GitOps – The New Era of DevOps

Author : Ipshita Chaudhary, Associate Engineer – CloudDevOps

Original Published Date: July 31, 2023

---

Team collaboration plays a vital role while we work for a set target. Questions bombarding, thoughts sharing, working for set result in a team given better results in team. Just like that we have better tools or strategy to collaborate and get better results. GitOps is a strategy which facilitate people with building and deployment and setting up truth as single source using available tools like Argo cd which helps to maintain the state of cluster and the configuration file.

What is GitOps

• GitOps is an operational approach for platform engineers and software developers where every aspect of a project’s infrastructure, including infrastructure as code files, configuration files, and application code files, are stored in git repositories.
• When a git commit is pushed to source control, it triggers a change that updates the cloud infrastructure or application example Argo CD.
• GitOps relies on Git as the single source of truth, that means only changes in git can trigger builds and deployments of infrastructure and applications.
• Organizations that have Kubernetes as their container orchestration platform often use GitOps.
• GitOps uses similar processes and tools used in software development to manage infrastructure, ensuring the automation that teams need.
• It takes the best practices of DevOps, such as CI/CD, version control and collaboration, and applies them to infrastructure automation.
• GitOps is a set of code-based practices that use Git, an open-source version control system, to manage infrastructure and application configurations.
• Git pull requests are used to verify and automatically manage/deploy infrastructure changes.
• Just like developers use application source code, operation teams that practice GitOps use infrastructure as code (configurations files stored as code) to generate the same infrastructure environment during each deployment.

Why GitOps?

• Improved security and compliance : GitOps allows teams to use a single platform for infrastructure change management. Which results in, downtime and outages are minimized, allowing developers to continue working without compromise.
• Decreased manual oversight : GitOps helps increase automation allowing software teams to focus on development and application delivery rather than spending time on manual tasks. As a result, downtime is decreased due to rollback functionality.
• Increased collaboration and productivity : GitOps works by simplifying processes and improving oversight. Each team member can work from the same system and understand the status of individual processes. The single Git repository collaboration amongst team members by assigning tasks to individuals and deploying code from each person as necessary.
• Faster deployments : GitOps best practices allow teams to use open-source technology to perform continuous integrations for deployments. Quicker releases allow teams to be more flexible when responding to customer needs with minimal delays.
• Increased reliability : Teams can collaborate with one another to easily identify and correct errors within time. Each change can be accounted for using merge requests allowing for rollbacks if new versions don’t work. GitOps allows teams to roll back to the previous state if newer versions experience errors. As a result, teams can implement updated features in stable environments.
• Enhanced security : GitOps approach helps organizations enforce security best practices and track all the infrastructure changes and corresponding states available via Git SCM.

The 4 Principles of GitOps

• Declarative Configuration : Describe how your infrastructure works as well as the applications that are running on top of it. Doing this enables traceability of changes made to any environment and enables rollback, recoverability, and self-healing attributes using any source control system. Move away for imperative adhoc scripts to declarative configuration in all levels.
• Version Controlled, Immutable Storage : Declarative descriptions stored within the repository supports immutability, versioning, and versioning history. For example, using Git for the declarations, allows you a single place from which everything for your application is derived and driven. This allows you to easily pinpoint any changes made at any time. Just look at all changes found in version control history, having the guarantee that the platform always matches what is described there.
• Automatic Pull Operations : Using GitOps means that you employ software agents that are always running in the cluster, automatically pulling Git state at regular intervals and checking it against the live cluster state. This way you always know if the version in Git is the same as the live state or not.
• Continuous Reconciliation : Operating in a close loop ensuring the desired state of a system matches the declared provides feedback allowing you and your team to better control your operations and workflow.

When used with your repository, GitOps software agents can perform various functions, ensuring self-healing. Agents automate fixes in case there’s an outage, perform QA processes for your workflow, and protect against human error or a manual intervention.

Traditional Workflow vs. GitOps Workflow

The continuous integration component is at the pipeline’s start in a traditional environment. The CI component interacts with version control systems acting as a service providing the input to create operations, while the continuous development component acts as the service deploying the code. The pipeline uses CD automation to pass the code through an automated test suite and push the approved code to the production environment.

In a traditional workflow:

• A developer writes code and commits it to a version control system.
• The CI server runs an automated test suite on the code.
• If the server finds bugs or errors, the build fails and developers are notified.
• If the server approves the code, it automatically pushes it to the container image repository.
• An automated deployment tool pushes containers to the production environment.
• The team manages the containers using a container orchestration tool.

