The authors of this book have done a great job not only covering the topic and process of GitOps but also all of the additional concerns that come with this type of workflow.

Samuel Brown

GitOps and Kubernetes introduces a radical idea—managing your infrastructure with the same Git pull requests you use to manage your codebase. In this in-depth tutorial, you’ll learn to operate infrastructures based on powerful-but-complex technologies such as Kubernetes with the same Git version control tools most developers use daily. With these GitOps techniques and best practices, you’ll accelerate application development without compromising on security, easily roll back infrastructure changes, and seamlessly introduce new team members to your automation process.

About the Technology

The tools to monitor and manage software delivery and deployment can be complex to set up and intimidating to learn, especially when you apply them to applications deployed using Docker and Kubernetes. Imagine, instead, managing your entire Kubernetes infrastructure with Git pull requests! What might at first sound ridiculous is quickly becoming one of the most reliable ways to do Continuous Delivery. Dubbed “GitOps”, this new method uses Git as the “single source of truth” and allows you to manage your infrastructure as a codebase, just like you manage application code. Using declarative tools such as Kubernetes for automating deployment and scaling, GitOps gives you a single control interface, making it easy to assess and roll back changes.

About the book

GitOps and Kubernetes is half reference, half practical tutorial for operating Kubernetes the GitOps way. You’ll learn the GitOps best practices, techniques, and tools that simplify using Kubernetes to deliver enterprise-scale software faster, all without compromising on security. Through fast-paced chapters, you’ll unlock the benefits of GitOps for flexible configuration management, monitoring, robustness, multi-environment support, and discover tricks and tips for managing secrets in the unique GitOps fashion. When you’re done, you’ll be able to implement and manage a scalable Continuous Delivery pipeline that makes it easy to trace changes, rollback mistakes, and clearly validate and audit container deployments.

