As VCF Automation 9 is out, it promises on more features in its All Apps Organization construct but I suspect, it would lack it too despite the fact that it can integrate with Argo CD (a GitOps tool). However, I will probably do another write-up for 9.x once I finish testing it completely.
VMware Aria Automation offers robust Infrastructure as Code (IaC) through YAML cloud templates and seamless Git integration, yet it fundamentally lacks the core pillars of GitOps like continuous reconciliation and drift detection. And let me be very clear – GitOps is not for Kubernetes only, rather it is a tool-agnostic framework that maintains the state of an environment.
Aria Automation fundamentally lacks the core pillars of GitOps like continuous reconciliation and drift detection.
VMs inherently defy GitOps
I think why it lacks as a GitOps platform is also majorly because VMs on vSphere, Azure, AWS, etc are treated as stateful end products without built-in reconciliation loops, making continuous drift detection and auto-healing fundamentally incompatible with core GitOps principles.
Aria Automation’s IaC templates provision VMs declaratively, but post-deploy, no operator enforces “Git as truth” or any configuration state as truth against runtime drift like guest OS patches or network shifts.
GitOps Defined: Beyond Just IaC + Git
GitOps demands Git as the single source of truth, with pull-based operators (e.g., ArgoCD, Flux) continuously syncing live state to repo declarations and auto-healing drift. IaC tools like Terraform provide declarative configs, and Git stores them, but true GitOps adds observability, polling, and enforcement – completely missing in Aria Automation’s model.โ
vRA shines in hybrid cloud provisioning with Git-synced templates in Automation Assembler and vRO workflows, supporting branches, merges, and pipelines. However, deployments trigger via user requests, APIs, or schedulesโnot autonomous agents enforcing Git state 24/7.โ
vRA Git/IaC Strengths (and Gaps)
- Git Integration: Direct repo connections for cloud templates/actions/workflows; push/pull from vRO Client. It is great for version control.โ
- IaC Pipelines: Cloud Assembly pipelines mimic CI/CD, integrating Ansible/Terraform for day-2 ops.โ
- But No Pull Model: No native operator polls Git for changes or detects drift (e.g., VM migration via vMotion need separate reconciliation).โ
| Feature | True GitOps (ArgoCD/Flux) โ | Aria Automation โ |
|---|---|---|
| Continuous Polling | Yes, Git โ State sync every few minutes | No, manual/scheduled triggers |
| Drift Detection/Healing | Automated previews + apply | Limited VM reconciliation |
| Pull-Based Deployment | Operator pulls from Git | Push/request-based |
| Observability | UI diffs, health checks | Logs/pipeline views only |
This table highlights why Aria feels like “GitOps-lite”โstrong IaC foundation, but no enforcement layer.โ
Real-World Implications for Aria Users
In production, external changes (e.g., vSphere VM tweaks, NSX updates, Storage\disk modifications) cause drift Aria can’t auto-correct, breaking the “Git as truth” promise. vRO git workflows also hit pitfalls like schema ID mismatches across environments or merge conflicts while doing git push\pull.โ
Path Forward: Hybrid Approach
Leverage Aria’s Git/IaC for authoring, then layer GitOps tools:
- Meet on halfway – Develop a complex system that could use vRA APIs for reconciling infra level primitives (clouds, endpoints).
- Using VCF Automation 9.x: It allows integration with VKS/Cluster API or use Argo CDโ to manage K8s environments.
- Custom hacks exist: GitHub Actions + vRO packages for sync, or polling workflowsโbut these reinvent wheels better handled by Kubernetes-native GitOps.
Final Note
This article explores VMware Aria Automation’s GitOps limitations without diminishing its powerful capabilities for automating and managing hybrid private/public cloud environments. Fundamentally, Aria remains an automation platform focused on provisioning and orchestration, not continuous drift reconciliation. These observations aim to spark discussion among readers, potentially inspiring Broadcom or the community to evolve vRA toward true GitOps support. I know the future of VCF Automation 9 is bright.
Discover more from Cloud Blogger
Subscribe to get the latest posts sent to your email.
