GitOps


What is GitOps?

* GitOps is code-based infrastructure and operational procedures that rely on Git as a source control system

For Kubernetes GitOps means using git push instead of kubectl create/apply or helm install/upgrade.

 It’s an evolution of Infrastructure as Code (IaC) and a DevOps best practice that leverages Git as the single source of truth, and control mechanism for creating, updating, and deleting system architecture. 

* Git is a single source of truth for
- CD
- automated deployment
- monitoring
- management 
- entire state of the system

* GitOps extends pipelines with a feedback loop for observing and controlling the system .

* A set of practices to use "Git pull requests" (1) to manage infrastructure and (2) to manage application configurations (3) automatically deploy system infrastructure modifications. All git procedures are applies like: review, pull request, push requests, tagging, versioning etc. 

* GitOps practice
- Declarative description of system : stored in Git
- Pull requests modify the state of the Git repository. 
- Once approved and merged, the pull requests will automatically reconfigure and sync/reconcile the live infrastructure to the state of the repository. This is done by controller software. It self-heal the system or notify the drift. 
This live syncing pull request workflow is the core essence of GitOps.

* Declarative Description (YAML) of desired production infrastructure in git + automate to match production environment state with desired state at git

* Continuous Deployment for cloud native applications

GitOps is an incredibly powerful workflow pattern for managing modern cloud infrastructure

GitOps is an extension of IaC and declarative configuration

* git push + CI/CD toolchain + UI/UX

* Tools : Git , CD tools (tools for declarative infrastructure as code)

* Developer tools (read git) to drive operations. 

* GitOps provide more stability and reliability over typical CI/CD pipeline


The GitOps idea was first hatched and shared by WeaveWorks, an enterprise Kubernetes management firm

GitOps operator is a mechanism that sits between the pipeline and the orchestration system (read K8s) . A pull request starts the pipeline that then triggers the operator. The operator examines the state of the repository and the start of the orchestration and syncs them. 


Principles

1. The entire system is described declaratively. 
2. The canonical desired system state versioned in Git
3. Approved changes that can be automatically applied to the system. 
4. Software agents to ensure correctness and alert on divergence 

Tools:



  • ArgoCD: A GitOps operator for Kubernetes with a web interface. It supports multiple clusters and multiple Git repositories. 
  • Flux: The GitOps Kubernetes operator by the creators of GitOps — Weaveworks No central Management, No central UI. 
  • Gitkube: A tool for building and deploying docker images on Kubernetes using git push
  • kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.
  • BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.
  • JenkinsX: Continuous Delivery on Kubernetes with built-in GitOps
  • Tkton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines.
  • Terragrunt: A wrapper for Terraform for keeping configurations DRY, and managing remote state
  • WKSctl: A tool for Kubernetes cluster configuration management based on GitOps principles
  • Helm Operator: An operator for using GitOps on K8s with Helm
  • Non K8s tools such as Terraform
  • harness.io 
  • Skaffold.dev handles the workflow for building, pushing and deploying application
  • kubediff
  • sealed-secrets by Bitnami OR Vault by Hashicorp

Gitops promoted by
* Weaveworks
* Cloudbees
* Bitnami (encrypt K8s secret) https://github.com/bitnami/sealed-secrets
* OpenFaaS
* Hasura
* Ocado
* Financial Times

Benefits

1. Cluster update are sequence of atomic transaction, that can fail or success. GitOps makes it easy so productivity increase. 
2. Git provides transaction logs for audit, rollback and teamwork
3. config repo and image repo acts as firewall. so even if CI pipeline is hacked, production environment is not hacked. 

Blog Posts and Social Media

0 comments:

Post a Comment