Greatest practices for the actual world – IBM Developer


There’s a widespread misunderstanding about how GitOps ought to be utilized in real-world environments. Builders equate Infrastructure as Code (IaC) with GitOps in idea or consider that GitOps can solely work with container-based functions — which isn’t true. On this weblog, you’ll be taught what GitOps is and how one can apply its ideas to real-world growth and operations.

What’s GitOps?

GitOps is an operational mannequin that evolves DevOps greatest practices (corresponding to model management, collaboration, compliance, and CI/CD) and IaC to carry out operations on infrastructure and trendy cloud-native functions. It does this by placing descriptive code for cloud infrastructure or functions into Git repositories for processing and model management, after which making use of these adjustments to infrastructure via automation.

The 4 primary ideas of GitOps are:

  1. System definitions are described as code.
  2. The specified system state and configuration is outlined and versioned in Git.
  3. Adjustments to the configuration might be mechanically utilized utilizing pull requests.
  4. A controller ensures that no configuration drifts are current.

You may be taught extra about these ideas within the Introduction to GitOps with OpenShift weblog.

The GitOps methodology has a number of benefits:

  • Single supply of fact — All code is on Git, so there’s a single supply of fact for the infrastructure or platform.
  • Simple rollback and quick restoration — All adjustments to the infrastructure are model managed and reviewed so they’re simple to roll again if obligatory.
  • Enhanced safety — All adjustments are pulled and utilized by automation; this limits guide entry to the infrastructure and thus improves safety.

GitOps practices might be utilized not solely to basic infrastructure like VMs, but additionally to Kubernetes, community config, utility definitions, and even sources that may be described by config information and utilized to the surroundings via automation.

The GitOps means

Right here’s an summary of how GitOps works:

  1. Declarative description — The declarative description of the infrastructure/utility as the specified state within the goal surroundings is key to GitOps. It additionally calls the whole lot as code, together with infrastructure, community, and safety. The declarative description code or configuration exists on a centralized Git repository as a single supply of fact for the entire system.

  2. Make the most of the Git workflow as management — All operations are carried out by making adjustments to code or configuration information in Git, so any adjustments might be versioned, reviewed, or merged primarily based on Git’s model management system.

  3. Separation of configuration and deployment — Automated course of are used to use adjustments to the goal surroundings; one of the best observe is to make use of a pull-based deployment the place the agent/operator pulls and applies the adjustments.

The next diagram illustrates a typical high-level structure for making use of GitOps in a single surroundings:

GitOps overview

With GitOps, the applying supply code and declarative surroundings configuration are saved on Git with workflow assist. On the event aspect, the developer adjustments the applying supply code and merges the adjustments after reviewing the pull request. The CI pipeline then detects the adjustments and triggers the construct into an Artifacts repository. On the operations aspect, the SRE makes the adjustments to the surroundings configuration within the Declarative Config Repo and merges the adjustments after the evaluate course of. From an structure perspective, a brand new GitOps Agent element is launched within the goal surroundings to detect the adjustments within the surroundings configuration repo, pull the newest configuration, and apply these adjustments to the surroundings. The adjustments are detected and pulled by the GitOps Agent, so there isn’t any want for an operator to entry the goal surroundings and all credentials are stored inside the surroundings.

GitOps in the actual world

Day-to-day operations in the actual world, nonetheless, might be sophisticated. For instance, how do you deal with harmful adjustments which can be utilized to an surroundings? An incorrect change can destroy a naked steel server, which can lead to misplaced information and adjustments to the IP. How does GitOps work with totally different environments (corresponding to growth, staging, or manufacturing)? How do you promote adjustments to staging and manufacturing?

On this part, we handle these questions and talk about how GitOps might be utilized to real-world operations.

Cloud useful resource lifecycle

In lots of instances, GitOps works high quality with Kubernetes clusters because it naturally helps declarative deployment and immutable infrastructure. Nevertheless, real-world cloud infrastructures might be sophisticated and hybrid cloud can embrace many various sources, corresponding to naked steel, basic VSI, community units, cloud databases providers, Kubernetes clusters, and containers.

