Skip to main content
HashnodeSRE Tribe

Command Palette

Search for a command to run...

Collection of patterns, examples and resources for GitOps process design, GitOps repository structures, etc

Updated
9 min read
F
Fizzy

cloudogu/gitops-patterns

Intro

This repo collects some patterns (AKA strategies, models, approaches, best practices, etc.) about GitOps process design (AKA GitOps repository structures, etc.) as well as links to talks, articles and example repos.

It originated in schnatterer's talk about the "perfect" GitOps process, our experience in consulting, and our GitOps trainings for both Flux and ArgoCD.

You can read more about the patterns in this series of articles.

Discuss it on myCloudogu

PRs welcome!

Contents

Articles

Part 1️⃣: GitOps Chasm + categories

Part 2️⃣: Deployment patterns

Part 3️⃣: Repo patterns

Part 4️⃣: Promotion patterns

Part 5️⃣: Wiring patterns + conclusion

Part 6️⃣: Example Repositories

Pattern categories

Let's group GitOps patterns into separate categories to make them easier to grasp.
See also part 1️⃣ of the article series.

  • Operator deployment: GitOps operators ↔ Clusters/Namespaces

  • Repository: How many repos?

  • Promotion:

    • Environments: How to model environments/stages?

    • Implementation: How to implement the actual process of promotion?

  • Wiring: Bootstrapping operator, linking repos and folders

GitOps Patterns

Operator deployment

See also part 2️⃣ of the article series.

  • Hub and Spoke 12 1 Operator : n Clusters
    Synonyms: Management Cluster 3 - sounds familiar, e.g. from Cluster API, but it requires a cluster. In SaaS/PaaS constellations, the central instance may not even be operated in a cluster. Therefore, the term "Hub and Spoke" seems more fitting to us, especially since it is also well known from computer networks or logistics.

    Hube and spoke

  • Instance Per Cluster 3 : 1 Operator : 1 Cluster
    Synonyms: Standalone 1 - could apply to both "Instance per Cluster" and "Instance per Namespace"; does not define the relationship to clusters and namespaces precisely enough, as not every operator supports both deployment patterns.

    Instance Per Cluster

  • Instance per Namespace: n Operators : 1 Cluster
    Synonyms: Namespaced 4

    Instance per Namespace

More Patterns:

  • Split-Instance1: 1 Operator : n Clusters; components split between management and target clusters

  • Hybrids of Hub and Spoke and Instance per Cluster patterns: "Instance per Logical Group" and "Argo Managing more Argos".3

Repository structure

See also part 3️⃣ of the article series.

  • Monorepo 25
    Opposite: polyrepo 2

  • Repo per Team 5
    More generalized: Team ➡️ Tenant5

  • Repo per Application 25
    Implementations:

    • Repo separation 6
      Keep code in app repo, config in config repo

    • Config replication 4
      Keep config in app repo and have CI server replicate it to the config repo

    • Repo pointer 745
      Keep the whole config in app repo and add a pointer from config repo (e.g. Argo CD Application or a Flux GitRepository+Kustomization), avoiding redundancy

    • Config Split 8
      Keep parts of the config in app repo (e.g. helm chart or kustomize base), and rest in config repo (e.g. value.yamls or overlays for different envs).
      Then have the config repo point to the app repo (e.g. via ArgoCD Application or Flux Kustomization).

Alternative implementations: have CI server push chart to helm registry

Or use push helm chart to OCI registry

Or use any config management tool (e.g. helm template, kustomize build, kubectl kustomize, jsonnet, cuelang, timoni, etc. ) on the CI server for pushing the final manifests as OCI artifacts9 to the registry (Rendered Manifests Pattern10).
Then have the config repo point to the OCI artifact (e.g. via Flux Kustomization).
This way, the OCI registry functions as a "GitOps Cache"11:
The operator only needs to pull the artifacts instead of rendering/overlaying the config from different sources.

  • Repo per environment 5
    Synonym: Environment per repository12, Repo per Stage

Promotion

See also part 4️⃣ of the article series.

We understand the term "promotion" as the process of deploying applications to different environments.
Sometimes, the term "promotion" is prefixed with other words: Release/Application/Environment/Workload/Change.

