GitOps is a framework that combines the principles of software development and continuous integration, continuous delivery (CI/CD) to automate and manage application configurations and infrastructure using Git. You can see GitOps as an evolution of infrastructure and resource management from manual ClickOps to automated Git-based infrastructure as code (IaC) with the key idea of having a single source of truth for your infrastructure, a reduced surface area for scanning security vulnerabilities, and a consistent process for introducing changes to the infrastructure. With GitOps, you can define what is supposed to run and how it is supposed to run — all in a single Git repository.
Over the last few years, GitOps has been gaining popularity with engineering teams as it helps them manage all their infrastructure code in a consistent, trackable manner and also lets them collaborate more effectively at scale. The scalability aspect of GitOps is also one of the most important reasons behind its popularity, as it lets you automate a lot of the slow, manual, and error-inducing tasks when provisioning and managing infrastructure.
This article will take you through the benefits of GitOps, how it works, with what technologies, and how it impacts the development processes and life cycles of your engineering teams. It will also talk about two of the popular GitOps-enabling tools: ArgoCD and Flux. Without further ado, dive right in and discuss the benefits of GitOps!
Benefits of GitOps
GitOps is the most advanced code development and operations framework with the most mature cloud operating model and the highest degree of infrastructure automation. The opposite of GitOps would be ClickOps, where application deployment, infrastructure changes, and configuration management are done manually.
GitOps offers a better way to do all these things while improving the speed of deployment, the degree and ease of collaboration, and the security coverage of your application. In this section, you’ll learn more about how GitOps benefits your deployment workflow.
Increased Efficiency and Speed of Deployment
GitOps streamlines and automates time-consuming processes in application development and infrastructure management by removing manual intervention as much as possible. As a result, a lot of repetitive and risk-inducing work is avoided, and the developers can focus more on writing code than managing environments.
In other words, GitOps reduces operational overhead from the development workflows and centralizes operations and development to achieve better speed and efficiency.
GitOps also solves the last-mile code deployment problem by enabling developers to make smaller iterations of a software product. This reduces the risk of breaking too many things simultaneously and enables developers to attend to minor issues and bugs in an agile manner, irrespective of the type of underlying infrastructure.
As a lot of the tooling for GitOps, such as Flux, Fleet, and ArgoCD, is architected for Kubernetes, it gives the impression that GitOps only works well for Kubernetes-based infrastructures. However, you can use it for any type of infrastructure as long as you have the plugins and support for it.
Improved Collaboration and Communication between Development and Operations
A GitOps workflow ensures that your team conducts code reviews and critical communication inside the pull requests to the centralized Git repository. Such a workflow not only enables strong collaboration between development and operations but also ensures that the Git repository has a reasonable level of context about the change you are making through the pull request.
This comes in handy when dealing with applications with many environments or applications that are constantly changing and in flux. With the code review comments and discussion threads, every team member can understand the reason behind a particular change.
GitOps also mandates the use of a declarative approach to development and operations using configuration as code (CaC), as opposed to someone manually running commands and setting environment variables in a terminal.
This approach leads to greater transparency. As this centralized Git repository is the source of truth for your application’s infrastructure resources and configuration, there’s no single point of contact in the engineering team with all the knowledge about a given project. This approach is also better for onboarding engineers in a team, as the Git repository gives the new member a clear view of the current state and historical context of how the team got to the current state.
Enhanced Security and Control Over the Deployment Process
Using GitOps significantly reduces security risks by automatically limiting direct access to resources, such as Kubernetes clusters, credentials, and kubeconfig. This eliminates the need for overly permissive access policies previously used to grant developers entry to development, testing, and deployment environments, especially with superuser or sudo permissions. Your GitOps workflow can manage secrets on your developer’s behalf.
Centralized management through a Git repository also makes it easier to scan for code vulnerabilities as you only need to scan a single location. ClickOps, however, often leads to the misconfiguration of resources, induces security flaws, and decreases the scan coverage of your resources.
Talking about inducing security flaws, one of the most common occurrences is the accidental or unknowing publication of sensitive data in code. You can use secrets management tools, such as HashiCorp Vault, with your GitOps repository and your Git provider’s capabilities to scan and detect secrets before writing your code to the repository.
How GitOps Works
As already mentioned, GitOps works on the fundamental idea that a single Git repository holds all your infrastructure and configuration code. Any changes to the infrastructure or configuration code, raised as a pull request and merged into a prescribed branch, trigger the CD pipeline and your code to be deployed to the intended environment. The following diagram depicts a generic GitOps workflow with a container-based infrastructure in place:
A typical GitOps setup has to have the following three core components:
- A centralized Git repository that contains all your configuration and code hosted on a platform like GitHub, GitLab, or BitBucket
- A CD pipeline that lets you build, test, and deploy your code, such as ArgoCD
- A deployment tool that lets you manage the state of your infrastructure, such as Flux
You’ve learned about how a centralized Git repo lays the foundation for GitOps. However, to make full use of that Git repo, you need a CD pipeline like ArgoCD and a deployment tool like Flux. Take a more detailed look at these tools and how they work.
