The benefits of applying GitOps best practices are far reaching and provide:
- a model for secure, cloud native CICD pipelines
- faster Mean Time to Deployment and Mean Time to Recovery
- stable and reproducible rollbacks (for example, revert/rollback/fork as per Git)
- an overall coherent approach to understanding, observing and managing apps when combined with modern monitoring & observability tools
让git的特性,同devops部分进行结合
#1. Everything that can be described must be stored in git
The goal is to describe everything: policies, code, configuration, and even monitored events and version control it all.
#2. Kubectl should not be used directly
#3. Use a Kubernetes controller that follows an operator pattern
The ability to manage and compare the current state of both your infrastructure, and your applications so that you can test, deploy, rollback, rollforward with a complete audit trail all from Git is what encompasses the GitOps philosophy and its best practices.
都能进行全流程的覆盖
IAC tools like Chef, Puppet and Ansible support features like “diff alerts”. These help operators to understand when action may need to be taken to “converge” the live system to the intended state (as defined by the configuration scripts).
关于diff alter的能力
Here is a typical developer workflow for creating or updating a new feature:
- A pull request for a new feature is pushed to GitHub for review.
- The code is reviewed and approved by a colleague. After the code is revised, and re-approved it is merged to Git.
- The Git merge triggers the CI and build pipeline, runs a series of tests and then eventually builds a new image and deposits to the new image to a registry.
- The Weave Cloud ‘Deployment Automator’ watches the image registry, notices the image, pulls the new image from the registry and updates its YAML in the config repo.
- The Weave Cloud ‘Deployment Synchronizer’ (installed to the cluster), detects that the cluster is out of date. It pulls the changed manifests from the config repo and deploys the new feature to production.
关于pull pipeline部分
为了安全性?摒弃之前的push模式?