At this year’s KubeCon, CloudNativeCon, EU held in Barcelona, a panel discussion on “GitOps and Best Practices for Cloud Native CICD” was attended by almost 1600 participants! Clearly there was a ton of interest in GitOps, suggesting that GitOps has crossed the chasm and is now a central part of the Cloud Native lexicon that should be in every developer and cluster operator’s toolkit.
Chaired by Allison Richardet the discussion panel consisted of: Tracy Miranda (@tracymiranda) Cloudbees, Laura Tacho (@rhein_wein) , Cloudbees, Ivan Pedrazas (@Ipedrazas), of State Street and Alexis Richardson (@monadic), Weaveworks.
Five main topic areas were covered:
- What is GitOps?
- How has Git been applied to Ops to create GitOps?
- What challenges does GitOps help solve?
- What cultural impact does GitOps have on organizations and teams?
- How do I champion GitOps in my organization?
What is GitOps?
The panel agreed that GitOps is a fast, and secure method for developers and cluster operators to maintain and update complex applications running in Kubernetes.
At its core, GitOps is these two things:
- An operating model for Kubernetes and other cloud native technologies, providing a set of best practices that unify deployment, management and monitoring for containerized clusters and applications.
- A path towards a developer experience for managing applications; where end-to-end CICD pipelines and git workflows are applied to both operations, and development.
I’m using configuration as code, am I doing GitOps?
The answer to this question is ‘sort of’. While configuration as code is certainly a big part of GitOps, it is much more comprehensive than that; it also includes the workflows around approving and managing changes to your production system.
According to Laura Tacho, Git as a pattern goes beyond being a simple source code repository. GitOps incorporates all of the amazing stuff that developers love about Git and extends a set of developer workflow patterns across all functional areas of your engineering team.
GitOps is developer workflows for operations
Alexis Richardson agrees that GitOps is much more that just a simple operations by pull request. The role of the modern orchestrator is also very important, he says. Tools like Kubernetes, Terraform and perhaps even Jenkins X are all build orchestration tools, that can remove the responsibility from a system or cluster operator, allowing for automatic system updates. But to take full advantage of that automation capability, you also need built in runtime observability that alerts the team for when the system diverges from the source of truth. Driving all of this through familiar and collaborative developer workflows is very powerful and is also what sets GitOps apart.
What challenge does GitOps solve?
Fundamentally, GitOps is a way to increase your team’s velocity without sacrificing quality.
Alexis Richard discussed how GitOps provides a common operating model for teams to work together. For many who are new to Kubernetes, where to start and how to organize can be confusing. Most customers don’t want to change the structure of their teams to be productive, but with GitOps there is no need to change your team structure.
Most developers are already familiar with Git, so incorporating GitOps into your organization is simple. With everything in one place, your Ops team can use the same workflow to make infrastructure changes by creating issues, and reviewing pull requests. Since Git maintains an atomic record, any changes to your cluster can be easily rolled back. And with built-in observability your teams have both the confidence and the autonomy to make changes.
By introducing GitOps into your organization:
- Any developer who uses Git can start deploying new features to Kubernetes
- The same workflows are maintained across development and operations
- All changes can be triggered, stored, validated and audited in Git
- Ops changes can be made by pull request including rollbacks
- Ops changes can be observed and monitored
GitOps reduces deployment anxiety
In the event that an unexpected situation compromises the current state of the cluster, you can easily revert to a good state with GitOps, since your entire application is kept as a series of transactions in Git. This can span from a single component of the application or infrastructure, to the entire system following some form of catastrophic event.
Is there a cultural impact that GitOps has on organizations and teams?
Automation is probably the biggest cultural change that teams will face. According to Alexis, the more regulations your organization faces, the more gateways, you will have in terms of a release process. Automation needs to be tempered by the ability to stop it. This includes someone on your team having the ability to give permission through a git merge.
“DevOps is telling us that developers can manage Ops tasks, which for most enterprises is the opposite of what they’ve been taught on how to keep systems reliable and secure. It is not GitOps dictating this, but rather continuous delivery that poses the biggest challenge for enterprises adopting technology like Kubernetes.” --Alexis Richardson -Weaveworks
Fundamentally Git is a collaborative technology and with that type of team-based workflows, your teams become less specialized.
View the panel discussion in its entirety: