The GitOps toolkit is a set of composable APIs and specialized tools designed to create a continuous delivery platform for Kubernetes, enabling dynamic configuration and interaction through Kubernetes events. It encompasses features such as source management, kustomize and helm support, role-based reconciliation, and policy-driven validation, all integrated with Git providers. The toolkit is currently in an active experimentation phase, and feedback is encouraged from the community.

1. GitOps Toolkit
NextGen operational model for Kubernetes
Stefan Prodan @stefanprodan
Cloud Native Nordics - June 2020

2. What is the GitOps Toolkit?
The GitOps Toolkit is a set of composable APIs and specialized tools that can
be used to build a Continuous Delivery platform on top of Kubernetes.
These tools are built with Kubernetes controller-runtime libraries and they can
be dynamically configured with Kubernetes custom resources either by cluster
admins or by other automated tools. The GitOps Toolkit components interact
with each other via Kubernetes events and are responsible for the reconciliation
of their designated API objects.

3. What is the scope of GitOps Toolkit?
● Source management
● Kustomize and Helm support
● Event-based and on-a-schedule reconciliation
● Role-based reconciliation (multi-tenancy)
● Health assessment (infra and workloads)
● Dependency management (infra and workloads)
● Alerting to external systems (webhook senders)
● External events handling (webhook receivers)
● Source write-back (automated patching)
● Policy driven validation (OPA, admission controllers)
● Seamless integration with Git providers (GitHub, GitLab, BitBucket)
● Interoperability with CAPI providers (for cluster and fleet management)

4. Source Controller
The main role of the source management component is to provide a common
interface for artifacts acquisition. The source API defines a set of Kubernetes
objects that cluster admins and various automated operators can interact with
to offload the Git and Helm repositories operations to a dedicated controller.
Operations:
● Authentication and authenticity validation
● Event-based and on-a-schedule policy driven artifacts acquisition
● Produce immutable artifacts from sources
● Notify interested 3rd parties of source changes and availability
API Spec: https://github.com/fluxcd/source-controller/tree/master/docs/spec/v1alpha1

5. Source Controller

6. Specialized Reconcilers
The GitOps Toolkit allows specialized reconcilers to collaborate when declaring
the desired state of a group of clusters:
● Kustomize Controller
● Helm Controller (TBA)
● Fleet Controller (TBA)
All these controllers will be using the Source API package to acquire artifacts
and subscribe to “source changes” events.

7. Cluster Management

8. Kustomize Controller
Features
● Reconciles the cluster state from multiple sources
● Generates manifests with Kustomize from plain yamls or overlays
● Validates manifests against Kubernetes API
● Impersonates service accounts (multi-tenancy RBAC)
● Health assessment of the deployed workloads
● Runs pipelines in a specific order (depends-on relationship)
● Prunes objects removed from source (garbage collection)
● Reports cluster state changes (Slack/Discord)
API Spec: https://github.com/fluxcd/kustomize-controller/tree/master/docs/spec/v1alpha1

9. GitOps Pipeline

10. Fleet Management (TBA)

11. GitOps Toolkit - CLI
The TK command-line utility allows cluster admins to configure the toolkit
and assemble CD pipelines without having to write tomes of YAML:
● seamlessly integrates with Git providers like GitHub and GitLab
● deploy keys provisioning for Git sources (SSH and token based auth)
● install/upgrade/check/uninstall operations for the toolkit components
● create/update/get/export/delete operations for sources and
kustomizations
● sync/suspend/resume operations for kustomizations

12. GitOps Toolkit CLI - Bootstrap
One-click provisioning for:
● Git repositories
● Deploy keys
● Teams access
● Toolkit components (install/upgrade)
Git providers:
● GitHub
● GitLab
● BitBucket (TBA)
● SSH-agent (TBA)

13. GitOps Toolkit CLI - Incident Management
When dealing with an incident, cluster admins can suspend the
reconciliation of some workloads and debug/fix the issues, without having to
stop the reconciler and affect the whole cluster.

14. What about Flux and Helm Operator?
We envision a future where Flux v2 and Helm Operator v2 are assembled from the
GitOps Toolkit components.
Roadmap (WIP) https://toolkit.fluxcd.io/roadmap/
The Flux CD team is looking for feedback and help as the toolkit is in an active
experimentation phase. If you wish to take part in this quest please reach out to us
on Slack and GitHub.

15. What about Flagger and Progressive Delivery?
Flagger, like many others Kubernetes operators, works out-of-the-box with the
GitOps Toolkit.

16. Links
16
Toolkit documentation
https://toolkit.fluxcd.io
Toolkit assembler
https://github.com/fluxcd/toolkit
Source controller
https://github.com/fluxcd/source-controller
Kustomize controller
https://github.com/fluxcd/kustomize-controller