Kubernetes and GitOps


The concept of Reconciliation loop is used for kubernetes to keep the state as defined in the manifest. Roughly speaking, observation, analysis, and execution are repeated in the form shown in the picture below.


Observe queries the API server to observe the what it should be defined by the applied manifest, and Analyze compares the current one with what it should have been obtained earlier. Then, Act issues a command to fill the difference if there is a difference, and keeps the cluster as it should be.


GitOps is one of the ideas in CI/CD that manages the git repository as the only reliable state and performs operations by detecting changes in that state. Flux, ArgoCD and Jenkins-X are famous software that realizes GitOps.

Below I present an example architecture that is commonly used for CI/CD using GitOps.

Idea is similar to the Reconciliation loop:

  • Observe the state of Git
  • Detect any changes,
  • Compare Git (what it should be) and k8s (current), and if there is a difference, issue a command to fill the difference.

What benefits will we achieve when we adopt GitOps ??

I think there are many advantages to using GitOps, I will present a few that I think are the most important

  • We can easily check and update the cluster status using git
    Git is a tool that developers are used to every day. By using the tool to manage infrastructure resources, developers can relatively easily check and update the current status of infrastructure.
  • We don’t have to manage referential users on kubernetes. In past, if some developer wanted to see the state in the cluster, it would be necessary to create a service account with only reference privileges, configure RBAC and provide it, or provide a dashboard tool. was. Now with GitOps, you only need to manage the reference authority of the repository, which reduces the trouble of managing service accounts on kubernetes.
  • Easy to incorporate approval flow using pull request. Suppose your master branch is in sync with your production environment, then we can easily incorporate the approval flow into the deployment process by using a pull request and creating a flow that asks you to review the merge into the production environment.

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

