GitOps

What is GitOps?

GitOps is an app dev and operations methodology that leverages

  • an entire system that is described declaratively
  • code that is version controlled and
  • software agents that reconcile and ensure correctness (along with alerts, etc).

GitOps is a paradigm, not a specific tool or technology. GitOps applies to everything and brings business value.

Maya Kaczorowski adds that when you have everything “as code” with GitOps, you can make your code as automated and error-free as possible. With GitOps, you push a change to code that’s reviewed, and then you use automation to do the hard stuff of deploying, monitoring, etc. You also have a pipeline where devs only need to focus on developing their apps, and any operations or security control can be automatically verified or enforced as part of that pipeline. Teams have a clear separation of responsibilities.

The 4 Principles of GitOps

  1. The entire system is described declaratively
  2. The canonical desired system is versioned in git
  3. Approved changes can be automatically applied to the system
  4. Software agents ensure correctness and alert (diffs & actions)

Most importantly, these are principles, not technologies. You can apply the principles across many of your existing technologies without replacing them.

Also, GitOps is not constrained to Git. You can use whatever support version control.

What is GitOps for Security?

It provides

  1. Immutable infrastructure
  2. Single source of truth
  3. Dev velocity

Transparency and Collaboration

  1. Reversibility: You can do rollbacks, and lower mean time to resolving config-based outages with version controlling.
  2. Audit trails: You can track the history of a repo, …

This also helps to reduce the risk of relying on a single employee.

What can you GitOps?

You can GitOps not just apps, but infrastructure, things that go onto DNS and identity providers, Chaos experiments and Kubernetes Clusters, and more. You can GitOps all the things!

GitOps tools

References