GitOps Fundamentals

Orchestr8 is built on GitOps principles, a modern approach to continuous deployment and infrastructure management that uses Git as the single source of truth.

What is GitOps?

GitOps is a software development and deployment methodology that uses Git repositories as the central hub for both application code and infrastructure configuration. The core principle is declarative configuration stored in version control.

Key Principles

1. Declarative Configuration

   • Infrastructure and applications described as code
   • Desired state defined in Git repositories
   • Self-healing systems that reconcile actual vs desired state

2. Git as Single Source of Truth

   • All changes go through Git workflows (pull requests, reviews)
   • Audit trail and rollback capabilities built-in
   • Immutable deployment history

3. Automated Reconciliation

   • Continuous monitoring of actual vs desired state
   • Automatic drift correction and healing
   • Event-driven deployments triggered by Git commits

4. Observability and Monitoring

   • Real-time visibility into deployment status
   • Metrics and alerting for system health
   • Comprehensive logging and tracing

GitOps vs Traditional CI/CD

Aspect	Traditional CI/CD	GitOps
Deployment Model	Push-based (CI pushes to production)	Pull-based (agents pull from Git)
Security	CI system needs production access	No external access to production
Rollbacks	Complex, often manual	Simple Git revert operations
Audit Trail	CI logs, often incomplete	Complete Git history
Multi-Environment	Complex pipeline configurations	Declarative environment configs

GitOps Workflow in Orchestr8

1. Configuration Repository

• Platform Configuration: Core infrastructure components (ArgoCD, Istio, Keycloak)
• Application Manifests: Kubernetes resources for your applications
• Environment Configs: Environment-specific values and overrides

2. GitOps Controller (ArgoCD)

• Continuously monitors Git repositories for changes
• Compares desired state (Git) with actual state (Kubernetes)
• Automatically synchronizes differences
• Provides visual dashboards and alerts

3. Kubernetes Target

• Receives declarative configurations from ArgoCD
• Manages application lifecycle and scaling
• Enforces security policies and network isolation
• Reports status back to GitOps controllers

Benefits of GitOps with Orchestr8

🔒 Enhanced Security

• Zero Trust Architecture: No external access to production clusters
• Policy as Code: Security rules defined and versioned in Git
• Immutable Infrastructure: Infrastructure changes only through Git

🚀 Faster Delivery

• Automated Deployments: No manual intervention required
• Parallel Environments: Consistent deployment across all stages
• Instant Rollbacks: Simple Git operations for quick recovery

👥 Better Collaboration

• Code Review Process: All changes go through peer review
• Shared Responsibility: Infrastructure and application teams aligned
• Knowledge Sharing: Configuration visible and documented in Git

📊 Operational Excellence

• Drift Detection: Automatic identification of configuration drift
• Compliance: Built-in audit trail and change tracking
• Disaster Recovery: Complete system state stored in Git

GitOps Patterns in Orchestr8

App of Apps Pattern

Orchestr8 uses the "App of Apps" pattern where a root ArgoCD application manages multiple child applications:

# argocd-apps/app-of-apps.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-of-apps
spec:
  source:
    repoURL: https://github.com/your-org/orchestr8-config
    path: argocd-apps
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd

Environment Promotion

Changes flow through environments automatically:

Development → Staging → Production
     ↓           ↓          ↓
   dev-values  stage-values prod-values

Module-Based Architecture

Each application module is managed as a separate ArgoCD application:

# modules/my-service/argocd-app.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-service
spec:
  source:
    repoURL: https://github.com/your-org/my-service
    targetRevision: main
  destination:
    namespace: my-service

Getting Started with GitOps

1. Initialize Repository Structure

   o8 init --provider aws --environment dev

2. Configure GitOps Controller

   o8 setup --gitops --repository https://github.com/your-org/config

3. Deploy First Application

   o8 module deploy ./modules/my-service --environment dev

4. Monitor and Manage

   • Access ArgoCD dashboard for visual monitoring
   • Use o8 status for command-line insights
   • Review Git commits for change history

Best Practices

Repository Structure

orchestr8-config/
├── argocd-apps/          # ArgoCD Application definitions
├── platform/             # Core platform configuration
├── modules/               # Application modules
├── environments/          # Environment-specific values
└── policies/             # Security and governance policies

Commit Messages

Use conventional commits for better tracking:

feat(auth): add OIDC integration with Keycloak
fix(monitoring): resolve Prometheus scraping issues
docs(readme): update installation instructions

Branch Strategy

• main: Production-ready configurations
• staging: Pre-production testing
• feature/*: Development branches for new features

Security Considerations

• Encrypted Secrets: Use SealedSecrets or External Secrets Operator
• RBAC Policies: Define fine-grained access controls
• Network Policies: Isolate workloads at the network level
• Pod Security: Enforce security standards for containers

Next Steps

• Learn about Module Architecture for organizing applications
• Explore Security Model for enterprise compliance
• Understand Multi-Environment deployment strategies
• Review Monitoring & Observability best practices