Implementing GitOps with Kubernetes: Automate, manage, scale, and secure infrastructure and cloud-native applications on AWS and Azure

Implementing GitOps with Kubernetes

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

The authors acknowledge the use of cutting-edge AI, such as ChatGPT, with the sole aim of enhancing the language and clarity within the book, thereby ensuring a smooth reading experience for readers. It's important to note that the content itself has been crafted by the author and edited by a professional publishing team.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Surbhi Suman

Book Project Manager: Srinidhi Ram

Senior Editor: Adrija Mitra

Technical Editor: Yash Bhanushali

Copy Editor: Safis Editing

Proofreader: Adrija Mitra

Indexer: Hemangini Bari

Production Designer: Prafulla Nikalje

DevRel Marketing Coordinator: Rohan Dobhal

First published: August 2024

Production reference: 1260724

Published by Packt Publishing Ltd.

Grosvenor House 11 St Paul’s Square Birmingham B3 1RB, UK

ISBN 978-1-83588-422-5

www.packtpub.com

To my wife and life partner, Eleonora, who supports my follies, encourages me, and allows me to move forward.

To my daughter, Giulia, who sacrificed spending part of her time with me to allow me to write this book.

To my parents, Filomena and Antonino, who enabled me to study.

To everyone who has believed in me.

– Pietro Libro

To my girlfriend, my family, and my friends, who put up with me through countless nights and weekends as I crafted this book!

To my sparring partner, Steve Golling, who co-created the craziest solutions with me and inspired me over the years!

And to everyone I've had the pleasure of working with over the past years, whose impact through our exchanges and collaborations has been invaluableyou know who you are (and if you don't, just assume I mean you!). Thank you!

– Artem Lajko

Contributors

About the authors

Pietro Libro is a tech enthusiast with over two decades of experience in software development and software architecture. His pragmatic problem-solving skills have been honed through work in the public administration, finance, and automation industries. He holds a master’s degree in computer science from the University of Rome, La Sapienza. Over the years, Pietro has transitioned from software development to a solution and cloud architect role. He is currently awaiting the defense of his PhD in bioinformatics at the University of Tuscia. Pietro’s dedication to learning is evident through his numerous certifications and his role as a technical speaker. Specializing in various technologies, especially software and cloud architecture, he relocated from Italy to Switzerland. Currently serving as a cloud solution architect in Zürich, Pietro lives with his wife, Eleonora, his daughter, Giulia, and their cat, Miau. In his free time, Pietro enjoys biking, practicing taekwondo, watching science fiction movies and series, and spending time with his family.

Artem Lajko is a passionate and driven platform engineer and Kubestronaut, boasting over eight years of IT experience, backed by a master’s degree in computer science. His track record showcases expertise in designing, developing, and deploying efficient and scalable cloud infrastructures. As a curious and continuous learner, Artem holds certifications in Azure, AWS, Kubernetes, and GitOps. Currently, he’s playing a pivotal role in enhancing innovation and application management at the Port of Hamburg. His technical acumen spans cloud infrastructures, cross-cloud solutions, and DevOps practices. He is also passionate about blogging and networking with manufacturers to craft top-notch solutions using market-available tools.

About the reviewers

Chen Fliesher has worked in the IT industry for over 20 years, with more than 7 years of experience as a DevOps engineer specializing in CI/CD and the cloud. For the last five years, he has been dedicated to implementing the GitOps methodology at AT&T. He serves as a developer, DevOps engineer, and architect on IoT, AI, and other projects.

Chen received his BSc in Mathematics and Computer Science (cum laude) from Bar-Ilan University. He is currently employed by AT&T as a DevOps Tech Lead in the software delivery service. In this role, he assists the development team in accelerating the migration of both legacy and new services from on-premises to the cloud. Additionally, he has given several talks at events such as Kubernetes Community Days and Jenkins User Conference, and he mentors and teaches at AT&T.

I’d like to thank my family and friends, who understand the time and commitment it takes me to become a subject matter expert in the field of software delivery and the cloud.

I thank my wife, Nili, and my three daughters, who allowed me the time to learn, research, and practice in the field of progressive delivery.

Thanks to all my peers who assist me in delivering talks on KCD, JUC, and others.

Never stop learning.

