├── LICENSE ├── README.md └── workflow.png /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Daniël Illouz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # The GitOps Manifesto [wip] 2 | 3 | **Empower developers to do operations.** 4 | 5 | While researching CI/CD workflows and DevOps practices for cloud native applications using _Microservices_, _Docker_ and _Kubernetes_, 6 | I stumbled upon [GitOps](https://www.weave.works/blog/gitops-high-velocity-cicd-for-kubernetes). 7 | 8 | I'm using this repo to create an overview of all things I'm learning about this subject. 9 | 10 | ## What is GitOps 11 | 12 | > "GitOps is short for _Git Ops_. It is a name for a set of Ops practices using Git. The spirit of the name is to be like DevOps — something that anyone can do rather than being _a product_." - [Alexis Richardson](https://twitter.com/monadic) 13 | 14 | GitOps is a name coined by [Weaveworks](https://www.weave.works/) which describes how developers use 15 | tooling to drive operations. It builds on DevOps best practices, allowing developers to operate Kubernetes 16 | via Git instead of tools like `kubectl`. 17 | 18 | > "kubectl is the new ssh." - Kelsey Hightower 19 | 20 | This is possible because Git is used as the single source of truth for the desired state of your 21 | entire system. 22 | 23 | The fundamental theorem of GitOps is: 24 | 25 | > Only what can be described and observed can be automated and operated. 26 | 27 | ## Why 28 | 29 | When the desired state of a system is version controlled and used as the single source of truth, we 30 | get all the benefits of Git and Pull Request based workflows: 31 | 32 | * history 33 | * possibility to revert changes 34 | * reviews 35 | * comments 36 | * possibility to link to issues, Pull Requests, stories, etc. 37 | 38 | This makes the entire system more _transparent_, _discoverable_, _easier to operate_, _recoverable_ 39 | and _observable_. These attributes help us to reliably deliver quality software at a high velocity 40 | in order to innovate, stand out in the market and be cost efficient. 41 | 42 | > "When we say _high velocity_ we mean that every product team can safely ship updates many times a day — deploy instantly, observe the results in real time, and use this feedback to roll forward or back. The goal is for product teams to use [continuous experimentation](https://blog.acolyer.org/2017/09/29/the-evolution-of-continuous-experimentation-in-software-product-development/) to improve the customer experience as fast as possible." - [Alexis Richardson](https://twitter.com/monadic) 43 | 44 | TODO: security 45 | 46 | TODO: testing in prod 47 | 48 | ## How 49 | 50 | By making _Git_ the source of truth of the _desired state_ of the system and making _Obersvability_ 51 | the source of truth of the _actual running state_ of the system, we can use the _Operator Pattern_ 52 | to control the actual state so that it will reflect the desired state. This is achieved by listening 53 | for certain Git tags to be _pushed_ and in turn orchestrate service deployments to the cluster. 54 | Tools like [Weaveworks Flux](https://github.com/weaveworks/flux) do this. 55 | 56 | > “Ideally if I make a code change, all I want is a URL to tell me where it’s running. You get bonus points if you can give me metrics to tell me how well it’s running." - [Kelsey Hightower](https://twitter.com/kelseyhightower) 57 | 58 | TODO: Push vs pull deployment 59 | 60 | TODO: monitoring & observability 61 | 62 | ## Requirements 63 | 64 | * [Declarative infrastructure as code](https://www.thoughtworks.com/insights/blog/infrastructure-code-reason-smile) 65 | * Immutable deployment artefacts 66 | 67 | * Git: 68 | * Code & config version controlled 69 | * Rollback functionality 70 | * Operational changes must be made by Pull Request; don't let CI push updates into the Kubernetes cluster or use `kubectl` by hand 71 | * Build each container image just once and 'promote' it through each test sequence / environment, do not rebuild each time. But you must still update your declarative config changes in Git. 72 | 73 | - Monitorable & observable services & infrastructure 74 | - Diff tools detect/alert divergence 75 | - Sync tools enable convergence 76 | - Completely automated delivery pipeline 77 | 78 | ## Workflow 79 | 80 | ![workflow](./workflow.png) 81 | 82 | ## Resources 83 | 84 | ### Blog Posts 85 | 86 | * [GitOps - Operations by Pull Request](https://www.weave.works/blog/gitops-operations-by-pull-request) 87 | * [The GitOps Pipeline - Part 2](https://www.weave.works/blog/the-gitops-pipeline) 88 | * [GitOps Part 3 - Observability](https://www.weave.works/blog/gitops-part-3-observability) 89 | * [GitOps Part 4 - Application Delivery Compliance and Secure CICD](https://www.weave.works/blog/gitops-compliance-and-secure-cicd) 90 | * [GitOps: High velocity CICD for Kubernetes](https://www.weave.works/blog/gitops-high-velocity-cicd-for-kubernetes) 91 | * [How secure is your CI/CD pipeline](https://www.weave.works/blog/how-secure-is-your-cicd-pipeline) 92 | 93 | ### Videos 94 | 95 | * [KubeCon 2017 Opening Keynote - Kelsey Hightower, Google](https://www.youtube.com/watch?v=07jq-5VbxBVQ) 96 | * [KubeCon 2017 - GitOps - Operations by Pull Request - Alexis Richardson, Weaveworks & William Denniss, Google](https://www.youtube.com/watch?v=BSqE2RqctNs) 97 | 98 | ### Tooling 99 | 100 | * [Google Skaffold](https://github.com/GoogleCloudPlatform/skaffold) 101 | * [Datawire Forge](https://forge.sh/) 102 | * [Datawire Telepresense](https://www.telepresence.io/) 103 | * [Ksync](https://vapor-ware.github.io/ksync/) 104 | * [Weaveworks Flux](https://github.com/weaveworks/flux) 105 | * [Weaveworks Kubediff](https://github.com/weaveworks/kubediff) 106 | * [Brigade](https://brigade.sh/) 107 | * [Draft](https://github.com/Azure/draft) 108 | * [Helm](https://helm.sh/) 109 | * [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) 110 | * [Dotmesh](https://dotmesh.com/) 111 | * [Jenkins X](http://jenkins-x.io/) 112 | * [Keel](https://keel.sh/) 113 | * [Gitkube](https://gitkube.sh/) 114 | * [Heighliner](https://heighliner.com/) 115 | 116 | ### Reference Implementations 117 | 118 | * [Google Container Builder](https://github.com/crowdynews/gitops-hello-world-gcb) 119 | * [Brigade](https://github.com/crowdynews/gitops-hello-world-brigade) 120 | -------------------------------------------------------------------------------- /workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danillouz/gitops-manifesto/83d5461db244aef6f50480a7ef2cc220e6759070/workflow.png --------------------------------------------------------------------------------