GitOps: An introduction

How does GitOps work? GitOps is an innovative approach that uses Git as the central source for managing infrastructure and applications. By applying Git principles to the operations side of software development, it enables transparent, versioned, and automated deployment. This particularly enhances efficiency, security, and reproducibility in complex Kubernetes environments. Tools like ArgoCD and Flux play a crucial role in supporting seamless integration of CI/CD processes.

What is GitOps

GitOps is a method that uses Git repositories as the central source for delivering infrastructure as code. The term combines “Git” and “Ops” (operations) and describes the application of Git principles to the operations side of software development. The submitted code is verified through a CI process (Continuous Integration), while the CD process (Continuous Delivery) ensures that all security, infrastructure as code, and other defined boundaries of the application framework requirements are met. Every code change is documented, facilitating updates and allowing rollbacks when necessary.

Core Elements / Principles of GitOps

Git as Single Source of Truth

All configuration data and infrastructure definitions are stored in Git repositories. Each change is made through a commit and push to the repository, providing a complete history of all changes.

Automated Deployment and Management

CI/CD pipelines utilize Git repositories to automatically review, test, and deploy changes to infrastructure and applications.

Continuous Monitoring and Synchronization

Tools like Kubernetes and other management tools ensure that the current state of the production environment always matches the state defined in Git. In case of discrepancies, automatic corrections (self-healing) are made.

Transparency and Traceability

Every change is traceable and auditable, supporting security and compliance requirements.

Increased Efficiency and Collaboration

By utilizing the same workflows and tools as in software development, developer and operations teams can collaborate more efficiently.

Benefits of GitOps in Complex Kubernetes Environments

Increased Reliability and Stability

Versioning: Every change to infrastructure and applications is versioned. This allows for easy rollback to previous stable versions, which is particularly helpful in complex environments.
Reproducibility: Since all configuration is stored in the Git repository, an environment can be reproduced at any time. This facilitates testing and recovery during failures.

Improved Collaboration and Transparency

Pull Requests and Code Reviews: Changes to infrastructure are proposed through pull requests and can be reviewed and commented on by team members. This promotes collaboration and ensures that changes are thoroughly reviewed before going into production.

Central Repository: Git serves as the single source of truth, creating transparency and making the current state of infrastructure visible to all team members.

Why GitOps

GitOps adopts the philosophies and approaches of the DevOps culture and provides a structured framework for implementation.
GitOps extends the familiar Git workflows of development teams to the areas of deployment, lifecycle management of applications, and infrastructure configuration. Changes across the application lifecycle are tracked in the Git repository and are auditable. This allows development teams to work at their own pace without waiting for resources or approvals from operations teams.
The transparency of changes enables Ops teams to quickly identify and reproduce issues, enhancing security. An up-to-date audit trail helps minimize the risk of unwanted changes and corrects them before they reach production.
By integrating code changes from development to production, teams gain agility to respond quickly to changes.

What distinguishes GitOps from DevOps?

GitOps provides us with tools to apply DevOps practices such as collaboration, CI/CD, and version control to infrastructure automation and application deployment. Development teams can work in the code repositories they already know, while the operations team provides the necessary components.

GitOps Tools

ArgoCD and Flux are the most popular options for GitOps. Both ArgoCD and Flux have significantly contributed to the rise of GitOps and are part of the OpenGitOps initiative of the CNCF (Cloud Native Computing Foundation). In 2022, both tools achieved CNCF graduation status.
ArgoCD presents itself as a comprehensive GitOps solution, offering a well-rounded GitOps experience with its diverse features, while Flux stands out with its wide range of integrations and extensions due to its adaptability and customization.
Additionally, Argo CD and Flux feature a command-line interface, a Grafana metrics dashboard, and API calls.

Argo CD

Argo CD combines the terms “Argo” and “CD”. The “Argo Project” provides open-source tools for Kubernetes and is a project of the CNCF. In addition to Argo CD, the Argo project also includes Argo Rollouts, Argo Events, and Argo Workflows.

Argo CD offers an efficient and straightforward way to perform declarative and versioned application deployments. It automatically monitors and takes over changes to the manifests in the Git repository. Additionally, it enables easy rollback, allowing earlier states to be restored without manually undoing each update in the cluster.

A significant advantage of Argo CD is the easy disaster recovery process for clusters. Due to its nature, the same state can be automatically restored in the cluster without manual intervention, even in the event of a cluster failure. Furthermore, Argo CD provides an automatic self-healing function: when enabled, Argo CD restores the defined state from the Git repository as soon as a deviation occurs.

Flux

Flux is a tool that keeps Kubernetes clusters synchronized with configuration sources such as Git repositories and makes automatic updates to the configuration when new code is to be deployed.
It is built with components of the GitOps toolkit, which consists of the following elements:

• Specialized tools and Flux controllers
• Modular APIs
• Reusable Go packages for GitOps available under the fluxcd on GitHub.

These components are designed to enable continuous delivery on Kubernetes.

Flux was built from the ground up to leverage Kubernetes’ API extension system and seamlessly integrate with Prometheus and other core components of the Kubernetes ecosystem. It supports multi-tenancy and can synchronize any number of Git repositories.

Conclusion

At Firstattribute AG, we have been building our Kubernetes platform for several years now. When we started our K8S journey, we used ARM templates (Azure Resource Manager templates) to create our clusters.
Soon we realized that we were spending a lot of time manually creating and maintaining resources. We decided to deploy and manage resources with GitOps. The result is that we can now move faster and have improved the compliance, security, and auditability of our my-IAM platform.

At FirstAttribute AG, Flux and Argo CD assist us in our customer environment with agile software development, enabling us to very quickly and efficiently deploy changes for our customer projects and the my-IAM platform on a test or production system. It helps apply GitOps techniques for faster and safer deployments.