XenonStack Recommends

DevSecOps

Overview of Gitops Tools | Principles | Benefits | Use Cases

Gursimran Singh | 11 October 2021

Subscription

XenonStack White Arrow

Thanks for submitting the form.

Introduction to GitOps

With the introduction of containers, the world has witnessed agility like never before. Within seconds, an administrator can rollout production-grade deployments by ensuring scalability so that when needed, demand can be met via orchestrators like Kubernetes (k8s). But when it comes to standard containers, workflow is not able to meet the ever-growing business demands. The need for more efficient deployment and scaling of container clusters over k8s is a must to improve the development cycle.

Here comes GitOps into the picture. This blog will describe GitOps principles, its importance and comparison with Infrastructure as a Code, its benefits, and use cases where the benefits of GitOps can be leveraged. At the end, you’ll get a holistic view of GitOps, so you get clarity to adopt GitOps in your tech stack.

What is GitOps?

GitOps is a method used for Continuous Delivery. It uses Git as a single source of truth for infrastructures like declarative infrastructure and applications. On Git, set delivery pipelines, make pull requests, accelerate and simplify both the application deployments and the operations task to Kubernetes. By using Git, create new features in the Applications rather than focusing on operations tasks.
  • Code - We can write our application code and push it to Git.
  • Build (Pipeline as Code) - Build pipeline code(yaml) in Git to build code using CI tools.
  • Provision (Infrastructure as Code) - Write a terraform file or Ansible playbook in Git to provision a Kubernetes cluster.
  • Deploy - Write a deployment manifest for Kubernetes or based on the application.

GIT

  • Distributed Version Control System
  • Manage Source Code
  • Any Text file tracked
  • Collaboration

Ops

  • Configure,build,test,deploy
  • CI/CD
  • Monitor, fix
  • Upgrades
  • Rollbacks
  • Automation

GitOps

  • Ops practices using Git
  • Use Git as a source of truth
  • Drive operations through the git repo
  • Get version control, history, peer review, and rollback
  • Continuous Delivery- Automates pipelines
  • Webhooks: push to trigger build/test
  • PR's & merge branch to deploy

GitOps Pattern

  • CI build artifacts
  • Updates Config (in a git repo)
  • Trigger Rollout (PR merge/commit)
  • Observe
  • Control

Git Source of Truth

  • Infrastructure as Code - Terraform, CloudFormation.
  • System Configuration as Code - Ansible, Chef, Puppet.
  • Application Configuration as Code - Kubernetes, Hasura.
  • Application Source Code

CI and CD incorporate values, a set of operating principles, that enable application development teams to deliver changes more reliably. Source: Continuous Integration, and Continuous Delivery

What are the basic Principles of GitOps?

GitOps is based on the principles mentioned ahead:

Declaratively described

Its primary focus is to target the final configuration to achieve the desired state, not what the process is to be done. While comparing with the imperative approach, it is focused on the process to attain the results but is not aware of the desired state.

Single source of truth

GitOps follows VCS as a single source of truth, such as git. It helps to compare the configuration drift & helps in having an audit trail to make misconfiguration tracing easy.

Approved changes for direct application to the system

Once PR or MR is reviewed and merged in the configuration, it gets directly applied to the system.

How GitOps Works?

The deploy component is divided into two parts: one is a Flux Automator used to observe new builds and update configurations on the new release, and the second Flux synchronizer to ensure that the orchestrator is correct to state. Workflow for the new creation or updating of a new feature -
  1. First, make a pull request for a new feature pushed to GitHub.
  2. Go for the code review and merge to Git.
  3. Then Git automatically merges the triggers, the process of CI, builds the pipeline, runs tests, and then builds a new image and deposits it to a registry.
  4. The Deployment Automator checks the image registry, reviews the image, and then it pulls the new image from the registry and updates the YAML file of that project in the config repo.
  5. The Deployment Synchronizer is installed on the cluster and detects that the cluster is out of date. Then It pulls the changes in the manifests from the config repo and then deploys the new feature to production.

What are the Benefits of GitOps?

