├── .github └── workflows │ └── codacy.yml ├── LICENSE.txt ├── README.md └── assets └── banner.png /.github/workflows/codacy.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow checks out code, performs a Codacy security scan 7 | # and integrates the results with the 8 | # GitHub Advanced Security code scanning feature. For more information on 9 | # the Codacy security scan action usage and parameters, see 10 | # https://github.com/codacy/codacy-analysis-cli-action. 11 | # For more information on Codacy Analysis CLI in general, see 12 | # https://github.com/codacy/codacy-analysis-cli. 13 | 14 | name: Codacy Security Scan 15 | 16 | on: 17 | push: 18 | branches: [ "main" ] 19 | pull_request: 20 | # The branches below must be a subset of the branches above 21 | branches: [ "main" ] 22 | schedule: 23 | - cron: '37 3 * * 0' 24 | 25 | permissions: 26 | contents: read 27 | 28 | jobs: 29 | codacy-security-scan: 30 | permissions: 31 | contents: read # for actions/checkout to fetch code 32 | security-events: write # for github/codeql-action/upload-sarif to upload SARIF results 33 | actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 34 | name: Codacy Security Scan 35 | runs-on: ubuntu-latest 36 | steps: 37 | # Checkout the repository to the GitHub Actions runner 38 | - name: Checkout code 39 | uses: actions/checkout@v3 40 | 41 | # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis 42 | - name: Run Codacy Analysis CLI 43 | uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b 44 | with: 45 | # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository 46 | # You can also omit the token and run the tools that support default configurations 47 | project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} 48 | verbose: true 49 | output: results.sarif 50 | format: sarif 51 | # Adjust severity of non-security issues 52 | gh-code-scanning-compat: true 53 | # Force 0 exit code to allow SARIF file generation 54 | # This will handover control about PR rejection to the GitHub side 55 | max-allowed-issues: 2147483647 56 | 57 | # Upload the SARIF file generated in the previous step 58 | - name: Upload SARIF results file 59 | uses: github/codeql-action/upload-sarif@v2 60 | with: 61 | sarif_file: results.sarif 62 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: CC-BY-SA-4.0 2 | 3 | Attribution-ShareAlike 4.0 International 4 | 5 | ======================================================================= 6 | 7 | Creative Commons Corporation ("Creative Commons") is not a law firm and 8 | does not provide legal services or legal advice. Distribution of 9 | Creative Commons public licenses does not create a lawyer-client or 10 | other relationship. Creative Commons makes its licenses and related 11 | information available on an "as-is" basis. Creative Commons gives no 12 | warranties regarding its licenses, any material licensed under their 13 | terms and conditions, or any related information. Creative Commons 14 | disclaims all liability for damages resulting from their use to the 15 | fullest extent possible. 16 | 17 | Using Creative Commons Public Licenses 18 | 19 | Creative Commons public licenses provide a standard set of terms and 20 | conditions that creators and other rights holders may use to share 21 | original works of authorship and other material subject to copyright 22 | and certain other rights specified in the public license below. The 23 | following considerations are for informational purposes only, are not 24 | exhaustive, and do not form part of our licenses. 25 | 26 | Considerations for licensors: Our public licenses are 27 | intended for use by those authorized to give the public 28 | permission to use material in ways otherwise restricted by 29 | copyright and certain other rights. Our licenses are 30 | irrevocable. Licensors should read and understand the terms 31 | and conditions of the license they choose before applying it. 32 | Licensors should also secure all rights necessary before 33 | applying our licenses so that the public can reuse the 34 | material as expected. Licensors should clearly mark any 35 | material not subject to the license. This includes other CC- 36 | licensed material, or material used under an exception or 37 | limitation to copyright. More considerations for licensors: 38 | wiki.creativecommons.org/Considerations_for_licensors 39 | 40 | Considerations for the public: By using one of our public 41 | licenses, a licensor grants the public permission to use the 42 | licensed material under specified terms and conditions. If 43 | the licensor's permission is not necessary for any reason--for 44 | example, because of any applicable exception or limitation to 45 | copyright--then that use is not regulated by the license. Our 46 | licenses grant only permissions under copyright and certain 47 | other rights that a licensor has authority to grant. Use of 48 | the licensed material may still be restricted for other 49 | reasons, including because others have copyright or other 50 | rights in the material. A licensor may make special requests, 51 | such as asking that all changes be marked or described. 52 | Although not required by our licenses, you are encouraged to 53 | respect those requests where reasonable. More considerations 54 | for the public: 55 | wiki.creativecommons.org/Considerations_for_licensees 56 | 57 | ======================================================================= 58 | 59 | Creative Commons Attribution-ShareAlike 4.0 International Public 60 | License 61 | 62 | By exercising the Licensed Rights (defined below), You accept and agree 63 | to be bound by the terms and conditions of this Creative Commons 64 | Attribution-ShareAlike 4.0 International Public License ("Public 65 | License"). To the extent this Public License may be interpreted as a 66 | contract, You are granted the Licensed Rights in consideration of Your 67 | acceptance of these terms and conditions, and the Licensor grants You 68 | such rights in consideration of benefits the Licensor receives from 69 | making the Licensed Material available under these terms and 70 | conditions. 71 | 72 | 73 | Section 1 -- Definitions. 74 | 75 | a. Adapted Material means material subject to Copyright and Similar 76 | Rights that is derived from or based upon the Licensed Material 77 | and in which the Licensed Material is translated, altered, 78 | arranged, transformed, or otherwise modified in a manner requiring 79 | permission under the Copyright and Similar Rights held by the 80 | Licensor. For purposes of this Public License, where the Licensed 81 | Material is a musical work, performance, or sound recording, 82 | Adapted Material is always produced where the Licensed Material is 83 | synched in timed relation with a moving image. 84 | 85 | b. Adapter's License means the license You apply to Your Copyright 86 | and Similar Rights in Your contributions to Adapted Material in 87 | accordance with the terms and conditions of this Public License. 88 | 89 | c. BY-SA Compatible License means a license listed at 90 | creativecommons.org/compatiblelicenses, approved by Creative 91 | Commons as essentially the equivalent of this Public License. 92 | 93 | d. Copyright and Similar Rights means copyright and/or similar rights 94 | closely related to copyright including, without limitation, 95 | performance, broadcast, sound recording, and Sui Generis Database 96 | Rights, without regard to how the rights are labeled or 97 | categorized. For purposes of this Public License, the rights 98 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 99 | Rights. 100 | 101 | e. Effective Technological Measures means those measures that, in the 102 | absence of proper authority, may not be circumvented under laws 103 | fulfilling obligations under Article 11 of the WIPO Copyright 104 | Treaty adopted on December 20, 1996, and/or similar international 105 | agreements. 106 | 107 | f. Exceptions and Limitations means fair use, fair dealing, and/or 108 | any other exception or limitation to Copyright and Similar Rights 109 | that applies to Your use of the Licensed Material. 110 | 111 | g. License Elements means the license attributes listed in the name 112 | of a Creative Commons Public License. The License Elements of this 113 | Public License are Attribution and ShareAlike. 114 | 115 | h. Licensed Material means the artistic or literary work, database, 116 | or other material to which the Licensor applied this Public 117 | License. 118 | 119 | i. Licensed Rights means the rights granted to You subject to the 120 | terms and conditions of this Public License, which are limited to 121 | all Copyright and Similar Rights that apply to Your use of the 122 | Licensed Material and that the Licensor has authority to license. 123 | 124 | j. Licensor means the individual(s) or entity(ies) granting rights 125 | under this Public License. 126 | 127 | k. Share means to provide material to the public by any means or 128 | process that requires permission under the Licensed Rights, such 129 | as reproduction, public display, public performance, distribution, 130 | dissemination, communication, or importation, and to make material 131 | available to the public including in ways that members of the 132 | public may access the material from a place and at a time 133 | individually chosen by them. 134 | 135 | l. Sui Generis Database Rights means rights other than copyright 136 | resulting from Directive 96/9/EC of the European Parliament and of 137 | the Council of 11 March 1996 on the legal protection of databases, 138 | as amended and/or succeeded, as well as other essentially 139 | equivalent rights anywhere in the world. 140 | 141 | m. You means the individual or entity exercising the Licensed Rights 142 | under this Public License. Your has a corresponding meaning. 143 | 144 | 145 | Section 2 -- Scope. 146 | 147 | a. License grant. 148 | 149 | 1. Subject to the terms and conditions of this Public License, 150 | the Licensor hereby grants You a worldwide, royalty-free, 151 | non-sublicensable, non-exclusive, irrevocable license to 152 | exercise the Licensed Rights in the Licensed Material to: 153 | 154 | a. reproduce and Share the Licensed Material, in whole or 155 | in part; and 156 | 157 | b. produce, reproduce, and Share Adapted Material. 158 | 159 | 2. Exceptions and Limitations. For the avoidance of doubt, where 160 | Exceptions and Limitations apply to Your use, this Public 161 | License does not apply, and You do not need to comply with 162 | its terms and conditions. 163 | 164 | 3. Term. The term of this Public License is specified in Section 165 | 6(a). 166 | 167 | 4. Media and formats; technical modifications allowed. The 168 | Licensor authorizes You to exercise the Licensed Rights in 169 | all media and formats whether now known or hereafter created, 170 | and to make technical modifications necessary to do so. The 171 | Licensor waives and/or agrees not to assert any right or 172 | authority to forbid You from making technical modifications 173 | necessary to exercise the Licensed Rights, including 174 | technical modifications necessary to circumvent Effective 175 | Technological Measures. For purposes of this Public License, 176 | simply making modifications authorized by this Section 2(a) 177 | (4) never produces Adapted Material. 178 | 179 | 5. Downstream recipients. 180 | 181 | a. Offer from the Licensor -- Licensed Material. Every 182 | recipient of the Licensed Material automatically 183 | receives an offer from the Licensor to exercise the 184 | Licensed Rights under the terms and conditions of this 185 | Public License. 186 | 187 | b. Additional offer from the Licensor -- Adapted Material. 