Post

Kubernetes GitOps

Posted
Preview Image
By Muzammil Shaik 6 min read

🔄 GitOps with Kubernetes

As organizations scale their Kubernetes deployments, managing application configurations and ensuring consistency across environments becomes increasingly challenging. GitOps addresses these challenges by using Git as the single source of truth for declarative infrastructure and applications.

🌟 What is GitOps?

GitOps is a set of practices that leverages Git as the single source of truth for declarative infrastructure and applications. With GitOps, the entire system is described declaratively and versioned in Git, and automated processes ensure the actual state of the system matches the desired state in Git.

Core Principles of GitOps

  1. Declarative Configuration: The entire system is described declaratively, rather than through imperative scripts or manual processes.

  2. Version Controlled, Immutable Storage: All configuration is stored in Git, providing versioning, audit trails, and rollback capabilities.

  3. Automated Delivery: Changes to the system are automatically applied when changes are made to the Git repository.

  4. Software Agents: Software agents continuously monitor the actual state and reconcile it with the desired state defined in Git.

  5. Closed Loop Deployments: The system continuously attempts to converge to the desired state, providing self-healing capabilities.

🔄 GitOps Workflow

A typical GitOps workflow looks like this:

  1. Developers commit changes to the Git repository containing application configurations.

  2. CI pipeline validates changes, running tests and generating artifacts.

  3. GitOps operator detects changes in the Git repository.

  4. Operator applies changes to the Kubernetes cluster.

  5. Operator continuously monitors the cluster state and reconciles any drift.

🛠️ GitOps Tools for Kubernetes

Two of the most popular GitOps tools for Kubernetes are Flux CD and Argo CD. Let’s explore both:

🌊 Flux CD

Flux CD is a GitOps operator for Kubernetes that ensures the state of your cluster matches the configuration in your Git repository. It’s a CNCF Incubating project and part of the Flux family of GitOps tools.

Key Features of Flux CD

  • Automated deployment: Continuously monitors your Git repository and applies changes to your cluster
  • Multi-tenancy: Supports multiple teams and applications
  • Helm integration: Manages Helm releases declaratively
  • Kustomize support: Works with Kustomize for configuration customization
  • Notification system: Alerts on deployment status changes
  • Image automation: Automatically updates container images

Installing Flux CD

1
2
3
4
5
6
7
8
9
10
11
12
13

# Install Flux CLI
brew install fluxcd/tap/flux

# Check prerequisites
flux check --pre

# Bootstrap Flux on your cluster
flux bootstrap github \
  --owner=YOUR_GITHUB_USERNAME \
  --repository=fleet-infra \
  --branch=main \
  --path=clusters/my-cluster \
  --personal

Basic Flux Configuration

Flux uses custom resources to define sources and workloads:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# GitRepository example
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
  name: podinfo
  namespace: flux-system
spec:
  interval: 1m
  url: https://github.com/stefanprodan/podinfo
  ref:
    branch: master
---
# Kustomization example
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: podinfo
  namespace: flux-system
spec:
  interval: 10m
  path: "./kustomize"
  prune: true
  sourceRef:
    kind: GitRepository
    name: podinfo
  targetNamespace: default

Flux with Helm

Flux can manage Helm releases declaratively:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

# HelmRepository example
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: bitnami
  namespace: flux-system
spec:
  interval: 1h
  url: https://charts.bitnami.com/bitnami
---
# HelmRelease example
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: redis
  namespace: flux-system
spec:
  interval: 5m
  chart:
    spec:
      chart: redis
      version: "16.x"
      sourceRef:
        kind: HelmRepository
        name: bitnami
  values:
    architecture: standalone
    auth:
      enabled: false
  targetNamespace: default

🚢 Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s a CNCF Incubating project and part of the Argo family of tools.

