Successfully reported this slideshow.
Your SlideShare is downloading. ×

The Role of GitOps in IT Strategy - June 2021 - Schlomo Schapiro

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 39 Ad

The Role of GitOps in IT Strategy - June 2021 - Schlomo Schapiro

Download to read offline

See https://www.youtube.com/watch?v=_uDzXmbiUIg for German-language talk to these slides.

What is the role of GitOps in IT strategy? This talk gives an overview and puts GitOps into the context of current challenges in IT strategy.

Main aspects are continuous delivery, policy as code, automated governance, compliant-by-default work environments, acceptable means of compliance and a comprehensive automation of all development and operations related processes with the goal of true hands-off operations.

The result places GitOps as a major building block of any modern IT strategy. GitOps helps building essential key IT capabilities. It creates the motivation to truly “fix the basics” via sustainable solutions to enable creating higher level automation solutions. With GitOps engineers can focus much more on business value and spend less effort on boring IT topics.

See https://www.youtube.com/watch?v=_uDzXmbiUIg for German-language talk to these slides.

What is the role of GitOps in IT strategy? This talk gives an overview and puts GitOps into the context of current challenges in IT strategy.

Main aspects are continuous delivery, policy as code, automated governance, compliant-by-default work environments, acceptable means of compliance and a comprehensive automation of all development and operations related processes with the goal of true hands-off operations.

The result places GitOps as a major building block of any modern IT strategy. GitOps helps building essential key IT capabilities. It creates the motivation to truly “fix the basics” via sustainable solutions to enable creating higher level automation solutions. With GitOps engineers can focus much more on business value and spend less effort on boring IT topics.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to The Role of GitOps in IT Strategy - June 2021 - Schlomo Schapiro (20)

Advertisement

More from Schlomo Schapiro (16)

Advertisement

Recently uploaded (20)