For promotion, we see different sets of patterns:

  • one regarding the modelling of environments and

  • one regarding the implementation of the actual process of promotion.

Environments

  • Folder/Directory per environment
    Synonym: Environment per folder 12

  • Repo per environment 5
    Synonym: Environment per repo 12

  • Branch per environment
    Synonym: Environment per branch 12
    Often discouraged 7 or declared an anti-pattern1314, but can work 15.

  • Preview environments 16 17 18
    Synonyms: ephemeral, dynamic, pull request19, test, temporary16
    Beyond the GitOps world also known as "Preview Deployments"20 and "Deploy Previews"21

Implementation

  • Configuration Management

    • Synonyms:

      • General: Templating, Patching, Overlay, Rendering, Hydrating

      • templates = dry; rendered = hydrated 22

    • Where to render the manifests?

      • On the CI Server (Rendered Manifests Pattern10)
        This pattern also fits nicely with Flux's OCI artifacts feature (see Config split).

      • On the GitOps Operator (GitOps Operator Rendering or GitOps Controller Rendering23)

    • Tools:

      • Kustomize

        • Plainkustomization.yaml - operator-agnostic (GitOps Operator Rendering on Argo CD and Flux)

        • ≠ Flux CRD Kustomization (GitOps Operator Rendering)

        • kustomize build / kubectl kustomize via CI server (Rendered Manifests)

      • Helm

        • CRD such as HelmRelease (GitOps Operator Rendering on Flux) or Application (GitOps Operator Rendering on ArgoCD)

        • Umbrella Chart24 (common on Argo CD, possible but unusual on Flux)

        • helm template on CI server (Rendered Manifests)

      • Others, e.g. Jsonnet, CueLang, Timoni

        • Rendered Manifests Pattern

        • Argo CD Config Management Plugins25 (built-in for JSonnet)

  • Global Environments vs Environment per App4

    Global Envs

    Env per app

  • Config update
    Who updates image (version) in GitOps repo, creates branch and PR?

    • Manual: Human pushes branch and create PR 🥵

    • CI Server: Build job pushes branch, creates PR

    • Image Updater: Operator pushes branch, create PR manually

    • Dependency Bot: Bot pushes branch, creates PR

Wiring

See also part 5️⃣ of the article series.

  • Bootstrapping , e.g. using kubectl or operator-specific CLI such as flux or argocd-autopilot

  • Linking e.g. using Operator-specific CRDs such as Kustomization (Flux) or Application (ArgoCD)

    • Nesting, e.g. App of Apps pattern 26 (ArgoCD)

    • Templating, e.g. implemented using ApplicationSets

Public GitOps Repo Examples

See also 4.

See also part 6️⃣ of the article series.

The diagrams have been created with tree2svg.

GitOps Playground

cloudogu/gitops-playground

  • Repo pattern: Per team mixed with per app (implemented via Config Replication)

  • Operator pattern: Instance per Cluster (Hub and Spoke also possible)

  • Operator: ArgoCD (Flux)

  • Boostrapping: Helm, kubectl

  • Linking: ArgoCD Application

  • Features:

    • Env per app Pattern

    • Operate ArgoCD with GitOps

    • Config Update via CI server

    • Mixed repo patterns

    • ArgoCD and Flux examples

ArgoCD autopilot

argoproj-labs/argocd-autopilot

  • Repo pattern: Monorepo

  • Operator pattern: Instance per Cluster / Hub and Spoke

  • Operator: ArgoCD

  • Boostrapping: argocd-autopilot

  • Linking: kustomization.yaml, ArgoCD Application, ApplicationSet

  • Features:

