Greatest practices for the actual world – IBM Developer


There’s a widespread misunderstanding about how GitOps must be utilized in real-world environments. Builders equate Infrastructure as Code (IaC) with GitOps in idea or consider that GitOps can solely work with container-based purposes — which isn’t true. On this weblog, you’ll study what GitOps is and methods to apply its rules to real-world improvement and operations.

What’s GitOps?

GitOps is an operational mannequin that evolves DevOps finest practices (comparable to model management, collaboration, compliance, and CI/CD) and IaC to carry out operations on infrastructure and fashionable cloud-native purposes. It does this by placing descriptive code for cloud infrastructure or purposes into Git repositories for processing and model management, after which making use of these modifications to infrastructure by means of automation.

The 4 fundamental rules of GitOps are:

  1. System definitions are described as code.
  2. The specified system state and configuration is outlined and versioned in Git.
  3. Adjustments to the configuration could be mechanically utilized utilizing pull requests.
  4. A controller ensures that no configuration drifts are current.

You’ll be able to study extra about these rules within the Introduction to GitOps with OpenShift publish on the Purple Hat Hybrid Cloud weblog.

The GitOps methodology has a number of benefits:

  • Single supply of fact. All code is on Git, so there’s a single supply of fact for the infrastructure or platform.
  • Straightforward rollback and quick restoration. All modifications to the infrastructure are model managed and reviewed so they’re straightforward to roll again if crucial.
  • Enhanced safety. All modifications are pulled and utilized by automation; this limits guide entry to the infrastructure and thus improves safety.

GitOps practices could be utilized not solely to traditional infrastructure like VMs, but additionally to Kubernetes, community config, software definitions, and even assets that may be described by config recordsdata and utilized to the setting by means of automation.

The GitOps means

Right here’s an summary of how GitOps works:

  1. Declarative description. The declarative description of the infrastructure/software as the specified state within the goal setting is key to GitOps. It additionally calls the whole lot as code, together with infrastructure, community, and safety. The declarative description code or configuration exists on a centralized Git repository as a single supply of fact for the entire system.

  2. Make the most of the Git workflow as management. All operations are carried out by making modifications to code or configuration recordsdata in Git, so any modifications could be versioned, reviewed, or merged primarily based on Git’s model management system.

  3. Separation of configuration and deployment. Automated course of are used to use modifications to the goal setting; one of the best observe is to make use of a pull-based deployment the place the agent/operator pulls and applies the modifications.

The next diagram illustrates a typical high-level structure for making use of GitOps in a single setting:

GitOps overview

With GitOps, the applying supply code and declarative setting configuration are saved on Git with workflow assist. On the event facet, the developer modifications the applying supply code and merges the modifications after reviewing the pull request. The CI pipeline then detects the modifications and triggers the construct into an Artifacts repository. On the operations facet, the SRE makes the modifications to the setting configuration within the Declarative Config Repo and merges the modifications after the assessment course of. From an structure perspective, a brand new GitOps Agent part is launched within the goal setting to detect the modifications within the setting configuration repo, pull the newest configuration, and apply these modifications to the setting. The modifications are detected and pulled by the GitOps Agent, so there isn’t any want for an operator to entry the goal setting and all credentials are saved throughout the setting.

GitOps in the actual world

Day-to-day operations in the actual world, nonetheless, could be difficult. For instance, how do you deal with damaging modifications which might be utilized to an setting? An incorrect change can destroy a naked steel server, which can lead to misplaced information and modifications to the IP. How does GitOps work with totally different environments (comparable to improvement, staging, or manufacturing)? How do you promote modifications to staging and manufacturing?

On this part, we handle these questions and focus on how GitOps could be utilized to real-world operations.

Cloud useful resource lifecycle

In lots of circumstances, GitOps works wonderful with Kubernetes clusters because it naturally helps declarative deployment and immutable infrastructure. Nonetheless, real-world cloud infrastructures could be difficult and hybrid cloud can embody many alternative assets, comparable to naked steel, traditional VSI, community gadgets, cloud databases companies, Kubernetes clusters, and containers.