Dhirendra Kumar is a cloud (certified) Kubernetes and platform architect. He has a master’s degree in computer science and has worked with many global tech companies (IBM, HPE, Medidata, and so on) for the past 20+ years. Dhirendra has helped design, develop, and deploy many solutions and advise companies as they navigate the challenges of moving cloud projects from concept to production. This gives him a rare mix of knowledge in both the development and cloud computing spaces.

Prasanna Jatla is currently working as a senior software engineer at American Express, leveraging over 11 years of extensive experience in the financial industry. His expertise lies in the development of scalable, distributed software applications. He has spearheaded numerous modernization projects and automation initiatives. His skill set extends to the development of event-driven applications and batch-processing systems, where he has demonstrated proficiency in driving efficiency and performance.

Table of Contents

Preface

Part 1: Understanding GitOps via Uncomplicated Orchestrations/ Kubernetes

1

An Introduction to GitOps

Technical requirements

GitOps unveiled – reshaping development culture and practices

Traditional CI/CD with DevOps against GitOps

The fundamentals of GitOps and the advantages of adopting it for platform engineering

Why GitOps?

The integration between GitOps, IaC, and Kubernetes

GitOps and IaC

GitOps and Kubernetes

Kubernetes and Argo CD

Kubernetes and Flux CD

Summary

Further reading

2

Navigating Cloud-native Operations with GitOps

Technical requirements

An overview of the integration of GitOps and cloud-native technology

An introduction to Kubernetes

What is Kubernetes?

Kubernetes architecture

Exploring K3s as a lightweight Kubernetes distribution

Local cluster setup

K3s setup and installation verification

Kubernetes manifest

Our first deployment with K3s

Port forwarding

Getting started with containers

Docker setup

Docker alternatives

Dockerfile

Sample workflow – effortless CD with Docker and K3s

Local development

Dockerizing the application and running it locally

Publishing the image to a container registry

Deploying to K3s

Summary

Further reading

3

Version Control and Integration with Git and GitHub

Technical requirements

Exploring version control systems – local, centralized, and distributed

Why Git?

Git setup

Creating and cloning a Git repository

The basics of Git

Exploring GitHub

GitHub’s ecosystem

GitHub flow

Integrating GitOps and GitHub

Summary

Further reading

4

Kubernetes with GitOps Tools

Technical requirements

Overview of popular GitOps tools

A deep dive into Helm and Kustomize

Helm

Kustomize

Argo CD integration with Kubernetes

Argo CD setup

Flux integration with Kubernetes

Flux setup

Deploying to Kubernetes with Flux

Comparing Argo CD and Flux

Summary

Part 2: Harnessing Advanced Orchestrations, Culture, and Control in GitOps Practices

5

GitOps at Scale and Multitenancy

Technical requirements

Traditional CI/CD versus GitOps CD

Platform engineering versus IDPs

Understanding the App of Apps approach

Use cases of App of Apps combined with examples

The ApplicationSets approach

Which approach should be used?

Understanding multi-cluster management

One cockpit to rule them all

One cockpit – multiple fleet and commander concept

Understanding effective Git repository strategies

Environment branches

Environment per Git

Folders for environments

Scaling with ApplicationSet generators

Building a service catalog for Kubernetes

Building the service catalog

Exploring native multitenancy with Argo CD

Exploring multitenancy with vCluster and Argo CD

Bonus – simplified connection to multiple vClusters – a handy bash script

Limitations solved in multitenancy with GitOps – a review

Wrapping up – insights and lessons from multitenancy experiences

Summary

References

6

GitOps Architectural Designs and Operational Control

Exploring diverse GitOps architectural frameworks for Kubernetes environments

Examining the impact of architectural choices on GitOps’ effectiveness

Architectural choices impacting GitOps

Making informed architectural decisions

Tailoring designs for scalability, resilience, and efficiency in cloud-native deployments

Scalability in cloud-native architectures

Resilience through redundancy and isolation

Efficiency with proactive optimization

Tailoring designs with GitOps

Centralized control – managing clusters with a solo Argo instance

The approach – centralized control

When to use the centralized control approach

When to avoid the centralized control approach

Dedicated instances – instance per cluster with Argo CD

When to use dedicated Argo CD instances

When to avoid dedicated Argo CD instances

Dedicated instances – instance per cluster with Flux CD

The middle way – instance per logical group with Argo CD

When to use the middle-way approach

When not to use the middle-way approach

The cockpit and fleet approach with Argo CD

Delving deeper into the approach

Operational dynamics

When to use the cockpit and fleet approach

When not to use the cockpit and fleet approach

Choosing the right approach for your GitOps needs

Centralized Kubernetes cluster creation – leveraging Cluster API and Argo CD for streamlined cluster deployment

Introduction to Cluster API

How Cluster API is leveraged by different companies

A deep dive into Cluster API and GitOps – hands-on

Initializing the management cluster

Creating your first workload cluster

Summary

References

7

Cultural Transformation in IT for Embracing GitOps

Treating infrastructure as an application

Understanding IaC

Understanding infrastructure as applications in Argo CD’s GitOps framework

Embracing infra-as-apps – bridging GitOps and infrastructure management

How IaC can be used to deploy infrastructure

Why infra-as-apps is a game-changer?

Understanding the principles of immutable infrastructure

The essence of immutable infrastructure

Integrating immutable infrastructure with GitOps

Introducing DORA metrics

Understanding the need for continual improvement in GitOps

Overcoming cultural barriers to adopt GitOps

A project’s story – exchange, experiences, and learnings

Essential Q&A from another recent project

Summary

References

Part 3: Hands-on Automating Infrastructure and CI/CD with GitOps

8

GitOps with OpenShift

Technical requirements

Introduction to Red Hat OpenShift

Red Hat OpenShift environment setup

Troubleshooting OpenShift CRC setup issues

Setting Up GitOps in Red Hat OpenShift

Leveraging Red Hat OpenShift’s CI/CD for GitOps

Automation and configuration best practices

A comparison of Kubernetes Red Hat OpenShift

Summary

9

GitOps for Azure and AWS Deployments

Technical requirements

Azure and AWS accounts

Cloud GitOps essentials – Azure and AWS

Azure GitOps essentials

AWS GitOps essentials

GitOps applications in cloud environments

Cross-cloud strategies

GitOps strategies for Azure and AWS deployments for Kubernetes

Azure GitOps strategies

AWS GitOps strategies

Summary

10

GitOps for Infrastructure Automation – Terraform and Flux CD

Technical requirements

Introducing infrastructure automation with Terraform and Flux CD

Setting up Terraform in a GitOps workflow

Tofu Controller (formerly Weave TF-Controller)

Getting started with the setup

Exploring Flux CD – enabling CD in Kubernetes

Combining Terraform and Flux CD for enhanced automation

Providing new infrastructure by updating Terraform files

Enhanced disaster recovery capabilities

Creating and managing multi-stage environments

Version control and automation with Terraform and Flux CD

Security and best practices with Terraform and Flux CD

Best practices for configuration and maintenance

Best practices for managing multi-environment configurations

Git workflow strategies

Multi-environment management with Terraform and Flux CD

Summary

11

Deploying Real-World Projects with GitOps on Kubernetes

Technical requirements

Establishing a GitOps and Kubernetes development environment

Implementing CI/CD with GitOps

Final objective and implementation

CI/CD pipeline using GitHub Actions and Terraform

Using Argo CD for the continuous deployment

Designing for scalability and efficiency

Architectural principles

Resource management

Testing for scalability

Resources management and scalability

Optimizing resource usage

Implementing the HPA

Testing for scalability – an example

Monitoring and securing your application

Monitoring

Setting up Prometheus and Grafana

Understanding Kubernetes security

Summary

Part 4: Operational Excellence Through GitOps Best Practices

12

Observability with GitOps

Exploring the fundamentals of SRE for GitOps and Kubernetes

The intersection of SRE with GitOps

SRE principles in a Kubernetes context

Understanding internal (white box) versus external (black box) observability

Internal or white box observability explained

External or black box observability defined

Balancing internal and external observability

Exploring SLO-driven multi-stage performance with DORA

Integrating SLOs with DORA metrics

Applying a multi-stage approach

Implementing distributed tracing in GitOps with Linkerd

Implementing monitoring in GitOps with tools such as Uptime Kuma and OpenTelemetry

Uptime Kuma – the external watchdog for your online services

OpenTelemetry – a unified observability framework

Looking at alerting strategies in a GitOps framework

Some relevant alerting rules

Diving deeper into node overcommitment in Kubernetes

Scaling observability with GitOps

Scaling observability components

Organizational strategies for effective observability

Selecting the right observability tools for specific use cases

Enterprise-level best practices with observability and GitOps

Summary

References

13

Security with GitOps

Hardening declarative GitOps CD on Kubernetes

Addressing configuration vulnerabilities

Enhancing password management and RBAC

Committing everything to Git? What about Secrets?

