GitOps is a term you may be hearing more and more often these days. Where did GitOps come from? What does it mean? And should you care?
The short answers to these questions, in order, are “Weaveworks,” “using Git as a software management tool,” and “yes.”
Keep reading for an introduction to GitOps and how you can make it work for you.
What Is GitOps?
Put simply, GitOps is the art and science of using Git pull requests to manage infrastructure provisioning and software deployment.
The concept of GitOps originated at Weaveworks, whose developers described how they use Git to create a “single source of truth” in an August 2017 blog post (which was followed by a series of follow-up posts about putting GitOps into practice).
Why Use GitOps?
Using pull requests to manage infrastructure might seem like kind of a strange hack—like using a hammer to paint a wall or driving your car into the water.
But when you look more closely, you realize that the practice behind GitOps makes a lot of sense. By turning infrastructure management tasks into a series of pull requests, you achieve the following:
- You get a single tool and interface for controlling your infrastructure. This obviates the need to use a different tool for controlling different types of infrastructure.
- You get version control for all of the changes that you make to your configuration. That’s handy for rolling back changes, as well as auditing purposes.
- You can use diff to detect changes and generate alerts automatically. This means not only that you have a way to monitor for changes constantly, but also that if actual conditions diverge from the way things are supposed to be configured, the problem will be detected easily.
- Because you’re using Git pull requests (something with which most software developers are already familiar), you don’t have to teach your team a new tool in order to manage infrastructure.
These are all pretty compelling reasons to use pull requests as the basis for infrastructure management.
So, although GitOps may be something of a hack, it’s a hack that pays off. It’s like using a razor blade to scrape paint off a window—While it’s not the primary intended purpose of the tool, it’s a practice that delivers significant value nonetheless.
GitOps Security Benefits
It’s worth noting, too, that although GitOps was not conceived with IT security needs in mind, GitOps can provide some security benefits as well.
That’s because GitOps helps teams to implement a single core practice, set of tools, and data tracking. As a result, it reduces the number of variables in infrastructure management and provides deep, continuous visibility into the state of your infrastructure (as well as how that state compares to how things are supposed to look according to configuration data). Fewer variables means a smaller attack surface and a lesser risk of something going wrong, while more visibility makes it easier to detect signs of security problems when they arise.
This doesn’t mean that GitOps alone is the solution to all of your security problems, of course. But it can help on the security front.
The Future of GitOps: Beyond Git
You may have noticed that the GitOps concept is closely linked to one software vendor (Weaveworks) and one open source tool (Git). That might be a turnoff to some folks—Developers tend not to like tools and concepts that are bound to specific companies or codebases.
However, even if you shy away from the specific approach to GitOps that Weaveworks is promoting, there is a great deal of value for everyone in the broader concept behind GitOps.
Maybe Git pull requests aren’t the best infrastructure solution for everyone. Maybe you’d prefer to find a way to do GitOps using a different version control system. Or maybe you’d like to write your own.
The exact approach you take doesn’t matter. The ultimate value of GitOps lies in its ability to simplify the way you manage infrastructure and application deployment, control change and gain visibility into your environments. The exact tools that you use to achieve GitOps aren’t what matters; the results are.
- Application Security
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
AWS Fargate Security: Runtime Defense with Twistlock 2.5Read the Blog
Cloud Native Forensics: Security Incident Response in Twistlock 2.5Read the Blog
Announcing Twistlock 2.5: GA Release NotesRead the Blog
DevSecOps Learning Resources: How to Learn to Do DevSecOpsRead the Blog
Why Place Security (Partly) in the Hands of DevelopersRead the Blog