GitOps is an approach to infrastructure automation that uses Git as the single source of truth for declarative infrastructure definitions and configurations, and uses continuous integration and delivery tools to ensure that running systems match what is defined in Git. Adopting GitOps practices can help address many IT strategy requirements by driving greater automation of IT processes. This includes enabling hands-off operations where there are no manual changes to production environments and compliance and governance are automated. GitOps provides an ideal interface for compliance automation through a centralized place where all changes are passed in a machine-readable format.
Gen AI in Business - Global Trends Report 2024.pdf
The Role of GitOps in IT-Strategy - November 2021 - Schlomo Schapiro - Continuous Lifecycle 2021
1. Building the backbone of global trade,
to make shipping products as easy as sending emails.
Schlomo Schapiro, 18.11.2021, Continuous Lifecycle 2021
The Role of
GitOps in IT
Strategy
2. The Role of GitOps
In IT Strategy
The GitOps Journey to
Hands-Off Operations
18.11.2021 | Schlomo Schapiro | Principal Engineer, Forto GmbH
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0
International License (with the exception of the stock images with copyright notice) All Mountain Photos: Schlomo Schapiro / CC-BY-SA
@schlomoschapiro
6. … if every person uses the same tool for the same job
… codified knowledge - everybody contributes his part to common automation
… if all people have the same privileges in their tooling
… if human error is equally possible for Dev and Ops
… replacing people interfaces by automated decisions and processes
... a result
DevOps is
6
bit.ly/5devops
8. We want digitalisation,
our IT Strategy calls for …
● IT quota grows exponentially,
no problem can be solved without IT
● All IT processes are much more integrated and
networked, API first …
● Growth factor of IT much bigger than increase in IT
staff → IT “production efficiency” must increase
● More IT in business units → decentralisation of IT
skills (BizDevOps)
● Increasing IT compliance requirements
● Utilise public cloud offerings to drive innovation –
have viable cloud exit strategy
8
9. As an IT team we want …
● Deliver great product/service
● Focus on our product/service
● Use good tools & platforms
● Know which internal processes to deal with
● Reduce overhead with internal processes
● Comply with company policies without pains
● Know about relevant company policies
● Use standard solutions for common problems
● No dependencies to other teams
9
18. 18
git
?
CI CD
GitOps to the Rescue
WHAT HOW
Declarative
Descriptions
Deployment
Automation
Test for Compliance Test for Correctness
Product
Teams
Platform
Teams
25. GitOps Tech
25
git push
State Repo
develop
Binary
Artifacts
CI
Test &
Build
State Repo
main
git push
Version 27
Merge
Request
Modify
Monitor
❶
❷ ❸
❹
❺
❺
GitOps
Controller
People Area Machine Area
Infrastructure
Environment
Systems
➏
28. GitOps & Compliance Automation
28
● GitOps Operations Model
provides ideal interface for
compliance automation:
A central place where
every change passes by in
a machine-readable format.
● GitOps enables true hands-off
operations, reducing IT costs
& efforts.
● Motivation to “Fix the Basics”.
Compliance
Checks
30. Cost & Effort of Compliance Checking?
30
Policy 1 Policy N
…
Policy 1 Policy N
…
500+
Teams
Central
“IT Compliance”
Team
git
?
CI CD
git
?
CI CD
31. Policy 1 Policy N
…
git
?
CI CD
Policy on Paper
31
Policy on Paper (low cost)
No coordination between policies required
Every Engineering Team interprets policies anew
Every Engineering Team implements own policy checking
Distributed Cost of Compliance Checking
Linear costs scale with number of teams and
number and complexity of policies
32. Policy 1 Policy N
…
Central
“IT Compliance”
Team
git
?
CI CD
Policy as Code – Compliance
Automation
32
IT Compliance Team converts policies to code
Centralized Cost of Compliance Checking
Feedback cycle policy & code
Cost scale with number and complexity of
policies, not with number of teams
Every Engineering Team uses common policy checking
code as acceptable means of compliance
33. Platform & Compliance Engineering
33
git
?
CI CD
HOW
Deployment
Automation
Test for Correctness
Platform
Teams
Central
“IT Compliance”
Team
34. Platform & Compliance Engineering Org
34
Mission:
Compliant-by-Default IT platforms
● Create & maintain standardized
tooling for common IT tasks
● Tools are user friendly, integrate
automated compliance checks
● Educate & coach teams in
tool usage & best practices
● Cost center
● Main KPIs:
○ Productivity of product
engineering teams
○ Balancing IT compliance
risks and costs
Platform
Teams
Central
“IT Compliance”
Team
Organisational Frameworks
Technology
Frameworks
…
39. Toolchain Certification
39
Engineering
Teams
git
Policy 1 … N
Teams using
unmodified Toolchain
are certified to be
compliant with Policy
without further proof
Platform
Teams
Internal Toolchain Product
„Compliant-by-Default“
Provide
42. Acceptable Means of Compliance –
Everybody Wins!
42
● Certify tool implementations for common IT topics
around Dev & Ops to provide a compliant-by-default
usage scenario for common tasks
● Provide funding to implement compliance checks
● Ensure every policy has at least one certified
implementation (reference implementation)
● Write better policies that can be easily implemented
● Gain visibility into policy adherence
● Intrinsic motivation to prefer compliant-by-default
tools to reduce own cost of compliance
● Automated proof of compliance possible
● Focus on product development
● Can use compliance adherence to promote their tools
● Receive additional funding for implementing
non-functional requirements in tools
● Implement IT compliance together with new
functionality
● Better & central visibility for cost of compliance
● Global optimisation of compliance costs
● Global optimisation of tool costs
● Increased IT efficiency through intrinsic motivation
● Automated company-wide compliance reports
● Risk management can be based on technical KPIs
● Actual measurement of IT compliance
● Scale-out company growth with increased IT
compliance
Results:
➢ Organisational & Technology Framework
➢ More fun and happiness in IT
➢ Better IT effectiveness
Product Teams
Platform Teams
Product Engineering Teams
The Company
45. Hands-Off Operations
45
● No manual changes in production
● Dev & Ops have same permissions in
production: None by Default
● Automate the hard stuff:
○ Compliance & governance
○ Distributed rolling upgrades
○ Backup & Disaster Recovery
○ Everything in your stack
● Test Driven Everything
● Standardized Tooling
● Fix the Basics!
GitOps
47. The Role of GitOps in IT Strategy
47
Adopting GitOps practices drives
automation as the solution for
many IT strategy requirements.
● schlomo.schapiro.org/2021/04/the-gitops-journey.html read more about this
● schlomo.schapiro.org/p/5-devops-principles.html my DevOps definition
● forto.com/career join our vision:
"We are building the backbone of global trade, to make shipping goods as easy as sending emails."
Q&A
@schlomoschapiro schlomo.schapiro.org