Sealed Secrets

External Secrets

Leveraging a policy engine for policy-as-code practices

Integrating Kyverno and OPA

Hands on – let’s put theory into practice [6]

Automating security scanning and compliance

KubeClarity

Falco

Keeping your platform catalog up-to-date

Summary

References

14

FinOps, Sustainability, AI, and Future Trends for GitOps

Covering the fundamentals of FinOps

Forecasting and monitoring costs with GitOps

How GitOps complements FinOps

Utilizing GitOps with FinOps

OpenCost versus Kubecost with GitOps

Optimization techniques for cloud spend

Combining GitOps and Kubecost for cloud spend optimization

Assessing carbon footprint and promoting green operations

Assessing carbon footprint with kube-green

Promoting green operations with Armada

Assessing carbon footprint by integrating with GitOps

Looking at GitOps and AI-driven automation

Robusta.dev

Future challenges and opportunities in GitOps

The role of GitOps in emerging technologies

Summary

References

Index

Other Books You May Enjoy

Preface

Hello there!

In the rapidly evolving world of software development, maintaining consistency, scalability, and reliability in deployments is a significant challenge. GitOps has emerged as a revolutionary approach to bridge the gap between development and operations, especially in Kubernetes environments. By using Git as the single source of truth for system and application configurations, GitOps automates and standardizes deployments, ensuring they are consistent, auditable, and efficient.

GitOps leverages the principles of version control, infrastructure as code, and continuous deployment to create a seamless, transparent workflow. This methodology not only simplifies operations but also enhances collaboration and accelerates delivery times, allowing teams to focus more on innovation rather than firefighting.

This book, Implementing GitOps with Kubernetes: Automate, manage, scale, and secure infrastructure and cloud-native applications on AWS and Azure, aims to provide a comprehensive guide to mastering GitOps. Through practical examples, step-by-step tutorials, and insights from industry experts, we will explore how to effectively implement GitOps practices in your Kubernetes deployments.

Our journey begins with an introduction to the core concepts and principles of GitOps. We will delve into the technical intricacies of tools such as Argo CD, Flux CD, Helm, and Kustomize, and how they integrate with Kubernetes. From there, we will tackle advanced topics such as multi-cluster management, security, and scalability, ensuring you have a holistic understanding of GitOps.

Drawing from our extensive experience in cloud architecture and DevOps practices, we will share real-world scenarios and best practices that have been tested and validated in various industries. By the end of this book, you will be equipped with the knowledge and skills to implement GitOps strategies in your current or future Kubernetes deployments, ensuring reduced complexity and increased scalability.

Whether you are a DevOps engineer, site reliability engineer, platform engineer, or cloud architect, this book will provide you with the tools and insights needed to succeed in today’s cloud-native landscape. Let’s embark on this journey together and unlock the full potential of GitOps for your Kubernetes deployments.

Who this book is for

Implementing GitOps with Kubernetes: Automate, manage, scale, and secure infrastructure and cloud-native applications on AWS and Azure is designed for professionals looking to enhance their skills in deploying and managing Kubernetes environments using GitOps principles.

The primary audience of this book includes the following:

DevOps engineers: Professionals responsible for managing and automating the deployment of applications and infrastructure. This book will provide them with advanced GitOps techniques to streamline their workflows, reduce deployment errors, and ensure consistency across environments.

Site reliability engineers (SREs): Engineers focused on maintaining the reliability and performance of applications. This book will offer insights into integrating GitOps for better observability, automated recovery, and efficient scaling of Kubernetes clusters.

Platform engineers: Individuals who build and maintain the underlying platforms that support application development and deployment. They will learn how to implement GitOps to manage infrastructure as code, ensuring their platforms are robust, scalable, and secure.

Cloud engineers: Engineers working with cloud platforms who need to manage complex Kubernetes environments. This book will teach them how to leverage GitOps to automate deployments, manage multi-cloud setups, and optimize cloud resource utilization.

