GitOps is a way-of-work that takes application development best practices like version control, code collaboration and automated pipelines and workflows, and applies them to IT infrastructure automation. Its technical premise is that:
- All infrastructure automation is codified as code that defines the desired state of the infrastructure
- The code is put into a version control system and that Git repository acts as the source of truth and starting point for automated workflows and pipelines that takes changes made in code, tests and validates them, and applies them to the production environment
However, GitOps is much more than ‘just’ IT infrastructure automation code in a Git repository. In this post, we’ll dive into the specifics of GitOps, and take a closer look at some practical ways to do GitOps with GitLab.
The Components of GitOps
GitOps, broadly speaking, consists of three components:
Infrastructure as Code is a methodology and set of tools that help you describe the desired state of your IT infrastructure and its configuration in code, allowing you to make changes to your infrastructure by altering the code base.
Collaboration through merge requests and Git-based workflows helps network and systems engineers and IT administrators to work together and keep track of changes by leveraging Git workflows. Merge requests are used as the mechanism by which changes are evaluated and approved using peer review and comments. Since Git keeps track of all changes, it simultaneously serves as a record for audit and troubleshooting purposes.
Automated Pipelines that test and apply changes to infrastructure to always and automatically be evaluated against a common set of tests before applying infrastructure changes to production. The automated workflows free up engineers to work on new changes, instead of babysitting the changes as they go to production
GitOps is a way-of-work
GitOps is a combination of well-established workflows from the software development space, combined with automation technology that enables managing IT infrastructure as if it were a software development project, plus a set of processes that define collaboration and approval of changes.
This operational framework replaces Change Advisory Boards and other manual, error-prone, synchronous processes and unmanaged documents that track infrastructure changes. GitOps removes the dependency on weekly meetings going over changes, and makes it asynchronous, which increases productivity and velocity. It prevents building up a queue of changes, which in turn helps in troubleshooting and reversing breaking changes if things go wrong.
Security is a first-class citizen
Because GitOps uses Git, it inherits its advantages in security, auditability and transparency. Every change is documented, both the code or infrastructure change itself, as well as the metadata surrounding the change, answering the why, who, when and what questions. The Git-based workflows, merge requests and peer reviews create a level of documented transparency that is great for security teams and audits.
Everything is logged as part of the code change and the merge request. This increases security posture by making every change explicit, and applies the four-eyes principle without exception.
Codifying infrastructure also increases the ability to test changes for security issues, which is especially useful when we’re talking about, for instance, changing the configuration for an internet-facing application configuration.
Only validated changes are approved
The beauty of automated pipelines for infrastructure is obvious. By levering infrastructure pipelines akin the CI/CD pipelines in software development, every change can be validated and tested before going live. For infrastructure code, there are numerous tools out there, including code-level validators for JSON, logical validators like Terraform’s validate command, and many others. This way, problematic code gets filtered out automatically, and the engineer gets immediate feedback on what to improve.
How to get started with GitOps
So, GitOps isn’t magic. It just takes the Infra-as-Code tooling you’re already familiar with, and formalizes its workflows using Git-based processes for change approval and peer review. This improves audit logging, reduces manual error-prone processes and improves repeatability across test/dev environments and multi-cloud scenarios.
If you want to see a more practical, down-to-earth example of GitOps, check out GitLab’s GitOps Demo; a repository that lays out the fundamentals of GitOps.
Another resource is their Beginner’s Guide to GitOps, a good next step after this blog post.