188 | Every recipient of Adapted Material from You 189 | automatically receives an offer from the Licensor to 190 | exercise the Licensed Rights in the Adapted Material 191 | under the conditions of the Adapter's License You apply. 192 | 193 | c. No downstream restrictions. You may not offer or impose 194 | any additional or different terms or conditions on, or 195 | apply any Effective Technological Measures to, the 196 | Licensed Material if doing so restricts exercise of the 197 | Licensed Rights by any recipient of the Licensed 198 | Material. 199 | 200 | 6. No endorsement. Nothing in this Public License constitutes or 201 | may be construed as permission to assert or imply that You 202 | are, or that Your use of the Licensed Material is, connected 203 | with, or sponsored, endorsed, or granted official status by, 204 | the Licensor or others designated to receive attribution as 205 | provided in Section 3(a)(1)(A)(i). 206 | 207 | b. Other rights. 208 | 209 | 1. Moral rights, such as the right of integrity, are not 210 | licensed under this Public License, nor are publicity, 211 | privacy, and/or other similar personality rights; however, to 212 | the extent possible, the Licensor waives and/or agrees not to 213 | assert any such rights held by the Licensor to the limited 214 | extent necessary to allow You to exercise the Licensed 215 | Rights, but not otherwise. 216 | 217 | 2. Patent and trademark rights are not licensed under this 218 | Public License. 219 | 220 | 3. To the extent possible, the Licensor waives any right to 221 | collect royalties from You for the exercise of the Licensed 222 | Rights, whether directly or through a collecting society 223 | under any voluntary or waivable statutory or compulsory 224 | licensing scheme. In all other cases the Licensor expressly 225 | reserves any right to collect such royalties. 226 | 227 | 228 | Section 3 -- License Conditions. 229 | 230 | Your exercise of the Licensed Rights is expressly made subject to the 231 | following conditions. 232 | 233 | a. Attribution. 234 | 235 | 1. If You Share the Licensed Material (including in modified 236 | form), You must: 237 | 238 | a. retain the following if it is supplied by the Licensor 239 | with the Licensed Material: 240 | 241 | i. identification of the creator(s) of the Licensed 242 | Material and any others designated to receive 243 | attribution, in any reasonable manner requested by 244 | the Licensor (including by pseudonym if 245 | designated); 246 | 247 | ii. a copyright notice; 248 | 249 | iii. a notice that refers to this Public License; 250 | 251 | iv. a notice that refers to the disclaimer of 252 | warranties; 253 | 254 | v. a URI or hyperlink to the Licensed Material to the 255 | extent reasonably practicable; 256 | 257 | b. indicate if You modified the Licensed Material and 258 | retain an indication of any previous modifications; and 259 | 260 | c. indicate the Licensed Material is licensed under this 261 | Public License, and include the text of, or the URI or 262 | hyperlink to, this Public License. 263 | 264 | 2. You may satisfy the conditions in Section 3(a)(1) in any 265 | reasonable manner based on the medium, means, and context in 266 | which You Share the Licensed Material. For example, it may be 267 | reasonable to satisfy the conditions by providing a URI or 268 | hyperlink to a resource that includes the required 269 | information. 270 | 271 | 3. If requested by the Licensor, You must remove any of the 272 | information required by Section 3(a)(1)(A) to the extent 273 | reasonably practicable. 274 | 275 | b. ShareAlike. 276 | 277 | In addition to the conditions in Section 3(a), if You Share 278 | Adapted Material You produce, the following conditions also apply. 279 | 280 | 1. The Adapter's License You apply must be a Creative Commons 281 | license with the same License Elements, this version or 282 | later, or a BY-SA Compatible License. 283 | 284 | 2. You must include the text of, or the URI or hyperlink to, the 285 | Adapter's License You apply. You may satisfy this condition 286 | in any reasonable manner based on the medium, means, and 287 | context in which You Share Adapted Material. 288 | 289 | 3. You may not offer or impose any additional or different terms 290 | or conditions on, or apply any Effective Technological 291 | Measures to, Adapted Material that restrict exercise of the 292 | rights granted under the Adapter's License You apply. 293 | 294 | 295 | Section 4 -- Sui Generis Database Rights. 296 | 297 | Where the Licensed Rights include Sui Generis Database Rights that 298 | apply to Your use of the Licensed Material: 299 | 300 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 301 | to extract, reuse, reproduce, and Share all or a substantial 302 | portion of the contents of the database; 303 | 304 | b. if You include all or a substantial portion of the database 305 | contents in a database in which You have Sui Generis Database 306 | Rights, then the database in which You have Sui Generis Database 307 | Rights (but not its individual contents) is Adapted Material, 308 | including for purposes of Section 3(b); and 309 | 310 | c. You must comply with the conditions in Section 3(a) if You Share 311 | all or a substantial portion of the contents of the database. 312 | 313 | For the avoidance of doubt, this Section 4 supplements and does not 314 | replace Your obligations under this Public License where the Licensed 315 | Rights include other Copyright and Similar Rights. 