What is GitOps?
GitOps is a methodology by which Kubernetes clusters can be managed via declarative manifests to enforce self-healing and self-reconciliation towards your desired state.
Compared to traditional CI/CD pipelines, GitOps follows a pull vs. push model. This means developers and operators do not need to invoke a pipeline to push changes into the cluster. Developers simply need to update their Kubernetes manifests in source control and the GitOps controllers running on the cluster will pull the changes, and apply the desired state. Therefore, Git becomes the single-source of truth for your environment.
Why implement GitOps?
In the past 11 years in industry, I have observed the benefits and pitfalls of numerous CI/CD systems from TeamCity to Jenkins to Gitlab and others. One common pattern I’ve viewed across organizations is the notion of shared CI/CD infrastructure. One or a few build servers are shared by dozens of teams which often result in resource contention on the server side, intermittent networking issues, frequent maintenance outages, which together serve as a bottleneck for development teams when they are not able to push builds. There are of course numerous benefits with these systems, but there have to be better ways.
Too often teams are regressed due to a dependency on a shared service.
GitOps allows us to scale horizontally the number of clusters as each cluster supports self-reconciliation and self-healing.
Architectural View
There are many technologies which support deploying a GitOps workflow. FluxCD and ArgoCD are two of the most common tools used. For the purpose of this article, we’ll explore GitOps through FluxCD.
As mentioned earlier, each GitOps enabled cluster runs a set of controllers responsible for reconciling cluster state from Git. These controllers are capable of reconciling from different repositories (e.g. Gitlab, Github, Bitbucket, etc.) and different manifests (e.g Kubernetes, Helm etc).
Below is a high-level architecture of these controllers in FluxCD: