What GitOps actually is and what it is not

What GitOps actually is and what it is not

GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools?

GitOps is a modern way to make better IaC for delivering apps in Kubernetes. It is all about determinism, idempotence, automation, observability… and many other exciting features! However, are you sure all this happens in the real world using existing approach and tools? Here’s our comprehensive analysis of GitOps and its features, comparison with CIOps as well as insights on how this all should be done to actually get what each DevOps engineer dreams of.

Please note the article is based on this 30-minutes video that has a bit more of details. Enjoy the talk or its text version below:

How GitOps works

What comes to your head when you hear “GitOps”?

There is a Git repository. In that repository we have YAML files describing state for the Kubernetes, e.g.:

  • two Deployments,
  • some StatefulSet,
  • and an Ingress.

On the other side of our equation, there is a Kubernetes cluster with all our objects forming a simple application.

The only missing piece is a GitOps operator. It is responsible for syncing the state from the Git into the Kubernetes. To do this, it periodically (or by event):

  • reads the state from the Git,
  • reads the state from Kubernetes,
  • compares them,
  • changes the state of the Kubernetes (if needed).

So it’s simple as that: Git repo, K8s cluster, and the thing to keep them in sync (GitOps operator).

Image for post

GitOps workflow

By the way, while the GitOps operator can be outside, usually (almost always) it resides inside the Kubernetes cluster. To keep things simple, we draw it outside.

Just by using this approach, we already have some safety features. If a user directly modifies anything in Kubernetes, the GitOps operator detects this change and fixes it back to the state defined in the Git.

This makes a small fence that forces users — instead of going directly to Kubernetes — to make their changes to the single source of truth, i.e. in the Git.

Instead of this small fence, we can build a solid wall (by not giving users any direct access to the cluster) or a “transparent” wall (i.e. read-only access). But that is not important; what is important is that the Git is the only way in.

Image for post

werf gitops continuous-delivery flant kubernetes

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

8 Fallacies of Continuous Delivery

A quintessential piece for anyone working with distributed systems is the Fallacies of Distributed Computing by L Peter Deutsch. Even when working with modern platforms such as Kubernetes, the assertions made in the Fallacies of Distributed Computing prove to be very true around latency, bandwidth and system administration. 

Continuous delivery with Flux

The acronym “CI/CD” and its respective phrases (continuous integration & continuous [delivery|deployment]) are sometimes munged together.

How-to setup external DNS manager in Kubernetes, — to use with FluxCD for #GitOps

When it comes to GitOps efforts, amongst the many caveats and the varied snags to watch out for when configuring these, — is the DNS toil. I have been long procrastinating to get a running demo of this External-DNS https://github.com/kubernetes-incubator/external-dns for a little while, alas it is here now

Continuous Delivery Expert Check 2020 – Kubernetes & containers

In the second and last part of our expert check, you can learn how Kubernetes has changed software delivery and what CI/CD tools our experts recommend.