Gitops
GitOps
Section titled “GitOps”Overview
Section titled “Overview”GitOps is an operational framework that uses Git as the single source of truth for infrastructure and application configurations. Changes are made through Git commits, and the system automatically syncs the desired state with the actual state.
Core Principles
Section titled “Core Principles”┌─────────────────────────────────────────────────────────────────┐│ GitOps Principles ││ ││ 1. Declarative ││ ┌─────────────────────────────────────────────────────────┐ ││ │ All infrastructure is declared in code │ ││ └─────────────────────────────────────────────────────────┘ ││ ││ 2. Versioned & Immutable ││ ┌─────────────────────────────────────────────────────────┐ ││ │ Everything is versioned, no manual changes │ ││ └─────────────────────────────────────────────────────────┘ ││ ││ 3. Automated Pull ││ ┌─────────────────────────────────────────────────────────┐ ││ │ System pulls updates from Git automatically │ ││ └─────────────────────────────────────────────────────────┘ ││ ││ 4. Continuous Reconciliation ││ ┌─────────────────────────────────────────────────────────┐ ││ │ System ensures actual = desired state │ ││ └─────────────────────────────────────────────────────────┘ │└─────────────────────────────────────────────────────────────────┘GitOps Workflow
Section titled “GitOps Workflow”┌─────────────────────────────────────────────────────────────────┐│ GitOps Workflow ││ ││ Developer ││ │ ││ ▼ ││ ┌────────────────────────────────────────────────────────────┐ ││ │ Git Commit (Infrastructure/Application Code) │ ││ └────────────────────────────────────────────────────────────┘ ││ │ ││ ▼ ││ ┌────────────────────────────────────────────────────────────┐ ││ │ Git Repository (Single Source of Truth) │ ││ └────────────────────────────────────────────────────────────┘ ││ │ ││ ▼ ││ ┌──────────────────────┐ ┌──────────────────────┐ ││ │ ArgoCD / Flux │───▶│ Cluster State │ ││ │ (Controller) │ │ Reconciliation │ ││ └──────────────────────┘ └──────────────────────┘ ││ │ │ ││ │ ▼ ││ │ ┌──────────────────────┐ ││ └────────────────▶│ Kubernetes/API │ ││ └──────────────────────┘ │└─────────────────────────────────────────────────────────────────┘ArgoCD
Section titled “ArgoCD”Installation
Section titled “Installation”# Install ArgoCDkubectl create namespace argocdkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# Access UIkubectl port-forward svc/argocd-server -n argocd 8080:443
# Get admin passwordkubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dApplication Definition
Section titled “Application Definition”apiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: myapp namespace: argocdspec: project: default
source: repoURL: https://github.com/myorg/myapp.git targetRevision: main path: deploy/k8s
destination: server: https://kubernetes.default.svc namespace: production
syncPolicy: automated: prune: true selfHeal: true allowEmpty: falseSync and Health
Section titled “Sync and Health”# Application with health checksapiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: myappspec: syncPolicy: automated: prune: true selfHeal: true
ignoreDifferences: - group: apps kind: Deployment jsonPointers: - /spec/replicas
resourceHooks: - name: post-sync hook: template: generate: | apiVersion: batch/v1 kind: Job metadata: generateName: post-sync- spec: template: spec: containers: - name: post-sync image: alpine command: ["/bin/sh", "-c"] restartPolicy: NeverInstallation
Section titled “Installation”# Install Flux CLIcurl -s https://toolkit.fluxcd.io/install.sh | sudo bash
