Weaveworks<\/a><\/p>\n\n\n\n In a nutshell, GitOps is a practice (Git Operation) that allows you to use GIT and code repository as your configuration source of truth. Then, an engineer can pull the change to alter or update your system\u2019s configuration.\u00a0<\/p>\n\n\n\n YES!!!<\/strong><\/strong><\/p>\n\n\n\n So let me tell you a story about GitOps approach.<\/p>\n\n\n\n The scene: spring 2016, a peaceful morning in London, at Weaveworks.\u00a0 The sun is shining.\u00a0 Birds tweet.<\/p>\n\n\n\n I\u2019m about to make a change that will probably wipe out all our systems<\/em><\/p>Tom<\/cite><\/blockquote>\n\n\n\n Tom, are you sure we want to do that?<\/em><\/p>Decent person<\/cite><\/blockquote>\n\n\n\n **click<\/strong>**<\/p>\n\n\n\n Oops \u2013 I\u2019ve just deleted all our Kubernetes clusters on AWS<\/em><\/p>Tom<\/cite><\/blockquote>\n\n\n\n It took the team less than\u00a045<\/strong>\u00a0minutes to completely rebuild our entire systems. 45 minutes was a pretty good outcome \u2013 made possible by \u201cGitOps\u201d. GitOps requires the desired state of the system to be stored in version control. All changes to the desired state are fully traceable commits associated with committer information, commit IDs and time stamps. This means that both the application and the infrastructure are now versioned artifacts and can be audited using the gold standards of software development and delivery.<\/p>\n\n\n\n Using Git to manage infrastructure might seem like kind of a strange hack\u2014like using a hammer to paint a wall or driving your car into the water. But when you look more closely, you realize that the practice behind GitOps makes a lot of sense:<\/p>\n\n\n\n The entire system is described declaratively.<\/strong> Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. Kubernetes is just one example of many modern cloud native tools that are \u201cdeclarative\u201d and that can be treated as code.<\/p>\n\n\n\n The canonical desired system state is versioned in Git.<\/strong> It means, you have a single place from which everything is derived and driven.<\/p>\n\n\n\n Approved changes to the desired state are automatically applied to the system<\/strong>. Software agents ensure correctness and alert on divergence.<\/p>\n\n\n\n Software agents ensure correctness and alert on divergence.<\/strong>\u00a0The use of agents also ensures that your entire system is self-healing. And by self-healing, we don\u2019t just mean when nodes or pods fail\u2014those are handled by Kubernetes\u2014 but in a broader sense, like in the case of human error.<\/p>\n\n\n\n \u2981 Any developer that uses Git can start deploying new features to \u201cKubernetes\u201d When you push that code to Git, the continuous integration tool kicks off unit tests that eventually build the Docker image that gets pushed to the container registry. With a typical CI\/CD pipeline, Docker images are deployed using some sort of bash script or another method of talking directly to the cluster API. Let\u2019s see how we can improve the typical CI\/CD pipeline with GitOps.<\/p>\n\n\n\n With this pattern, an agent acts on behalf of the cluster. It listens for events relating to custom resource changes, and then applies those changes based on a deployment policy.<\/p>\n\n\n\n You will need to have Kubernetes cluster<\/a> set up and a GitHub personal access token<\/a> with repo permissions. As agents, <\/strong>we will be using Flux.<\/p>\n\n\n\n Flux is a tool that automatically ensures that the state of a cluster matches the config in git.<\/p>\n\n\n\nWhat does it mean?<\/strong>\u00a0<\/h4>\n\n\n\n
Should you care?<\/strong><\/h4>\n\n\n\n
The beginning<\/h2>\n\n\n\n
![\"\"](\"https:\/\/yassinemoumen.com\/wp-content\/uploads\/2022\/04\/ThisIsFine.jpg\")
<\/figure><\/div>\n\n\n\n
Okay, to be fair, probably every Continuous Deployment technology promises to make deploying faster and allows you to deploy more often.
But here is what special about GitOps.<\/p>\n\n\n\nGitOps is pretty Git-ty<\/h2>\n\n\n\n
GitOps in Practice<\/h2>\n\n\n\n
What happens when you adopt GitOps?<\/h2>\n\n\n\n
\u2981 The same workflows are maintained across development and operations
\u2981 All changes can be triggered, stored, validated and audited in Git
\u2981 Ops changes can be observed and monitored
\u2981 Ops changes can be made by pull request including rollbacks, but remember:<\/p>\n\n\n\n![\"\"](\"https:\/\/yassinemoumen.com\/wp-content\/uploads\/2022\/04\/chuck-norris-doesnt-rollback.jpg\")
<\/figure><\/div>\n\n\n\nHow to adopt GitOps?<\/h2>\n\n\n\n
Your everyday CI\/CD Pipeline:<\/strong><\/h4>\n\n\n\n
![\"\"](\"https:\/\/yassinemoumen.com\/wp-content\/uploads\/2022\/04\/typicCICD.png\")
<\/figure><\/div>\n\n\n\n
Security wise: you have to share your API credentials with the CI tooling. If someone breaks into your CI tool, they will have total control over your production cluster. But what happens if your cluster goes down, You would have to run all of your CI jobs to rebuild everything and then re-apply all the workloads to the new cluster.<\/p>\n\n\n\nGitOps Deployment Pipeline:<\/strong><\/h4>\n\n\n\n
![\"\"](\"https:\/\/yassinemoumen.com\/wp-content\/uploads\/2022\/04\/gitopsCICD.png\")
<\/figure><\/div>\n\n\n\nGetting your hands dirty<\/h2>\n\n\n\n
Installing fluxctl:<\/h5>\n\n\n\n