Home Automated Operations GitOps is more than Git: IaC, Merge Requests and Pipelines

GitOps is more than Git: IaC, Merge Requests and Pipelines

-

GitOps is a way-of-work that takes application development best practices like version control, code collaboration and automated pipelines and workflows, and applies them to IT infrastructure automation. Its technical premise is that:

  1. All infrastructure automation is codified as code that defines the desired state of the infrastructure
  2. The code is put into a version control system and that Git repository acts as the source of truth and starting point for automated workflows and pipelines that takes changes made in code, tests and validates them, and applies them to the production environment

However, GitOps is much more than ‘just’ IT infrastructure automation code in a Git repository. In this post, we’ll dive into the specifics of GitOps, and take a closer look at some practical ways to do GitOps with GitLab.

The Components of GitOps

GitOps, broadly speaking, consists of three components:

GitOps Components

Infrastructure as Code is a methodology and set of tools that help you describe the desired state of your IT infrastructure and its configuration in code, allowing you to make changes to your infrastructure by altering the code base.

Collaboration through merge requests and Git-based workflows helps network and systems engineers and IT administrators to work together and keep track of changes by leveraging Git workflows. Merge requests are used as the mechanism by which changes are evaluated and approved using peer review and comments. Since Git keeps track of all changes, it simultaneously serves as a record for audit and troubleshooting purposes.

Automated Pipelines that test and apply changes to infrastructure to always and automatically be evaluated against a common set of tests before applying infrastructure changes to production. The automated workflows free up engineers to work on new changes, instead of babysitting the changes as they go to production

GitOps is a way-of-work

GitOps is a combination of well-established workflows from the software development space, combined with automation technology that enables managing IT infrastructure as if it were a software development project, plus a set of processes that define collaboration and approval of changes.

This operational framework replaces Change Advisory Boards and other manual, error-prone, synchronous processes and unmanaged documents that track infrastructure changes. GitOps removes the dependency on weekly meetings going over changes, and makes it asynchronous, which increases productivity and velocity. It prevents building up a queue of changes, which in turn helps in troubleshooting and reversing breaking changes if things go wrong.

Security is a first-class citizen

Because GitOps uses Git, it inherits its advantages in security, auditability and transparency. Every change is documented, both the code or infrastructure change itself, as well as the metadata surrounding the change, answering the why, who, when and what questions. The Git-based workflows, merge requests and peer reviews create a level of documented transparency that is great for security teams and audits.

Everything is logged as part of the code change and the merge request. This increases security posture by making every change explicit, and applies the four-eyes principle without exception.

Codifying infrastructure also increases the ability to test changes for security issues, which is especially useful when we’re talking about, for instance, changing the configuration for an internet-facing application configuration.

Only validated changes are approved

The beauty of automated pipelines for infrastructure is obvious. By levering infrastructure pipelines akin the CI/CD pipelines in software development, every change can be validated and tested before going live. For infrastructure code, there are numerous tools out there, including code-level validators for JSON, logical validators like Terraform’s validate command, and many others. This way, problematic code gets filtered out automatically, and the engineer gets immediate feedback on what to improve.

How to get started with GitOps

So, GitOps isn’t magic. It just takes the Infra-as-Code tooling you’re already familiar with, and formalizes its workflows using Git-based processes for change approval and peer review. This improves audit logging, reduces manual error-prone processes and improves repeatability across test/dev environments and multi-cloud scenarios.

If you want to see a more practical, down-to-earth example of GitOps, check out GitLab’s GitOps Demo; a repository that lays out the fundamentals of GitOps.

Another resource is their Beginner’s Guide to GitOps, a good next step after this blog post.

NEWSLETTER

Sign up to receive our top stories directly in your inbox

Join our community to receive the latest news, free content, jobs and upcoming events to your inbox.


TOP STORIES