316 | 317 | 318 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 319 | 320 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 321 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 322 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 323 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 324 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 325 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 326 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 327 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 328 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 329 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 330 | 331 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 332 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 333 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 334 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 335 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 336 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 337 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 338 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 339 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 340 | 341 | c. The disclaimer of warranties and limitation of liability provided 342 | above shall be interpreted in a manner that, to the extent 343 | possible, most closely approximates an absolute disclaimer and 344 | waiver of all liability. 345 | 346 | 347 | Section 6 -- Term and Termination. 348 | 349 | a. This Public License applies for the term of the Copyright and 350 | Similar Rights licensed here. However, if You fail to comply with 351 | this Public License, then Your rights under this Public License 352 | terminate automatically. 353 | 354 | b. Where Your right to use the Licensed Material has terminated under 355 | Section 6(a), it reinstates: 356 | 357 | 1. automatically as of the date the violation is cured, provided 358 | it is cured within 30 days of Your discovery of the 359 | violation; or 360 | 361 | 2. upon express reinstatement by the Licensor. 362 | 363 | For the avoidance of doubt, this Section 6(b) does not affect any 364 | right the Licensor may have to seek remedies for Your violations 365 | of this Public License. 366 | 367 | c. For the avoidance of doubt, the Licensor may also offer the 368 | Licensed Material under separate terms or conditions or stop 369 | distributing the Licensed Material at any time; however, doing so 370 | will not terminate this Public License. 371 | 372 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 373 | License. 374 | 375 | 376 | Section 7 -- Other Terms and Conditions. 377 | 378 | a. The Licensor shall not be bound by any additional or different 379 | terms or conditions communicated by You unless expressly agreed. 380 | 381 | b. Any arrangements, understandings, or agreements regarding the 382 | Licensed Material not stated herein are separate from and 383 | independent of the terms and conditions of this Public License. 384 | 385 | 386 | Section 8 -- Interpretation. 387 | 388 | a. For the avoidance of doubt, this Public License does not, and 389 | shall not be interpreted to, reduce, limit, restrict, or impose 390 | conditions on any use of the Licensed Material that could lawfully 391 | be made without permission under this Public License. 392 | 393 | b. To the extent possible, if any provision of this Public License is 394 | deemed unenforceable, it shall be automatically reformed to the 395 | minimum extent necessary to make it enforceable. If the provision 396 | cannot be reformed, it shall be severed from this Public License 397 | without affecting the enforceability of the remaining terms and 398 | conditions. 399 | 400 | c. No term or condition of this Public License will be waived and no 401 | failure to comply consented to unless expressly agreed to by the 402 | Licensor. 403 | 404 | d. Nothing in this Public License constitutes or may be interpreted 405 | as a limitation upon, or waiver of, any privileges and immunities 406 | that apply to the Licensor or You, including from the legal 407 | processes of any jurisdiction or authority. 408 | 409 | 410 | ======================================================================= 411 | 412 | Creative Commons is not a party to its public licenses. 413 | Notwithstanding, Creative Commons may elect to apply one of its public 414 | licenses to material it publishes and in those instances will be 415 | considered the “Licensor.” The text of the Creative Commons public 416 | licenses is dedicated to the public domain under the CC0 Public Domain 417 | Dedication. Except for the limited purpose of indicating that material 418 | is shared under a Creative Commons public license or as otherwise 419 | permitted by the Creative Commons policies published at 420 | creativecommons.org/policies, Creative Commons does not authorize the 421 | use of the trademark "Creative Commons" or any other trademark or logo 422 | of Creative Commons without its prior written consent including, 423 | without limitation, in connection with any unauthorized modifications 424 | to any of its public licenses or any other arrangements, 425 | understandings, or agreements concerning use of licensed material. For 426 | the avoidance of doubt, this paragraph does not form part of the public 427 | licenses. 428 | 429 | Creative Commons may be contacted at creativecommons.org. 430 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Certified GitOps Associate (CGOA) Study Guide 2 | 3 | ![GitHub License](https://img.shields.io/github/license/otkd/CGOA-Study-Guide?link=https%3A%2F%2Fcreativecommons.org%2Flicenses%2Fby-sa%2F4.0%2F) 4 | 5 | ![CGOA Banner](./assets/banner.png) 6 | 7 | ## Disclaimer 8 | 9 | *This study guide is an **unofficial resource** created to assist candidates preparing for the Certified GitOps Associate (CGOA) exam. Originally compiled during the beta due to the limited availability of dedicated materials for the CGOA, as such it has not been endorsed by the Linux Foundation or any other official body associated with the CGOA certification.