Trending keywords: security, cloud, container,
GitOps is a functional framework created to ensure that the process of application development follows the best DevOps practices building the application as infrastructure-as-code (IaC) and using Git as the only source of the declaration of that infrastructure and configuration for its managing and automation.
Keep reading for information on what GitOps is, its features and benefits, and details about some of the popular tools that help teams implement the GitOps model within their organizations.
What is Git?
Git is an open source, distributed version control system. This tool allows development teams to manage source code efficiently and effectively. Git contains functionality that facilitates developer collaboration using a non-linear and branch-based development process.
Perhaps most importantly, as a code base evolves, Git enables development teams to track each change made to their source code. In other words, all code living in a Git repository is versioned. Due to this, developers and operations teams have the ability to analyze any and all modifications and to quickly roll back to a prior version of the code base whenever necessary.
What is Infrastructure-as-Code?
To properly explain GitOps, it’s necessary to review the concept of Infrastructure-as-Code (typically abbreviated as IaC).
True to its name, IaC refers to the practice of defining your infrastructure as code. This means developing templates, configuration files, and the like to define the infrastructure components and configuration for a system. In the end, instead of having operations professionals manually build out what is needed, code is executed to stand up the infrastructure with the desired configuration.
When done properly, one of the main benefits of IaC is consistency. By writing code to define the infrastructure, a set of instructions is prepared that configures environments in the exact same fashion each time they are executed. This is representative of idempotency. Idempotence is the property whereby certain operations can be “applied multiple times without changing the result beyond the initial application”.
By using IaC, teams ensure that they have the ability to rollback to previous configurations as needed. By applying prior versions of IaC files, an environment can be reset to reflect the desired configuration from an earlier point in time. This is invaluable in instances where problematic changes to environment configuration are introduced and the goal is to simply revert to a working state as quickly as possible.
DevOps best practices
GitOps involves taking the same practices popularly used for managing the application development process and using these practices to also manage the code that builds out an infrastructure. This includes automating the manner in which configuration changes are deployed. In this way, GitOps requires IaC but takes it one step further.
Consider the following application development practices that can be used in conjunction with IaC to move an organization towards GitOps:
- IaC files are stored in a source code repository, enabling version control to be used to preserve a history of all changes made to these files over time.
- All changes made to these files are done in separate branches that are later merged back to main. The individuals making the changes are to use pull/merge requests.
- Code reviews are performed prior to closing a pull/merge request and merging changes back to main. This assists in ensuring that problematic modifications do not make their way into the main branch and, ultimately, aren’t delivered to other environments.
- Automated testing and security scanning is performed as part of the CI pipeline to provide further assurances that no issues are present that result in problems or vulnerabilities being introduced in other environments.
- Delivery of configuration changes to other environments is automated. This eliminates human error from the process of applying changes to infrastructure. In doing so, the risk of configuration drift across environments is also eliminated. Additionally, it provides a clearer view of what infrastructure changes were made to which environments and when.
GitOps Features: The Benefits of the GitOps Framework
Now that we have a background on what GitOps is, let’s dig a little deeper into why GitOps is so valuable by highlighting some of the major features of GitOps and the benefits attained through the implementation of the GitOps model.
GitOps Reduces Risk to Infrastructure through Automated Testing and Formal Code Reviews
By employing the same reliability practices used in application development, GitOps brings the same code quality benefits to IaC. With GitOps, changes are made outside of the main branch, they are reviewed by other team members, and they are tested in an automated fashion. These practices make it much easier to catch problems prior to their release, lowering the chances of a change causing issues in other environments.
GitOps Provides the Necessary Mechanisms for Effective Collaboration
GitOps provides teams with everything they need to collaborate effectively in making adjustments to the code that defines environment configuration. Having the above controls in place (proper source code management, code review functionality, and automated testing) means that team members of varying experience can contribute and make changes as needed.
For instance, a developer with a low level of experience can be encouraged to open a pull/merge request to make configuration changes with the comfort of knowing that they can experiment in their own branch where they can’t do any damage. Moreover, they can rest assured that their changes will be appropriately vetted prior to being merged back to the main branch by more senior team members. This is advantageous as it facilitates the learning process by enabling newer personnel to make contributions while ensuring that team members with greater experience and familiarity with the infrastructure have eyes on any changes making their way into production.
GitOps Provides a Simplified Process for Rolling Back Problematic Modifications
The use of Git in conjunction with IaC provides the benefit of versioning all changes made to IaC files. In doing so, the historical state of the infrastructure is tracked and can be easily reproduced. This is particularly valuable in disaster recovery scenarios, helping to lower MTTR by facilitating the efficient rollback to an earlier, properly-functioning state.
GitOps Requires Infrastructure Deployment Automation, Leading to Lower Risk
The use of automation in deploying changes to infrastructure means that fewer people will need access to non-local environments to make changes manually. This makes those environments inherently more secure. Furthermore, with all changes being made without human involvement, the risk of an accidental misconfiguration due to human error is eliminated. Each environment will be configured in exactly the same fashion, as defined in the files.
Tools That Make GitOps Possible
Let’s take a look at a few tools that can be leveraged to help teams put GitOps into practice in their organization.
Flux and ArgoCD
Both tools work in a similar fashion, continuously checking for differences between the state of the environment as defined in the latest release in Git versus the configuration currently running in a Kubernetes cluster. When these two configurations differ, the tools work by performing the necessary updates to achieve the desired configuration.
Essentially, both Flux and ArgoCD are tools with the required capabilities to do the heavy lifting associated with keeping the state of all environments in sync with what is represented in an organization’s latest intended release. And they do so in an automated and pull-based manner.
GitHub and GitLab
GitHub and GitLab are two popular platforms built on top of the Git source code management system. As such, they can both be used to manage Git repositories for IaC files. Moreover, both of these platforms contain similar features that enable the GitOps model to be put into practice.
- GitHub has the concept of pull requests, while GitLab has the concept of merge requests. In conjunction with their intuitive UIs, the platforms enable an easy-to-use process of review and sign-off prior to merging changes back to the main branch.
- Both GitHub and GitLab support functionality for configuring CI pipelines. These pipelines facilitate the processes of automated testing and scanning to assist in the discovery of issues prior to deployment. This is critical in maintaining the level of code quality necessary to efficiently and continuously deliver changes to other environments. With the continuous delivery of changes to infrastructure configuration being a core tenet of GitOps, these functions help pave the way for this to be possible.
With GitOps, a Git repository becomes the source of truth for infrastructure configuration. With this comes better development and deployment processes for IaC, enabling organizations to benefit from increased consistency across environments, simpler processes for rolling back to an earlier state when issues occur, and an increase in code quality leading to greater system reliability.