Separate Development in Directories, Not Branches Trunk-Based Development Policies and Security Summary 25 Chapter 5–Repository and Directory Structures Best Practices DRY Chapter 8–Other Considerations Multicluster Management Non-Declarative Infrastructure Security Base Image Selection Everything as Code Conclusion 45 About the Author The Path collection of different topics in automation, application delivery, infrastructure management, and security. In this chapter, I will go through each aspect of GitOps. By the end of the chapter, you will

developers to be more effective, by making the good thing the easy thing – in areas such as testing, security and observability this is increasingly important. Good DX allows for shift left.” — James Governor cloud to edge Scale infrastructure to meet demands Enable built-in compliance Enforce zero-trust security Let’s look at each of these reasons in detail. 1 2 3 4 weave.works THE GITOPS GUIDE TO BUILDING to meet demands THE GITOPS GUIDE TO BUILDING & MANAGING INTERNAL PLATFORMS 7 weave.works ▼ Security comes first for any organization, particularly an organization like the Department of Defense (DoD)

Ecosystems NINAD DESAI STAFF ENGINEER, INFRACLOUD CONTENTS • About GitOps for Kubernetes • Configuration Management in Kubernetes • GitOps for Kubernetes Essentials • Conclusion Git is the most experience. In the last few years, the number of tools and systems needed to manage version control, configuration management, Infrastructure as Code, CI/CD, and observability have drastically increased. This Thus, to improve developer experience, GitOps emerged where infrastructure and application configuration changes revolve around Git, i.e., the version control ecosystem. The focus is entirely on

cloud-native world, GitOps makes developers more productive while improving application stability, security and compliance – and it does all this without the need for developers to learn new tools. On the treat everything as code – from the application code itself to the underlying infrastructure and configuration – you can keep it in version control. This means the desired state and any changes of an entire way to implement GitOps is to use Git, since it already includes many advantages such as built-in security guarantees with full audit trails. Another key concept behind GitOps is the fact that Kubernetes

#IstioCon Target audience ✅ If you want to ... ● play with Istio offerings ● see the actual configuration files ● understand how Istio can be used / installed with other services ● know what multicluster Install into some cluster ● Tweak some simple configuration ● Add / remove offerings you are keen to test and see in action ● Add custom configuration on top of simple setup ● Install in cluster specific limitation, security requirements, etc. ● Configure business applications to confirm it provides what business requires ● Break, debug, pinpoint, and fix ● Security ● Observability ●

set of “gotchas.” This com- plexity is compounded by the need to ensure consistency in deployment, security, and operations across various platforms. | 08 3 KEY ELEMENTS FOR YOUR GITOPS STRATEGY Copyright architecture requires a GitOps operator, or agent, to evaluate both the infrastructure and application configuration in the repository to detect when the Kubernetes cluster resources should automatically update cloud-native applications requires continuous monitoring, updates, and security checks to ensure optimal performance and security. Push vs. Pull-Based Architecture Kubernetes Cluster Git Repository

there. This means that tasks such as… ● Compiling code ● Running unit/integration tests ● Security scanning ● Static analysis ...are not a concern of GitOps tools and are assumed to already being generic). ● It requires extra effort to keep all branches in sync (in case of hotfixes or configuration changes). ● It puts unnecessary strain on the CI system that has to check/rebuild/unit test each environment and can quickly lead to configuration duplication or people making commits to specific environments (instead of using shared configuration). For example, if you have 20 git repositories

native tools that are “declarative” and that can be treated as code. Declarative means that configuration is guaranteed by a set of facts instead of by a set of instructions. With your application’s your previous application state. With Git’s excellent security guarantees, you can also use your SSH key to sign commits that enforce strong security guarantees about the authorship and provenance of your operations tasks are also fully reproducible through Git. 6. Stronger Security Guarantees Git’s strong correctness and security guarantees, backed by the strong cryptography used to track and manage

applications rapidly 2 Continuous Integration(CI) & Continuous Delivery (CD) 3 Build Test Security Checks Release Deploy Stage Deploy Prod Continuous Integration Continuous Delivery A key DevOps through Git history Visibility and Audit Review changes beforehand, detect configuration drifts, and take action Enhanced Security Familiar tools and Git workflows from application development teams Detect drift Take action CD Continuous Integration & Continuous Delivery 10 Build Test Security Checks Release Deploy Stage Deploy Prod OpenShift Build Automate building container images

monitoring, and managing Kubernetes, teams can increase their overall output 2-3 times and easily meet security and compliance regulations. Deploy Operate & Manage Monitor GIT P.6 Enhance and extend driven by pull requests and fully reproducible through Git. Embed security Leverage Git’s correctness and strong cryptography and security guarantees to track and manage changes across the entire cluster entirely on GitOps best practices, reducing complexity of configuration management for complete Kubernetes platforms. By keeping the configuration in Git, developers and operators can use WKP to easily