Weaveworks has introduced an evolution of DevOps for the generation of developers building cloud-native applications using Git, calling it GitOps. The version control system Git was selected because of its dominance (in its many flavors from GitHub to GitLab and more) and because it has the auditing and governance features that enterprises desire. The central concept of GitOps is to automate the whole process (or lifecycle) of sensing the differences between production and development environments and driving deployment to reduce the differences. A key principle in GitOps is that ready-to-deploy software in Git is the desired end state of the software in production. GitOps clearly only makes sense in a cloud-native environment, where the repository is the source of "truth" and the production environment should ideally always reflect that truth. When changes are made to code, a lag may occur before deployment to production, and the way Weaveworks operates GitOps is to allow, say, an hour before alerting of any differences. Changes to production that are not reflected in development can be a serious source of error and will also be alerted. A key value benefit is the automated auditing and governance built into Git, making GitOps an enterprise-ready DevOps for cloud-native development.
The GitOps model suits enterprise cloud-native development
The heart of the GitOps concept is the source control repository Git. According to Black Duck Open Hub – which provides statistics on free open source software (FOSS) repositories – Git holds 62% of FOSS repositories, while its closest rival, Subversion, holds 33%. Moreover, CEO of Weaveworks Alexis Richardson believes the percentage of cloud-native projects held in Git is likely to be even higher.
GitOps is a further abstraction building on DevOps, with the aim of introducing more automation into the DevOps process as it applies to cloud-native environments, using Kubernetes in particular (although the concept is more universal). As Richardson describes it, it is 90% practice (and implemented as process) and 10% new tooling. Some of this new tooling is emerging as open source from Weaveworks: Weave Flux. A key aspect of GitOps is observability, so monitoring is not an option with GitOps. Instead, it is embedded into how the concept works: it's the monitoring that enables the differences alerting to work. This again reinforces and automates good practice.
Git is typically used as an open repository, but making a repository private is possible. However, enterprises may want a finer control over privacy than making a whole repository private. With Git being central to GitOps, for enterprise adoption this need is high. Enter Bitnami, which has created the open source project Sealed Secrets, a Kubernetes custom resource definition controller, allowing storage of sensitive information in Git.
Michael Azoff, Principal Analyst, Software Infrastructure