GitOps & the deployment branching models
DevOps D-day Marseille 2021:
GitOps is starting to be a well-known approach to delivering your software, but it does not provide a framework for representing different target environments or a solution for propagating changes from stage to stage. So what are the solutions to describe the Dev, QA or Production environment and especially how to propagate changes from one environment to another in an efficient, automated and secure way in a GitOps framework?
2. 19
Company started in
July
2019
SoKube is a consulting company 100% dedicated
to the container & Kubernetes orchestration
ecosystem and the entire SDLC, including a
comprehensive approach with Agile, CI-CD,
DevOps / DevSecOps, SRE, GitOps practices.
Kubernetes and DevOps have reached a level of maturity that
any company can leverage as their next enterprise platform.
In the 2020s, Kubernetes will become the common ground
for multi-cloud strategies, alongside with PaaS services, just
as Virtualization took over Physical machines back in 2000s.
Top-Management adoption, Cultural Shift and Training
will be key catalysts in the evolution of companies
that were born before the Cloud-Native era.
Agile Expertise
4. #1. Declarative
The entire system is described declaratively
#3. Kubernetes Operator
Approved changes to the desired state are
automatically applied to the system
#4. Continuous Observability
Software agents ensure correctness and alert on
divergence
Sync & Alert
#2. Git as Single Source of Truth
Declarative changes let you think of changes as
transactions
GitOps ?
6. GitOps Downsides
• Not a one-size-fits-all solution
• Splitting CI and CD is more complicated
• Edge case with Dynamic Resources
• Rollback practices need to be defined
• Non technical Observability & auditing
• Continuous Deployment not natural
• Secret Management is your problem
GitOps doesn’t provide neither a frame to represent the different environments
nor a solution to propagate changes from one stage to the next one.
16. Dev / Sec / Ops
INT QA PROD
CD
Pull
Request
Pull
Request
YAML
Helm
Kustomize
1 env per branch
17. 1 env per branch
• “Common” approach
• Simple filesystem / single set of resources
• RBAC per branch
• Pull Request process more complicated
• Flow of propagation must be respect (possible ?)
• Hot-fix ? → Merge hell
• Promotion of structural new element is harder: keys consistency
21. 1 env per directory / file
Dev / Sec / Ops
INT QA PROD
CD
YAML
Helm
Kustomize
22. 1 env per directory / file
• Env update/add/remove
• Pull Request process is simple
• Ability to factorize between environment
• Consistency of key values is a huge advantage
• Ability to switch from one env to another
• No adhesion to an env
• RBAC is not OOTB → CodeOwner
• Warning on common parameters
26. Enterprise GitOps
• Added value and benefits are important
• Need to be aware of current limitations or bad practices
• Solutions are more and more mature
• Must be adapted to your process without twisting the model
• Give you the opportunity to improve your process
• 1 env per directory/file with gitflow simplifies while allowing to manage
complex scenarios