Slide 1

Slide 1 text

“GitOps Best Practices” Awedis Keofteian DevOps Engineer at Anghami AWS UG Leader /awedis

Slide 2

Slide 2 text

Agenda Using IaC in the wrong way Infrastructure as Code - IaC What is GitOps How does GitOps work CD Pipeline: Push vs. Pull Model Increasing Security

Slide 3

Slide 3 text

Oscar’s Story Heard about GitOps Did I Misunderstood the core concepts? Hmm this coffee tastes really good

Slide 4

Slide 4 text

Using IaC the wrong way Directly modifying the live environment Lack of version control No testing or validation Lack of reviews and approvals Directly commits to the master branch Making changes directly to the live production environment Oscar skips the review process and directly applies changes to the production Doesn't perform proper testing or validation of changes before applying

Slide 5

Slide 5 text

Infrastructure as Code Instead of creating it manually Can be easily reproduced Infrastructure as Code Network as Code Policy as Code Configuration as Code Security as Code

Slide 6

Slide 6 text

What is GitOps? Treat Infrastructure Code the same as Application Code Separate Git Repository for Infrastructure Full CI/CD pipeline for it Automated Process More Transparency Quality IaC Easy Rollback Better Security

Slide 7

Slide 7 text

How does GitOps work? IaC hosted on Git Repository (Version Controlled & Collaborated) GitOps Flow Run CI Pipeline Run Automated Tests Create Pull/Merge Request Approve Changes Run CD Pipeline & Deploy

Slide 8

Slide 8 text

CD Pipeline: Push vs Pull Model Push Deployment Pull Deployment CI/CD (like Jenkins etc..) Push to Deployment Environment Agent installed in the environment, e.g. in K8s cluster Applies the needed changes to get to desired state Monitors and compares desired state with actual state

Slide 9

Slide 9 text

CD Pipeline: Push vs Pull Model Push Git Pull Deploy

Slide 10

Slide 10 text

Increase Security Not everyone has access to the infrastructure (or K8s Cluster) Anyone can propose changes in the git repository Smaller group can approve the changes (DevOps, SRE etc..) Less Permission to Manage More Secure Environment

Slide 11

Slide 11 text

Thank you, Questions time Awedis Keofteian DevOps Engineer at Anghami AWS UG Leader /awedis