$30 off During Our Annual Pro Sale. View Details »

GitOps Best Practices

GitOps Best Practices

awedis

July 22, 2023
Tweet

More Decks by awedis

Other Decks in Technology

Transcript

  1. Agenda Using IaC in the wrong way Infrastructure as Code

    - IaC What is GitOps How does GitOps work CD Pipeline: Push vs. Pull Model Increasing Security
  2. Oscar’s Story Heard about GitOps Did I Misunderstood the core

    concepts? Hmm this coffee tastes really good
  3. Using IaC the wrong way Directly modifying the live environment

    Lack of version control No testing or validation Lack of reviews and approvals Directly commits to the master branch Making changes directly to the live production environment Oscar skips the review process and directly applies changes to the production Doesn't perform proper testing or validation of changes before applying
  4. Infrastructure as Code Instead of creating it manually Can be

    easily reproduced Infrastructure as Code Network as Code Policy as Code Configuration as Code Security as Code
  5. What is GitOps? Treat Infrastructure Code the same as Application

    Code Separate Git Repository for Infrastructure Full CI/CD pipeline for it Automated Process More Transparency Quality IaC Easy Rollback Better Security
  6. How does GitOps work? IaC hosted on Git Repository (Version

    Controlled & Collaborated) GitOps Flow Run CI Pipeline Run Automated Tests Create Pull/Merge Request Approve Changes Run CD Pipeline & Deploy
  7. CD Pipeline: Push vs Pull Model Push Deployment Pull Deployment

    CI/CD (like Jenkins etc..) Push to Deployment Environment Agent installed in the environment, e.g. in K8s cluster Applies the needed changes to get to desired state Monitors and compares desired state with actual state
  8. Increase Security Not everyone has access to the infrastructure (or

    K8s Cluster) Anyone can propose changes in the git repository Smaller group can approve the changes (DevOps, SRE etc..) Less Permission to Manage More Secure Environment