β¬ οΈ GitOps Down On It π§ Zero Tickets to Paradise β‘οΈ
GitOps Goes the World
Music: Gossip - Pop Goes the World (2009)
This week we take a look at GitOps and Policy-as-Code (PaC).
Getting Informed
Fudge Sunday readers might recall the pipeline topic and the shifting left stories previously covered.
https://fudge.org/archive/underneath-the-cncf-tech-radar/
https://fudge.org/archive/fudge-sunday-once-in-a-pipeline/
Clearly there are many Cloud Native Computing Foundation (CNCF) projects. Projects are often the result of seeking answers to questions. But there are still questions to be answeredβ¦
- What if everything in the software lifecycle from developer to operations drew from one true source?
- What if everything in software versioning currency extended automation from the source to the service?
Such questions provoked neologisms from version control systems favored by software developers (Git) and IT practitioners presiding over services that express a particular version of software produced by developers (Ops). Or, for short, you could argue the answer to these (and other) questions is increasingly referred to as _GitOps_.
- What if there was a way to ensure security in our software supply chain?
- What if there was a way to anticipate multiple tenants, multiple feature flags, and compliance?
- What if there was a way to draw from Infrastructure as Code (IaC) concepts and apply those to policies associated with use of IaC?
Such questions were provoked companies bringing software into existence using IaC β continuously delivered β securely. Or, for short, you could argue the need for easily maintained and applied policies in the form of code aka _Policy-as-Code_ (PaC).
Find yourself in a situation πΆ
OpenGitOps is a sandbox project at CNCF as of early 2021. So, if youβve ever heard GitOps and wondered what the best definition is, OpenGitOps is defining GitOps in a way that is vendor-neutral.
Until OpenGitOps has _the_ definition, there are some history blog posts in the wild written and some by, well, vendors. And, The History of GitOps from Weaveworks is a great place to start:
https://www.weave.works/blog/the-history-of-gitops
And now, on to the next CNCF projectβ¦
Make noise from our frustration πΆ
Kyverno is an incubating project accepted to the CNCF in late 2020 with the goal of providing a policy engine for Kubernetes (k8s) governance at scale. And speaking of policies, there are already 283 policies available to the community as of May 2023.
For a deeper dive:
- Watch: Cloud Native Live: Whatβs new in Kyverno! with Whitney Lee of VMware, Jim Bugwadia of Nirmata, and Chip Zoller at Nirmata
- Read: Enforcing Kubernetes Best Practices using Kyverno and Argo CD from Nicholas Morey at Akuity
Also, keep in mind, CNCF End User Technology Radar for DevSecOps is almost two years old. Time flies!
So, what will be the next big thing in GitOps and PaC?
Until then⦠Place your bets!
Disclosure
I am linking to my disclosure.
π€