What does a GitOps workflow look like?
GitOps is essentially the application of the Git pull-request workflow in an infrastructure change context. The application source code and declarative environment configuration are stored in a Git repo with workflow support. So here's what a basic GitOps workflow looks like:
- The main branch can represent an environment (dev, test, production).
- You can implement changes in the feature branch.
- Then, you submit a petition to change the main branch (also referred to as a pull request or merge request).
- Infrastructure owners can then collaborate, review, and give feedback on the pull request to approve or reject the change.
- If the pull request/change is approved, the GitOps operator will notice the change in state. The GitOps operator then compares the desired state with the state of the existing infrastructure. Wherever there's a mismatch, the system automatically reconciles the difference by overwriting the existing state with what is described in the Git repository.
Key components of a GitOps workflow
Effective use of GitOps happens when you rely on IaC (infrastructure-as-code), PRs as the request for change and system of record, and CI/CD (Continuous Integration/ Continuous Delivery) automation as core elements in your workflow.
IaC (infrastructure-as-code)
GitOps is a natural progression of the infrastructure-as-code (IaC) concept, which involves the practice of keeping all infrastructure configurations stored as code in a Git repository.
As with IaC, GitOps follows a declarative approach to infrastructure management – meaning you only state what you need deployed, not how.
Pull Requests/Merge Requests
In a GitOps world, pull/merge requests sit at the heart of how infrastructure updates are deployed.
Investing in the process and culture of pull requests enables the code to undergo scrutiny and verification by other team members before any change is approved.
With formal code reviews in place, there are up-to-date audit trails to identify what and when infrastructure changes were made. Plus, it helps everyone improve as a team and build a story around the why behind a change, with historical comments and discussions.
Moreover, troubleshooting tends to be easier since users can quickly resolve any issues that appear with a pull request rather than in the underlying system.
There may also be a collective decision to close a merge request due to the scrutiny it is put through — which is okay, too — since the discussion has been captured and can be referenced for future updates.
CI/CD automation
Another key component of a comprehensive GitOps strategy is automating all infrastructure updates via CI/CD.
Each time a merge hits the trunk branch, automated delivery pipelines deploy the change in the designated environment by comparing the existing infrastructure state to what is described in the Git repository.
Suppose any configuration drift is due to a component failure or an inadvertent manual change. In that case, the system reconciles this difference by configuring the environment to match the exact state defined in the Git source of truth.