ArgoCD
As described earlier, ArgoCD takes care of continuous deployment in a GitOps setup. When you change your declaratively defined infrastructure in the centralized Git repository, ArgoCD picks up the differences and automates the deployment of your application on the updated infrastructure. While GitOps is not just for Kubernetes, ArgoCD was created specifically for Kubernetes.
ArgoCD reads your Kubernetes manifest file from your Git repo. ArgoCD can read manifests from Kustomize applications, Jsonnet files, YAML files, JSON files, or Helm charts. After reading the manifests, it compares the current state of the application with the desired state as specified in the manifest, and it triggers a change to the Kubernetes cluster. Here’s a sample manifest file for the Guestbook UI application:
apiVersion: apps/v1
kind: Deployment
metadata:
name: guestbook-ui
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: guestbook-ui
template:
metadata:
labels:
app: guestbook-ui
spec:
containers:
- image: gcr.io/heptio-images/ks-guestbook-demo:0.2
name: guestbook-ui
ports:
- containerPort: 80
ArgoCD integrates seamlessly with Komodor. While ArgoCD takes care of CD, Komodor takes care of continuous reliability with the help of extensive observability in your Kubernetes setup. It tracks changes across your entire Kubernetes infrastructure, also giving you a peek into how a change impacts various aspects of your application. Read more about ArgoCD and Komodor in their official documentation.
Flux
Flux is also built for Kubernetes. While ArgoCD takes care of CD in general, Flux is a solution specifically for configuration management. It performs similar functions as ArgoCD, but it is meant primarily for configuration-related issues, such as detecting configuration drift.
The main functionality here revolves around keeping all the Git repos in sync with the Kubernetes clusters. In other words, it ensures that the content of the repository mirrors what’s present in your cloud infrastructure or data center. In Terraform terms, think of Flux as the mechanism that ensures whatever is in your Amazon Web Services (AWS) or Google Cloud Platform (GCP) account reflects what’s in your Terraform state file.
Here’s a snippet from the flux2-kustomize-helm-example repo:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: infra-configs
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps/staging
prune: true
wait: true
The previous code snippet defines the apiVersion, the metadata, and the spec that tells you about the source repository and the specification path. If you want to learn more, you can refer to the official documentation of Flux and Komodor.
Implications of GitOps on Development
Embracing GitOps has various direct implications on your existing development practices and workflows, especially if you’re doing ClickOps or using a configuration management tool that has a low level of automation. The impact, however, depends on the step in the development lifecycle when you introduce GitOps. One of the primary reasons to adopt GitOps is to increase agility.
Another benefit that wasn’t mentioned earlier in the article was that having GitOps in place makes your applications and deployments immutable and reproducible. In this section, you’ll learn about some more benefits of GitOps, along with its implications on development.
Impact on Software Development Practices and Methodologies
A major impact of GitOps is that it forces you to think about everything related to your applications in terms of code; that is, IaC, configuration management as code, and so on. This, then, forces you to think about infrastructure and resources in terms of current and desired states.
Adopting GitOps changes your mindset about development practices and requires you to change the tools and technologies that enable your existing development workflow. GitOps principles can be applied to most setups, as GitOps tooling and workflows can integrate with a wide range of infrastructure and DevOps tools.
Adoption of GitOps in Different Stages of the Development Lifecycle
For each stage of the development lifecycle (ie build, test, deploy), GitOps adds value by automating part of it:
- Build: GitOps can help you quickly replicate an existing environment suitable for development.
- Test: Setting up container-based test environments is core to GitOps as it can seamlessly mimic or replicate the infrastructure and configuration of production environments.
- Deploy: GitOps helps automate the CI/CD workflow for CD, allowing you to deploy code hundreds of times a day if needed.
GitOps can smoothen the workflow by allowing a self-serve approach to infrastructure and resources required for building, testing, and deployment.
GitOps + Kubernetes and How They’re Speeding Up Delivery Times
GitOps with Kubernetes is a powerful combination of tools and methodologies. With pull request–driven infrastructure and configuration management, the development cycles are drastically shortened, allowing more development work and features. This shorter development lifecycle isn’t the only advantage as, by design, GitOps also reduces the area for scanning vulnerabilities and security risks.
Smaller changes go through to your environment with every pull request, which greatly increases the frequency of the deployments and also reduces the surface area you need to cover for security checkups. This shortened build, test, and deploy lifecycle also helps developers do root cause analysis and troubleshoot code issues.
Conclusion
This article introduced the core ideas behind GitOps while talking in detail about its benefits, its workings, and its impact on the development process. You learned about how GitOps can improve collaboration and drastically increase the speed of development.
To reiterate, GitOps is a development methodology that allows you to manage infrastructure and configuration code from a single version-controlled location with minimal manual intervention. The most popular implementation of GitOps involves using Kubernetes, but it can work with other container infrastructure management tools, too.
If you want to deepen your understanding of GitOps, you should explore the core tools, technologies, and development workflows that enable it, such as ArgoCD, Flux, and—for Kubernetes—Komodor.
Check out Komodor to see how it streamlines managing, troubleshooting, and optimizing applications running on Kubernetes.
