June 02, 2023
What Is GitOps and Why Should We Care?
Today, companies of all sizes and industries benefit from cloud computing.
Today, companies of all sizes and industries benefit from cloud computing. With an approach to infrastructure automation that enables a more efficient software development lifecycle and more robust applications, companies can spend less time on manual processes and more time focusing on their applications and developing new features.
Weaveworks' approach to infrastructure automation was so successful that in 2019 they decided to share their methodology with the world. This action coined the term GitOps.
What is GitOps?
In 2016, Weaveworks, Ltd. produced Weave Cloud, a the Solutions as a Service application. Part of its development included a new method of building infrastructure using DevOps tooling that added greater resilience to the platform.
The new way deploys infrastructure in an automated, scalable and auditable fashion. It follows many of the principles and best practices in the DevOps methodology of application development, but it applies specifically to infrastructure deployments.
The main components of this new technique are source control, Infrastructure as Code and deployment pipelines. Versioned source control systems, such as Git, act as the single source of truth for all applications, infrastructure and system configuration code.
Changes to the code are developed locally and committed to a Git branch. A pull request is submitted for other developers to review the changes and approve or reject the code. Once approved, changes get merged into the main branch, which then triggers the automated build.
GitOps Workflow
Weaveworks officially coined the term GitOps after a scheduled and approved change rendered Weave Cloud nearly inoperable. Their new method of deploying infrastructure and applications made it possible to recover the platform quickly (less than an hour) with minimal downtime. The team rolled back the changes by redeploying the prior code base. The key to their success was that the infrastructure and configuration were entirely stated and versioned in code.
Confident in their approach to high resiliencey, they came up with four guiding principles for the GitOps methodology:
● The entire system must be described declaratively in code.
● The desired state of the system is version controlled in Git.
● Changes are only approved when they can be automatically applied.
● Leverage software to ensure system compliance and alert in case of drift.
Declarative vs. Imperative
We declare the desired state in code and use automation tools to ensure deployments match that state. This declaration differs from an imperative approach, where developers must tell the automation platform what to do step-by-step. This is often a very complex endeavor because the developer must account for each step. Using a declarative system, developers only need to describe the state of the final composition, and the platform figures out how to make it happen. The complexity of the step-by-step implementation is transparent to the user.
Another advantage of declarative code is that it is idempotent. Idempotency is a repeatable process that developers can frequently execute with the same outcome. Once the system state is defined, the code can be deployed over and over again. Following the declarative model means provisioning and management become faster and far more efficient.
Why GitOps?
There are numerous reasons to employ GitOps in the development process. Most help developers accelerate the delivery of high-quality and highly reliable software and infrastructure. Here are some of the advantages of using GitOps:
Automation: GitOps is triggered by code changes in a Git repo that automatically deploys applications and infrastructure. Replacing the manual effort required for IT resource provisioning with code helps teams avoid issues of manual setups such as environment drift in the pipeline, slow provisioning and lack of reusability.
Auditability: Git repositories are a source of truth that represents the entire system state, with detailed audit trails of changes.
Increased Productivity: GitOps facilitates a fully automated continuous deployment and integrated feedback loop, reducing deployment time compared to traditional CI/CD pipelines.
High Resiliency: Git provides rollback and fork features allowing teams to recover systems reliably. Google's research group DORA defines four metrics for high-performing DevOps teams — high Deployment Frequency, low Lead Time for Changes, low Time to Restore Service and low Change Failure Rate. GitOps directly improves all four of these metrics.
Increased Stability: GitOps workflow includes audit logs that are automatically created for every change. This auditability supports stability by allowing developers to view which changes resulted in production problems.
Regulatory Compliance: GitOps can also help companies ensure compliance with any required standards, such as SOC 2, HIPAA and PCI.
Improved Security: Git can sign all changes, proving who the author is, and it provides strong encryption for tracking and managing changes. This provides a high level of trust in the integrity and security of the system.
Story by Bob Rock, a senior technical architect for cloud.