Introducing GitOps

Sangeeta

November 11, 2020

“GitOps” term was coined/popularized in August 2017 by a series of blogs by Alexis Richardson, the co-founder, and CEO of Weaveworks.

GitOps is a methodology of implementing Continuous Deployment for cloud-native applications using Git as a source of truth. Though it is generalized with Kubernetes, but the principles can be applied across other resources which are declarative in nature.

The core idea of GitOps is having a Git repository that always contains declarative descriptions of the infrastructure currently desired in the production environment and an automated process (agent) to make sure that the production environment is in sync with the described state defined in the git repository. If you wish to deploy a new application or update an existing one, you only need to update the repository.

GITOps – Modern Approach for App Deployments in Kubernetes

What is meant by Cloud-Native Applications?

Cloud-native applications is the conjunction of a container-based deployment infrastructure, marked by the scalability and high-availability characteristic of the cloud, with microservices-based architectures that promote enhanced development agility and velocity. Examples of cloud-native applications include container-native, microservices-based applications and container-based, functions-as-a-service applications.

Why GitOps?

• Git as Single source of truth: Core concept is to define everything as code and put that in Git.
• Better Compliance and Auditing: When everything is version-controlled, it is recorded and visible to all. There is an audit trail, the ability to revert problematic changes, and ultimately a single source of truth of what is happening in the system from both, the software development and infrastructure perspective.
• Enhanced Security: Since the operator is deployed inside the K8s cluster, there is no need to manage credentials externally to the cluster. It can communicate with the config repo with ssh.
• Developer centric: It provides a way for developers to manage operational workflows, particularly for Kubernetes, using Git and their own version control system. The same process they use to merge code using pull requests or merge requests can be used to deploy to Kubernetes.
• Declarative: Define desired state in Git which helps to find any deviations from what is deployed onto cluster compared to what is in Git and helps to get them in-sync.
• Velocity: With continuous deployment automation, productivity increases. Feedback loops are faster.
• Observability and detect configuration drift: This is the core concept of GitOps to understand the desired state of a system and find deviations between the desired and the actual state.
• Cost-effectiveness from lower downtimes and vastly improved productivity: As everything is in Git, any cluster issues or deletions by mistake, cluster can be brought up in minutes. Rollbacks are very easy to manage.

GitOps Workflow

We recommend to build a pipeline based on pull strategy that consists of two key components: a “Deployment Automator” that watches the image registry and a “Deployment Synchronizer” that sits in the cluster to maintain its state.

Developers push their updated code to the Git codebase repository, where the change is picked up by the CI tool and ultimately builds a Docker image. The ‘Deployment Automator’ notices the image, pulls the new image from the repository and then updates its YAML in the config repo. The deployment synchronizer (Flux tool in below snapshots), then detects that the cluster is out of date, and it pulls the changed manifests from the config repo and deploys the new image to the cluster.

With the Deployment synchronizer inside of the cluster, cluster credentials are not exposed outside of the environment. Once the agents are installed in the cluster and Git repo is connected, any changes in the production environment are done via Git pull requests with full rollbacks as well as convenient audit logs all provided by Git.

Note: Flux is the open-source tool that we will be using for our GitOps workflow where it will sync what is in this Git repository over to our cluster(s).

GitOps Pipeline

GitOps is a new paradigm shift of managing daily operations from the infrastructure itself to its representation in the Git repository. GitOps for Kubernetes is best to start experimenting and to get used to this new methodology as Kubernetes is declarative and easy to implement with just by installing GitOps agent.