https://johanneskueber.com/tags/promotion/Recent content in Promotion on johanneskueber.comHugoen_USFri, 19 Jun 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-06-19-oci-gitpos-automatic-promotion/Fri, 19 Jun 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-06-19-oci-gitpos-automatic-promotion/<h1 id="oci-first-gitops-promotion-with-flux-kargo-and-renovate">OCI-First GitOps Promotion with Flux, Kargo, and Renovate</h1> <p>This article describes a promotion architecture where <strong>the deployment definition lives in Git but is never deployed from Git</strong>. Instead, every merge builds a signed OCI artifact containing the deployment manifests, and that artifact — immutable, versioned, digest-pinned — is what promotes through dev → staging → prod and what Flux actually deploys.</p> <p>Three tools, one responsibility each:</p> <ul> <li><strong>Renovate</strong> updates the deployment definition in Git — new application image versions, third-party chart bumps, dependency updates. Its merged PRs are how change enters the pipeline.</li> <li><strong>Kargo</strong> promotes the resulting OCI artifact across environments, running automated tests at each gate.</li> <li><strong>Flux</strong> deploys the artifact into each cluster, verifying its signature before reconciling.</li> </ul> <p>No human touches the routine path. Humans appear only at the optional prod approval gate and in emergencies.</p>