Software development started with waterfall model(in this model we don’t have a lot of learning but instead we have a lot of sequential works , we have long cycles here) after that agile model , then devops(automation) and finally cloud(dynamic environment) , cloud environments are very dynamic in nature , so how do we handle them? gitops is a great piece that help us to handle this dynamic environment.
What is gitops?
Gitops is the future of infrastructure automation! Gitops is an operational framework that takes devops best practices used for application development such as version control , collabration ,compliance , ci/cd and applies them to infrastructure automation. GitOps is the practice of using Git as the single source of truth. it provides a more standardized and governed system that offers the flexibility and automation that today’s companies desire. GitOps is the concept that deployments should be as easy as an engineer enacting a code change/commit/merge. Gitops is operations for git! Like when you think of traditional , in the back all the operations like adding and scaling and configuration servers , doing backups and deployments was doing by operation teams , after that devops came to the scene and did a lot of automation in all of those operations , after that gitops takes that to the next step by pulling all those automations and operations within a git context so if you want to do an operation you just make a pull request to your git server .
gitops consist of 3 major concept :
1. Iac (don’t take it just as infrastructure as code , its everything as code like configuration , policy and … as a code -> Xac) .
2. MRs(merge requests) .
3. ci/cd .
Why gitops ? :
Gitops allow developer team to be a part of product team and product team to be a part of develop team and make the gap between them very clear and little , it encourage collabration between dev and ops team . Gitops makes a single source of truth! Anybody can have a proposal but we can accept a few one of them and merge them to the production . You can set your global policies like i don’t want public ips on my virtual machine and in pipeline before anything we check them to find mistakes and errors , another good point in gitops is that it makes you and force you to make automation , and automation means less time , in gitops you can rollback easily because you have a history of all pervious changes , with gitops developers don’t have to be specialized in operations and devops concept , all they have to know is git! Imagine you have a disaster in your production , having everything as a code in one place make it reproducible after solving that issue to forensic what was going on , and make postmortem and retro perspective very easy instead of determine what was wrong in the whole . With gitops you can make intersourcing , its like make a repo publicly open source but just within your organization and teams , it makes a community around it between your team(starter repo or blueprint) , gitops is not just a technical concept its a culture! And its harder to do because you have to change people in order to do that .
What is declarative infrastructure?
Declarative infrastructure is an approach that focuses on what the target configuration should be. Declarative approaches focus on the desired state and then the system executes on what needs to happen to achieve the desired state. Compared to an imperative approach, which is a set of explicit commands to change state, reconciling becomes difficult in an imperative approach. Declarative infrastructure is aware of state vs an imperative approach that is not aware of the state. Truly declarative tools is very important because in git if you have a series of scripts(imperative procedural scripts) like script1 , script2 and other , after commit if you wanna rollback maybe running those script in that sequential way doesn’t makes your goal , truly declarative tools makes rollback and disaster recovery very easy and safe to do . the declarative state of the total system needs to be stored in Git. Kubernetes is the most prolific declarative piece of infrastructure whose state can be stored in Git.
Gitops pros and cons:
1. with gitops mean time to recovery(MTTR)(when some problem or failure happens in infrastructure) is very short .
2. sometimes there is a configuration drift(someone changes configuration handy out of git context , some failure occurred), by gitops it has been solved.
3. another benefit of gitops is auditing( who make which change at what time) , another benefit is to make compliance policy .
4. One of the first rules of engineering efficiency experience is meeting the customer where they are. main benefit of GitOps is meeting the developer where they are familiar. items that are powered by the SCM(source control management like gitlab) will have a more native feel for a software engineer.
5. Since the steps and infrastructure is codified, learning about how something is deployed becomes easier for the engineer. Since all the steps are laid out in code, the learning curve on what an engineer is required to pass is significantly lowered because the steps are codified. There is no human interpretation with the steps to execute.
6. these deployments become self-documenting.
7. Canonical (state) in terms of GitOps is the “source of truth” state. The state that is stored and versioned in source control (e.g. Git) is the source of truth and should be viewed as such. In computer science/compute algebra, objects can be tested on how equal they are to the canonical form. If there is a deviation in state, this drift can be recognized and reconciled to the canonical state in source control.
8. Since Git will be the single source of truth, any deviation from the desired state that cannot be codified is problematic for GitOps practices!.
9. Imagine you have a disaster in your production , having everything as a code in one place make it reproducible after solving that issue to forensic what was going on , and make postmortem and retro perspective very easy instead of determine what was wrong in the whole .
Gitops engines :
There are now several GitOps engines out there. These engines focus on the orchestration between the SCM and declarative system, and also allow GitOps steps themselves to be codified. Argo, Flux, and Jenkins X are GitOps-centric tools. Each with their own opinion around orchestration and ways to manage automation . Popular package management tools such as Helm and Kustomize allow for GitOps engines to call a singular helm chart/package. Advancements in templating technology, such as Jsonnet, also furthers the ability to store dynamically generated manifests as code. The basic features are the same — both tools(argo and flux) allows us to connect Git repository and sync its contents with Kubernetes cluster in a declarative way. But there are some differences
Flux vs Argo :
1. Flux allows to connect only one repository per instance of Flux operator, ArgoCD can connect multiple git repositories to one cluster.
2. Flux works only inside the cluster like typical Kubernetes Operator so it can effectively manage only one cluster. On the other hand ArgoCD is much more powerful — one instance of ArgoCD can manage multiple clusters, so you can create a nice, centralized tool to manage all your clusters from one place, which is very handy.
3. ArgoCD comes with a very nice GUI that simplifies monitoring the state of you applications. The GUI also visualizes all relations between the objects in the app manifests.
4. ArgoCD is also more ready for enterprise usage — it features SSO as well as builtin support for role-based access control. Flux — as it’s just a controller — is limited to the Kubernetes RBAC for the service account the controller is associated.
5.the free version of Flux has one feature that ArgoCD misses — Flux can update your container images automatically. In ArgoCD in order to update container image version you have to commit the change to Git repo.
Some tips for implementing gitops :
1. While making a culture in your company , its very good to start with a small team and if they achieve the goal , use them as a lighthouse team for other teams .
2. one of the most important concept is templating! After you spend a lot of time on something and achieve to best practices you pack them and make a template out of them .