GitOps

What is GitOps?

GitOps was coined by Weaveworks in 2017 to describe an approach to managing infrastructure such that the git repository is the source of truth.

In 2006, Amazon Web Services was launched and the cloud arrived, changing how we deploy our applications. Rather than long lead times to procure and setup hardware, provisioning became an API call. This set the stage for wide adoption of DevOps.

DevOps combines operations and development. With the cloud, operations that required humans to perform could become a script, enabling automated workflows. Workflows could now be treated like any other piece of code: stored in a repository, go through pull requests, and have tests. Infrastructure as Code, or IaC, enabled a new wave of innovation across development and operations.

This was crucial in improving productivity. Need to create test environments frequently? Write a script. It was also crucial in enabling self-service. No longer does an operator need to handle every request for infrastructure changes, they could write a script and let the developers run it themselves.

Writing robust scripts is not always easy. A script might fail mid-way through and need to be re-run from where it failed, adding a lot of complexity. While there were many attempts to make infrastructure declarative, the arrival of Terraform made encoding infrastructure in code accessible and manageable to everyone. No longer did one have to define what had to be done, instead they specified what their infrastructure should look like and Terraform determine the steps to get there. Terraform, and now OpenTofu, became the lingua franca of the cloud.

The stage was set for GitOps. With DevOps, infrastructure as code, and declarative infrastructure using Terraform and OpenTofu, we can treat infrastructure like any other software component. Review changes through pull requests, test it through a CI/CD, and automatically deploy it. With GitOps, a system administrator doesn't need to be the bottleneck in infrastructure, anyone can manage their infrastructure.

"GitOps is the best thing since configuration as code. Git changed how we collaborate, but declarative configuration is the key to dealing with infrastructure at scale, and sets the stage for the next generation of management tools"

- Kelsey Hightower, Staff Developer Advocate, Google.

Benefits of GitOps

  • Increased productivity, faster development - All your infrastructure in one place, standardized workflows, and going through pull requests reduces barriers for the whole organization. Cultural knowledge becomes policy, tests, and workflows are defined in the repository. Formally manual operations, such as deployments, can be automated, reducing the risk of human error.
  • Better developer experience - Automated testing, CI/CD and pull requests are how software has been developed for decades. Removing infrastructure as a special case reduces the cognitive load on engineers. Automated testing enables standardization across an organization and pull requests enable collaboration.
  • Easier auditing and compliance - Version Control Systems are already great at maintaining a durable log of changes. Making modifications to infrastructure via GitOps means you get an audit trail for free. Deploying infrastructure changes through centralized pipelines means compliance requirements can be enforced.
  • Improved reliability - Making changes on a branch allows experimentation in testing environments. Pull requests give the opportunity for the right people to review changes before they go into production. But reviews can't catch everything. In the case of a disruptive change, it can easy be reverted using version control.

"Git is the power option, [and] we would always recommend it if we could, but it is very wrong to say that GitOps requires expertise in Git. Using Git as the UI is not required. Git is the source of truth, not the UI."

- Alexis Richardson, CEO, Weaveworks

Terraform and OpenTofu

Infrastructure as Code has enormous benefits for development but it has unique challenges for deployment that make a conventional CI/CD platform inadequate.

  • Plan & apply - Changing infrastructure requires a planning operation, which compares the code to the live infrastructure and creates a series of steps to bring them into alignment. This is a valuable part of the review process. After a plan has been approved, it can be applied. Due to the realities of interacting with cloud APIs, each of these steps may have to be performed piecemeal or have transient failures. It is necessary that a GitOps CI/CD platform supports interacting with a user beyond triggering based on pull request events.
  • Plan invalidation - While working in a team setting it is possible that the same set of resources may be modified by multiple pull requests. A GitOps CI/CD platform must require any un-applied changes to be planned again if the plan has been invalidated.
  • Conflicting operations - To maximize productivity it is important that engineers work at their own pace, making changes when it is convenient. However, if multiple engineers are modifying the same set of resources, it is possible they will conflict with each other. This can cause problems ranging from a plan not being accurate to business downtime. A GitOps CI/CD platform must understand which operations are safe to perform concurrently.

The bottom line...

Adopting GitOps with Terraform has numerous advantages, from improving team collaboration and ensuring consistency to enhancing security, compliance, and overall operational efficiency. These benefits are especially critical for growing teams in a fast paced environment.

We use cookies and similar technologies to provide certain features, enhance the user experience and deliver content that is relevant to your interests. Depending on their purpose, analysis and marketing cookies may be used in addition to technically necessary cookies. By clicking on "Agree and continue", you declare your consent to the use of the aforementioned cookies. Here you can make detailed settings or revoke your consent (in part if necessary) with effect for the future. For further information, please refer to our Privacy Policy .