The document presents an overview of GitOps, a workflow for managing infrastructure-as-code using Git repositories for declarative configurations, emphasizing the role of tools like GitHub, ArgoCD, and Kustomize. It details the GitOps operation model, deployment processes, and benefits, including auditing and process enforcement, while providing examples from a Java application setup. Additionally, resources and links for further exploration of GitOps practices and tools are included.

1. Denis Maggiorotto
Sunnyvale S.r.l.
Kubernetes GitOps
Featuring GitHub, ArgoCD and Kustomize
@Home
05/11/2020
Kubernetes GitOps
featuring GitHub, Kustomize and ArgoCD

2. About me
Denis Maggiorotto
• CTO and shareholder @ Sunnyvale S.r.l.
• 20 years of experience in IT consulting
• Senior Software / Enterprise Architect @ Major companies in public utility,
telco, TV broadcasting and banking sector
• Oracle University Principal Instructor regarding Java technologies (Micro
Edition, Standard Edition and Enterprise Edition) and Oracle's middleware
products.
• Cloud/DevOps Engineer
• Independent IT professional trainer and public speaker

3. What is GitOps?
GitOps is a standardised workflow for how to deploy,
configure, monitor, update and manage infrastructure-as-
code
Core idea is having a Git repository that contains
declarative descriptions of the infrastructure desired in
the production environment and an automated process to
make production environment match the described state in
the repository

4. GitOps operation model

5. GitOps operation model

6. GitOps operation model

7. GitOps operation model

8. GitOps operation model

9. GitOps operation model

10. GitOps operation model

11. GitOps operation model

12. GitOps principales
• The entire system is described declaratively
• The canonical desired system state is versioned (Git)
• Approved changes to the desired state are (automatically)
applied to the system
• Software agents ensure correctness, feedback and alert on
synchronizations/divergences

13. Tools

15. java-hello-world sample app
WEB server is up! http://localhost:8080/greet
$ java
-cp "./target/libs/*:target/*"
it.sunnyvale.java.helloworld.Main
{"message":" World v.snapshot from host MyPCName! I'm
running in local!"}
$ curl -s http://localhost:8080/greet
• snapshot: the running application version (env. variable)
• MyPCName: the host name where the app is running
• local: the environment name (env. variable)

16. Code Pipeline
Developer Code repo (GitHub)
CI/CD
(GitHub Action)
Docker registry
Config review /
Merge

17. Code branching strategy

18. java-hello-world app release
Total 0 (delta 0), reused 0 (delta 0)
To https://github.com/sunnyvale-academy/java-hello-world.git
* [new tag] 3.0 -> 3.0
$ export TAG=3.0 && git tag $TAG && git push origin $TAG
1) Build
2) Test
3) Jar
4) Docker build
5) Docker push

19. Delivery process automation
We automated the release process, can we automate the
delivery too? Yes, with GitOps practices!

20. Config pipeline
DevOps Config repo (GitHub)
K8S native CI/CD
(ArgoCD)
Kubernetes
Docker Registry
Push /
Pull request
Config review /
Merge
Pull config Sync
Pull images
Slack
NotifyFeedback

21. Example workflow

22. Config branching strategy
Pull
request /
Merge
Pull
request /
Merge
Pull
request /
Merge

23. Multi-environment K8S manifest
service-dev.yaml
service-test.yaml
service-prod.yaml
deployment-dev.yaml
deployment-test.yaml
deployment-prod.yaml
ingress-dev.yaml
ingress-test.yaml
ingress-prod.yaml
configmap—dev.yaml
configmap-test.yaml
configmap-prod.yaml
$ ls -1 java-hello-world-config
…
replicas: 2
…
apiVersion: apps/v1
kind: Deployment
metadata:
name: java-hello-world
spec:
replicas: 0
template:
spec:
containers:
- image: dennydgl1/java-hello-
world:1.0
…
Base
Overlay /
Patch
Avoid this
The ’s way
$ cat overlays/deployment/deployment.yaml
$ cat base/deployment.yaml

24. Config repo content
java-hello-world-config
├── base
│ ├── configmap.yaml
│ ├── deployment.yaml
│ ├── kustomization.yaml
│ └── service.yaml
└── overlays
├── development
│ ├── application.yaml
│ ├── deployment-patch.yaml
│ ├── env.properties
│ ├── ingress.yaml
│ ├── kustomization.yaml
│ └── namespace.yaml
├── production
│ ├── application.yaml
│ ├── deployment-patch.yaml
│ ├── env.properties
│ ├── ingress.yaml
│ ├── kustomization.yaml
│ └── namespace.yaml
└── staging
├── application.yaml
├── deployment-patch.yaml
├── env.properties
├── ingress.yaml
├── kustomization.yaml
└── namespace.yaml
$ tree java-hello-world-config
Base
Development
overlay
Production
overlay
Staging
overlay
Base dir contains the “base”
manifests
Each overlay contains the
base manifests' specialisation
for the environment (dev,
staging, prod). Specialisation
means only the differences
against the one in base.
Thanks to Kustomize we
benefit from manifest code
reuse between environments!

25. Release 3.0 in development env
$ git checkout master
$ git branch feature-30
$ perl -p -i -e 's/newTag: "2.1"/newTag: "3.0"/g' overlay/developmnt/
kustomization.yaml
$ git add . && git commit -m "Release 3.0" && git push
$ git checkout master
$ git merge feature-30
master branchdevelopment branch
Pull request / Merge
(1) Change the app release for dev env
(2) Actuate changes on the environment

26. Desired state to actual state sync
Argo CD follows the GitOps pattern of using Git
repositories as the source of truth for defining the
desired application state on K8S. Kubernetes
manifests can be specified in several ways,
Kustomize is one of them!
Argo CD pulls a Git branch and synchronise the
app in K8S accordingly.

27. Release 3.0 in development env

28. Get feedbacks from the infrastructure
Argo CD integrates with Slack and
send you messages about
synchronisations it makes

29. Release 3.0 in development env
{
"message":"Hello World v.3.0 from host development-
java-hello-world-59dfb6b554-mz4qs! I'm running in
development!”
}
$ curl -s http://development.app.127-0-0-1.nip.io/greet

30. Rollback 2.1 in development env

31. GitOps benefits
• Auditing and attribution
• Separation of concerns
• No crossing security boundary
• Process & constraints enforcement
• Great software human collaboration point
• Easy to validate for correctness (policies)
• System can self heal

32. https://github.com/sunnyvale-academy/java-hello-world
https://github.com/sunnyvale-academy/java-hello-world-config
Source code is available on GitHub

33. • https://www.gitops.tech
• https://github.com/weaveworks/awesome-gitops
• https://thenewstack.io/what-is-gitops-and-why-it-might-be-the-nextbig-thing-for-devops/
Resources

34. Thanks!
github.com/denismaggior8
Denis Maggiorotto
denis.maggiorotto@sunnyvale.it
www.linkedin.com/in/denismaggiorotto
twitter.com/denismaggior8
github.com/sunnyvale-academy
github.com/sunnyvale-it