state in Git. It’s about reconciling freedom and control — two forces that have shaped every empire, every network, and now, every Kubernetes fleet.