Key Features of Argo CD

  • Web UI: Provides a visual interface for application management
  • Automated sync: Continuously monitors Git repositories and applies changes
  • Multi-cluster management: Can manage multiple Kubernetes clusters
  • SSO Integration: Supports OIDC, LDAP, and other authentication methods
  • RBAC: Fine-grained access control
  • Rollback capabilities: Easy rollback to previous application versions
  • Health assessment: Monitors application health

Installing Argo CD

1
2
3
4
5
6
7
8
9
10
11

# Create namespace
kubectl create namespace argocd

# Install Argo CD
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Access the Argo CD API server
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Get the initial admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Basic Argo CD Configuration

Argo CD uses the Application custom resource to define applications:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: guestbook
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/argoproj/argocd-example-apps.git
    targetRevision: HEAD
    path: guestbook
  destination:
    server: https://kubernetes.default.svc
    namespace: guestbook
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true

Argo CD with Helm

Argo CD can deploy Helm charts:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: redis
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    targetRevision: 16.13.1
    chart: redis
    helm:
      values: |
        architecture: standalone
        auth:
          enabled: false
  destination:
    server: https://kubernetes.default.svc
    namespace: redis
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true

🔄 Comparing Flux CD and Argo CD

Feature Flux CD Argo CD
UI CLI-focused, limited web UI Rich web UI
Architecture Controller-based Server + controller
Multi-cluster Yes (via Flux Multi-tenancy) Yes (built-in)
Helm Support Yes Yes
Kustomize Support Yes Yes
RBAC Kubernetes RBAC Built-in fine-grained RBAC
SSO Limited Extensive
Notifications Built-in Via Argo CD Notifications
Image Automation Built-in Via external tools
Progressive Delivery Via Flagger Via Argo Rollouts
Learning Curve Moderate Moderate
Community CNCF Incubating CNCF Incubating

🌟 Best Practices for GitOps

  1. Structure Your Git Repository
    • Use a monorepo or multiple repositories based on your organization’s needs
    • Separate application code from configuration
    • Organize by environment, team, or application
  2. Implement Environment Promotion
    • Use branches or directories for different environments
    • Implement promotion workflows (dev → staging → production)
    • Consider using pull requests for environment promotion
  3. Secure Your GitOps Pipeline
    • Use signed commits
    • Implement branch protection
    • Use RBAC to control who can deploy to which environments
    • Consider using sealed secrets or external secret management
  4. Monitor and Alert
    • Set up alerts for failed synchronizations
    • Monitor drift between desired and actual state
    • Implement audit logging
  5. Handle Secrets Properly
    • Never store plain-text secrets in Git
    • Use tools like Sealed Secrets, Vault, or cloud provider secret management
    • Consider using SOPS or similar encryption tools
  6. Implement Progressive Delivery
    • Use canary deployments or blue/green deployments
    • Implement automatic rollbacks based on metrics
    • Consider tools like Flagger or Argo Rollouts

🚀 Getting Started with GitOps

To start implementing GitOps in your organization:

  1. Choose a GitOps tool that fits your needs (Flux CD or Argo CD)
  2. Set up a Git repository structure for your Kubernetes manifests
  3. Start with a simple application to get familiar with the workflow
  4. Gradually migrate existing applications to the GitOps workflow
  5. Implement CI/CD integration with your existing tools
  6. Train your team on GitOps principles and practices

🏁 Conclusion

GitOps provides a powerful paradigm for managing Kubernetes deployments, offering benefits such as:

  • Improved developer experience: Developers use familiar Git workflows
  • Enhanced security: Changes are auditable and traceable
  • Increased reliability: Automated reconciliation ensures consistency
  • Better compliance: Git history provides audit trails
  • Faster recovery: Easy rollbacks to previous states

By implementing GitOps with tools like Flux CD or Argo CD, you can streamline your Kubernetes deployments, improve collaboration between teams, and build a more reliable and secure infrastructure.

Devops
Automation Kubernetes DevOps GitOps CI/CD Argo CD Flux CD
This post is licensed under CC BY 4.0 by the author.