GitOps

GitOps is a concept that manages infrastructures and applications via a declarative approach and controls them with Git. The goal is automated processing which saves time and allows for secure collaboration of individual teams across repositories.

When it comes to software development, automation is important. That’s one of the reasons why DevOps has become so popular. The underlying idea is “Infrastructure as Code (IaC)” which is intended to map the infrastructures and configurations of an IT system to make them reproducible. GitOps is a logical extension of this approach. Since 2017, the open source software Git has controlled the entire management process of an application from administration to ultimate software development as a “single source of truth”. For this purpose, GitOps defines a target state and, where necessary, adjusts the infrastructure until this state is reached.

Weaveworks provides a set of best practices for unifying individual monitoring methods for containers. These can be applied to Kubernetes and other technologies with a cloud background, making them easier to manage. Git is based on a version control system developed by Linus Torvald in 2005. This allows different development teams to collaborate on a project in parallel. Changes are adopted only after joint coordination and older development statuses are preserved. Developers can work simultaneously on different aspects and merge them at the end. You can find a comprehensive Git tutorial in our Digital Guide.

With GitOps, the target state of a system is first described declaratively. Changes are made according to the principle of Git via pull requests. When carried out, they change the Git repository. Now, when a pull request is made in an environment with GitOps, the operator activates, captures the Commit, and queries the current state via Git. This is then compared with the desired state in the repository. Once the changes are signed off, they are merged with the previous state and applied directly to the live infrastructure. This leads to faster and smoother processing, but ensures the stability and reliability of the system.

Because of the clearly defined and unchangeable principles, GitOps workflows are pretty reliable. This affects the declarative systems that are familiar from other cloud natives. The declarative description ensures that the entire system can be treated as code and versioned, serving the security and stability of the entire system, as deviations from the Git version can be detected and reported immediately. In addition, SSH keys ensure that the origin of a code can always be traced. Due to prior declaration, changes can be automated and possible sources of errors can be detected and corrected early on.

The primary approach of DevOps is and has been the merging of development and execution to simplify workflows. Because teams collaborate closely, the end product tends to improve and changes can be made faster and more accurately. GitOps takes this approach and applies it consistently to the execution part (Operations). GitOps focuses entirely on Git, while DevOps and DevSecOps are more fundamental ideas to drive collaboration between formerly separate areas relying on CI and CD pipelines. However, both approaches can be combined.

In contrast to Continuous Delivery and Continuous Integration, GitOps pulls all required information directly from Git according to the pull principle and does so without deployment via a CI server. This can be used with GitOps, but is now only responsible for building and testing. Find out more about Continuous Integration vs. Continuous Delivery vs. Continuous Deployment in the Digital Guide.

Because of its versatility Kubernetes is perhaps the most important platform to manage container-based applications. Kubernetes works declaratively and considers the target state of a system which makes it a good option for working with GitOps and for acting as an operator. However, for security reasons and to retain a better overview the source code and configuration need to be separated. The actual state can then be stored in a separate Git repository. Appropriate synchronization tools to prevent unauthorized access and possible errors should be used.

There are now plenty of tools for GitOps intended to simplify and improve automation. They include tools for working with Kubernetes as operators for the implementation of GitOps. The best-known operator (or custom controller) is Flux. Alternatives are ArgoCD or Fleet. Key tools for increased security include SOPS from Mozilla and Sealed Secrets from Bitnami. Cluster API or Fleet are great for use with Kubernetes clusters. Overall, the market is comparatively large, so that there is a suitable tool for almost every application.

To find out if GitOps is suitable for your purpose, check out these pros and cons.

• Productivity: Automation enables changes to be made in less time. Developers are able to work more effectively.
• Security and stability: Precise checks mean that errors are detected rapidly and corrected automatically. This contributes to greater security and stability. Thanks to resilient rollbacks, restoring older states is much easier and the pull approach prevents unwanted complications.
• Unity: Workflows are standardized through GitOps. This leads to better and easier collaboration and allows new employees to get started faster.

• Separation of CI and CD: Due to strict separation of CI and CD in the GitOps approach, it can be difficult to perform post-deployment testing.
• Overview: When working with multiple environments, GitOps can become confusing. Numerous repositories and configurations can add to the confusion.