The below are the benefits of GitOps mentioned:

  • GitOps manages all the updates and features of the Kubernetes more rapidly. By continuously pushing features to updates making businesses more agile and respond quickly to the customer as per the demands.
  • GitOps have the complete pipeline. Continuous Integration and Continuous Deployment pipelines have driven by pull request and operations tasks fully reproducible with the help of Git.
  • Git backed with strong cryptography to manage changes in it, sign amendments to prove the author and origin key of the cluster's desired state. If the immutable and auditable source of truth recreates a new system independently of the compromised, it reduces downtime with much better incident response.
  • It’s cost-effective as it reduces operational overhead, lowers downtime & vastly improves productivity.
  • It provides end-to-end standardization in the workflow.
  • Improves stability as audit logs of cluster changes are present for validation of changes that occurred.
  • Enhancement in productivity with continuous automated deployment as it reduces time.
  • Improvised security as Git provides powerful correctness & cryptography to track & manage changes.
  • Git’s built-in features like a rollback fork & being a single source of truth increases the reliability.

AWS DevOps Pipeline is the latest method of creating and deploying software, plus it has brought a cultural shift in companies as well. Source: Setting up DevOps Pipeline on AWS

Why GitOps Matters?

Git is a tool to support the various project and team setups by coordinating the workflow of projects. Git is a tool set up on different Operating Systems simultaneously without thinking about the Operating System used while working on large projects. GitOps uses a single tool and interface to control infrastructure. It provides version control for all of the changes done in configuration. Moreover handy for rolling back changes and auditing purposes. It also detects changes and generates automatic alerts. No need to learn a new tool to manage infrastructure. It is an Open Source system used by a large community.

How to Adopt GitOps?

The below are the steps to adopt the GitOps for continuous integration and deployment.
  • Create a new Repository.
  • Create a new directory, open it and perform a "git init" to create a new git repository.
  • Checkout Repository.
  • Create a working copy of a Local repository by running the command "git clone /path to the directory.
  • While using a remote server, enter Username and Password.
  • Create Required Files as per the requirements of the Application.
  • Then by using "git add " add those files on the Repository at log in.
  • After Adding files, do the commit using the command "git commit -m "Commit message."
  • Changes are done on local working, now copy to send those changes to the remote repository, execute "git push origin, approve code review and merge to Git.
  • After Code is pushed on Git Repository, then the CI pipeline automatically starts and runs tests.
  • Then build a new Image saved in Registry Like Docker Hub.
  • Git automatically merges, triggers the CI process, builds the pipeline, runs tests, builds a new image, and deposits to a registry.
  • The Deployment Automator checks the image registry, reviews the image. Then it pulls the new image from the registry and updates the YAML file of that project in the configuration repo.
  • The Deployment Synchronizer is installed on the cluster and detects that the cluster is out of date. It pulls the changes in the manifests from the configuration repository and then deploys the new feature to production.
Java vs Kotlin
Managed services for Enterprises to facilitate Automated Security Alerts, Single Click Deployments, and Monitoring Solutions. Managed DevOps Services and Solutions

Use Cases of GitOps

With all these benefits, there are some use cases of implementing GitOps to improvise the current workflow:

Static Websites

For deployment of complex static websites that comprise a set of markdown files which makes site pages easier to edit than raw HTML. It needs a build to make it publishable. Or even make modifications in the images to be available in different sizes to make it look good on various devices. For all this, building up a site or optimizing an image can be achieved by GitOps or even copying the deployment to the webserver.

Writing Books

As books are text-centric, they can be aligned with a VCS system & the GitOps pipeline can be set up as soon as you get done with writing your book. The pipeline can automatically check grammatical & spelling checks & further build them in various formats like doc, pdf, ePUB & many more. Further, it can publish it to your cloud drive or a static website.

GitOps for doc

It’s a great fit for product documentation & is commonly used for this purpose as the document is also text-based and can be created as markdown or Ascii docs can easily be stored in a VCS system like bitbucket or GitHub.
Then a CI tool fetches the changes and deploys the new version of the documentation. The deploy stage can upload the latest version on various platforms as new changes are committed to the documentation.

What are the Best Practices of GitOps?

The core best practices of GitOps are below:
  • Declarative Infrastructure as Code.
  • Immutable deployment.
  • Code & config version controlled.
  • Rollback functionality.
  • Operational changes made by Pull Request; don't let CI push updates into the Kubernetes cluster or use kubectl by hand.
  • Build each container image just once and 'promote' it through each test sequence/environment, do not rebuild each time. Must update declarative configuration changes in Git.
  • Monitorable & observable services & infrastructure.
  • Different tools detect/alert divergence.
  • Sync tools enable convergence.
  • Completely automated delivery pipeline.

Best Tools for GitOps

Listed below are the best tools for GitOps.

A Holistic Strategy

With effective continuous delivery solutions, Enterprises can Lower risk releases, Improved Stability, and Higher Reliability. To incorporate this strategy, we advise taking the following steps -