The Role of GitOps in IT Strategy - June 2021 - Schlomo Schapiro

  1. 1. The Role of GitOps in IT Strategy The GitOps Journey to Hands-Off Operations June 2021 | Schlomo Schapiro | Chief Technology Office DB Systel This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (with the exception of the stock images with copyright notice) All Mountain Photos: Schlomo Schapiro / CC-BY-SA
  2. 2. Agenda DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 2 Problem DevOps Evolution Automated Governance ❤ GitOps Hands-Off Operations Cost of Compliance Acceptable Means of Compliance Declarative Descriptions
  3. 3. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 3 Engineering Teams git ? CI CD
  4. 4. … if every person uses the same tool for the same job … codified knowledge - everybody contributes his part to common automation … if all people have the same privileges in their tooling … if human error is equally possible for Dev and Ops … replacing people interfaces by automated decisions and processes ... a result DevOps is DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 4 bit.ly/5devops
  5. 5. We want digitalisation, our IT Strategy calls for … DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 5 IT quota grows exponentially, no problem can be solved without IT All IT processes are much more integrated and networked, API first … Growth factor of IT much bigger than increase in IT staff → IT “production efficiency” must increase More IT in business units → decentralisation of IT skills (BizDevOps) Increasing IT compliance requirements Utilise public cloud offerings to drive innovation – have viable cloud exit strategy https://pixabay.com/de/photos/social-media-digitalisierung-2528410/
  6. 6. As an IT team we want … DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 6 Deliver great product/service Focus on our product/service Use good tools & platforms Know which internal processes to deal with Reduce overhead with internal processes Comply with company policies without pains Know about relevant company policies Use standard solutions for common problems No dependencies to other teams Deutsche Bahn AG / Oliver Lang DB187733
  7. 7. Solution Approach DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 7 Organisational Frameworks Technology Frameworks Fix the Basics Acceptable Means of Compliance Policy as Code Budgets for Compliance Standardized Tooling Hands-Off Operations
  8. 8. Solution Approach – Hands-Off Operations DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 8 Organisational Frameworks Technology Frameworks Acceptable Means of Compliance Budgets for Compliance Standardized Tooling Hands-Off Operations Fix the Basics Policy as Code
  9. 9. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 9 Problem? What is governance? Ø Align IT strategy with business strategy Ø Make sure we have and keep rules
  10. 10. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 10 What is automated? Ø „operated automatically“ Ø Synonyms: automatic, laborsaving, robotic, self-acting, self-operating, self-regulating Ø Not people doing it manually Source: https://www.merriam-webster.com/dictionary/automated
  11. 11. Automated Governance = Compliance Automation = Very Hard! DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 11 Automation friendly? How to check?
  12. 12. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 12 Engineering Teams git ? CI CD
  13. 13. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 13 git ? CI CD WHAT HOW Declarative Descriptions Deployment Automation Test for Compliance Test for Correctness Product Teams Platform Teams
  14. 14. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 14 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html
  15. 15. Test for Compliance Declarative Descriptions Example DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 15 stage_deploy: script: - ssh user@host "mkdir htdocs/_tmp" - scp -r build/* user@host:htdocs/_tmp - ssh user@host "mv htdocs/live htdocs/_old && mv htdocs/_tmp htdocs/live" - ssh user@host "rm -rf htdocs/_old" gitlab-ci.yaml stage_deploy: image: deploy_with_ssh script: config.properties gitlab-ci.yaml #!/bin/bash source "$1" ssh $TARGET "mkdir $DIR/_tmp" scp -r $SRC/* "$TARGET:$DIR/_tmp" ssh $TARGET "mv $DIR/$NAME $DIR/_old && mv $DIR/_tmp $DIR/$NAME" ssh $TARGET "rm -rf $DIR/_old" Docker Image deploy_with_ssh ENTRYPOINT TARGET=user@host SRC=build DIR=htdocs NAME=live config.properties Test for Correctness Source: https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html C o d e ( H o w ) Config (W hat)
  16. 16. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 16 Config Tools Cloud Formation aws cf create Kubernetes Manifest kubectl apply Swagger YAML Terraform YAML … AndroidManifest.xml … Test Strategy Static Code Analysis Linting Integration Tests Unit Tests
  17. 17. Declarative Descriptions → Automated Governance DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 17 Config Cloud Formation Kubernetes Manifest Swagger YAML Terraform YAML … AndroidManifest.xml Compliance Check cfn-nag: Linting tool for CloudFormation templates K8S Admission Controller / OPA Gatekeeper zally: A minimalistic, simple-to-use API linter terraform-compliance.com, checkov.io … . . . Tools aws cf create kubectl apply … ? CI CD Compliant! Automated Compliance Checks as Quality Gate for Deployments
  18. 18. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 18 Engineering Teams git ? CI CD
  19. 19. GitOps Tech DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 19 git push State Repo develop Binary Artifacts CI Test & Build State Repo main git push Version 27 Merge Request Modify Monitor ❶ ❷ ❸ ❹ ❺ ❺ GitOps Controller ❻ People Area Machine Area Infrastructure Environment Systems
  20. 20. Git Ops git push monitor git pull deploy delete monitor 3. GitOps Controller (git push) Engineers DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 20 CI/CD git push trigger deploy 1. CI-Ops GitOps Controller Engineers Git Ops git push trigger deploy delete 2. Simple GitOps Engineers
  21. 21. DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 21
  22. 22. GitOps & Compliance Automation DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 22 GitOps Operations Model provides ideal interface for compliance automation: A central place where every change passes by in a machine-readable format. GitOps enables true hands-off operations, reducing IT costs & efforts. Motivation to “Fix the Basics”. Nutzer Git Ops git push monitor git pull deploy delete monitor 3. GitOps Controller (git push) Compliance Checks
