GitOps - when Git ❤ K8s Git based application deployment patterns on Kubernetes 

Hello! I’m Shahidh @shahidh_k GraphQL on Postgres 

Git 

Declarative tools 

Declarative tools ❤ Git as source of truth 

Git: source of truth ● Application Source Code ● Application Configuration as Code ○ Kubernetes ○ Docker ● System Configuration as Code ○ Ansible ○ Chef ○ Puppet ● Infrastructure as Code ○ Terraform ○ CloudFormation 

Git push 

● Write code ● git push heroku master Changed the world for developers Suddenly they’re all ninjas Developers are doing DevOps! Git push workflow 

The simplest DevOps task: Build & Deploy on Kubernetes 

Build & Deploy $ docker build -t registry.com/my-image:my-tag . $ docker push registry.com/my-image:my-tag $ kubectl set image deployment/my-deployment container=registry.com/my-image:my-tag 

$ git push dev master 

Demo 1 : Git push to update webpage 

Gitkube architecture git-remote k8s :: deployment,svc Exposed externally SSH-key based auth deployment $ git push dev master CRD configuration k8s :: CRD Deployments to update authorised-keys Dockerfile path controller k8s :: operator Apply changes $ kubectl ... remote.yaml your computer Kubernetes cluster 

Extend to more DevOps tasks? git push to: ● Build and run unit-tests ● Deploy code ● Deploy configuration ● Apply stateful migrations ● Run integration tests 

Demo 2: Sending a slack notification on deploy 

git push to apply Kubernetes objects (git hooks are amazing) 

K8s controller yaml Control -loops containers, iptables, resource allocation, volumes You do this This just happens 

CRD + Operator yaml Operator (does stateful things) Jobs, pods, volumes You do this This just happens 

Eventual consistency - no pipelines yaml containers, iptables, resource allocation, volumes K8s controllers You do this This just happens. Eventually. Custom operators yaml yaml yaml yaml Run jobs, reconfigure deployments 

Typical DevOps pipeline Build + run unit-tests Dockerfile Production build (artifacts) Multi-stage dockerfile Deploy configuration Update Kubernetes manifests Run stateful tasks (database migrations) Update CRs Run integration tests Run jobs with init-containers to check if microservices are ready 

GitOps 

GitOps ● Code, config, monitoring, policy etc. declarative & version controlled ● What can be described and observed can be automated and controlled and accelerated ● Git as a source of truth for the desired state of whole system ● Compare desired state to actual state and act ● Make ops changes by pull requests to this repo ● All changes need to go through git review process, no kubectl ● Use a k8s operator on the cluster to drive the observed cluster state to desired state ● Pipelines, observability, control Source: Weaveworks 

GitOps 1. Way of doing DevOps -- not a replacement 2. Commit desired state in a git repo -- not the steps to achieve the state 3. Declarative vs Imperative DevOps 4. Pipelines by default are imperative devops 5. GitOps by definition is declarative devops 6. Yaml file with a set of steps does not make it declarative 

GitOps Advantages ● Declarative: desired state is clear ● Git: recreate/rollback, audit trail ● Observability: diff with actual state ● Git as a dev-operator boundary Disadvantages ● Cannot have everything in git (secrets, dynamic variables etc.) ● New tools (k8s operators) required to achieve state instead of simple scripts 

Git as the developer - operator boundary 

Git: stable developer - ops boundary ● Consistent tooling for devs ● Freedom for operators to change the plumbing underneath ● Git hooks on client/server side, webhook integrations offered by GitHub, GitLab, BitBucket etc. ● CRD + Operator on K8s 

Constraints ● git-hooks and webhooks can only make use of information inside the git repository ● or the environment that the git-hook/webhook runs in ● K8s Operators need manifests ● Key constraint: Everything must become declarative 

Everything as Code 

What did we achieve? Reduced toolset Developers only need to use git for all DevOps tasks Complete extensibility Git-hooks, k8s operators allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest 

On pipelines ● Pipelines executing a sequence of tasks - imperative ● CI/CD tools - GitLab Auto DevOps, Jenkins X ● As more parts of it becomes declarative, we can start applying these configuration ● The CRD+Operator pattern works well ● No more pipelines? 

Git based tools on K8s 

Some more demos? 

Thank you for listening! Questions? @shahidh_k 

References ● GitOps - Operations by Pull Request ● Can GitOps solve the developer / ops boundary once and for all? ● GitOps - Modern best practices for high velocity app dev using cloud native tools