Home » Blog » GitOps

GitOps

GitOps

Gone are the days software was an accessory to business. Today, software drives the business. The overall demand for software is rocketing day by day. So is the demand for delivery from developers. CICD tools and CICD concepts help developers deliver value faster and more transparently.

That is why the GitOps CICD standard is a must you should consider for your organization.

Find out why you should implement GitOps.

What is GitOps?

Simply GitOps is a developer-centric continuous deployment standard for cloud-native applications. GitOps uses tools that developers are already familiar with (CICD tools such as Jenkins, Argo CD, etc.), focusing more on the developer experience. So if you ever doubted GitOps as another challenging framework; bringing GitOps into your application development space will not be a hard process that requires massive effort to adapt.

On the other hand, GitOps is an operating model for cloud-native and Kubernetes environments that sets best practices for deployment, management, and monitoring of containerized applications and Kubernetes clusters.

If you look into the GitOps framework, it is developed around a version control system: most commonly Git, as the single source of truth for declarative infrastructure and applications. Other automation tools that build-up the GitOps framework ensure the actual state of infrastructure and applications converge towards the declared state defined in the version control system.

How does GitOps work?

The concept of GitOps was first introduced by Weaveworks in 2017. They used the Flux open-source GitOps operator as the monitoring tool to automatically compare and guarantee the state of Kubernetes clusters matches the configuration declared at Git. The operation of Weaveworks Flux with Git makes the deployments auditable, reversible, and reproducible.

Many in the industry misinterpret GitOps functionality to an Infrastructure-as-Code (IaC). But, GitOps is more than an underlying infrastructure management process. Rather than mere infrastructure, it manages the (Kubernetes) instances above the infrastructure. When IaC is version control agnostic, GitOps uses only Git. In the GitOps setup, at least two Git repositories are used:

  1. Application repository
  2. Environment configuration repository

The application repository contains application code and deployment manifests to deploy the application. The environment configuration repository store deployment manifests declaring what (configurations and versions) and how applications and infrastructure services should run in the deployment environment. The desired state is defined in the environment configuration repository.

There are two GitOps deployment strategies: push-based deployments and pull-based deployments.

Push-based deployments

In the push-based deployment strategy, when developers commit or update code to the Git application repository, the build pipeline will trigger. So, the container images will be built and pushed to the image registry. Then, the environment configuration repository will be updated with new deployment descriptors.

Any updates or changes to the environment configuration repository trigger the deployment pipeline, and the deployment pipeline will apply declared manifests to the infrastructure in your environment.

However, in the push-based deployments strategy, a manual intervention requires to identify any deviations to the environment from its desired state defined in the environment configuration repository.

Pull-based deployments

The pull-based deployment strategy is similar to the push-based deployment strategy. The only difference is a GitOps operator such as Flux is introduced to automatically and continuously compare the deployed infrastructure state with the desired state defined in the environment configuration repository.

When the observed state and the declared state are not similar, the pull-dased deployment strategy uses a convergence mechanism to automatically bring declared and observed states back in sync with each other. In other words, the deployment will be automatically rollback to an earlier desired state.

In both Pull-based deployment and push-based deployment strategies, CI/CD tools such as Jenkins, CircleCI, Travis CI, etc. will be used to automate the continuous delivery process as any other DevOps environment.

Find out the value of GitOps to deployment velocity and security

Consider the Kubernetes CICD pipeline in your DevOps environment. Do you usually use Kubectl to update Kubernetes clusters and scripts to group kubectl commands? Or do you use Git repositories in a GitOps pipeline to update Kubernetes clusters? Note, if you are the latter then you have the advantage over correctness, security, and developer experience.

GitOps has a rarely breakable deployment process. Weaveworks estimates that GitOps allows teams to perform 2x more without getting distracted. Then, partially failed deployments can recover easily without manual intervention in GitOps. At a minimum, a team can execute 30-50 changes a day in the GitOps deployment pipeline. Therefore, overall, GitOps boost the deployment velocity and productivity from 200% to 300% in a cloud-native or a Kubernetes environment.

Google Cloud’s Kelsy Hightower says, “Limit the scope of access to a Kubernetes cluster to automation tools and cluster administrators who may have to debug it or keep it running.” He strongly implies the value of security to Kubernetes clusters. In complement, Git’s security is far ahead because of the cryptography used to track and manage changes.

On the other hand, the signing capability in Git can prove the author and the origin of the declared deployment manifests. Therefore, Git gives high accountability and security to definitions of desired cluster states. Moreover, Git has an audit trail with logs of changes done outside of Kubernetes. These audit trails provide stability at a level that complies with SOC2 requirements.

As GitOps uses DevOps tools that many software developers already familiar with, project managers need not worry about onboarding developers who are experienced with Kubernetes deployments. In the end, in a GitOps environment, every developer is pushing code to Git repository and managing Kubernetes updates via Git. That enables you to deploy new features within hours to your applications.

Containers and cloud-native platforms are the future we foresee today.  Gitops would be the new DevOps in the future.

Final Thoughts on GitOps

So, if you would like to redesign the deployment pipeline at your organization to GitOps standards, or else if you want to set up GitOps from scratch to your Kubernetes production environment, do not delay, consult an expert at Cloud Computing Technologies about your needs on continuous deployment. We are ready to provide implementation guidance and solutions to any GitOps related query you have.

Further information at 8A STARS II GWAC