In the traditional workflow, the CI component is at the core of this CI/CD pipeline, but in GitOps, the VCS Git is at the center. A GitOps architecture allows developers to leverage. Git directly manages the operations and deployments. Pull requests are review requests where the developer pushing the code to a repository requests the system to merge the code’s approval with the repository.

In a GitOps workflow:

• A developer writes code and commits it to a version control system (VCS).
• The CI server runs an automated test suite on the code.
• If the server finds bugs or errors, the build fails and developers are notified.
• If the server approves the code, it automatically pushes it to the container repository.

Until this point, GitOps is identical to a traditional workflow. Now it gets interesting:

• A deployment automator identifies the change to the image repository and pulls it from the registry, updating the YAML file in the configuration repository.
• A GitOps agent identifies a change in the cluster and pulls it from the configuration repository, updating the cluster with the relevant changes.

What are the Benefits of GitOps?

• GitOps manages all the updates and features of the Kubernetes more rapidly. By continuously pushing features to updates making businesses more agile and respond quickly to the customer as per the demands.
• GitOps have the complete pipeline. Continuous Integration and Continuous Deployment pipelines have driven by pull request and operations tasks fully reproducible with the help of Git.
• Git backed with strong cryptography to manage changes in it, sign amendments to prove the author and origin key of the cluster’s desired state. If the immutable and auditable source of truth recreates a new system independently of the compromised, it reduces downtime with much better incident response.
• It’s cost-effective as it reduces operational overhead, lowers downtime & vastly improves productivity.
• It provides end-to-end standardization in the workflow.
• Improves stability as audit logs of cluster changes are present for validation of changes that occurred.
• Enhancement in productivity with continuous automated deployment as it reduces time.
• Improvised security as Git provides powerful correctness & cryptography to track & manage changes.
• Git’s built-in features like a rollback fork & being a single source of truth increases the reliability.

Use Cases of GitOps

With all these benefits, there are some use cases of implementing GitOps to improvise the current workflow:

• Static Websites : For deployment of complex static websites that comprise a set of markdown files which makes site pages easier to edit than raw HTML. It needs a build to make it publishable. Or even make modifications in the images to be available in different sizes to make it look good on various devices. For all this, building up a site or optimizing an image can be achieved by GitOps or even copying the deployment to the webserver.
• Writing Books : As books are text-centric, they can be aligned with a VCS system & the GitOps pipeline can be set up as soon as you get done with writing your book. The pipeline can automatically check grammatical & spelling checks & further build them in various formats like doc, pdf, ePUB & many more. Further, it can publish it to your cloud drive or a static website.
• GitOps for doc : It’s a great fit for product documentation & is commonly used for this purpose as the document is also text-based and can be created as markdown or Ascii docs can easily be stored in a VCS system like bitbucket or GitHub. Then a CI tool fetches the changes and deploys the new version of the documentation. The deploy stage can upload the latest version on various platforms as new changes are committed to the documentation.

Challenges:

• Multi-environment configurations : Pull requests and merges between different branches is problematic. Including environment specific code and creating configuration drift. Managing multiple environments with GitOps can be done by using separate branches in the environment repository. We can set up the operator or the deployment pipeline to react to changes on one branch by deploying to the production environment and another to deploy staging.
• Limited Visibility : GitOps provides visibility into everything within an environment, with all intended state data stored in Git in plain text. However, this only works with simpler setups (i.e., fewer repositories containing manageable numbers of config files). Enterprise environments often have many GitOps repositories and config files, making it impractical to comb through plain text files. Hence Visibility becomes one of the biggest challenges to exist.
• Doesn’t Centrally Manage Secrets : A complex enterprise environment requires a solution to manage secrets outside the standard CI/CD process. It is important to audit secrets (i.e., keys, passwords), so storing them in a secure, centralized data store makes sense. While GitOps won’t prevent from managing secrets centrally, it doesn’t facilitate this either. A Git repository is not suitable for storing secrets requiring encryption and decryption. Git history will remember the secrets forever.
• Auditing May Be Insufficient : Git repositories are useful for auditing processes because they retain a full history of all state changes. However, it is harder to answer other questions with a Git repository, such as the number of times an application was deployed. These tasks require walking through the Git history or searching through text files. Hence, this procedure can be time consuming and auditing acts as a challenge.

To summarize, GitOps is an operational approach that utilizes Git as the single source of truth for managing infrastructure and application configurations. By following the principles of declarative configuration, version control, automatic pull operations, and continuous reconciliation, teams can streamline their workflows and achieve better traceability and automation. It empowers teams to work collaboratively, automate deployments, and maintain a high level of control and consistency in their infrastructure and applications.