0x017 - GitOps ♾️
Get more 5-minute insights about dev trends every 3-4 weeks. To subscribe you need to code your way there via the home page (or the easy way here)...
👉
Brought to you by:
- Fine: A futuristic software development environment that uses AI agents to help you develop 10 times faster.
- SyntaxCinema: We make exceptional videos for exceptional developer tools, including repo research, native voiceover and YouTube-grade editing.
- Onboard: Secure, SOC2 Compliant AI chat to navigate and understand any codebase (yes, yours too).
Disclaimer: I've invested in fine ;)
- Fine: A futuristic software development environment that uses AI agents to help you develop 10 times faster.
- SyntaxCinema: We make exceptional videos for exceptional developer tools, including repo research, native voiceover and YouTube-grade editing.
- Onboard: Secure, SOC2 Compliant AI chat to navigate and understand any codebase (yes, yours too).
Disclaimer: I've invested in fine ;)
I had to migrate back to Ghost - that's why it took me some time to write this. Hopefully everything is working well for y'all.
GitOps
Synonyms: Git Operations, Git-driven DevOps, Git-based Infrastructure Management.
✅
Who is this issue for?
- Developers interested in optimizing their DevOps workflow.
- DevOps Teams looking for streamlined infrastructure management.
- Kubernetes-based infrastructure users.
- Developers interested in optimizing their DevOps workflow.
- DevOps Teams looking for streamlined infrastructure management.
- Kubernetes-based infrastructure users.
TL;DR:
- Problem: “Cowboy engineering” on the infrastructure level is rampant, performed manually and error-prone.
- Solution: Treat your Operations as Code, so your infrastructure is on cruise control.
- In Sum: IaC by itself isn’t enough - GitOps takes it to the next level.
How does it work? 💡
The four principles (taken from Guide to GitOps):
- Declarative: The entire infra has to be described declaratively.
- Versioned and immutable: The core idea of GitOps is having a source of truth Git repository storing your IaC.
- Continuous Deployment: Changes in the repository get pulled and applied after a git pull request is approved.
- Continuously reconciled: GitOps tools ensure correctness relative to the Git repo, alert when there is a divergence or even try to reconcile it automatically.
Think about completely eliminating manual SSHing into a machine or applying to terraform directly without first approving / reviewing it in a single, continuously-updated source of truth. Working this way prevents manual fixes getting overridden without anyone knowing exactly why.
One last thing you should probably know is the pull vs push GitOps pipelines debate. I’ll save you the trouble - you’d almost always prefer a pull-based pipeline, as it is more secure (since the credentials are stored within your cluster).
Questions ❔
- What is the difference between IaC and GitOps?
- IaC is a core tenant in GitOps but doesn’t supply the full package.
- GitOps is a holistic process, which includes ongoing auditing of the live infrastructure for discrepancies and self-healing which isn’t part of the IaC’s job description.
- What is the difference between DevOps and GitOps?
- DevOps is more of a cultural change in an organization, GitOps is a concept that developers or DevOps teams can use to better manage their infrastructure.
- What is the difference between CI/CD and GitOps?
- CI/CD is a mechanism of deploying changes to production, GitOps uses CI/CD to deploy infrastructure, whereas you’re probably familiar with deploying application code instead (not your infra). Most GitOps prefer pull-pipelines whilst traditional CI/CD is more push-oriented (read more about it here).
Why? 🤔
- Security: Your infrastructure now has a full SDLC-pipeline audit trail (which can help SOC 2 compliance). The cluster itself only has access to the deployment, as opposed to every individual in the organization. During security incidents, you can just re-deploy to a fresh state. Lastly, your SSH key can sign all commits, ensuring code authorship and origin.
- Single source of truth: GitOps leverages Git as the single source of truth to define every part of a cloud-native system. Whenever there is any divergence between Git and what's running in a cluster you will get a notification, and in some tools like Kubernetes, “reconcilers” automatically or manually updates or rollbacks the cluster.
- Deploy Faster: By focusing on a single source of truth where you make changes, you increase productivity and thus your innovation rate. Developers can code at their own pace without waiting on resources to be assigned or approved by operations teams.
- Recovery: Because all changes can be traced with git, you can pinpoint failures and easily roll back any infrastructure problems.
- Visibility: Seeing what your infrastructure is in a textual form with git changes creates better visibility and readability into your current deployment (without needing to SSH and guess). No more guessing what that person clicked on the Jenkins UI that caused your Friday evening catastrophe.
Why not? 🙅
- Overhead: Making everything tick together can take a serious effort.
- Overkill: For simple projects, automated managed hosting might be enough (like vercel or render).
- Migration: If you aren't already using IaC, you'd need to migrate your whole deployment into an IaC tool from scratch.
Tools & players 🛠️
- ArgoCD: GitOps continuous delivery tool for Kubernetes.
- Flux2: A popular GitOps tool for Kubernetes using their own GitOps Toolkit.
- GitLab: a Git managed service that also works great for GitOps and is tightly integrated with Terraform (I have to also mention GitHub Actions here).
- Jenkins X: Supports GitOps principles for CI/CD.
- OpenShift-gitops: Red Hat’s GitOps solution (k8s layered with Redhat extensions).
- Awesome GitOps
🤠
My opinion: If your infrastructure is not trivial and assuming you have enough dedicated resources to implement a GitOps pipeline, I would go for it. Personally, I would probably check out GitLab because I’m in no need for k8s anytime soon.
Forecast 🧞
- Market Adoption: GitOps adoption is growing rapidly. It seems like serious R&D teams would greatly benefit from strong GitOps which we can see with the increased adoption.
- Kubernetes Integration: GitOps and Kubernetes are a perfect match. It seems like k8s is the dominant player in the GitOps playing field. Great for your job security ;)
- Everything becoming Code: It seems like the concept of “codifying״” everything is just better than not doing so (see dagger.io as a prime example). The idea that you can get consistent results for something which was universally not so in the past seems to be on the rise (this kinda feels Docker-like, in a way). And, with SBOM on the rise, we see that organizations will start to have to “codify” everything to comply with regulation too - which will probably push late bloomers to use GitOps and GitOps-like approaches more than before.
Extra ✨
Additional information that is related:
- The concept started by Waveworks in 2017 with this article.
- GitOps FAQ.
- The GitOps Working Group.
Thanks 🙏
I wanted to thank Shimon Tolts (CNCF Ambassador, AWS Community Hero and founder of Datree, don’t forget his YouTube channel - an absolute gem to review this issue), Yam Peled (DevOps Engineer at Qwilt and one of my very good friends ❤️), TomGranot (the best growth person I know, founder of SyntaxCinema).
EOF
(Where I tend to share unrelated things).
Venturing into uncharted territory today! If you're a startup founder seeking fresh perspectives, I'm offering a complimentary 15-minute Zoom consultation. Let's dive into your project, and I'll share tailor-made tool & solution recommendations.
I'm constantly immersed in the world of cutting-edge technology, but I seldom get the chance to discuss it. While I'm considering charging for this service down the road, for now, I'm keen to gauge its value. That's why I'm offering the first 5 consultations absolutely free. Reply if you’re interested ;)
A picture from Georgia:
