cloud-native world, GitOps makes developers more productive while improving application stability, security and compliance – and it does all this without the need for developers to learn new tools. On the GitOps is to use Git, since it already includes many advantages such as built-in security guarantees with full audit trails. Another key concept behind GitOps is the fact that Kubernetes and its ecosystem that is made in Git, from code commits to production configuration changes, GitOps provides a full audit trail. At any point, you can see exactly what changes were made, when and by whom. The key benefits

developers to be more effective, by making the good thing the easy thing – in areas such as testing, security and observability this is increasingly important. Good DX allows for shift left.” — James Governor cloud to edge Scale infrastructure to meet demands Enable built-in compliance Enforce zero-trust security Let’s look at each of these reasons in detail. 1 2 3 4 weave.works THE GITOPS GUIDE TO BUILDING to meet demands THE GITOPS GUIDE TO BUILDING & MANAGING INTERNAL PLATFORMS 7 weave.works ▼ Security comes first for any organization, particularly an organization like the Department of Defense (DoD)

your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your manage your Kubernetes cluster, you automatically gain a convenient audit log of all cluster changes outside of Kubernetes. An audit trail of who did what, and when to your cluster can be used to meet operations tasks are also fully reproducible through Git. 6. Stronger Security Guarantees Git’s strong correctness and security guarantees, backed by the strong cryptography used to track and manage

reduce errors in the application infrastructure. On top of that, version control allows users to audit changes and roll back to previous states with ease. This, in turn, improves the stability and reliability standardized and fully reproducible infrastructure configurations. Enhanced security GitOps approach helps organizations enforce security best practices and track all the infrastructure changes and corresponding corresponding states available via Git SCM. Moreover, this organized approach enables proper audit trails to identify details related to infrastructure changes such as Responsible users Deployment data time Affected

monitoring, and managing Kubernetes, teams can increase their overall output 2-3 times and easily meet security and compliance regulations. Deploy Operate & Manage Monitor GIT P.6 Enhance and extend revert/rollback and fork in the case of a catastrophic event. Meet compliance requirements Build an audit log of all cluster changes and attribution that meets SOC 2 compliance just by using Git. Standardize driven by pull requests and fully reproducible through Git. Embed security Leverage Git’s correctness and strong cryptography and security guarantees to track and manage changes across the entire cluster

applications rapidly 2 Continuous Integration(CI) & Continuous Delivery (CD) 3 Build Test Security Checks Release Deploy Stage Deploy Prod Continuous Integration Continuous Delivery A key DevOps to clusters through Git history Visibility and Audit Review changes beforehand, detect configuration drifts, and take action Enhanced Security Familiar tools and Git workflows from application Detect drift Take action CD Continuous Integration & Continuous Delivery 10 Build Test Security Checks Release Deploy Stage Deploy Prod OpenShift Build Automate building container images

different domains. In GitOps, whatever is stored in Git is the only source of truth. So, this makes the audit process simple: The auditor can analyze the desired state by observing and focusing on the source business and team needs. Managing these clusters and keeping configuration and organizational security and other policies consistent across these clusters is a big ask for the Ops team. GitOps takes has Infrastructure as code as one of its characteristics. STRONGER SECURITY GUARANTEES Git’s firm correctness and security guarantees — backed by the strong cryptography used to track and manage

specific limitation, security requirements, etc. ● Configure business applications to confirm it provides what business requires ● Break, debug, pinpoint, and fix ● Security ● Observability ● Install in cluster with other business applications, where there is some specific limitation, security requirements, etc. ● Configure business applications to confirm it provides what business requires @rytswd #IstioCon What is NOT covered in the talk ● Multiclutser observability challenges ● Security considerations ● Secret management ● GitOps implementation details Target Audience What to expect

there. This means that tasks such as… ● Compiling code ● Running unit/integration tests ● Security scanning ● Static analysis ...are not a concern of GitOps tools and are assumed to already whole deployment history of a cluster in the form of Git commits, doesn’t mean that you can easily audit its functionality. The current crop of Git tools are great for managing Git hashes but when several other tasks until that point that deals with the packaging of the artifact, the unit tests, security scanning, etc. And even post-deployment there are several actions (such as running smoke tests)

Separate Development in Directories, Not Branches Trunk-Based Development Policies and Security Summary 25 Chapter 5–Repository and Directory Structures Best Practices DRY Chapter 8–Other Considerations Multicluster Management Non-Declarative Infrastructure Security Base Image Selection Everything as Code Conclusion 45 About the Author The Path collection of different topics in automation, application delivery, infrastructure management, and security. In this chapter, I will go through each aspect of GitOps. By the end of the chapter, you will