GitOps for Kubernetes
#TechBite15: Advent Calendar 2022 by Büro am Draht
What is it?
A way of implementing Continuous Deployment for cloud-native applications mostly into Kubernetes Environments. The idea of GitOps is to have a git repository that contains a declarative description of the desired state of your infrastructure. This can be Kubernetes manifests, helm charts, or kustomizations. The other part consists of an automated process to make the environment match the described state in the repository. This process can be push-based or pull-based.
The push-based approach is implemented in your CI/CD tool. Along with your application code, live the Kubernetes files needed to deploy the app. The build pipeline is triggered whenever the application code is updated, which creates a new application image and updates the environment configuration repository. Changes in the environment configuration repository trigger the deployment pipeline.
Contrary to the push-based approach, the pull-based approach handles the deployment by a GitOps tool located inside the Kubernetes cluster instead of a deployment pipeline.
The pipeline’s job is finished after the image is deployed to the registry. The GitOps tool in the Kubernetes cluster monitors the image registry and automatically deploys the newly built image. The same applies to the infrastructure code; as soon as you commit a configuration change, e.g., scale a deployment up or down, add a config map, etc., the GitOps tool deploys the changes.
This approach has the advantage that we only need to provide the git repository and image registry credentials into the Kubernetes Cluster, which in most cases, are some kind of read-only access token. This, plus the fact that the credentials live in a secured cluster, greatly increases security.
Why do we recommend it?
Both approaches share the following advantages.
- Git is the single source of truth in a system.
- Git is a single place where you operate all environments.
- All changes are observable and verifiable.
With these advantages, error recovery is as easy as a git revert.
Documented Deployments
With the declarative approach of Kubernetes coupled with the version management of a git repository, you automatically get versioned documentation of your infrastructure.
Easily shared knowledge
With the infrastructure and configuration as code approach, you can make the evolution of your environment visible to all team members and easily share examples of how to set up systems.
When do we recommend it?
After an initial investment, all projects can benefit from a GitOps approach. Because of the mentioned advantages, the initial configuration is already documented so you can recycle it for any new project.
One thing is to decide which approach to choose; the pull-based approach comes in handy with multiple environments. Since the Kubernetes cluster setup is as easy as a helm install, you only need to add the git and image registry credentials, and you are good to go.
It’s also interesting for cloud providers, where you can have difficulty logging in to a Kubernetes cluster. On the downside, there is another critical tool to observe and maintain. The push-based approach is more like a low-hanging fruit because you only need to add a deployment stage to an existing pipeline.
Are there examples, providers, or tools?
Tools, you should have a look at when diving deeper into GitOps:
ArgoCD
FluxCD
UpdateCLI
Author: Christian Kirmse
Illustrations: Kai Sinzinger
This article is part of a series called #24TechBites. To sweeten the remaining time until Christmas, we aim to inform you about current technologies, inspire you or give you an opinionated review of software trends — all in the form of 24 small daily surprises in the German tradition of an “Adventskalender”.
To enjoy all the other #TechBites and find out more about us and our advent calendar, click #24TechBites!
About
Büro am Draht is a Berlin-based consultancy helping our clients to build resilient and adaptable digital platforms to support today’s business requirements and even launch tomorrow’s business models we might not yet foresee. Hence, we work closely together at every stage of the digital transformation process — from digital strategy to solution design & development to operational support.
Our agile approach to developing versatile and scalable solutions ensures that our clients consistently deliver engaging and personalized customer experiences. To learn more about how we help companies across industries, visit:
Want to hear from our experts on a regular basis?
Sign up for our newsletter (published in German) here.
