Sergey Nivens - Fotolia

IT pros make a case for GitOps in IT governance

GitOps requires shifts in IT team mindset and workflows, but enterprises with regulatory compliance and strict IT governance mandates say the pros outweigh the cons.

GitOps is still an aspirational concept for most mainstream enterprises, but some IT pros in highly regulated industries believe it's the best way to modernize IT governance.

The term refers to a set of practices that use Git code repositories as a single source of configuration and deployment data for IT infrastructure. Tools such as Flux and Argo CD, which emerged from the Cloud Native Computing Foundation, link Git repositories to Kubernetes clusters for deployment, and IT vendors such as Red Hat have begun to build these tools in with Kubernetes platforms.

But the biggest hurdle to establishing GitOps within traditional enterprises is that before deploying a product, IT teams must first shift their mindset and workflows, especially in large organizations where teams use a variety of tools.

"The idea of GitOps is [that there is] no manual fumbling in production -- whatever you want in production, you put in a YAML file," said Schlomo Schapiro, chief cloud architect at a company in Germany he asked not be named. "It requires a slow change in mindset to accept that ... compliance with policies is an automation problem and not [something that requires] a manual review."

Solving this automation problem requires DevOps practitioners to translate not just infrastructure configurations but also governance policies into code and apply them using sophisticated automation tools in a programmatic manner. Some GitOps early adopters working with multiple Kubernetes clusters have encountered technical snags with configuration management as well.

Sebastian Ickler, B. BraunSebastian Ickler

GitOps tools such as Flux and Argo CD also operate differently than CI/CD pipelines -- both open source projects use a "pull" approach to deployment, in which any change to a Git repository triggers a Kubernetes cluster update. This contrasts with the "push" approach used in enterprise CI/CD environments, where pipelines publish container images to Kubernetes clusters and IT teams then point applications to the latest container versions.

"We're still doing 'push' and not 'pull'," said Sebastian Ickler, platform owner of the B. Braun Health Cloud within B. Braun, an international healthcare supplier and medical device manufacturer in Germany. "Doing GitOps on Kubernetes, you have to switch the way you think about delivering your product."

GitOps charts a path to IT governance at scale

Despite its challenges, for large companies with strict IT governance requirements, GitOps seems the most promising approach to operating container infrastructures at scale.

"[GitOps] reduces the variety of [paths] by which changes can come to production and takes out manual changes," Schapiro said. "That's why GitOps practices are such an essential, key component of any IT strategy that hopes to ... achieve hands-off operations, which is the only way I can really scale out to have an unlimited amount of servers that is managed by a very limited amount of people."

GitOps practices are such an essential, key component of any IT strategy that hopes to ... achieve hands-off operations.
Schlomo SchapiroChief cloud architect

Coordinating changes through Git repos allows teams to work independently without friction from manual workflows, Schapiro said in a presentation during GitOpsCon, a colocated virtual event during KubeCon EU this week.

Consistent, declarative descriptions of changes in code that include timestamps and a verification from the GitOps system are the most efficient way to document updates for regulatory compliance, B. Braun's Ickler said. GitOps will also force those declarative descriptions to follow a common format.

"Standardization will help make things more secure and safe," Ickler said, and there's no more important mandate in healthcare IT. "If I'm in the hospital in the future, maybe on a connected infusion pump made by B. Braun, I'd want things to be safe and secure."

Commercial tools from vendors such as the newly released Red Hat OpenShift GitOps could be helpful in the future, especially as companies such as B. Braun look to bring Kubernetes on premises to operate latency-sensitive manufacturing systems with containerized workloads. But Ickler echoed Schapiro in saying that GitOps can't be achieved just by purchasing a product.

"You have to think first about Day 2 operations and define your processes, then choose the proper tooling," Ickler said.

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center