GitOps: How does this methodology help you keep control of your infrastructure?

For many years now, companies have tended to manage their infrastructures manually and without any collaborative methodology.
Over time, this has led to a number of shortcomings and drifts in the orchestration and maintenance of these infrastructures: abandoned machines, incomplete or obsolete documentation, misconfigurations, etc.

‍

The democratization of Kubernetes has facilitated the principles of infrastructure management, notably through GitOps and numerous Workflows. Today, Kubernetes, Terraform and ArgoCD bring a complete CD distribution chain (an acronym for Continuous Delivery) to Cloud-oriented infrastructures.

This new methodology provides a fairly strict framework and processes to facilitate maintenance, evolution and deletion of resources as required, while preserving the advantages of Git technology (history of modifications).

‍

Today, Skyloud is able to provide a wide range of tools, as well as a well-defined framework and processes, enabling our customers to avoid handling errors and be more confident in the future evolution of their infrastructures.

In this article, we present the methods we apply and make available to our customers to manage their Cloud infrastructures.

‍

Before we talk about GitOps, we need to break down that word and understand what Git is for. Git is a version management system that tracks changes made to an IT project over time. Its aim is to help teams manage their files, to provide precedence to all written work (repository) and to make it easier for several people to collaborate on the same document. In the context of a GitOps project, strict control of collaborators' code production is a must.

Although Git is widely used on application projects, it also helps DevOps engineers to contribute code to a Cloud universe.

‍

The term "GitOps" is now used to describe the use of Git tools to provide Ops engineers with workflows for infrastructure upgrades.
Today, GitOps is an incredibly powerful workflow model for managing a modern Cloud infrastructure.

It allows you to organize the operations involved in modifying an environment on the basis of one or more Git repositories. In this way, it organizes and understands all your production resources, enabling you to automate them.

‍

Our GitOps methodologies are mainly based around Kubernetes, but GitOps can also be applied in more legacy environments, with Ansible for example.
The application of GitOps techniques is nonetheless more complex in legacy environments, such as private clouds.

‍

Kubernetes pairs much better with this methodology, thanks to its tools and the community that surrounds it. Workflows are automated from end to end, with a very fine-grained approach to the rights, teams and possibilities associated with Kubernetes deployments.

As Kubernetes can be applied both on-premise and in the cloud, many tools are focused on its evolution and compatibility.

‍

There are several approaches in GitOps tools, principally the PUSH approach and the PULL approach. Here are some explanations of our methodologies and technologies for each of these approaches:

‍

1. Cloud component deployment (PUSH approach)

The PUSH approach corresponds to the way we deploy our Cloud components to achieve an agnostic infrastructure with Kubernetes.

‍

‍

Terraform is an open-source tool for developing infrastructures with code. It automates the construction of data center infrastructure resources such as networks, virtual machines and databases.

‍

When we carry out a project, we set up a Terraform Git repository that lists all the Cloud resources required for the infrastructure. Through Terraform's own CI/CD, these resources and infrastructure-as-code declarations are applied automatically and securely in the target cloud(s).

‍

Terraform has the advantage of being agnostic, so we can work with several clouds simultaneously on the same Git directory. Terraform makes it possible to coordinate the cloud components deployed between them, and to take advantage of opposing services with the minimum of effort.

Terraform enables us to create tailor-made, portable and reusable modules, on which we focus our R&D efforts in order to comply as closely as possible with best practices in cloud deployment: Security, High Availability, Flexibility, Backups...

The Git directory we supply to our customer contains all the resources associated with his Cloud environment. Including a complete CI/CD, ideal for future upgrades.

‍

1. Deploying Kubernetes components (PULL approach)

The PULL approach corresponds to the way in which we guarantee the good health and operational readiness of the cluster once it has been established. This involves organizing a cluster's application deployments with code by file, thus facilitating the operation of the various environments deployed.

So we update the Git to update the infrastructure.

‍

‍

ArgoCD is an open source tool deployed on a Kubernetes cluster. It interacts like an agent on all object creations, guaranteeing application deployment and lifecycle.

‍

As Kubernetes has its own register of resources, it remains agnostic to the Cloud that hosts it. All these resources come in the form of Helm files, structural files that contain all the resources needed by the cluster to deploy and orchestrate its applications.

‍

ArgoCD intervenes in Git projects, retrieving declared resources and applying them in the cluster. It guarantees synchronization between the elements defined in the Git directory according to the contributions made and what is actually applied on the cluster.

‍

The role of ArgoCD is to create a centralized point of exchange between collaborations, contributions made to a Git directory and the state of the art of the cluster. ArgoCD also provides a number of administration functions. We can, for example, use a user interface to preview all resources and interact with them (modifications, additions, deletions, updates...).

‍

Below is a basic diagram of the synchronization mechanism between the infrastructure and a Git directory.

‍

The Git directory we supply to our customer synchronizes all the declarations used to deploy its services. It supports multi-clusters and multi-environments.

‍

1. The benefits

The advantages of our processes are many;

• Contribute to the implementation of a DRP and drastically reduce restoration times (if necessary).
• Easily replicate environments.
• Provide a framework for the collaboration of several people on the same project.
• Keep track of contributions.
• Monitor infrastructure changes more easily.
• Reflect, as accurately as possible, the target infrastructure and provide documentation.

‍

2. Disadvantages

Nevertheless, there are a few drawbacks to this methodology;

• Our technologies require a great deal of rigor and skills that are still rare on the market.
• Upgrades can be a real pain.
• Manual intervention directly on the Cloud provider, i.e. without going through the Terraform code, can alter the health of the code and the security of the account. Terraform expertise is therefore a prerequisite for this methodology.

‍

Our GitOps methodology and technologies are real gas pedals for all infrastructure maintenance and evolution issues. Skyloud is working today to provide clear tools, frameworks and processes for all your future infrastructure evolutions. This avoids all possible errors in the environment.

However, the rigor and framework of application must be well defined beforehand if this methodology is to be maintained over the long term.

‍

Would you like to adopt GitOps methods in your environments?

Tell us about your projects.

‍