3 Steps to Developing a Successful GitOps Model
In this post, explore how GitOps best serves organizations that develop cloud-native solutions based on containerization and microservices.
Join the DZone community and get the full member experience.Join For Free
This is an article from DZone's 2022 DevOps Trend Report.
Read the Report
What Is GitOps and Why Is it Important for an Organization?
GitOps is a model to automate and manage infrastructure and applications. This is done by using the same DevOps best practices that many teams already use, such as version control, code review, and CI/CD pipelines. While implementing DevOps, we've found ways to automate the software development lifecycle, but when it comes to infrastructure setup and deployments, it's still mostly a manual process. With GitOps, teams can automate the infrastructure provisioning process. This is due to the ability to write your Infrastructure as Code (IaC), version the code in a Git repository, and apply continuous deployment principles to your cloud delivery.
Companies have been adopting GitOps because of its great potential to improve productivity and software quality. GitOps best serves organizations that develop cloud-native solutions based on containerization and microservices.
How Does GitOps Improve the Lives of Developers and Operations?
The increased infrastructure automation that comes with GitOps creates the opportunity to develop a more "self-service" approach for application developers. Rather than negotiating for cloud resources, skilled developers can use Infrastructure as Code to declare their cloud resource requirements. This becomes the desired state of the infrastructure, stored centrally and serving as the immutable reference point between the requirements as stated in the code and the actual state of the live environment.
The self-service approach is liberating for developers. It makes them more productive, allows them to focus on innovation, and gets their apps to market more quickly. Additionally, it avoids the mire that can be introduced when developers and operators need to negotiate resources.
On the other hand, there is a frequent misconception that the increased automation of operations means that Ops teams need fewer people and Ops's role in the pipeline is marginalized. Our view is the exact opposite; we believe that modern approaches such as GitOps and the Internal Developer Platform provide exciting opportunities for Ops (Platform Team) to enhance their skills and create more value for the organization. In a high-performing, cloud-native software development organization that embraces GitOps, you are likely to find a growing Platform team that is helping to make it all work.
The actual technology used by the Platform team may vary. In some cases, this could just be a closed PaaS solution. In others, it could be a combination of various tools to create a bespoke platform tailored to the organization's needs. This gives them the ability to exert more influence and control over the infrastructure resources and architecture and create "guardrails" that enforce a simple, efficient, and standardized approach to cloud-native application deployment.
GitOps helps improve the collaboration between developers and operation teams, increases their productivity, and increases deployment frequency. It enhances the developers' experience by enabling them to contribute with features without the need to know the underlying infrastructure. At the same time, it gives control to operations with code reviews and approvals. With these improvements, teams can release faster and more secure to maintain their position in the market.
What Are the Three Must-Do Steps to Implement GitOps?
To experience the most prominent advantages of implementing a GitOps model in your company, like standardization and consistency in your overall workflow, here is what you need to consider.
Everything as Code
- Declare your IaC.
- Use a Git repository for your IaC development.
- Replicate the practices that are part of your application code lifecycle to your infrastructure code as well.
- Using technologies like Docker and Kubernetes, define your environment, versions, configurations, and dependencies as code, and ensure they get enforced on runtime.
- Gradually extend the GitOps model onto anything that can be defined as code, like security, policy, compliance, and all operations beyond infrastructure.
Figure 1: Everything as code
Declarative code improves readability and maintenance. CloudFormation, Terraform, Pulumi, and Crossplane are some possible declarative languages you can use to define the configuration of how you want your infrastructure to look.
When everything is defined as code, you can use a Git repository for your development and explore benefits, such as version control, collaboration, and audits.
A proper Git flow consists of:
- The main branch, which usually represents an environment, like dev, test, stage, prod, and the state running on that environment.
- When developers need to introduce changes to the code, they create a new branch from the main branch.
- When the changes are ready, the developers create a pull request that should be reviewed by operations to validate and approve. Security and compliance experts can also be involved in this stage to validate the environment's state properly.
- Once approved, the code can be merged into the main branch and delivered to test or production.
Using this workflow, you can track who made which change and ensure the environment has the correct version of the code.
Figure 2: GitOps workflow
If you already take advantage of the Git flow system by working with feature branches and pull requests, then you won't need to invest much in a new process for your GitOps workflow. Furthermore, as your infrastructure (and other operations) are defined as code, you'll be able to implement the same practices for code review.
Separate Build and Deploy Process (CI and CD)
- A CI process is responsible for building and packaging application code into container images.
- The CD process executes the automation to bring the end state in line with the system's desired state, described in the repository code.
Ultimately, GitOps sees CI and CD as two separate processes — CI as a development process and CD as an operational process.
A GitOps approach commonly used to separate these processes is to introduce another Git repository as a mediator. This repo contains information about the environment, and with every commit there, the deployment process is triggered. There is a component, called the operator, residing between the pipeline and the orchestration tool. The operator constantly compares the target state in the environment repository with the actual state in the deployed infrastructure. The operator changes the infrastructure to fit the environment repository if it detects any changes. Also, it monitors the image registry to identify new versions of images to deploy. This way, the CI process never touches the underlying infrastructure (e.g., the Kubernetes cluster).
Figure 3: Pull-based GitOps deployments
Decoupling the build pipeline from the deployment pipeline is a powerful protection against misconfigurations and helps achieve higher security and compliance.
GitOps, as an operational model, uses DevOps practices known to many teams. Using GitOps, you can automate the infrastructure provisioning process and use Git as a single source of truth for your infrastructure. Therefore, to create a successful GitOps model, you need a declarative definition of the environment.
It would be best if you also had a pull request workflow in your team. To be able to collaborate on the infrastructure code and create operational changes, you should open a pull request. Senior DevOps engineers and security experts then review the pull request to validate the changes and merge them into the main branch if everything is okay.
For a full GitOps implementation, you need to have CI/CD automation for provisioning and configuration of the underlying environment and the deployment of the defined code.
Lastly, there should be a supporting organizational culture inside the company. In our experience, a GitOps approach has made it natural to get to a structure in which developers enjoy increased automation from self-service infrastructure resources and platform engineers enjoy taking on a more influential role in the organization. In that regard, it's a win-win approach that makes everyone more aligned and fulfilled.
This is an article from DZone's 2022 DevOps Trend Report.
Read the Report
Opinions expressed by DZone contributors are their own.