GitOps—which takes automation facets of the DevOps methodology—is an approach that aims to streamline infrastructure management and cloud operations with software development and deployment. While many consider GitOps a replacement for DevOps, it is not—the approach simply concentrates on the means of automating one facet of the DevOps methodology.
Specifically, GitOps uses Git pull requests to automate infrastructure provisioning and software deployment, all for the purpose of making CI/CD a more efficient process.
GitOps uses Git as a single source of truth for both application development and cloud infrastructure; declarative statements are used for streamlining configuration and deployment.
GitOps unifies a number of key tasks such as deployment, management, and monitoring of cloud clusters (specifically containers running in the cloud) and allows for developers to have more control over their application deployment pipeline. Since Git works for Infrastructure as Code (IaC) as well as application development, it is an ideal repository of truth for the approach.
GitOps offers some key advantages to those who employ the approach, starting with the more refined CI/CD pipeline itself. The approach fully leverages the benefits of cloud-native applications and scalable cloud infrastructure without the usual complications. Other benefits include:
Many perspectives believe that GitOps offers the best of both worlds, combining continuous delivery with cloud-native advantages and IaC. GitOps best practices also make the end-to-end pipeline standardized, and you can integrate the approach with any existing pipeline without making big changes. You just need the right tools for the job.
Speaking of the right tools for the job, there are countless tools to help you integrate the GitOps approach with your existing workflows. Some of the tools supporting GitOps are so popular that you may even be using it in your existing pipeline. To help you get started, here are the tools that we recommend if you want to incorporate GitOps.
Of course, Kubernetes sits at the heart of GitOps. After all, the approach is based on using Kubernetes to manage containers and build a robust infrastructure. Kubernetes now comes with a lot of automation tools to simplify deployment and scaling of cloud infrastructure; we will get to some of them later in this article.
As an open-source version control platform, Git is very robust. In GitOps, your Git repository becomes the single source of truth. Every code you commit to Git will be processed and deployed. You can also have Git repos for development and deployment.
Helm is one of the most robust tools for configuring Kubernetes resources. Yes, you can use Homebrew or Yum, but Helm offers automation features that are not available in other tools in its class.
If you want to further manage your roll-outs, Flagger from Weaveworks is a must-use tool. It is a tool for managing progressive delivery, which allows for new codes to be deployed selectively to identify errors. It works well with the next tool we have in this list.
Prometheus acts as a monitoring tool for GitOps. It generates alerts if changes do not pass the tests set by Flagger. On top of that, Prometheus also bridges the gap between GitOps and other automation tools.
Flux or FluxCD is simply the GitOps operator for Kubernetes. It automatically adjusts the cluster configuration of your Kubernetes with the config found in your Git repo. Flux is the reason why changes made to your Kubernetes cluster can be reverted easily.
For image management, you can use Quay. Container images are managed meticulously with this tool, all without sacrificing security and reliability. Quay enables GitOps to work with on-premise image registry rather than cloud-based ones like GitHub.
To keep your Git pull requests and updates organized, there are several tools you can use. Auto-Assign is one of them. As the name suggests, it assigns reviewers every time new pull requests are found, so changes can be monitored closely.
Sticking with maintaining the quality of your codes, CodeFactor is another tool that can be integrated into your GitOps pipeline. It is an automated code review tool that automatically checks codes against predefined standards when new Git commits are found.
Managing dependencies is key, especially if your app is built on languages like Go. DEP is the tool you want to use in this instance. It is specifically created to manage dependency of Go apps and services without slowing down your GitOps pipeline.
Another Git app for managing codes is Kodiakhq. This time, the tool focuses on automatically updating and managing pull requests while reducing the CI load. Manually merging requests is no longer needed with Kodiakhq up and running, and this frees up time and valuable resources for other tasks.
If you use Terraform to streamline resource provisioning, you can use Atlantis to add additional automation to the pipeline. Atlantis automates pull requests for Terraform and triggers further actions when new requests are found.
Helm Operator also takes Helm a step further by introducing automation to the release of Helm Charts. It is designed to work in a GitOps pipeline from the ground up, so integrating Helm Operator is incredibly easy.
Gitkube focuses more on building and deploying Docker images using Git push. The tool is very simple to use and doesn’t require complex configuration of individual containers. This too is a tool that will save you a lot of time and energy during the deployment phase.
