What is GitOps

This is the first in a series of articles about Flux CD, and introduces the foundational knowledge of GitOps.

GitOps is a term coined by Weaveworks in 2018. It has been referred to as the best thing since Infrastructure as Code, and has also been referred to as being versioned CI/CD on top of declarative infrastructure.

Much like how DevOps broke down the silos between Developers and Operations/Infrastructure Teams, GitOps merges the concerns for application deployment with infrastructure deployment. It leverages the principles of Git and declarative infrastructure to automate deployments and streamline operations. By treating infrastructure as code, GitOps enables teams to achieve greater efficiency, reliability, and security.

The CNCF Glossary shows GitOps as being a set of best practices “applied to a workflow that depends on software agents that enable automation to reconcile a declared system state or configuration in a git repository”.

An evolution story

To understand the significance of GitOps, it’s important to trace the evolution of infrastructure management:

Manual Configuration: In the early days, or when less complex systems are being managed, infrastructure was configured manually. A time-consuming process, prone to error. But simple, manual configuration is the entrypoint to infrastructure or application deployment.
Scripting: To automate repetitive tasks, scripting languages like Bash and Perl introduce error minimisation, and often manual runbooks could be converted to an automated script with minimal effort. This reduced typing errors and by using parameters, engineers could apply the same script to multiple targets. This still requires upfront effort, and lacks scalability and resiliency to changes.
Configuration as Code: Tools like Puppet, Chef and Ansible emerged to codify infrastructure configuration, enabling declarative definitions of desired states. These tools made use of existing software delivery practices, and formalised the process for SysAdmins to become Infrastructure Engineers.
Infrastructure as Code: With configuration a solved problem, and cloud computing on the rise, IaC tools like Terraform allowed infrastructure to be provisioned and managed as code, utilising the API’s from Cloud Providers to enable entire testing environments to be provisioned and de-provisioned at will.
GitOps: Combining Configuration as Code and Infrastructure as Code, Git becomes the single source of truth. No longer having to always tear down entire interconnected environments, but instead utilising container based workloads.

Core Principles of GitOps

GitOps is… Declarative

A system managed by GitOps must have its desired state expressed declaratively. Much like in a Configuration as Code approach, being able to define what good looks like, and then to leave an application with specific knowledge on how to achieve that allows an abstraction between what is defined and what needs to occur to get there.

GitOps is… Versioned and Immutable

Desired state is stored in a way that enforces immutability, versioning and retains a complete history. Being able to revert to a specific point in time of a systems configuration is a powerful feature of GitOps, but also builds trust that what gets delivered will be the same every time, a consistency that is very important after all the time put into testing that something performs or behaves in an appropriate way.

GitOps is… Pulled Automatically

Software agents automatically pull the desired state declarations from the source. The Push vs Pull model of infrastructure automation has long been debated. With a Pull Based approach, an agent running inside the target zone reaches out to Git, and while it has direct, highly permissive access rights within its own environment, you can reduce the attack surface by isolating the agent within specific environments that it should be operating in.

GitOps is… Continuously Reconciled

Software agents continuously observe actual system state and attempt to apply the desired state. This means that any configuration drift, regardless of cause, can be attempted to be corrected. Maintaining the desired state is the important feature and allows for automatic patching of software or infrastructure components as desired.

Advantages of GitOps

Some of the stated benefits of Gitops include:

Increased Developer & Operational Productivity

GitOps can help you to deliver new features or patches to problematic software quicker, allowing developers to focus on writing better code and working on the next feature. Operations teams have greater control over when updates are deployed and the status of that deployment to ensure they are supporting the right version.

Consistency and Standardization

When everything is version controlled (environmental configuration too) it makes it much easier to roll back to previous versions when your updates have unintended consequences. This error recovery capability helps build trust, trust that even if a mistake is made, it won’t have such large negative consequences as it can be reverted quickly, easily, and (if the appropriate metrics based monitoring is in place) automatically even without being able to apply Canary or Blue/Green deployment approaches. This has the added benefit of improving the reliability and stability of the system.

Stronger Security Guarantees

Deployments can be managed from inside a trust boundary, which reduces the number of authorised access paths. This reduces the blast radius to individual Kubernetes namespaces or clusters, which pull the relevant configuration that relates to them rather than a CICD tool having god like access to all (production and non-production) environments and the ability to break out laterally through any of them.

Audit-ability

What changed in an environment and when, who approved it and who made the change, what testing occurred, and what were the performance statistics for a particular change at a point in time. When Git is the single source of truth, it’s much easier to answer these questions.

Get Help

Ready to start implementing GitOps in your environment? Want to learn how to leverage an enterprise release of Flux CD to enable safe, secure, and reliable deployments? Get in touch to learn how ControlPlane helps heavily regulated organisations embrace GitOps, open source, and next generation technologies.