GitOps Emerges as a Major Theme at KubeCon 2021

MacStadium is proud to have been a sponsor of this past week’s KubeCon + CloudNativeCon North America, and while we were certainly eager to talk shop with attendees at our in-person and virtual booths, we enjoyed the speakers immensely. There really was something for everyone – including excellent introductory talks like Noah Abrahams' Safari of Kubernetes and its Natural Habitat, compelling security-focused talks like Jay Chen & Aviv Sasson’s Insights into Unsecured Kubernetes in the Wild, and there were also clusters of talks with overlapping topics that hinted at larger trends emerging in the K8s space. In particular, GitOps seemed to be a major topic of conversation this year.

Note: We have linked directly to the KubeCon + CloudNativeCon sessions discussed, but you must be a registered attendee to see them. Not registered? It’s not too late! Sign up at the KubeCon website to view all of the sessions. Keynotes and video sessions will also be posted to the CNCF YouTube channel in late October.

What is GitOps?

GitOps is a repurposing of DevOps principles like collaboration, CI/CD, and version control in order to facilitate infrastructure automation and application deployment. Fully realized, GitOps is a system in which infrastructure as code is stored in version control, like a Git repository, and that a controller of some kind is watching for changes. When changes are detected, the controller pulls an updated set of declarative instructions from the repo, and the environment it controls is then responsible for continuously reconciling its current state with the user-defined state that lives in the controller.

Core principles of GitOps

1. Declarative – Infrastructure is defined declaratively as code.
2. Versioned – That code is stored in Git or something similar.
3. Automatically pulled – Changes to the repository are detected and pulled to the controller dynamically.
4. Continuously reconciling – The environment needs to continuously realign itself with the current environment definition (that is being pulled dynamically into the environment).

GitOps talks from KubeCon 2021

If this piques your interest and you’d like to take a deep dive into GitOps, check out the following selected GitOps-focused talks from the conference.

A Tall Tale of GitOps - Prasanjit Singh, Starzplay

Singh offers a very introductory-friendly talk in which he employs a children’s story about a baking honeybee with a penchant for automation. Through the story, he explains when and why GitOps is useful, and how to get started automating your infrastructure deployments and updates.

He also shares a repository of "Awesome GitOps" resources that you can use for hands-on exploration related to writing and building code, creating infrastructure, deploying the application, and monitoring the application all kicked off by pushing to a Git repository.

GitOps+Jenkins-CI With Declarative Everything - Kingdon Barrett, Weaveworks

Barrett opens with a very solid explanation of the core principles of GitOps, and he then treats the audience to a live demo as he charts out how to deploy Jenkins declaratively with Flux's Helm Controller.

He then goes on to explain how to build an app repo with Jenkins for deployment with Flux, how to test a Helm chart with Helm Test through Flux's Flagger, and how to deploy new releases automatically with Flux’s Image Automation Controller and Helm controller. The sum total of the demo is an all-declarative Jenkins infrastructure from end-to-end, a declarative Jenkinsfile, the pipeline for branches, and PRs to build and push images.

Shh, It’s a Secret: Managing Your Secrets in a GitOps Way - Jake Wernette & Josh Kayani, IBM

This compelling talk explores how Wernette and his team at IBM, after not finding secret management tooling off the shelf that fit their needs, were able to build and adopt an Argo CD-specific, Vault plugin that allowed them to simplify their secret management for GitOps processes.

Wernette walks the audience casually through the fundamental problem that argocd-vault-plugin solves as only an expert can -- that is, the secure management of secrets for GitOps, given that best practice dictates that secrets should never be committed directly into Git.

TL;DR

MacStadium is proud to have sponsored this past week’s KubeCon, and we enjoyed the speaker presentations as always! This year, GitOps – a system of automating and versioning infrastructure as code deployments – emerged as a center of conversation throughout the conference. Above, you’ll find a brief explanation of the core principles of GitOps, as well as a round-up of a few of our favorite GitOps-focused talks.