GitOps für Kubernetes
Was ist GitOps?
GitOps Prinzipien:
- Git als Single Source of Truth
- Deklarative Infrastruktur
- Automatische Synchronisierung
- Continuous Reconciliation
GitOps vs. Traditional CI/CD
| Aspekt | Traditional | GitOps |
|---|---|---|
| Deployment | Push-basiert | Pull-basiert |
| State | Cluster | Git Repository |
| Rollback | Re-deploy | Git Revert |
| Audit | CI/CD Logs | Git History |
ArgoCD
Komponenten
- Application Controller
- API Server
- Repository Server
- Dex (SSO)
- Redis (Cache)
Application Definition
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
project: default
source:
repoURL: https://github.com/org/repo
path: k8s
targetRevision: HEAD
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
Features
- UI Dashboard
- Multi-Cluster
- SSO Integration
- Webhooks
- ApplicationSets
Flux
Komponenten
- Source Controller
- Kustomize Controller
- Helm Controller
- Notification Controller
Features
- Toolkit-basiert
- Helm Support
- Kustomize Support
- Image Automation
Repository-Struktur
Monorepo
repo/
├── apps/
│ ├── app-a/
│ └── app-b/
├── infrastructure/
│ ├── cert-manager/
│ └── ingress/
└── clusters/
├── production/
└── staging/
Multi-Repo
- App Repo: Anwendungscode
- Config Repo: K8s Manifeste
- Infrastructure Repo: Cluster Setup
Sync Policies
Automatic Sync
- Continuous Deployment
- Bei Git-Änderung
- Self-Healing
Manual Sync
- Kontrollierte Releases
- Approval-Prozess
- Review vor Deploy
Progressive Delivery
Canary Deployments
- Schrittweises Rollout
- Metriken-basiert
- Automatic Rollback
Tools
- Argo Rollouts
- Flagger
- Linkerd/Istio
Multi-Cluster Management
ApplicationSet
- Cluster Generator
- Git Generator
- List Generator
Cluster-Fleet
- Zentrale Verwaltung
- Konsistente Konfiguration
- Environment Promotion
Secrets in GitOps
Lösungen
- Sealed Secrets
- SOPS
- External Secrets Operator
- Vault
Best Practices
- Environment per Branch oder Folder
- Kustomize/Helm für Varianten
- Automated Image Updates
- Review-Prozess für Prod
- Monitoring der Sync Status
CFTools Software implementiert GitOps-Workflows für Kubernetes-Umgebungen.