“GitOps Best Practices” Awedis Keofteian DevOps Engineer at Anghami AWS UG Leader /awedis 

Agenda Using IaC in the wrong way Infrastructure as Code - IaC What is GitOps How does GitOps work CD Pipeline: Push vs. Pull Model Increasing Security 

Oscar’s Story Heard about GitOps Did I Misunderstood the core concepts? Hmm this coffee tastes really good 

Using IaC the wrong way Directly modifying the live environment Lack of version control No testing or validation Lack of reviews and approvals Directly commits to the master branch Making changes directly to the live production environment Oscar skips the review process and directly applies changes to the production Doesn't perform proper testing or validation of changes before applying 

Infrastructure as Code Instead of creating it manually Can be easily reproduced Infrastructure as Code Network as Code Policy as Code Configuration as Code Security as Code 

What is GitOps? Treat Infrastructure Code the same as Application Code Separate Git Repository for Infrastructure Full CI/CD pipeline for it Automated Process More Transparency Quality IaC Easy Rollback Better Security 

How does GitOps work? IaC hosted on Git Repository (Version Controlled & Collaborated) GitOps Flow Run CI Pipeline Run Automated Tests Create Pull/Merge Request Approve Changes Run CD Pipeline & Deploy 

CD Pipeline: Push vs Pull Model Push Deployment Pull Deployment CI/CD (like Jenkins etc..) Push to Deployment Environment Agent installed in the environment, e.g. in K8s cluster Applies the needed changes to get to desired state Monitors and compares desired state with actual state 

CD Pipeline: Push vs Pull Model Push Git Pull Deploy 

Increase Security Not everyone has access to the infrastructure (or K8s Cluster) Anyone can propose changes in the git repository Smaller group can approve the changes (DevOps, SRE etc..) Less Permission to Manage More Secure Environment 

Thank you, Questions time Awedis Keofteian DevOps Engineer at Anghami AWS UG Leader /awedis