What is GitOps
The term GitOps was coined by Weaveworks in 2017. GitOps is a logical extension of DevOps. GitOps builds on DevOps with Git as a single source of truth for the whole system. In other words, Git is a secure library repository that holds the best, most complete version of a system’s infrastructure and apps. It tracks in-progress coding of revisions and new products, and it is used for comparative analysis. It’s also like using a different framework to implement the methodology of DevOps. GitOps delivers the outputs that you get from DevOps implementations, but from a more mature perspective since there is an element of experience attached to it. Read more about GitOps in my blog, What is GitOps? Beyond the buzzword.
Source of Truth
Git is the single source of truth for the desired state of the system, while observability is the source of truth for the actual production state of the running system. GitOps focuses on both — it compares the observed state with the desired state. GitOps is necessary because DevOps is evolving rapidly and coding pipeline corrections often require lengthy input.
The following are some examples of questions that can be answered by a GitOps system.
- What is the repository state of the system?
- What are the diff changes?
- When were the changes made?
- Who made changes to the infrastructure or specific applications?
- Were the changes approved?
Observability and compliance
Observability is a relatively new term in the context of IT systems. It came to light in 2013, when Twitter published a blog describing the mission of its observability team. Some think of it as a six-syllable word that is trendier than monitoring, but there is a difference between these two terms. In his presentation during the nClouds-AWS webinar Kubernetes on AWS: Observability, AWS Principal Solutions Architect Curtis Rissi explained that monitoring tells you whether a system is working, and observability lets you understand why it isn’t working.
Compliance, and its associated financial risk, is important to most organizations, particularly those in regulated industries. Because GitOps makes all changes to the computing environment observable, verifiable, and auditable, GitOps is essential to manage compliance.
How GitOps helps with governance, risk, and compliance
GitOps provides the ability to log-audit and document all activities that affect data usage. It exposes changes to the system, optimizes deployment, supports version-controlled infrastructure, and increases transparency and auditability. Let’s take a closer look at the components of a system under observation by GitOps in terms of governance, risk and compliance. In this context, we understand these three components as follows:
Governance. Includes the declared and documented policies covering the handling of data — authentications, authorizations, onboarding, networking, security groups, configmaps, etc. Once policies are declared and documented in the Git repository, all commits and pull request (PR) or merge request (MR) processes are easily regulated.
Risk. GitOps empowers teams to iterate faster to ship new features without the fear of causing an unstable environment that results in legal and financial risks.
Compliance. Compliance may include the guidelines derived from HIPAA, GDPR, PCI, etc. A compliance auditor can look at Git Logs and see who made any changes, when and why, and how that impacted the running system deployments. The importance of the ability to log, audit, and document all activities that affect the use of data cannot be overstated. For example, all network policies can be part of Terraform code kept in a repo. Similarly, configmaps and various other authentication and authorization policies can also be a part of Git repository.
Want more on GitOps? Check out these related resources: