Extend to more DevOps tasks? git push to: ● Build and run unit-tests ● Deploy code ● Deploy configuration ● Apply stateful migrations ● Run integration tests
Eventual consistency - no pipelines > yaml containers, iptables, resource allocation, volumes K8s controllers You do this This just happens. Eventually. Custom operators > yaml > yaml > yaml > yaml Run jobs, reconfigure deployments
Typical DevOps pipeline Build + run unit-tests Dockerfile Production build (artifacts) Multi-stage dockerfile Deploy configuration Update Kubernetes manifests Run stateful tasks (database migrations) Update CRs Run integration tests Run jobs with init-containers to check if microservices are ready
GitOps ● Code, config, monitoring, policy etc. declarative & version controlled ● What can be described and observed can be automated and controlled and accelerated ● Git as a source of truth for the desired state of whole system ● Compare desired state to actual state and act ● Make ops changes by pull requests to this repo ● All changes need to go through git review process, no kubectl ● Use a k8s operator on the cluster to drive the observed cluster state to desired state ● Pipelines, observability, control Source: Weaveworks
GitOps 1. Way of doing DevOps -- not a replacement 2. Commit desired state in a git repo -- not the steps to achieve the state 3. Declarative vs Imperative DevOps 4. Pipelines by default are imperative devops 5. GitOps by definition is declarative devops 6. Yaml file with a set of steps does not make it declarative
GitOps Advantages ● Declarative: desired state is clear ● Git: recreate/rollback, audit trail ● Observability: diff with actual state ● Git as a dev-operator boundary Disadvantages ● Cannot have everything in git (secrets, dynamic variables etc.) ● New tools (k8s operators) required to achieve state instead of simple scripts
Git: stable developer - ops boundary ● Consistent tooling for devs ● Freedom for operators to change the plumbing underneath ● Git hooks on client/server side, webhook integrations offered by GitHub, GitLab, BitBucket etc. ● CRD + Operator on K8s
Constraints ● git-hooks and webhooks can only make use of information inside the git repository ● or the environment that the git-hook/webhook runs in ● K8s Operators need manifests ● Key constraint: Everything must become declarative
What did we achieve? Reduced toolset Developers only need to use git for all DevOps tasks Complete extensibility Git-hooks, k8s operators allow for infinite customisation and tooling to be implemented by operators without affecting the developer workflow in the slightest
On pipelines ● Pipelines executing a sequence of tasks - imperative ● CI/CD tools - GitLab Auto DevOps, Jenkins X ● As more parts of it becomes declarative, we can start applying these configuration ● The CRD+Operator pattern works well ● No more pipelines?
References ● GitOps - Operations by Pull Request ● Can GitOps solve the developer / ops boundary once and for all? ● GitOps - Modern best practices for high velocity app dev using cloud native tools