Every kind of useful resource has its personal lifecycle. Think about that you’ve got a Kubernetes cluster constructed on prime of a number of VSIs, and the cloud-native software that’s deployed as containers has the shortest lifecycle. The cluster could have an extended lifecycle than a VSI for the reason that employee node of a cluster is changeable over time. The naked steel server has the longest lifecycle of all of them.

Cloud resource lifecycle

As a result of there are totally different useful resource lifecycles, you can not course of all of the modifications in opposition to the complete stack by means of a single CI/CD pipeline or a single operation workflow. It’s good to use totally different methods when making use of GitOps observe to full-stack cloud assets.

Mutable vs. immutable

GitOps encourages you to work with immutable infrastructures and declarative containers, which implies that after the deployment no change could be made to the infrastructure or the cloud-native purposes. Kubernetes takes immutable containers.

Nonetheless, let’s say you’re deploying an software on prime of a traditional infrastructure with restricted assets, and it nonetheless has a protracted lifecycle. On this case, the GitOps methodology can nonetheless be leveraged to handle the infrastructure to take the benefit of GitOps, comparable to versioned modifications over time and improved safety.

Push-based vs. pull-based deployments

Although pull-based deployment is a GitOps finest observe that may guarantee higher safety, GitOps adopters will not be required to make use of pull-based deployment. Nonetheless, in some conditions not the whole lot could be described utilizing declarative configuration and there’s no choice for utilizing a push-based deployment — for instance, to provision a cloud infrastructure utilizing instruments like Jenkins, Travis, or Ansible.

Assist for a number of environments

The outline above primarily describes how GitOps works with a single setting. Nonetheless, in real-world cloud environments (as with DevOps), you often have a number of environments to assist improvement, testing, and manufacturing situations.

The next diagram is a reference mannequin that illustrates how GitOps can work with improvement, staging, and manufacturing environments:

Support for multiple environments

A typical technique is to arrange improvement, staging, and manufacturing environments for a system. With GitOps, you possibly can arrange corresponding branches in a Declarative Config Repository so that each one three environments share the identical configuration repository. For every setting, there’s a GitOps Agent (a number of — see the Reference structure part) that pulls modifications from a staging department. For instance, the event setting displays and pulls modifications from the improvement department and the staging setting pulls modifications from the staging department.

The Git workflow is ready as much as assist code assessment, approval, merging, and testing. After the modifications are pulled by the event setting and go the mixing checks, then the identical modifications could be promoted to the staging department by creating a brand new pull request on staging. By doing an analogous course of, a change made by a developer or SRE can in the end be pulled by the manufacturing setting.

Observe that this course of is only a reference mannequin. In real-world conditions, a undertaking group may tailor this primarily based on structure selections made for the precise scenario.

Reference structure

With what you could have realized, you too can outline a high-level reference structure to use GitOps practices to an IBM Cloud setting. This may look much like the structure proven within the GitOps overview, however the principle variations right here could be primarily based on real-world conditions. Within the diagram under, we’ve mapped the parts to a recommended software program occasion.

Reference architecture

Most significantly, this structure separates the CD processes for the CaaS and IaaS layers, since they will have very totally different assets and lifecycles. Primarily based on the character of the assets, totally different instruments are used for various assets. Extra particularly, we advocate putting in the GitOps plug-in on a Purple Hat OpenShift occasion. This ships an Argo CD occasion out-of-the-box to play the GitOps Agent position to deploy the modifications within the CaaS layer. On the IaaS layer, the IBM Cloud Schematics service implements GitOps practices by encapsulating the Terraform plug-in for IBM Cloud, which pulls the infrastructure modifications and provisions/updates a lot of the IBM Cloud assets.


On this weblog publish, you realized about GitOps rules, the benefits offered by GitOps, and a few finest practices illustrated by means of real-world examples. GitOps cannot solely be utilized to container-based apps, but additionally to a full stack of cloud assets. With well-designed automation processes, it will probably additionally assist improvement and operations that promote modifications in a number of environments.

GitOps is an improved strategy for utilizing DevOps on the cloud, nevertheless it can not resolve each problem. That mentioned, GitOps must be employed as a great tool in your cloud DevOps toolbox.

Wish to study extra about GitOps? Take a look at these assets:


Leave a Reply

Your email address will not be published. Required fields are marked *