GitOps WorkFlow Overview

What’s wrong with traditional pipeline?¶

• the need to provide the target environment credentials to the CI/CD tool.
• a CI tool that is unable to detect/alert us of discrepancies between the desired state and the current one and forces us to install a second tool that is in charge of monitoring the state of the application.
• Less write access to the cluster from outside because the GitOps operator performs deployments from within the cluster
• No credentials in the CI server because access to the cluster is not necessary
• Infrastructure as Code (IaC) offers advantages for auditing and reproducibility. Furthermore, the cluster and Git are automatically synchronized.
• From an organizational point of view, it is often easier to access Git than the API server. There may be no need to open ports in the firewal

In the Pull-Based Model, and likewise in the CI/CD GitOps pipeline model, we see a first main difference, namely the presence of two repositories located at the beginning and end of the CI process. In this model, in fact, the CI tool no longer takes care of the deployment. Instead, this task will fall on an operator like those seen previously, installed in the target environment. Listening for any changes made in the registry docker and in the repository environment, the tool will ensure that the current state of the environment coincides with that of the repository environment, in other words, the desired state.

No doubt, GitOps can offer many benefits. First, it makes the system fully observable, both by you and by an automated tool. It assures you that what you see in the repository environment is perfectly in line with the Kubernetes cluster, independently making the necessary implementations to match the current state of the system with the desired state (consequently also increasing the verifiability of the system!).

Moreover, GitOps shares an essential benefit with Kubernetes: the declarative model on which the work of the operators is based, thanks to which you can see an increase in productivity. Finally, the Pull model enhances system security by simplifying the problem of having to expose the Kubernetes APIs to your Continuous Integration.