    • Operate ArgoCD with GitOps

    • In the future: a lot more automation and YAML creation

Flux Monorepo

fluxcd/flux2-kustomize-helm-example

  • Repo pattern: Monorepo

  • Operator pattern: Instance per Cluster

  • Operator: Flux

  • Boostrapping: flux CLI

  • Linking: kustomization.yaml, Flux Kustomization

  • Features: cross-cutting infra

Flux repo per team/tenant

fluxcd/flux2-multi-tenancy

  • Repo pattern: Repo per team/tenant

  • Operator pattern: Instance per Cluster

  • Operator: Flux

  • Boostrapping: flux CLI

  • Linking: kustomization.yaml, Flux Kustomization

  • Features: cross-cutting infra

📕 Path to GitOps examples

christianh814/example-kubernetes-go-repo

christianh814/example-kubernetes-goflux-repo

christianh814/example-openshift-go-repo

  • Repo pattern: Monorepo

  • Operator pattern: Instance per Cluster

  • Operator: [ArgoCD] [flux]

  • Boostrapping: kubectl

  • Linking: kustomization.yaml,

    • ArgoCD Application, ApplicationSet /

    • Flux Kustomization

  • Features:

    • Cross-cutting infra and app(s)

    • ArgoCD and Flux examples

Environment variations

kostis-codefresh/gitops-environment-promotion

  • Operator: ArgoCD (Flux)

  • Features:

    • Env variants for a single app

    • Promotion "via cp"

Others

Here are some other examples that we haven't had a chance to look at in more detail:

Synonyms

  • Patterns ≈ strategies, models, approaches, best practices, standards

  • GitOps process design ≈ GitOps repository structures,

  • GitOps Operator ≈ GitOps controller ≈ GitOps agent

  • Config Repo = GitOps repo, Infra repo, Payload repo

    Config repo example

  • App repo = Source code repo, Source repo

    App repo example

  • Environment = Stage

  • Folder = Directory

  • Templating ≈ Patching, Overlay, Rendering, Bundling, Packaging?

References

Footnotes

  1. Article A Comprehensive Overview of Argo CD Architectures – 2023 by Dan Garfield 2 3

  2. Article/Book How to set up your GitOps directory structure by Christian Hernandez 2 3 4

  3. Talk Control Plane, Service, or Both? – Argo CD Multi-Cluster Architectures - Nicholas Morey, Akuity, Article How many do you need? - Argo CD Architectures Explained by Nicholas Morey 2 3

  4. Slides The perfect GitOps process: repos, folders, stages, patterns by Johannes Schnatterer 2 3 4 5

  5. Documentation Flux | Ways of structuring your repositories 2 3 4 5 6 7

  6. Documentation Argo CD: Best Practices

  7. Talk GitOps: Core Concepts & Ways of Structuring Your Repos by Pinky Ravi and Scott Rigby 2

  8. Discussion on LinkedIn Benjamin Ruland and Johannes Schnatterer

  9. Documentation Flux | OCI cheatsheet

  10. Talk: GitOpsCon EU 23: The Art of GitOps: Rendered Manifests by Christian Hernandez 2

  11. Talk: Mastering GitOps 2023: Keynote: GitOps Emerging Developments and Predictions by Alexis Richardson

  12. Lesson GitOps at Scale Lesson series - Git repository strategies by Codefresh (paywalled) 2 3 4

  13. Article Stop Using Branches for Deploying to Different GitOps Environments by Kostis Kapelonis

  14. Article Git best practices: Workflows for GitOps deployments by Christian Hernandez

  15. Article Monitoring and Hardening the GitOps Delivery Pipeline with Flux by Florian Heubeck

  16. Article Creating Temporary Preview Environments Based On Pull Requests With Argo CD And Codefresh by Codefresh 2

  17. Talk GitOps Con Europe - Implementing Preview Environments with GitOps in Kubernetes by François Le Pape, Remazing

  18. Talk Preview Environments with ArgoCD by Brandon Phillips

  19. Video Environments Based On Pull Requests (PRs): Using Argo CD To Apply GitOps Principles On Previews by Viktor Farcic

  20. Documentation Vercel: Preview Deployments

  21. Documentation Netlify: Deploy Previews

  22. Discussion on GitHub Michael Crenshaw

  23. Discussion on LinkedIn Christian Hernandez, Scott Rigby and Johannes Schnatterer

  24. Documentation Helm | Chart Development Tips and Tricks

  25. Documentation Argo CD | Config Management Plugins

  26. Documentation ArgoCD: Cluster Bootstrapping - App Of Apps Pattern

More from this blog

SRE Tribe

413 posts