GitOps Goes the World

by Jay Cuthrell
Share and discuss on LinkedIn or HN

Music: Gossip - Pop Goes the World (2009)

This week we take a look at GitOps and Policy-as-Code (PaC).

Getting Informed

Fudge Sunday readers might recall the pipeline topic and the shifting left stories previously covered.

Clearly there are many Cloud Native Computing Foundation (CNCF) projects. Projects are often the result of seeking answers to questions. But there are still questions to be answered…

  • What if everything in the software lifecycle from developer to operations drew from one true source?
  • What if everything in software versioning currency extended automation from the source to the service?

Such questions provoked neologisms from version control systems favored by software developers (Git) and IT practitioners presiding over services that express a particular version of software produced by developers (Ops). Or, for short, you could argue the answer to these (and other) questions is increasingly referred to as _GitOps_.

  • What if there was a way to ensure security in our software supply chain?
  • What if there was a way to anticipate multiple tenants, multiple feature flags, and compliance?
  • What if there was a way to draw from Infrastructure as Code (IaC) concepts and apply those to policies associated with use of IaC?

Such questions were provoked companies bringing software into existence using IaC β€” continuously delivered β€” securely. Or, for short, you could argue the need for easily maintained and applied policies in the form of code aka _Policy-as-Code_ (PaC).

Find yourself in a situation 🎢

OpenGitOps is a sandbox project at CNCF as of early 2021. So, if you’ve ever heard GitOps and wondered what the best definition is, OpenGitOps is defining GitOps in a way that is vendor-neutral.

Until OpenGitOps has _the_ definition, there are some history blog posts in the wild written and some by, well, vendors. And, The History of GitOps from Weaveworks is a great place to start:

And now, on to the next CNCF project…

Make noise from our frustration 🎢

Kyverno is an incubating project accepted to the CNCF in late 2020 with the goal of providing a policy engine for Kubernetes (k8s) governance at scale. And speaking of policies, there are already 283 policies available to the community as of May 2023.

For a deeper dive:

Also, keep in mind, CNCF End User Technology Radar for DevSecOps is almost two years old. Time flies!

So, what will be the next big thing in GitOps and PaC?

Until then… Place your bets!



I am linking to my disclosure.



✍️ πŸ€“ Edit on Github πŸ™ ✍️

Share and discuss on LinkedIn or HN
  • Get Fudge Sunday each week