Part 1: Background

1 Why GitOps?

1.1 Introduction

1.1.1 Who this book is for

1.1.2 Who this book is not for

1.1.3 How to use this book

1.2 Evolution to GitOps

1.2.1 Traditional Ops

1.2.2 DevOps

1.2.3 GitOps

1.3 Developer Benefits of GitOps

1.3.1 Infrastructure as Code

1.3.2 Self-Service

1.3.3 Code Reviews

1.3.4 Git Pull Requests

1.4 Operational Benefits of GitOps

1.4.1 Declarative

1.4.2 Observability

1.4.3 Auditability & Compliance

1.4.4 Disaster Recovery

1.4.5 Rollback

1.5 Summary

2 Kubernetes & GitOps

2.1 Kubernetes Introduction

2.1.1 What Is Kubernetes?

2.1.3 Other Container Orchestrators

2.1.4 Kubernetes Architecture

2.1.4 Deploying to Kubernetes

2.2 Declarative vs Imperative Object Management

2.2.1 How Declarative Configuration Works

2.3 Controller Architecture

2.3.1 Controller Delegation

2.3.2 Controller Pattern

2.3.3 NGINX Operator

2.4 Kubernetes + GitOps

2.5 Getting Started with CI/CD

2.5.1 Basic GitOps Operator

2.5.2 Continuous Integration Pipeline

2.6 Summary

Part 2: Patterns & Processes

3 Environment Management

3.1 Introduction to Environment Management

3.1.1 Components of an environment

3.1.2 Namespace Management

3.1.3 Network isolation

3.1.4 Preprod and Prod Clusters

3.2 Git Strategies

3.2.1 Single branch (multiple directories)

3.2.2 Multiple branches

3.2.3 Multiple repos vs Monorepo

3.3 Configuration Management

3.3.1 Helm

3.3.2 Kustomize

3.3.3 Jsonnet

3.3.4 Configuration Management Summary

3.4 Durable vs. Ephemeral Environments

3.5 Summary

4 Pipelines

4.1 Stages in CI/CD Pipelines

4.1.1 GitOps Continuous Integration

4.1.2 GitOps Continuous Delivery

4.2 How to drive promotions

4.2.1 Code vs. Manifest vs. App Config

4.2.2 Code and Image promotion

4.2.3 Environment promotion

4.2.4 Putting it all together

4.3 Other pipelines

4.3.1 Rollback

4.3.2 Compliance Pipeline

4.4 Summary

5 Deployment Strategies

5.1 Deployment Basics

5.1.1 Why ReplicaSet is NOT a good fit for GitOps

5.1.2 How Deployment works with ReplicaSets

5.1.3 Traffic Routing

5.1.4 Configure minikube for other strategies

5.2 Blue-Green

5.2.1 Blue-Green with Deployment

5.2.2 Blue-Green with Argo Rollouts

5.3 Canary

5.3.1 Canary with Deployment

5.3.2 Canary with Argo Rollouts

5.4 Progressive Delivery

5.4.1 Progressive Delivery with Argo Rollouts

5.5 Summary

Part 3: Advanced Topics

6 Access Control & Security

6.1 Introduction to Access Control

6.1.1 What is Access Control?

6.1.2 What to Secure?

6.1.3 Access control in GitOps

6.2 Access Limitations

6.2.1 Git repository access

6.2.2 Kubernetes RBAC

6.2.3 Image Registry Access

6.3 Patterns

6.3.1 Full access

6.3.2 Deployment Repo Access

6.3.3 Code access only

6.4 Security Concerns

6.4.1 Prevent Image Pull from Untrusted Registries

6.4.2 Cluster Level Resources in Git Repository

6.5 Summary

7 Secrets

7.1 Kubernetes Secrets

7.2 GitOps and Secrets

7.3 Secret Management Strategies

7.3.1 Store Secrets in Git

7.3.2 Bake Secrets into the Container Image

7.3.3 Out-of-Band Management

7.3.4 External Secret Management Systems

7.3.5 Encrypting Secrets in Git

7.3.6 Comparison of Strategies

7.4 Tooling

7.4.1 Hashicorp Vault

7.4.2 Vault Agent Sidecar Injector

7.4.3 Sealed Secrets

7.4.4 Kustomize Secret Generator Plugin

7.5 Summary

8 Observability

8.1 What is Observability?

8.1.1 Event Logging

8.1.2 Metrics

8.1.3 Tracing

8.1.4 Visualization

8.1.5 Importance of Observability in GitOps

8.2 Application Health

8.2.1 Resource Status

8.2.2 Readiness and Liveness

8.2.3 Application Monitoring and Alerting

8.3 GitOps Observability

8.3.1 GitOps Metrics

8.3.2 Application Sync Status

8.3.3 Configuration Drift

8.3.4 GitOps Change Log

8.4 Summary

Part 4: Tools

9 Argo CD

9.1 What is Argo CD?

9.1.1 Main use cases

9.1.2 Core Concepts

9.1.3 Architecture

9.2 Deploy your first application

9.2.1 Deploying the first application

9.2.2 Inspect application using user interface

9.3 Deep dive into Argo CD features

9.3.1 GitOps driven deployment

9.3.2 Resource Hooks

9.3.3 Post-deployment verification

9.4 Enterprise features

9.4.1 Single sign-on

9.4.2 Access control

9.5 Summary

10 Jenkins X

10.1 What Is Jenkins X?

10.2 Exploring Prow, Jenkins X Pipeline Operator, And Tekton

10.3 Importing Projects Into Jenkins X

10.3.1 Importing A Project

10.3.2 Promoting A Release To The Production Environment

10.4 Summary

11 Flux

11.1 What is Flux?

11.1.1 What Flux Does?

11.1.2 Docker Registry Scanning

11.1.3 Architecture

11.2 Simple application deployment

11.2.1 Deploying the first application

11.2.2 Observe application state

11.2.3 Upgrade deployment image

11.2.4 Use Kustomize for manifest generation

11.2.5 Secure deployment using GPG

11.3 Multi-tenancy with Flux

11.4 Summary

Appendixes

Appendix A: Setup a Test Kubernetes Cluster

A.1 Prerequisites for working with Kubernetes

A.2 Install minikube and create a cluster

A.3 Create a GKE cluster in GCP

A.4 Create an EKS cluster in AWS

Appendix B: Setup GitOps tools

B.1 Install Argo CD

B.2 Install Jenkins X

B.2.1 Prerequisites

B.2.2 Installing Jenkins X In Kubernetes Cluster

B.3 Install Flux

B.3.1 Install CLI client

Appendix C: Configure GPG Key

C.1 Configure GPG Key

What's inside

Multiple-environments management with branching, namespace, and configuration
Access Control with Git, Kubernetes, and Pipeline
Using Kubernetes with Argo CD, JenkinsX, and Flux
Multi-step deployment strategies like Blue-Green, Canary in a declarative GitOps model

About the reader

For developers familiar with Continuous Delivery principles, and the basics of Git and Kubernetes.

About the authors

Billy Yuen, Alexander Matyushentsev, Todd Ekenstam, and Jesse Suen are principal engineers for the Intuit platform. They are widely recognized as industry leads in GitOps for Kubernetes, having presented numerous related talks at industry conferences.

placing your order...

Don't refresh or navigate away from the page.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.

all chapters available