Software engineers: Developers who are looking to understand the deployment process better and contribute to infrastructure management. This book will provide them with a comprehensive understanding of GitOps practices, enabling them to collaborate more effectively with operations teams.

Solution architects: Professionals responsible for designing and implementing technical solutions. They will gain a deeper understanding of how to incorporate GitOps into their architecture designs, ensuring scalable and maintainable solutions.

IT leaders and managers: Leaders who oversee the implementation of DevOps and cloud-native strategies within their organizations. This book will help them understand the benefits of GitOps, guiding them in making informed decisions about adopting and scaling GitOps practices in their teams.

The target audience of this book should ideally have the following background:

Knowledge of cloud computing: Readers should have a foundational understanding of cloud computing concepts and environments, as GitOps practices often involve deploying applications on cloud platforms.

Familiarity with continuous integration and continuous deployment (CI/CD) principles: A basic grasp of CI/CD principles is essential, as GitOps builds upon these methodologies to automate and streamline deployments.

Basic Kubernetes understanding: Prior experience with Kubernetes is highly beneficial, as this book delves deep into integrating GitOps with Kubernetes environments. Readers should be familiar with Kubernetes fundamentals such as pods, services, and deployments.

Experience with version control systems: Since GitOps relies heavily on Git for version control, readers should have experience with Git or similar version control systems. This includes understanding branching, merging, and managing repositories.

DevOps tools and practices: Familiarity with DevOps tools such as Docker, Helm, and other orchestration utilities will help readers grasp the advanced topics discussed in the book more efficiently.

By the end of this book, readers will be equipped with the knowledge and practical skills needed to implement GitOps strategies effectively in their Kubernetes deployments, ensuring reduced complexity, increased scalability, and improved operational efficiency.

What this book covers

Chapter 1

, An Introduction to GitOps, provides a foundational understanding of GitOps, exploring its principles and how it transforms culture, workflows, and mindsets in modern software development.

Chapter 2

, Navigating Cloud-Native Operations with GitOps, delves into building and managing containerized applications using GitOps practices, covering topics such as Kubernetes fundamentals, container image optimization, and cloud-native pipelines.

Chapter 3

, Version Control and Integration with Git and GitHub, explains the pivotal role of Git and GitHub in GitOps, offering insights into effective version control and collaborative development practices.

Chapter 4

, Kubernetes with GitOps Tools, explores various GitOps tools such as Helm, Kustomize, Argo CD, and Flux CD, detailing their integration with Kubernetes and providing a comparative analysis to help choose the right tool for specific needs.

Chapter 5

, GitOps at Scale and Multitenancy, discusses advanced GitOps practices for scaling deployments and managing multi-cluster environments, including strategies for effective Git repository management and building a service catalog for Kubernetes.

Chapter 6

, GitOps Architectural Designs and Operational Control, focuses on architectural frameworks and operational methodologies for GitOps, emphasizing scalability, resilience, and efficiency in cloud-native deployments.

Chapter 7

, Cultural Transformation in IT for Embracing GitOps, highlights the cultural shift required to adopt GitOps, discussing principles of infrastructure as code, immutable infrastructure, DORA metrics, and overcoming organizational resistance.

Chapter 8

, GitOps with OpenShift, provides an in-depth exploration of applying GitOps principles within the Red Hat OpenShift environment, including setting up GitOps workflows, leveraging OpenShift’s CI/CD tools, and securing GitOps pipelines.

Chapter 9

, GitOps for Azure and AWS Deployments, covers the implementation of GitOps practices within Azure and AWS ecosystems, detailing the integration of cloud-native tools and services to streamline application and infrastructure management.

Chapter 10

, GitOps for Infrastructure Automation – Terraform and Flux CD, delves into the integration of Terraform and Flux CD for automating infrastructure management, covering version control, multi-environment management, and advanced automation techniques.

Chapter 11

, Deploying Real-World Projects with GitOps on Kubernetes, provides a hands-on guide to executing real-world projects using GitOps and Kubernetes, from setting up development environments to designing, developing, and deploying scalable applications.

Chapter 12

, Observability with GitOps, explores the integration of observability practices into GitOps workflows, covering SRE principles, internal versus external observability, SLO-driven performance, and advanced monitoring techniques.

Chapter 13

, Security with GitOps, discusses the security aspects of GitOps, including hardening declarative CD, implementing policy-as-code, managing secrets, maintaining platform catalogs, and automated security scanning.