# Bootstrap Fluxflux bootstrap github \ --owner=myorg \ --repository=my-fleet-repo \ --path=clusters/production \ --personalFlux Sources
Section titled “Flux Sources”# GitRepositoryapiVersion: source.toolkit.fluxcd.io/v1beta2kind: GitRepositorymetadata: name: myapp namespace: flux-systemspec: interval: 1m url: https://github.com/myorg/myapp.git ref: branch: main---# HelmRepositoryapiVersion: source.toolkit.fluxcd.io/v1beta2kind: HelmRepositorymetadata: name: bitnami namespace: flux-systemspec: interval: 1h url: https://charts.bitnami.com/bitnamiFlux Kustomization
Section titled “Flux Kustomization”apiVersion: kustomize.toolkit.fluxcd.io/v1beta2kind: Kustomizationmetadata: name: myapp namespace: flux-systemspec: interval: 10m sourceRef: kind: GitRepository name: myapp path: ./deploy prune: true validation: client healthChecks: - apiVersion: apps/v1 kind: Deployment name: myapp namespace: productionGitOps Best Practices
Section titled “GitOps Best Practices”1. Repository Structure
Section titled “1. Repository Structure”├── apps/│ ├── myapp/│ │ ├── base/│ │ │ ├── deployment.yaml│ │ │ ├── service.yaml│ │ │ └── kustomization.yaml│ │ └── overlays/│ │ ├── development/│ │ │ └── kustomization.yaml│ │ └── production/│ │ └── kustomization.yaml├── infrastructure/│ ├── base/│ │ ├── namespaces.yaml│ │ └── network-policies.yaml│ └── clusters/│ ├── dev-cluster/│ └── prod-cluster/└── README.md2. Use Overlays
Section titled “2. Use Overlays”apiVersion: kustomize.config.k8s.io/v1beta1kind: Kustomizationresources: - deployment.yaml - service.yamlcommonLabels: app.kubernetes.io/part-of: myapp
# overlays/production/kustomization.yamlapiVersion: kustomize.config.k8s.io/v1beta1kind: Kustomizationresources: - ../../basepatches: - patch: |- apiVersion: apps/v1 kind: Deployment metadata: name: myapp spec: replicas: 5 target: kind: Deployment3. Branch Strategy
Section titled “3. Branch Strategy”# ArgoCD Application for each environment# main branch -> production# develop branch -> staging# feature branches -> preview environments4. Implement Drift Detection
Section titled “4. Implement Drift Detection”# ArgoCD sync optionssyncPolicy: automated: prune: true # Remove extraneous resources selfHeal: true # Correct drift allowEmpty: false5. Use Progressive Delivery
Section titled “5. Use Progressive Delivery”# ArgoCD Rollouts integrationapiVersion: argoproj.io/v1alpha1kind: Rolloutmetadata: name: myappspec: replicas: 5 strategy: canary: canaryService: myapp-canary stableService: myapp-stable trafficRouting: nginx: stableIngress: myapp-ingress steps: - setWeight: 10 - pause: {duration: 10m} - setWeight: 30 - pause: {duration: 10m} - setWeight: 50 - pause: {duration: 10m} - setWeight: 100CI/CD with GitOps
Section titled “CI/CD with GitOps”GitHub Actions
Section titled “GitHub Actions”name: GitOps Deploy
on: push: branches: [main] pull_request: branches: [main]
jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3
- name: Update ArgoCD uses: argoproj/argo-cd-actions@sync@v1 with: app_name: myapp argo_server: argocd.example.com token: ${{ secrets.ARGO_TOKEN }}Monitoring GitOps
Section titled “Monitoring GitOps”ArgoCD Dashboard
Section titled “ArgoCD Dashboard”# View application statusargocd app get myapp
# View application treeargocd app tree myapp
# View sync statusargocd app sync myapp
# View resource diffargocd app diff myappSummary
Section titled “Summary”GitOps provides:
- Single source of truth: Git as the source for all configurations
- Drift detection: Automatically detect and correct drift
- Audit trail: Complete history of changes
- Self-healing: Automatic reconciliation
- Faster deployments: Automated sync from Git
Key tools:
- ArgoCD: GitOps continuous delivery for Kubernetes
- Flux: GitOps toolkit for Kubernetes
- Kustomize: Kubernetes native configuration management