Have you heard of GitOps? This newly coined term describes an innovative pattern in configuration management, used to scale deployment on Kubernetes, especially in a microservices environment.
GitOps refers to something that you might already have implemented in your company. "Everyone who successfully did infrastructure-as-code… is the true creator of the concept of GitOps" says Priyanka Sharma, evangelist at Gitlab. GitOps allows developers to perform more tasks related to infrastructure, by relying on familiar git-based workflows and pull requests.
Currently used by companies such as Weaveworks or the Financial Times, the GitOps pattern can bring some great benefits to your organization. Let's dig into this!
GitOps is "pushing code, not containers", says Alexis Richardson, CEO of WeaveWorks. The underlying idea behind GitOps is that changes to a cloud-native system can be implemented through Git. It implies that a version control system - such as Git - hosts all configuration and code to deploy on Kubernetes. It is used for automatically creating, updating and deleting system resources such as containers, infrastructure, proxies, ...
With GitOps, developers can manage their operational workflow and deploy on Kubernetes in the same way they perform merge requests or pull requests. While changes to Kubernetes were done previously through manual actions, the GitOps pattern brings automation to the deployment process.
GitOps ensures that the state of an application or service is reproducible based on the state of a Git repository. Once a pull request is approved and merged, it modifies the state of the repository that will be the trigger to automatically reconfigure and synchronize the live application and its infrastructure.
Let's imagine you want to create a deployment on Kubernetes. You can for example implement a GitOps pattern with Helm charts: you put your charts in a subfolder of your service Git repository, and every time it changes, you can ask for a deployment of the new Helm chart. Basically, you trigger deployments with pull requests and merges.
In order to listen to the changes and trigger a deployment, you need what it is called a controller. This controller will hook to your Git repository and synchronize the deployments every time it is needed. For instance, a controller such as FluxCD is the operator responsible for listening to changes and deploying them to your Kubernetes clusters.
GitOps is not limited to Helm charts only. It can also be a useful pattern for plain Kubernetes manifests, Ksonnet applications, Jsonnet files or even Terraform files and more globally, Infrastructure-as-Code. Having an agent (your controller) fetching your changes where they are defined allows you to set up Continuous Deployment processes easily and quickly.
GitOps provides significant benefits to your team.
GitOps allows developers to work with tools they already use and methods they already rely on. Because developers are already familiar with Git, they are able to participate more efficiently to the DevOps process. This common language increases their productivity and avoids useless back and forth with the Ops team.
GitOps allows for more visibility, transparency and clarity by relying on a central repository. GitOps provides a single source of truth through the version control system, allowing to track changes and issues easily. Teams can easily review the history of changes and identify where an unexpected behavior occurred, which can be of great help in the case of an audit for instance.
GitOps brings more security to your infrastructure. Git has strong correctness and security guarantees and it allows an easy identification of authorship and origin. This creates a secure and correct definition of what the desired state of the cluster is.
In case a security breach occurs, GitOps enables the recreation of a new system that is independent from the compromised one.
Since you have a single source of truth in Git, it is much easier to identify and troubleshoot cluster failures. Furthermore, GitOps allows automatic rollbacks, which means you can simply revert any change that caused a failure.
Less downtime and a much better productivity means that IT spendings are used more wisely and with more efficiency. Your team is able to ship features faster and more safely, while dowtime is significantly reduced.
As you can see, GitOps is a very powerful way of creating and managing your modern cloud infrastructure. GitOps can generate many benefits to your team including improved productivity, visibility and system reliability.
Strio, the current tool I'm working on, is based on this pattern, making it even more efficient. Strio allows you to set up more easily your GitOps process: our tool generates, manages and monitors all your pipeline configuration files in your Git repositories, making it a breeze to manage for SRE teams and easy to configure for everyone in the engineering team.