  23. 23. Cost & Effort of Compliance Checking? DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 23 Policy 1 Policy N … Policy 1 Policy N … 500+ Teams Central “IT Compliance” Team git ? CI CD git ? CI CD
  24. 24. Policy on Paper DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 24 Policy 1 Policy N git ? CI CD … Policy on Paper (low cost) No coordination between policies required Every Engineering Team interprets policies anew Every Engineering Team implements own policy checking Distributed Cost of Compliance Checking Linear costs scale with number of teams and number and complexity of policies
  25. 25. Policy as Code – Compliance Automation DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 25 IT Compliance Team converts policies to code Centralized Cost of Compliance Checking Feedback cycle policy & code Cost scale with number and complexity of policies, not with number of teams Policy 1 Policy N … Central “IT Compliance” Team git ? CI CD Every Engineering Team uses common policy checking code as acceptable means of compliance
  26. 26. Platform & Compliance Engineering DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 26 git ? CI CD HOW Deployment Automation Test for Correctness Platform Teams Central “IT Compliance” Team
  27. 27. Platform & Compliance Engineering Organisation DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 27 Mission: Compliant-by-Default IT platforms Create & maintain standardized tooling for common IT tasks Tools are user friendly, integrate automated compliance checks Educate & coach teams in tool usage & best practices Cost center Main KPIs: Productivity of product engineering teams Balancing IT compliance risks and costs Platform Teams Central “IT Compliance” Team Organisational Frameworks Technology Frameworks …
  28. 28. Reality Check – Food Court Example DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 28 All images: pixabay.com no attribution required 1. Healthy ? 2. Low Carb ? 3. Organic ? 4. Kosher ? 5. Legal ? Product Teams
  29. 29. Reality Check – Product certification DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 29 1. Healthy ✔ 2. Low Carb ✔ 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ Product Teams 1. Healthy 2. Low Carb 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ 1. Healthy ✔ 2. Low Carb 3. Organic 4. Kosher 5. Legal 1. Healthy ✔ 2. Low Carb ✔ 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ 1. Healthy ? 2. Low Carb ? 3. Organic ? 4. Kosher ? 5. Legal ?
  30. 30. Reality Check – Product certification DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 30 1. Healthy ✔ 2. Low Carb ✔ 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ Product Teams 1. Healthy 2. Low Carb 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ 1. Healthy ✔ 2. Low Carb 3. Organic 4. Kosher 5. Legal 1. Healthy ✔ 2. Low Carb ✔ 3. Organic ✔ 4. Kosher ✔ 5. Legal ✔ 1. Healthy ? 2. Low Carb ? 3. Organic ? 4. Kosher ? 5. Legal ?
  31. 31. Toolchain Certification DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 31 Engineering Teams git Policy 1 … N Teams using unmodified Toolchain are certified to be compliant with Policy without further proof Platform Teams Internal Toolchain Product „Compliant-by-Default“ Provide
  32. 32. Certified Toolchains DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 32 1. Policy 1 ✔ 2. Policy 2 ✔ 3. Policy 3 ✔ 4. Policy 4✔ 5. … ✔ Product Teams 1. Policy 1 ✔ 2. Policy 2 3. Policy 3 ✔ 4. Policy 4✔ 5. … 1. Policy 1 2. Policy 2 3. Policy 3 4. Policy 4✔ 5. … 1. Policy 1 ✔ 2. Policy 2 ✔ 3. Policy 3 ✔ 4. Policy 4✔ 5. … ✔ 1. Policy 1 ? 2. Policy 2 ? 3. Policy 3 ? 4. Policy 4? 5. … ? Platform Team Platform Team Platform Team Platform Team
  33. 33. Certified Toolchains – Self-regulating Market DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 33 1. Policy 1 ✔ 2. Policy 2 ✔ 3. Policy 3 ✔ 4. Policy 4✔ 5. … ✔ 1. Policy 1 ✔ 2. Policy 2 3. Policy 3 ✔ 4. Policy 4✔ 5. … 1. Policy 1 2. Policy 2 3. Policy 3 4. Policy 4✔ 5. … 1. Policy 1 ✔ 2. Policy 2 ✔ 3. Policy 3 ✔ 4. Policy 4✔ 5. … ✔ 1. Policy 1 ? 2. Policy 2 ? 3. Policy 3 ? 4. Policy 4? 5. … ? Platform Team Platform Team Platform Team Platform Team Product Teams
  34. 34. Acceptable Means of Compliance – Everybody Wins! DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 34 Policy Owners Certify tool implementations for common IT topics around Dev & Ops to provide a compliant-by-default usage scenario for common tasks Provide funding to implement compliance checks Ensure every policy has at least one certified implementation (reference implementation) Write better policies that can be easily implemented Gain visibility into policy adherence Product Engineering Teams Intrinsic motivation to prefer compliant-by-default tools to reduce own cost of compliance Automated proof of compliance possible Focus on product development Platform Teams Can use compliance adherence to promote their tools Receive additional funding for implementing non- functional requirements in tools Implement IT compliance together with new functionality The Company Better & central visibility for cost of compliance Global optimisation of compliance costs Global optimisation of tool costs Increased IT efficiency through intrinsic motivation Automated company-wide compliance reports Risk management can be based on technical KPIs Actual measurement of IT compliance Scale-out company growth with increased IT compliance Results: Ø Organisational & Technology Framework Ø More fun and happyiness in IT Ø Better IT effectiveness
  35. 35. DevOps Ops Automation IT Evolution Big Picture 35 Technology Culture Dev ⇔ Ops CI-Ops 1 2 GitOps Hands-Off Operations DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro
  36. 36. Hands-Off Operations DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 36 No manual changes in production Dev & Ops have same permissions in production: None by Default Automate the hard stuff: Compliance & governance Distributed rolling upgrades Backup & Disaster Recovery Everything in your stack Test Driven Everything Standardized Tooling Fix the Basics! GitOps
  37. 37. Why GitOps? DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 37 Hands-Off Operations Impossible! GitOps Yes, please! When do we start? It sounds much better!
  38. 38. The Role of GitOps in IT Strategy DB Systel | Schlomo Schapiro | CTO Office | @schlomoschapiro 38 Adopting GitOps practices drives automation as the solution for many IT strategy requirements. schlomo.schapiro.org/2021/04/the-gitops-journey.html read more about this schlomo.schapiro.org/p/5-devops-principles.html DevOps & all my talks Q&A @schlomoschapiro

×