Skip to content

GitOps

homepage-banner

Introduction

GitOps is a software development and delivery methodology that aims to bring the benefits of version control and continuous integration and delivery (CI/CD) to infrastructure and operations. It uses Git as the source of truth for infrastructure and application configuration, and relies on Git-based workflows to manage and deploy changes to infrastructure and applications.

In a GitOps workflow, infrastructure and application configuration is stored in version control, typically in a Git repository. Changes to infrastructure and applications are made by committing changes to this repository, and are automatically deployed to the target environment by a continuous delivery pipeline. This allows for a clear and auditable history of changes, and makes it easy to roll back changes if necessary.

One of the key benefits of GitOps is the ability to automate the deployment and management of infrastructure and applications. By using Git as the source of truth for configuration, it is possible to set up automated pipelines that deploy changes to infrastructure and applications as soon as they are committed to the repository. This can significantly reduce the time and effort required to deploy changes, and can help to ensure that changes are deployed consistently and reliably.

GitOps also promotes collaboration and transparency, as all changes to infrastructure and applications are recorded in version control and are visible to all team members. This makes it easy for team members to review and collaborate on changes, and can help to ensure that changes are properly tested and reviewed before they are deployed to production.

Automation-pipeline.png

Steps of GitOps

  1. The pipeline retrieves the source code from the repository and sends it to the build server, where it begins the building process.
  2. The source code is built. If it’s a compiler-based language, the code is compiled at this stage.
  3. After the source code is built, unit test cases are executed. If successful, the build moves to the next step.
  4. The static scanning step conducts a non-running source code analysis to identify any vulnerabilities or code issues. Popular static code analyzer tools include SonarCube and PMD.
  5. The pipeline next performs security scanning using tools like Black Duck, Fortify, and Twistlock to detect any runtime vulnerabilities.
  6. After passing these quality checks, the pipeline builds the final package for deployment and sends it to the deployment phase.
  7. During the deployment phase, the pipeline deploys the packaged application into the development environment and initiates the integration test phase.
  8. The integration phase executes the test suite designed to validate the application, ensuring the application operates without issues from end to end.
  9. After the integration phase has passed and the application has been validated, it is promoted to the higher environment for deployment, in this case, the production environment.
  10. Once the production deployment is successful, the application is validated and verified for a successful production rollout, and the pipeline is marked as completed.

Automation-pipeline.png

Basic principles

  • Declarative
  • Versioned and Immutable
  • Pulled Automatically
  • Continuously Reconciled

Key aspects

  • Standard workflow
  • Enhanced Security
  • Visibility and Audit
  • Multi-cluster consistency

CI-CD pipeline

  1. Build
  2. Test
  3. Security Checks
  4. Release
  5. Deploy Stage
  6. Deploy Prod

pipeline-java-project

GitOps loops

Depoly -> Monitor -> Detect drift -> Take action -> Depoly

Git Repo

  • github.com
  • gitlab.com
  • bitbucket.com

Image Registry

  • quay.io
  • hub.docker.com
  • gcr.io

Alternatives to GitHub Actions

  • Jenkins: An open-source automation powerhouse for building, deploying, and automating projects.
  • GitLab CI/CD: GitLab’s own take on continuous integration and deployment.
  • CircleCI: A robust CI/CD platform with support for Docker and Kubernetes.
  • Travis CI: A cloud service that works seamlessly with GitHub repositories.

Alternatives to Argo CD

  • Flux: A GitOps tool designed specifically for Kubernetes and created by Weaveworks.
  • Jenkins X: Focused on CI/CD for cloud-ready applications on Kubernetes.
  • Spinnaker: A versatile platform for multi-cloud continuous delivery.

Alternatives to Helm

  • Kustomize: Customizes Kubernetes objects through a unique kustomization file.
  • Skaffold: Manages the workflow for crafting, pushing, and deploying applications in Kubernetes.
  • Terraform: Takes a code-first approach to provisioning Kubernetes resources.

Alternatives to Docker Hub

  • Quay.io: Red Hat’s solution for container image registry needs.
  • Google Container Registry (GCR): Google’s dedicated storage for container images.
  • Amazon Elastic Container Registry (ECR): AWS’s Docker container registry offering.

Rarely used but useful git commands

Rarely used git commands that are useful in certain scenarios. For example

  • git restore . - restores the files to the previous commit/ undos all the local changes that haven’t been commited.
  • git restore index.html - restores only that particular file to the recent commit/ undos all the local/uncommited changes for that file.
  • git reset --hard <hash code of the commit> - removes commits and goes back to the commit for that hash code
  • git reset --source <hash code> index.html>removes commits and goes back to the commit for that hash code only for that particular file.
  • git commit --amend -m 'Your message'helps re-write messages
  • git revert <hash code>helps to roll back to a previous commit by creating a new commit for it. Doesn’t removes those commits from the log like git reset does.
  • git reflogthis can be useful to bring back deleted commits/files/changes. Use git reset <hash code of lost commit from reflog> to bring back rolled changes.
  • git reset HEAD~2Helps roll back by 2 commits and unstage all the changes in those 2 removed commits.
  • git reset HEAD~2 --hard
  • git rebase (most useful command)- Reapply commits on top of another base tip. ex. git rebase master sets the branch at the tip of master branch

reference

  • GitOps Cookbook (Natale Vinto and Alex Soto Bueno)
  • GitOps and Kubernetes (Billy Yuen, Alexander Matyushentsev, Todd Ekenstam and Jesse Suen)
  • GitOps Cookbook Kubernetes Automation in Practice (Natale Vinto and Alex Soto Bueno)
  • https://medium.com/@fatosdervisi
  • What is GitOps? (https://www.gitops.tech/)
  • GitOps: The Path to DevOps Nirvana (https://www.weave.works/blog/)
  • GitOps: A Path to More Self-service IT (https://www.redhat.com/en/topics/devops/what-is-gitops)
Feedback