* 10 | 11 | ## Introduction 12 | 13 | The Certified GitOps Associate (CGOA) is a certification offered by the [Linux Foundation](https://www.linuxfoundation.org/): 14 | 15 | > The purpose of the Certified GitOps Associate (CGOA) certification is to provide assurance that CGOAs can effectively demonstrate their understanding of GitOps principles, terminology, and best practices in setting up a GitOps managed software system in addition to related practices such as Configuration of Code, Infrastructure as Code, DevOps & DevSecOps, and CI & CD and how to map them to GitOps. 16 | 17 | More information about the certification can be found on the [official exam page](https://training.linuxfoundation.org/certification/certified-gitops-associate-cgoa/). 18 | 19 | ## Table of Contents 20 | 21 | - [Certified GitOps Associate (CGOA) Study Guide](#certified-gitops-associate-cgoa-study-guide) 22 | - [Disclaimer](#disclaimer) 23 | - [Introduction](#introduction) 24 | - [Table of Contents](#table-of-contents) 25 | - [Background](#background) 26 | - [Domains & Competencies](#domains--competencies) 27 | - **[GitOps Terminology - 20%](#gitops-terminology---20)** 28 | - [Continuous](#continuous) 29 | - [Declarative Description](#declarative-description) 30 | - [Desired State](#desired-state) 31 | - [State Drift](#state-drift) 32 | - [State Reconciliation](#state-reconciliation) 33 | - [GitOps Managed Software System](#gitops-managed-software-system) 34 | - [State Store](#state-store) 35 | - [Feedback Loop](#feedback-loop) 36 | - [Rollback](#rollback) 37 | - **[GitOps Principles - 30%](#gitops-principles---30)** 38 | - [Declarative](#declarative) 39 | - [Versioned and Immutable](#versioned-and-immutable) 40 | - [Pulled Automatically](#pulled-automatically) 41 | - [Continuously Reconciled](#continuously-reconciled) 42 | - **[Related Practices - 16%](#related-practices---16)** 43 | - [Configuration as Code (CaC)](#configuration-as-code-cac) 44 | - [Infrastructure as Code (IaC)](#infrastructure-as-code-iac) 45 | - [DevOps and DevSecOps](#devops-and-devsecops) 46 | - [CI and CD](#ci-and-cd) 47 | - **[GitOps Patterns - 20%](#gitops-patterns---20)** 48 | - [Deployment and Release Patterns](#deployment-and-release-patterns) 49 | - [Progressive Delivery Patterns](#progressive-delivery-patterns) 50 | - [Pull vs. Event-driven](#pull-vs-event-driven) 51 | - [Architecture Patterns (in-cluster and external reconciler, state store management, etc.)](#architecture-patterns-in-cluster-and-external-reconciler-state-store-management-etc) 52 | - **[Tooling - 14%](#tooling---14)** 53 | - [Manifest Format and Packaging](#manifest-format-and-packaging) 54 | - [State Store Systems (Git and alternatives)](#state-store-systems-git-and-alternatives) 55 | - [Reconciliation Engines (ArgoCD, Flux, and alternatives)](#reconciliation-engines-argocd-flux-and-alternatives) 56 | - [Interoperability with Notifications, Observability, and Continuous Integration Tools](#interoperability-with-notifications-observability-and-continuous-integration-tools) 57 | - [Additional Resources](#additional-resources) 58 | 59 | ## Background 60 | 61 | Resources: 62 | 63 | - [Introduction to DevOps and Site Reliability Engineering (LFS162)](https://training.linuxfoundation.org/training/introduction-to-devops-and-site-reliability-engineering-lfs162/) - Linux Foundation Training Course (Free) 64 | - [Introduction to GitOps (LFS169)](https://training.linuxfoundation.org/training/introduction-to-gitops-lfs169/) - Linux Foundation Training Course (Free) 65 | 66 | ## Domains & Competencies 67 | 68 | ### GitOps Terminology - 20% 69 | 70 | #### Continuous 71 | 72 | > Continuous is intended to match the industry standard term: [reconciliation](#state-reconciliation) continues to happen, not that it must be instantaneous. 73 | 74 | #### Declarative Description 75 | 76 | > A configuration that describes the desired operating state of a system without specifying procedures for how that state will be achieved. This separates configuration (the desired state) from the implementation (commands, API calls, scripts etc.) used to achieve that state. 77 | 78 | #### Desired State 79 | 80 | > The aggregate of all configuration data that is sufficient to recreate the system so that instances of the system are behaviourally indistinguishable. This configuration data generally does not include persistent application data, e.g., database contents, though often does include credentials for accessing that data, or configuration for data recovery tools running on that system. 81 | 82 | #### State Drift 83 | 84 | > When a system's actual state has moved or is in the process of moving away from the [desired state](#desired-state), this is often referred to as drift. 85 | 86 | Resources: 87 | 88 | - [You Aren't Doing GitOps Without Drift Detection](https://www.weave.works/blog/you-aren-t-doing-gitops-without-drift-detection) - Weave Works Blog 89 | 90 | #### State Reconciliation 91 | 92 | > The process of ensuring the actual state of a system matches its [desired state](#desired-state). Contrary to traditional CI/CD where automation is generally driven by pre-set triggers, in GitOps reconciliation is triggered whenever there is a divergence. Divergence could be due to the actual state unintentionally [drifting](#state-drift) from the desired state declarations, or a new desired state declaration version having been changed intentionally. Actions are taken based on policies around [feedback](#feedback-loop) from the system and previous reconciliation attempts, in order to reduce deviation over time. 93 | 94 | #### GitOps Managed Software System 95 | 96 | > A software system managed by GitOps includes: 97 | > 98 | > 1. One or more runtime environments consisting of resources under management. 99 | > 2. The management agents within each runtime. 