Every kind of useful resource has its personal lifecycle. Think about that you’ve got a Kubernetes cluster constructed on prime of a number of VSIs, and the cloud-native utility that’s deployed as containers has the shortest lifecycle. The cluster might have an extended lifecycle than a VSI because the employee node of a cluster is changeable over time. The naked steel server has the longest lifecycle of all of them.

Cloud resource lifecycle

As a result of there are totally different useful resource lifecycles, you can’t course of all of the adjustments towards the total stack via a single CI/CD pipeline or a single operation workflow. You want to use totally different methods when making use of GitOps observe to full-stack cloud sources.

Mutable vs. immutable

GitOps encourages you to work with immutable infrastructures and declarative containers, which implies that after the deployment no change might be made to the infrastructure or the cloud-native functions. Kubernetes takes immutable containers.

Nevertheless, let’s say you’re deploying an utility on prime of a basic infrastructure with restricted sources, and it nonetheless has an extended lifecycle. On this case, the GitOps methodology can nonetheless be leveraged to handle the infrastructure to take the benefit of GitOps, corresponding to versioned adjustments over time and improved safety.

Push-based vs. pull-based deployments

Regardless that pull-based deployment is a GitOps greatest observe that may guarantee higher safety, GitOps adopters should not required to make use of pull-based deployment. Nevertheless, in some conditions not the whole lot might be described utilizing declarative configuration and there’s no choice for utilizing a push-based deployment — for instance, to provision a cloud infrastructure utilizing instruments like Jenkins, Travis, or Ansible.

Help for a number of environments

The outline above primarily describes how GitOps works with a single surroundings. Nevertheless, in real-world cloud environments (as with DevOps), you often have a number of environments to assist growth, testing, and manufacturing situations.

The next diagram is a reference mannequin that illustrates how GitOps can work with growth, staging, and manufacturing environments:

Support for multiple environments

A typical technique is to arrange growth, staging, and manufacturing environments for a system. With GitOps, you possibly can arrange corresponding branches in a Declarative Config Repository so that each one three environments share the identical configuration repository. For every surroundings, there’s a GitOps Agent (a number of — see “Reference structure” under) that pulls adjustments from a staging department. For instance, the event surroundings displays and pulls adjustments from the growth department and the staging surroundings pulls adjustments from the staging department.

The Git workflow is ready as much as assist code evaluate, approval, merging, and testing. After the adjustments are pulled by the event surroundings and cross the mixing checks, then the identical adjustments might be promoted to the staging department by creating a brand new pull request on staging. By doing an identical course of, a change made by a developer or SRE can in the end be pulled by the manufacturing surroundings.

Word that this course of is only a reference mannequin. In real-world conditions, a undertaking workforce may tailor this primarily based on structure choices made for the precise scenario.

Reference structure

With what you’ve gotten realized, you may as well outline a high-level reference structure to use GitOps practices to an IBM Cloud surroundings. This is able to look much like the structure proven within the GitOps overview, however the principle variations right here could be primarily based on real-world conditions. Within the diagram under, we’ve mapped the parts to a instructed software program occasion.

Reference architecture

Most significantly, this structure separates the CD processes for the CaaS and IaaS layers, since they’ll have very totally different sources and lifecycles. Primarily based on the character of the sources, totally different instruments are used for various sources. Extra particularly, we suggest putting in the GitOps plug-in on a Pink Hat OpenShift occasion. This ships an ArgoCD occasion out-of-the-box to play the GitOps Agent function to deploy the adjustments within the CaaS layer. On the IaaS layer, the IBM Schematics service implements GitOps practices by encapsulating the Terraform plug-in for IBM Cloud, which pulls the infrastructure adjustments and provisions/updates many of the IBM Cloud sources.


On this weblog submit, you realized about GitOps ideas, the benefits offered by GitOps, and a few greatest practices illustrated via real-world examples. GitOps can’t solely be utilized to container-based apps, but additionally to a full stack of cloud sources. With well-designed automation processes, it could possibly additionally assist growth and operations that promote adjustments in a number of environments.

GitOps is an improved strategy for utilizing DevOps on the cloud, nevertheless it can not resolve each problem. That mentioned, GitOps ought to be employed as a great tool in your cloud DevOps toolbox.

Wish to be taught extra about GitOps? Try these sources:


Please enter your comment!
Please enter your name here