Chapter 14

, FinOps, Sustainability, AI, and Future Trends for GitOps, highlights the fusion of FinOps with GitOps for sustainable and cost-effective operations, covering cost forecasting, optimization, carbon footprint assessment, AI-driven automation, and future trends in GitOps. To get the most out of this book

To get the most out of this book, readers should have a foundational understanding of cloud computing and DevOps principles. Familiarity with Kubernetes and containerization technologies, such as Docker, is essential. Experience with version control systems, particularly Git, will be beneficial as GitOps heavily relies on these tools. Basic knowledge of CI/CD pipelines and infrastructure as code concepts will also help readers grasp the advanced topics covered in the book.

This book includes all the necessary instructions to work through each chapter. Step-by-step guides are provided to ensure a smooth setup and implementation process. The source code for the examples and projects discussed in the book is available in a public repository. Please refer to the next page for the repository link and further details.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Implementing-GitOps-with-Kubernetes

. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/

. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: There are globally defined values under optimization/opencost, and then there’s a custom pricing model for each specific country.

A block of code is set as follows:

helm repo add sealed-secrets https://bitnami-  labs.github.io/sealed-secrets

helm install sealed-secrets sealed-secrets/sealed-secrets

#Install e.g. CLI on MacOS

brew install kubeseal

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

clusterName: aks-excelsior-development-2globalConfig:  chat_gpt_token: sk-dw******  signing_key: ea657a******  account_id: 7935371f******sinksConfig:- slack_sink:    name: main_slack_sink     slack_channel: pocs     api_key: xoxb******- robusta_sink:    name: robusta_ui_sink     token: eyJhY2NvdW******enablePrometheusStack: true # This part is added to the default generated_values.yaml enablePlatformPlaybooks: true runner:  sendAdditionalTelemetry: true rsa:  private: ******  public: ******

# This part is added to the default generated_values.yaml playbookRepos:  chatgpt_robusta_actions:    url: https://github.com/robusta-dev/kubernetes-chatgpt-bot.git# This part is added to the default generated_values.yaml customPlaybooks:# Add the 'Ask ChatGPT' button to all Prometheus alerts - triggers:  - on_prometheus_alert: {}  actions:  - chat_gpt_enricher: {}

Any command-line input or output is written as follows:

$ aws eks --region eu-central-1 update-kubeconfig --name eksgitopscluster

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: When a Common Vulnerabilities and Exposures (CVE) is revealed, and you opt for the cockpit and fleet approach, adopting GitOps at scale also facilitates a vulnerability management at scale strategy.

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected]

and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata

and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected]

with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com

.

Share Your Thoughts

Once you’ve read Implementing GitOps with Kubernetes, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page

for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

Scan the QR code or visit the link below

https://packt.link/free-ebook/9781835884225

Submit your proof of purchase

That’s it! We’ll send your free PDF and other benefits to your email directly

Part 1: Understanding GitOps via Uncomplicated Orchestrations/ Kubernetes

In this part, you will explore the foundational aspects of GitOps. Starting with a broad overview, you will understand how GitOps has emerged as a key practice in modern software development and platform engineering. We will delve into navigating cloud-native operations, emphasizing the integration of Git and GitHub for effective version control. Additionally, you will utilize Kubernetes with various GitOps tools to streamline deployment processes, offering a comprehensive understanding of how these technologies interconnect to simplify and enhance software deployment and management.

This part includes the following chapters:

Chapter 1

, An Introduction to GitOps

Chapter 2

, Navigating Cloud-Native Operations with GitOps

Chapter 2

, Version Control and Integration with Git and GitHub

Chapter 4

, Kubernetes with GitOps Tools

1

An Introduction to GitOps

In this opening chapter, we’ll delve into GitOps, an innovative approach that’s revolutionizing software development and operations. This chapter begins with the tale of GitOps, focusing on its transformative effect on organizational culture and workflows. The Fundamentals of GitOps section outlines its core principles, such as the centralization of Git, its declarative approach, and automated synchronization. Traditional CI/CD with DevOps against GitOps traces the evolution of software deployment, contextualizing GitOps in the broader history of the field. This chapter will also contrast traditional CI/CD and DevOps methodologies with GitOps, highlighting GitOps as an evolution in managing complex systems. We’ll conclude by discussing the advantages of adopting GitOps for platform engineering while illustrating its efficiency, consistency, and adaptability.