100 | > 3. Policies for controlling access and management of repositories, deployments, runtimes. 101 | 102 | #### State Store 103 | 104 | > A system for storing immutable versions of [desired state](#desired-state) declarations. This state store should provide access control and auditing on the changes to the Desired State. Git, from which GitOps derives its name, is the canonical example used as this state store but any other system that meets these criteria may be used. In all cases, these state stores must be properly configured and precautions must be taken to comply with requirements set out in the GitOps Principles. 105 | 106 | - **State Store = Single Source of Truth** 107 | 108 | #### Feedback Loop 109 | 110 | > Open GitOps follows [control-theory](https://en.wikipedia.org/wiki/Control_theory) and operates in a closed-loop. In control theory, feedback represents how previous attempts to apply a desired state have affected the actual state. For example, if the desired state requires more resources than exist in a system, the software agent may make attempts to add resources, to automatically rollback to a previous version, or to send alerts to human operators. 111 | 112 | #### Rollback 113 | 114 | > Rollback is the process of reverting a system to a previous state. In GitOps, the rollback process is often automated by changing the desired state to a previous version and allowing the reconciliation process to apply that state. 115 | 116 | `git revert` is an example of a rollback operation in Git. 117 | 118 | Resources: 119 | 120 | - [Rolling Back a Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-back-a-deployment) - Kubernetes Docs 121 | 122 | ### GitOps Principles - 30% 123 | 124 | Resources: 125 | 126 | - [OpenGitOps Documents](https://github.com/open-gitops/documents) - OpenGitOps Docs 127 | - [GitOps Principles](https://www.harness.io/blog/gitops-principles) - Harness Blog 128 | 129 | > GitOps is a set of principles for operating and managing software systems. These principles are derived from modern software operations but are also rooted in pre-existing and widely adopted best practices. 130 | > 131 | > The [desired state](#desired-state) of a GitOps managed system must be: 132 | 133 | #### Declarative 134 | 135 | > A [system](#gitops-managed-software-system) managed by GitOps must have its desired state expressed [declaratively](#declarative-description). 136 | 137 | #### Versioned and Immutable 138 | 139 | > Desired state is [stored](state-store) in a way that enforces immutability, versioning and retains a complete version history. 140 | 141 | #### Pulled Automatically 142 | 143 | > Software agents automatically [pull](#pull-vs-event-driven) the desired state declarations from the source. 144 | 145 | #### Continuously Reconciled 146 | 147 | > Software agents [continuously](#continuous) observe actual system state and [attempt to apply](#state-reconciliation) the [desired state](#desired-state). 148 | 149 | ### Related Practices - 16% 150 | 151 | #### Configuration as Code (CaC) 152 | 153 | Configuration as Code (CaC) involves managing and provisioning infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. This practice enables developers and IT operations teams to automatically manage and provision their infrastructure using code. CaC is a key component of GitOps, as it allows for the desired state of infrastructure to be described declaratively and managed alongside application code. 154 | 155 | Resources: 156 | 157 | - [Configuration as Code](https://circleci.com/blog/configuration-as-code/) - CircleCI Blog 158 | - [Comparing Infrastructure as Code and GitOps for Platform Teams](https://thenewstack.io/comparing-infrastructure-as-code-and-gitops-for-platform-teams/) - The New Stack Article 159 | 160 | #### Infrastructure as Code (IaC) 161 | 162 | Infrastructure as Code (IaC) is a key practice within DevOps that involves managing and provisioning computing infrastructure through code instead of through manual processes. With IaC, infrastructure is provisioned and managed using code and software development techniques, such as version control and continuous integration. IaC is foundational to GitOps, enabling the automatic, consistent deployment of infrastructure alongside applications. 163 | 164 | Resources: 165 | 166 | - [What is Infrastructure as Code?](https://www.hashicorp.com/resources/what-is-infrastructure-as-code) - HashiCorp Article 167 | - [Getting Started with Infrastructure as Code](https://learn.hashicorp.com/tutorials/terraform/infrastructure-as-code) - Terraform Docs 168 | 169 | #### DevOps and DevSecOps 170 | 171 | - **DevOps** is a set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and provide continuous delivery with high software quality. GitOps can be seen as an evolution of DevOps principles, focused on using Git as a single source of truth for declarative infrastructure and applications. 172 | - **DevSecOps** extends DevOps by integrating security practices into the DevOps process, ensuring that security is built into the software development lifecycle. GitOps can be used to enforce security policies and best practices across the software development lifecycle. 173 | 174 | Resources: 175 | 176 | - [What is DevOps?](https://about.gitlab.com/topics/devops/) - GitLab Article 177 | - [Introduction to DevSecOps](https://www.redhat.com/en/topics/devops/what-is-devsecops) - Red Hat Article 178 | - [Trusted Delivery with GitOps and Policy as Code](https://www.weave.works/blog/trusted-delivery-with-gitops-and-policy-as-code) - Weave Works Blog 179 | - [What Is GitOps? How Git Can Make DevOps Even Better](https://codefresh.io/learn/gitops/) - Codefresh Article 180 | 181 | #### CI and CD 182 | 183 | - **Continuous Integration (CI)**: The automated process of integrating code changes from multiple contributors into a shared repository. This process includes automated testing to validate code changes before they are merged, ensuring that the codebase remains stable and functional. 