GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools?
GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools? Here’s our comprehensive analysis of GitOps and its features, comparison with CIOps as well as insights on how this all should be done to actually get what each DevOps engineer dreams of.
Please note the article is based on this 30-minutes video that has a bit more of details. Enjoy the talk or its text version below:
What comes to your head when you hear “GitOps”?
There is a Git repository. In that repository we have YAML files describing state for the Kubernetes, e.g.:
On the other side of our equation, there is a Kubernetes cluster with all our objects forming a simple application.
The only missing piece is a GitOps operator. It is responsible for syncing the state from the Git into the Kubernetes. To do this, it periodically (or by event):
So it’s simple as that: Git repo, K8s cluster, and the thing to keep them in sync (GitOps operator).
By the way, while the GitOps operator can be outside, usually (almost always) it resides inside the Kubernetes cluster. To keep things simple, we draw it outside.
Just by using this approach, we already have some safety features. If a user directly modifies anything in Kubernetes, the GitOps operator detects this change and fixes it back to the state defined in the Git.
This makes a small fence that forces users — instead of going directly to Kubernetes — to make their changes to the single source of truth, i.e. in the Git.
Instead of this small fence, we can build a solid wall (by not giving users any direct access to the cluster) or a “transparent” wall (i.e. read-only access). But that is not important; what is important is that the Git is the only way in.
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
A quintessential piece for anyone working with distributed systems is the Fallacies of Distributed Computing by L Peter Deutsch. Even when working with modern platforms such as Kubernetes, the assertions made in the Fallacies of Distributed Computing prove to be very true around latency, bandwidth and system administration.
The acronym “CI/CD” and its respective phrases (continuous integration & continuous [delivery|deployment]) are sometimes munged together.
When it comes to GitOps efforts, amongst the many caveats and the varied snags to watch out for when configuring these, — is the DNS toil. I have been long procrastinating to get a running demo of this External-DNS https://github.com/kubernetes-incubator/external-dns for a little while, alas it is here now
In the second and last part of our expert check, you can learn how Kubernetes has changed software delivery and what CI/CD tools our experts recommend.