In this chapter, we’ll cover the following topics:

GitOps unveiled – reshaping development culture and practices

The fundamentals of GitOps and the advantages of adopting it for platform engineering

Why GitOps?

The integration between GitOps, IaC, and Kubernetes

Technical requirements

To follow along with this chapter, you need to have basic knowledge of version control, Infrastructure as Code (IaC), continuous integration (CI), continuous delivery (CD), and Kubernetes. Basic knowledge of major cloud providers, such as Google Cloud Platform (GCP), AWS, and Azure, will be beneficial.

GitOps unveiled – reshaping development culture and practices

In the realm of modern software development and operations, GitOps emerges as a confluence of ideas and practices, redefining the approach to managing complex systems.

The term GitOps was first introduced by Alexis Richardson, the co-founder of Weaveworks, in August 2017 through a series of blog posts. Richardson described GitOps as a methodology where developer tools are pivotal in driving operational procedures. This approach emphasized the significance of using declarative tools and advocated for the best practices wherein configurations are treated as code. Consequently, these configurations should be subject to version control, aligning with the core principles of GitOps.

This innovative concept marked a shift in how software development and IT operations teams approach how infrastructure and applications are managed and deployed, promoting a more efficient, transparent, and reliable process.

GitOps is a paradigm that represents a breakthrough in how software development and operations teams manage and deploy applications and infrastructure. It revolves around the idea of using Git, a widely used version control system, as the single source of truth for declarative infrastructure and applications.

Version control, also known as source control, is a system that records changes to a file or set of files over time so that you can recall specific versions later. It allows multiple people to work on a document simultaneously, and version control systems provide a way to manage these changes among multiple people.

Traditional CI/CD with DevOps against GitOps

In traditional IT operations, as shown in Figure 1.1, the development team periodically hands over new software versions to a quality assurance (QA) team. This team tests the software and passes it to the operations team for deployment.

As software release cycles become shorter, traditional operations models struggle to keep up. The operations team oversees configuring the infrastructure for new software versions while focusing on system reliability, resilience, and security:

Figure 1.1 – Example of a traditional IT operations workflow

Managing infrastructure without advanced frameworks can be complex and requires specialized knowledge. IT operations encompass all processes and services provided by IT staff to meet a business’s technological requirements. This includes handling maintenance work and responding to customer issues. In traditional models, development, QA, and operations teams often work under different management structures, so detailed handoff processes and thorough documentation are crucial:

Figure 1.2 – Traditional organization model with separated teams

The traditional organizational model, which is characterized by distinct, separated teams, tends to complicate the delivery process. This separation often leads to slower deployments and reduced deployment frequencies. Additionally, the need to transition tasks between teams heightens the risk of miscommunication, which can result in testing oversights and deployment errors.

Most development teams use automated build systems and CI to compile, test, and produce deployable artifacts.

CI is a foundational process in modern software development that automates building, testing, and packaging applications, as shown in Figure 1.3:

Figure 1.3 – Example of a CI workflow

In this system, software engineers frequently commit code changes to a central repository (for example, a Git repository), where these changes are automatically built, tested, and prepared for integration with the main code branch. This approach ensures that the software is always in a state ready for production deployment, highlighting the importance of CI in maintaining the continuous flow of software development.

CI’s automated processes are crucial for ensuring the quality and integrity of code before it merges with the main branch. By automating these stages, CI minimizes the risks associated with human error and speeds up the development cycle. However, the process often halts at the deployment stage, which is still predominantly manual in many organizations. This manual deployment can involve complex procedures or semi-automated scripts and often requires operations engineers to physically transfer and restart applications on servers. Such manual interventions are prone to errors and lack robust control mechanisms, making them inefficient and risky.

Building on the foundations of CI, CD takes automation a step further:

Figure 1.4 – Example of a CD workflow

CD is a practice where code changes, once they pass through CI’s build and testing phases, are automatically prepared and ready for release to a production environment. It always keeps the software in a release-ready state, dramatically simplifying the process of releasing updates and new features.

CD versus continuous deployment

CD and continuous deployment are closely related practices in software development that streamline the release process. CD ensures every code change is automatically built, tested, and prepared for release, allowing