184 | - **Continuous Delivery (CD)**: The practice of automating the software delivery process to ensure that code changes can be deployed to production at any time. GitOps can be used to automate the continuous delivery process, ensuring that the [desired state](#desired-state) of the system is always reflected in the production environment. 185 | 186 | Resources: 187 | 188 | - [What is Continuous Integration?](https://www.atlassian.com/continuous-delivery/continuous-integration) - Atlassian Article 189 | - [What is Continuous Delivery?](https://www.atlassian.com/continuous-delivery/principles/continuous-integration-vs-delivery-vs-deployment) - Atlassian Article 190 | 191 | ### GitOps Patterns - 20% 192 | 193 | #### Deployment and Release Patterns 194 | 195 | - **Recreate**: This pattern involves tearing down the existing instances of an application before deploying the new version. While straightforward, the main drawback is the downtime between stopping the old version and starting the new version, making it less desirable for production environments that require high availability. 196 | - **Rolling Updates**: Kubernetes supports rolling updates natively, allowing updates to be applied incrementally without taking the service down. This strategy updates pods one by one, ensuring that a certain number of old and new pods are running simultaneously, which minimizes downtime and ensures that at least part of the application remains available during the update. 197 | - **Blue-Green**: Involves running two identical environments ("blue" for the current version and "green" for the new version) and switching traffic from blue to green once the new version is verified to be stable. This pattern is useful for minimizing downtime and risk during deployments. 198 | 199 | Resources: 200 | 201 | - [Top 6 Kubernetes Deployment Strategies and How to Choose](https://codefresh.io/learn/kubernetes-deployment/top-6-kubernetes-deployment-strategies-and-how-to-choose/) - Codefresh Article 202 | - [Blue-Green Deployment](https://www.redhat.com/en/topics/devops/what-is-blue-green-deployment) - Red Hat Article 203 | 204 | #### Progressive Delivery Patterns 205 | 206 | - **Canary**: This involves rolling out the change to a small subset of users or servers first, monitoring the performance and stability, and then gradually increasing the rollout to more users. 207 | - **Shadow**/Blue-Green Mirroring: This pattern involves deploying the new version alongside the old version in such a way that the new version processes real-world traffic in parallel without affecting the end-user experience, primarily for testing purposes. 208 | - **A/B Testing**/Traffic Splitting: Similar to canary releases but focuses more on comparing user behavior between the old and new versions to make data-driven decisions on feature adoption. 209 | 210 | Resources: 211 | 212 | - [Guide to Flagger](https://www.weave.works/technologies/flagger/) - Weave Works Docs 213 | - [Flux Progressive Delivery](https://fluxcd.io/flux/concepts/#progressive-delivery) - Flux Docs 214 | - [Flagger Deployment Strategies](https://docs.flagger.app/usage/deployment-strategies) - Flagger Docs 215 | - [What are Feature Flags?](https://launchdarkly.com/blog/what-are-feature-flags/) - LaunchDarkly Blog 216 | - [Argo Rollouts](https://argoproj.github.io/argo-rollouts/) - Argo Rollouts Docs 217 | 218 | #### Pull vs. Event-driven 219 | 220 | > [Principle 3](#pulled-automatically) specifies the desired state must be "pulled" rather than "pushed", primarily because the software agents must be able to access the [desired state](#desired-state) from the [state store](#state-store) at _any_ time, not only when there is an intentional change in the state store triggering a push event. 221 | > This is a prerequisite for [reconciliation](#state-reconciliation) to happen [continuously](#continuous), as specified in [principle 4](#continuously-reconciled). 222 | > 223 | > Note that – in contrast to traditional CI/CD, where automation is generally driven by pre-set triggers – in GitOps, [reconciliation](#state-reconciliation) is triggered _whenever_ there is a divergence. Divergence could be due to the actual state unintentionally [drifting](#state-drift) from the desired state declarations – not only due to a new desired state declaration version having been changed intentionally. 224 | 225 | - **Pull-Based**: Required for GitOps, agents within the cluster continuously monitor the Git repository for changes and apply updates automatically. 226 | 227 | - **Event-Driven**: While not the primary model in GitOps, event-driven mechanisms can complement GitOps by triggering actions based on specific events. 228 | 229 | Resources: 230 | 231 | - [GitOps: The Push and Pull Approach](https://www.harness.io/blog/gitops-the-push-and-pull-approach) - Harness Blog 232 | - [Understanding Pull-Based GitOps](https://www.weave.works/blog/gitops-operations-by-pull-request) - Weave Works Blog 233 | 234 | #### Architecture Patterns (in-cluster and external reconciler, state store management, etc.) 235 | 236 | - **In-Cluster Reconciler**: A software agent that runs within the cluster and is responsible for monitoring the state of the cluster and applying the desired state. 237 | - **External Reconciler**: Similar to in-cluster reconcilers, but run outside the cluster, often used for multi-cluster management or for managing resources that are not directly accessible from within the cluster. 238 | - **State Store Management**: Structuring and managing the state store to ensure immutability, versioning, and complete version history. 