Morioh
Login
Dock Koelpin

Dock Koelpin

3 years ago

GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools? Here’s our comprehensive analysis of GitOps and its features, comparison with CIOps as well as insights on how this all should be done to actually get what each DevOps engineer dreams of.

Please note the article is based on this 30-minutes video that has a bit more of details. Enjoy the talk or its text version below:

How GitOps works

What comes to your head when you hear “GitOps”?

There is a Git repository. In that repository we have YAML files describing state for the Kubernetes, e.g.:

  • two Deployments,
  • some StatefulSet,
  • and an Ingress.

On the other side of our equation, there is a Kubernetes cluster with all our objects forming a simple application.

The only missing piece is a GitOps operator. It is responsible for syncing the state from the Git into the Kubernetes. To do this, it periodically (or by event):

  • reads the state from the Git,
  • reads the state from Kubernetes,
  • compares them,
  • changes the state of the Kubernetes (if needed).

So it’s simple as that: Git repo, K8s cluster, and the thing to keep them in sync (GitOps operator).

Image for post

GitOps workflow

By the way, while the GitOps operator can be outside, usually (almost always) it resides inside the Kubernetes cluster. To keep things simple, we draw it outside.

Just by using this approach, we already have some safety features. If a user directly modifies anything in Kubernetes, the GitOps operator detects this change and fixes it back to the state defined in the Git.

This makes a small fence that forces users — instead of going directly to Kubernetes — to make their changes to the single source of truth, i.e. in the Git.

Instead of this small fence, we can build a solid wall (by not giving users any direct access to the cluster) or a “transparent” wall (i.e. read-only access). But that is not important; what is important is that the Git is the only way in.

Image for post

#werf #gitops #continuous-delivery #flant #kubernetes

What GitOps actually is and what it is not

medium.com

What GitOps actually is and what it is not

GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools?

2.00 GEEK