Separate Development in Directories, Not Branches Trunk-Based Development Policies and Security Summary 25 Chapter 5–Repository and Directory Structures Best Practices DRY Chapter 8–Other Considerations Multicluster Management Non-Declarative Infrastructure Security Base Image Selection Everything as Code Conclusion 45 About the Author The Path collection of different topics in automation, application delivery, infrastructure management, and security. In this chapter, I will go through each aspect of GitOps. By the end of the chapter, you will

developers to be more effective, by making the good thing the easy thing – in areas such as testing, security and observability this is increasingly important. Good DX allows for shift left.” — James Governor cloud to edge Scale infrastructure to meet demands Enable built-in compliance Enforce zero-trust security Let’s look at each of these reasons in detail. 1 2 3 4 weave.works THE GITOPS GUIDE TO BUILDING to meet demands THE GITOPS GUIDE TO BUILDING & MANAGING INTERNAL PLATFORMS 7 weave.works ▼ Security comes first for any organization, particularly an organization like the Department of Defense (DoD)

set of “gotchas.” This com- plexity is compounded by the need to ensure consistency in deployment, security, and operations across various platforms. | 08 3 KEY ELEMENTS FOR YOUR GITOPS STRATEGY Copyright cloud-native applications requires continuous monitoring, updates, and security checks to ensure optimal performance and security. Push vs. Pull-Based Architecture Kubernetes Cluster Git Repository code is a best practice. This promotes modularity, independence, collaboration, versioning, and security. It allows for efficient development, testing, and deployment of both application and infrastructure

cloud-native world, GitOps makes developers more productive while improving application stability, security and compliance – and it does all this without the need for developers to learn new tools. On the way to implement GitOps is to use Git, since it already includes many advantages such as built-in security guarantees with full audit trails. Another key concept behind GitOps is the fact that Kubernetes Git. 6. Stronger security guarantees With strong cryptography to track and manage changes, plus signed changes to prove authorship and origin, Git already offers powerful security guarantees for application

business and team needs. Managing these clusters and keeping configuration and organizational security and other policies consistent across these clusters is a big ask for the Ops team. GitOps takes has Infrastructure as code as one of its characteristics. STRONGER SECURITY GUARANTEES Git’s firm correctness and security guarantees — backed by the strong cryptography used to track and manage authorship and origin — are key to a correct and secure definition of the cluster’s desired state. If a security breach does occur, the immutable and auditable source of truth can be used to recreate a new

monitoring, and managing Kubernetes, teams can increase their overall output 2-3 times and easily meet security and compliance regulations. Deploy Operate & Manage Monitor GIT P.6 Enhance and extend driven by pull requests and fully reproducible through Git. Embed security Leverage Git’s correctness and strong cryptography and security guarantees to track and manage changes across the entire cluster Fortune 100 companies to run their most sensitive and mission critical applications because of its security, reliability, and scalability. Amazon EKS is deeply integrated with other AWS services such as

applications rapidly 2 Continuous Integration(CI) & Continuous Delivery (CD) 3 Build Test Security Checks Release Deploy Stage Deploy Prod Continuous Integration Continuous Delivery A key DevOps Visibility and Audit Review changes beforehand, detect configuration drifts, and take action Enhanced Security Familiar tools and Git workflows from application development teams Standard Workflow Multi-cluster Detect drift Take action CD Continuous Integration & Continuous Delivery 10 Build Test Security Checks Release Deploy Stage Deploy Prod OpenShift Build Automate building container images

your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your operations tasks are also fully reproducible through Git. 6. Stronger Security Guarantees Git’s strong correctness and security guarantees, backed by the strong cryptography used to track and manage DEPLOYMENT Write Code VCS Code Base Unit Tests Integ Tests Container Registry DEPLOY eBook 8 Security and the Typical CI/CD Pipeline How secure is the typical CI/CD pipeline? With this approach

specific limitation, security requirements, etc. ● Configure business applications to confirm it provides what business requires ● Break, debug, pinpoint, and fix ● Security ● Observability ● Install in cluster with other business applications, where there is some specific limitation, security requirements, etc. ● Configure business applications to confirm it provides what business requires @rytswd #IstioCon What is NOT covered in the talk ● Multiclutser observability challenges ● Security considerations ● Secret management ● GitOps implementation details Target Audience What to expect

there. This means that tasks such as… ● Compiling code ● Running unit/integration tests ● Security scanning ● Static analysis ...are not a concern of GitOps tools and are assumed to already several other tasks until that point that deals with the packaging of the artifact, the unit tests, security scanning, etc. And even post-deployment there are several actions (such as running smoke tests) full deployment platform also needs the ability to compile applications, run unit tests, perform security scans, etc. These capabilities are out of scope for Argo, but are perfectly possible with Codefresh