239 | - **Secrets Management**: Managing secrets in a secure and compliant manner, often using tools like Vault, Sealed Secrets, or GitOps-specific solutions like KubeSecrets. 240 | 241 | Resources: 242 | 243 | - [Ways of structuring your repositories](https://fluxcd.io/flux/guides/repository-structure/) - Flux Docs 244 | - [Managing the 'Git' in 'GitOps': 4 Ways to Structure Code in Your GitOps Repos](https://www.harness.io/blog/gitops-repo-structure) - Harness Blog 245 | - [Argo CD Architectures Explained](https://akuity.io/blog/argo-cd-architectures-explained/) - Akuity Blog 246 | - [The Basics of GitOps Secrets Management](https://www.harness.io/blog/gitops-secrets) - Harness Blog 247 | - [What is Multi-Cloud GitOps?](https://www.redhat.com/en/topics/devops/what-is-multicloud-gitops) - Red Hat Article 248 | 249 | ### Tooling - 14% 250 | 251 | #### Manifest Format and Packaging 252 | 253 | - **Kustomize**: Offers a template-free way to customize application configuration that simplifies the declaration of application manifests for Kubernetes. 254 | - **Helm**: Provides packaging of Kubernetes applications into charts, making it easy to share and distribute a wide range of applications. 255 | - **Declaritive YAML/JSON**: A format for expressing the desired state of a system in a way that is both human-readable and machine-readable. 256 | 257 | Resources: 258 | 259 | - [Kustomize Documentation](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/) - Kustomize Docs 260 | - [Putting Helm at the Center of Your GitOps Pipeline](https://www.weave.works/blog/putting-helm-at-gitops-pipeline) - Weave Works Blog 261 | 262 | #### State Store Systems (Git and alternatives) 263 | 264 | - **Git**: A distributed version control system that is widely used for source code management and is the canonical example of a state store used in GitOps. 265 | - **OCI Registry**: A container registry that is used to store and distribute container images. 266 | - **S3**: A scalable object storage service that is used to store and retrieve data. 267 | 268 | Resources: 269 | 270 | - [What is Git?](https://www.atlassian.com/git/tutorials/what-is-git) - Atlassian Git Tutorials 271 | - [GitOps with OCI Artifacts and Config Sync](https://cloud.google.com/blog/products/containers-kubernetes/gitops-with-oci-artifacts-and-config-sync) - Google Cloud Blog 272 | - [GitOps Use Cases You May Not Have Considered](https://thenewstack.io/gitops-use-cases-you-may-not-have-considered/) - The New Stack Article 273 | - [Flux with Buckets: Is this still GitOps?](https://blog.ediri.io/flux-with-buckets-is-this-still-gitops) - Ediri Blog 274 | - [Single Source of Truth Architecture](https://www.redhat.com/architect/single-source-truth-architecture) - Red Hat Article 275 | 276 | #### Reconciliation Engines (ArgoCD, Flux, and alternatives) 277 | 278 | - **ArgoCD**: A declarative, GitOps continuous delivery tool for Kubernetes. 279 | - **Flux**: A tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. 280 | - **Jenkins X**: An open-source system that provides pipeline automation, GitOps, and continuous delivery for cloud-native applications on Kubernetes. 281 | 282 | Resources: 283 | 284 | - [ArgoCD Documentation](https://argoproj.github.io/argo-cd/) - ArgoCD Docs 285 | - [Flux Documentation](https://fluxcd.io/docs/) - Flux Docs 286 | - [Jenkins X Documentation](https://jenkins-x.io/v3/) - Jenkins X Docs 287 | 288 | #### Interoperability with Notifications, Observability, and Continuous Integration Tools 289 | 290 | - **DORA Metrics**: Metrics that are used to measure the performance of software delivery and operational processes including: 291 | - Deployment Frequency: The frequency of deployments to production 292 | - Lead Time for Changes: The time it takes to go from code committed to code successfully running in production 293 | - Change Failure Rate: The percentage of changes that result in a failure in production 294 | - Time to Restore Service: The time it takes to restore service after a failure 295 | - **Keptn**: Integrates with Flux and ArgoCD to provide automated continuous delivery and operations for cloud-native applications. 296 | - **Prometheus & Alertmanager**: Used for monitoring and alerting, providing a rich set of metrics and alerting capabilities. 297 | - **Jenkins**: A popular open-source automation server used to automate the building, testing, and deployment of software. 298 | - **Slack** & Microsoft Teams: Popular messaging platforms used for notifications and collaboration. 299 | 300 | Resources: 301 | 302 | - [Using the Four Keys to Measure Your DevOps Performance](https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance) - Google Cloud Blog 303 | - [Keptn Core Concepts](https://keptn.sh/latest/docs/core-concepts/) - Keptn Docs 304 | - [Flux Alerts](https://fluxcd.io/flux/monitoring/alerts/) - Flux Docs 305 | - [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/) - Flux Docs 306 | - [Prometheus Documentation](https://prometheus.io/docs/introduction/overview/) - Prometheus Docs 307 | - [Jenkins Documentation](https://www.jenkins.io/doc/) - Jenkins Docs 308 | - [Slack API Documentation](https://api.slack.com/) - Slack API Docs 309 | 310 | ## Additional Resources 311 | 312 | - [Path to GitOps](https://developers.redhat.com/e-books/path-gitops) - Red Hat eBook (Free) 313 | - [GitOps Guide to the Galaxy](https://www.youtube.com/playlist?list=PLaR6Rq6Z4IqfGCkI28cUMbNhPhsnj4nq3) - YouTube Playlist 314 | - [GitOps Cookbook](https://developers.redhat.com/e-books/gitops-cookbook) - Red Hat eBook (Free) 315 | -------------------------------------------------------------------------------- /assets/banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/otkd/CGOA-Study-Guide/2637dfeef83341d300be2d79a9c8cd7549032e31/assets/banner.png --------------------------------------------------------------------------------