Informazioni approfondite tecniche / GitOps

GitOps: Leveraging DevOps for cloud native infrastructure automation

Cloud native environments can be dynamic and complex. Your Kubernetes clusters and the applications running on them have a lot of moving parts, with continuous integration and continuous delivery (CI/CD) pipelines processing dozens or hundreds of changes a day. The state of your clusters may need to be updated frequently, potentially leading to configuration inconsistencies and hours of troubleshooting. These challenges are leading many DevOps teams to adopt GitOps to standardize Kubernetes cluster configuration and application deployment. (It’s important to note that although it’s most often associated with Kubernetes, GitOps can be used with any infrastructure that can be declaratively managed.)

What is GitOps?

GitOps is an operational model that applies the principles of Git—an open source version control system—to infrastructure configuration. Expanding on this basic GitOps definition, GitOps simplifies the management of cloud native infrastructure by applying the Git best practices from software development to infrastructure configuration, using an infrastructure-as-code (IaC) approach. Applying GitOps principles to your operations brings the benefits of Git to infrastructure management and deployment pipelines.

With the GitOps approach, Git is used to version and store the necessary infrastructure configuration files. A Git repository—such as GitHub, GitLab, or a private Git repository—serves as the single source of truth for infrastructure running in development, staging, production, etc. Configuration files are pushed to the infrastructure (or pulled by the infrastructure) in a coordinated manner along with application files, ensuring that the infrastructure is correctly configured.

Using GitOps, developers can deploy new code (and the infrastructure configuration necessary to support that code) without waiting for anyone in Dev to make it happen. Essentially, GitOps enables self-service for Dev, while using well-understood Git capabilities to ensure that everything is properly reviewed, logged, and audited.

Process automation is one of the essential components of efficient DevOps, making GitOps a natural addition. Applying GitOps principles can simplify the developer experience for declarative infrastructure and provide a central point of coordination that streamlines collaboration, CI/CD, version control, code review, and configuration management.

Once a change is triggered in Git by a developer, it's applied throughout the environment with little or no involvement from operations. Teams reduce time spent on provisioning and managing infrastructure resources, and can prioritize proactive delivery of additional services and capabilities.

What are the benefits of GitOps?

The major advantage of GitOps is that it provides a single consistent model for making changes to infrastructure, applications, Kubernetes, and Kubernetes add-ons. This has several results:

  • 1. Simplified infrastructure management

    GitOps automates the management of infrastructure as a part of your DevOps practice. Incorporating infrastructure configuration updates in the CI/CD pipeline allows application and infrastructure changes to occur in lockstep, reducing configuration errors. If you're deploying the same applications across multiple clusters, GitOps can ensure that all clusters are identical, without the errors that are common with manual operations.

  • 2. Improved reliability and stability

    GitOps workflows provide a convenient audit log of all cluster changes in the Git repository, allowing you to audit changes and roll back to the previous state if necessary.

  • 3. Increased productivity

    Continuous deployment of source-controlled infrastructure reduces configuration errors, saving time for DevOps teams and allowing multiple teams to work on different infrastructure components without interfering with each other’s work. This results in faster, more frequent deployments.

  • 4. Strong security

    GitOps helps organizations enforce security best practices and provides audit trails that identify the details of infrastructure changes (such as authorship and origin, deployment date and time, and affected resources).

Git tracks everything, making repeatability easy. It's simple to find out “what changed?” because everyone can go directly to the answer.

What to keep in mind if you're considering GitOps

People often ask if GitOps is infrastructure-as-code (IaC) or if GitOps is CI/CD. GitOps has a role to play in both. Once a configuration file is committed to Git, it's the job of GitOps to deploy and maintain that configuration in the designated state. GitOps feeds the CI/CD pipeline, automating the delivery of the declared infrastructure to cluster(s) in development, staging, production, or other environments.

Here are some key things you should know if you're considering adopting GitOps.

  • GitOps has three core concepts

    When it comes to GitOps, there are three core principles that you need to understand:

    • 1. Infrastructure as code

      You may already be using IaC tools such as Chef and Puppet that can provision servers on demand. These tools keep your infrastructure configuration versioned, backed up, and reproducible from source control. Connecting these tools to your Git repository ensures your deployed infrastructure conforms to the latest approved version. If disaster strikes, the latest version will be automatically redeployed.

    • 2. Merge requests

      GitOps uses merge requests (MR) as a point of collaboration across teams, simultaneously providing a record for audit and troubleshooting. MR can be used to evaluate and approve proposed changes through peer review and comments. When an MR is approved, the code is merged to the Git repository where it can be picked up by the CI/CD pipeline.

    • 3. CI/CD

      Continuous integration (CI) automates the process of building and testing software, while continuous delivery (CD) automates the delivery of software to a production-like environment. Together, the two processes enable an automated pipeline, capable of delivering new features and application updates more quickly.

  • GitOps vs. DevOps

    It's important to understand the relationship between DevOps and GitOps. DevOps is not prescriptive, but high-functioning DevOps teams tend to share several characteristics:

    • A DevOps culture that encourages teamwork and collaboration

    • Teams that have had joint training and have established joint processes between Dev and Ops

    • A shared set of DevOps tools that improve collaboration and create a common understanding of software delivery from start to finish, with automation for time-consuming processes

    Because it enhances collaboration, streamlines and automates infrastructure changes, and minimizes configuration errors, GitOps fits well within the DevOps framework, reducing friction and freeing up time for teams to focus on code. So, GitOps can be an important part of your DevOps efforts, but GitOps and DevOps are not the same thing.

  • Implementing GitOps workflows

    Your DevOps team likely already has two basic elements necessary for GitOps workflows:

    • A git repository

    • A CI/CD pipeline encompassing the stages of the software development lifecycle

    For Kubernetes, you need a GitOps operator running on each cluster to serve as the go-between. Popular tools to enable GitOps on Kubernetes include Flux and ArgoCD.

    A GitOps workflow begins by “declaring” the state of everything, including infrastructure configuration files and application source code. When a merge request is completed and approved, the code from the Git repository is picked up by the CI/CD pipeline.

    Output from the pipeline passes to the Git operator. The output can be pushed, but many operators constantly check the state of Git and “pull” changes. (Pulling changes is more secure since the CI/CD pipeline doesn’t require direct access to the cluster.) Once changes arrive, the Git operator will orchestrate the underlying infrastructure to match the desired state. Pull-based operators can also detect drift (i.e., deviation between the desired state and the actual state) and remediate it.

    GitOps workflows can be extended in a variety of ways, for instance by incorporating intermediary infrastructure deployments for testing or staging prior to production. Additionally, a GitOps pipeline offers limitless possibilities to extend and integrate infrastructure to meet particular needs.

Domande frequenti

Is my project ready for GitOps?

If you're using Kubernetes, or your infrastructure can be managed with declarative infrastructure-as-code tools, you can also use GitOps.

I don’t use Kubernetes. Can I still use GitOps?

Most operators for pull-based GitOps are implemented with Kubernetes in mind, but you can use any infrastructure that can be observed and described declaratively, with an operator that allows your CI/CD pipeline to communicate with your infrastructure.

Is GitOps just versioned infrastructure-as-code?

No. GitOps helps guarantee that the desired state of your infrastructure is deployed. Additionally, you gain all the benefits of code reviews, pull requests, and comments on changes to your infrastructure.