GitOps Goes the World

Music: Gossip - Pop Goes the World (2009)

This week we take a look at GitOps and Policy-as-Code (PaC).

Getting Informed

Fudge Sunday readers might recall the pipeline topic and the shifting left stories previously covered.

Clearly there are many Cloud Native Computing Foundation (CNCF) projects. Projects are often the result of seeking answers to questions. But there are still questions to be answered…

  • What if everything in the software lifecycle from developer to operations drew from one true source?
  • What if everything in software versioning currency extended automation from the source to the service?

Such questions provoked neologisms from version control systems favored by software developers (Git) and IT practitioners presiding over services that express a particular version of software produced by developers (Ops). Or, for short, you could argue the answer to these (and other) questions is increasingly referred to as _GitOps_.

  • What if there was a way to ensure security in our software supply chain?
  • What if there was a way to anticipate multiple tenants, multiple feature flags, and compliance?
  • What if there was a way to draw from Infrastructure as Code (IaC) concepts and apply those to policies associated with use of IaC?

Such questions were provoked companies bringing software into existence using IaC — continuously delivered — securely. Or, for short, you could argue the need for easily maintained and applied policies in the form of code aka _Policy-as-Code_ (PaC).

Find yourself in a situation 🎶

OpenGitOps is a sandbox project at CNCF as of early 2021. So, if you’ve ever heard GitOps and wondered what the best definition is, OpenGitOps is defining GitOps in a way that is vendor-neutral.

Until OpenGitOps has _the_ definition, there are some history blog posts in the wild written and some by, well, vendors. And, The History of GitOps from Weaveworks is a great place to start:

The History of GitOps

Page preview image

The history of GitOps closely follows that of the container and Kubernetes revolution of the past few years. In this post, we look at all the key milestones in the journey of GitOps as it went from a fledgling idea to the global technology movement it has become today.

And now, on to the next CNCF project…

Make noise from our frustration 🎶

Kyverno is an incubating project accepted to the CNCF in late 2020 with the goal of providing a policy engine for Kubernetes (k8s) governance at scale. And speaking of policies, there are already 283 policies available to the community as of May 2023.

For a deeper dive:

Also, keep in mind, CNCF End User Technology Radar for DevSecOps is almost two years old. Time flies!

So, what will be the next big thing in GitOps and PaC?

Until then… Place your bets!


Work Plug

As a reminder, after a +25 year walkabout, I’m an IBMer (again). For 2023, in “Work Plug”, I share a new link each week that is educational, accessible, and relevant to platform engineering from fellow IBMers[1] in the wider IBM Community.

Stay tuned!


I am linking to my disclosure.

  1. Shout out to to Dan Kehn (again) and Brad Topol (again) ↩︎

✍️ 🤓 Edit on Github 🐙 ✍️