We really cannot talk about GitOps tools without talking about Jenkins X. Jenkins started life as a CI/CD platform for Kubernetes, but the platform can be used to manage your GitOps pipeline seamlessly. It even has a built-in preview environment to minimize code and deployment errors.
Restyled enforces a certain style of coding for better standardization. With GitOps being designed as a way to standardize the end-to-end process, having the ability to automate code review and re-merging of requests is a huge plus.
Argo CD takes a more visual approach to GitOps. It visualizes the configuration of both applications and environments, plus it simulates the GitOps pipeline with charts and visual cues. You can use Argo CD in conjunction with Helm and other GitOps tools as well.
Kapp, a name derived from the Kubernetes app, focuses on the deployment side of the pipeline. It takes packages that have been created by other automation tools you integrate into your GitOps workflow and produces Kubernetes configuration based on them.
Kpt, or “kept”, is another tool for streamlining deployment and the provisioning of Kubernetes resources. It uses declarations to handle resource configuration, allowing developers to gain better control over their infrastructure. There is no need for manual configurations at all with Kpt in place.
Stale handles something that annoys a lot of developers: outstanding or abandoned issues and pull requests. With Stale, you can configure when pull requests and issues are considered abandoned, and then automate the process of managing those requests and issues.
Kube Backup is an essential tool for maintaining the Kubernetes cluster configuration. It backs up your cluster to Git, particularly the resource state of the cluster. In the event of a catastrophic failure of the environment, you can get your application up and running faster with Kube Backup.
A handy tool for managing resources in your Kubernetes cluster is Untrak. The tool automatically finds untracked resources in your cluster. It also handles garbage collection and will help you keep your Kubernetes cluster lean.
Fluxcloud integrates Slack with GitOps. If you use Flux (FluxCD), you will certainly love Fluxcloud. It eliminates the need for Weave Cloud and allows for Slack notifications to be generated for every FluxCD activity.
Style guides and standards for your codes! Sticker CI streamlines the implementation of coding styles without affecting the pipeline itself. You get fast and consistent code checking and standardization as soon as you implement Stickler CI into your workflow.
This next tool is very straightforward. Task List Completed stops pull requests with outstanding tasks from being merged. Instead of having to manually check tasks from every pull request, you can safeguard your deployment environment using this tool.
We’ve mentioned how you can use Fluxcloud for notifications, but what if you decide not to use FluxCD? You can still get notifications for Git changes by activating the native Slack plugin. Slack supports tasks such as closing and opening pull requests and issues as well as interacting with them directly from the Slack app.
Even with the best QA in place, errors in codes can still be found. This is where CI Reporter comes in handy. The tool collects error reports for a failing build before adding it to the relevant pull requests.
For a more granular control over which pull requests get merged, use PR Label Enforce. The tool enforces certain labels before a pull request can be merged. You can set labels like “ready” or “checked” as the parameter, and then use other tools to automate the assignment of these labels.
For storing private data inside git, use Git-Secret. This is handy for when you need to store sensitive configuration files or Secrets. Security is very important in GitOps, so Git-Secret is invaluable as a way to ensure security. Speaking of security you can also use….
Kamus automatically incorporates zero-trust encryption and decryption to your GitOps workflow. Combined with Git-Secret, you can strengthen the security of your entire pipeline without slowing down your CI/CD cycles.
If you need to take things a step further, you can also use Sealed Secrets to encrypt Secrets using a one-way encryption process. Sealed Secrets provide maximum security to your GitOps pipeline.
While GitOps is very agile as an approach, maintaining productivity is still a necessary thing to do. Pull Panda helps you do that by making collaborative work easier and more efficient. It sends pull reminders and analytics to Slack and can even automate the assignment of pull requests.
Sleeek is also a bot for managing productivity and streamlining processes, but it takes a slightly different approach to the problem. Sleeek is basically a bot—a virtual assistant—that helps project managers and development teams stay in sync through a series of questions.
The list goes on, to be honest; there are so many great tools out there that can help you integrate GitOps and streamline your deployment pipeline significantly. GitOps, as an approach, does offer a lot of flexibility and a chance for developers to be more meticulous when managing Kubernetes clusters and the provisioning of cloud resources. This really can be continuous deployment meets cloud-native when it comes to working with Kubernetes.
▻ VP of Engineering @ Cherre ▻ Cloud Solutions Architect ▻ DevOps Evangelist
Stefan is an IT professional with 20+ years management and hands-on experience providing technical and DevOps solutions to support strategic business objectives.