GitOps implementation

GitOps: Straight from the book “is to maintain a single source of truth i.e. your git repository. If you want to deploy a new application or update an existing one, you only need to update the repository — the automated process handles everything else. It’s like having cruise control for managing your applications in production.”

Tech stack used to implement GitOps: AWS EKS, ECR, Github, Jenkins for CICD, Helm and ArgoCD

GitOps Flow:

1. Developer pushes code to the application GitHub repo, after following proper PR process to test the quality of PR.
2. Jenkins pipeline is triggered on poll SCM, and goes thru the Continous integration stages viz git checkout, SAST, and then we build and tag the image.
3. Tagged image is pushed to AWS ECR, where we run image vulnerability scan, based on the scan results Jenkins pipeline proceeds ahead or exits
4. Post image scan stage, we take the checkout of the confgi GitHub repo, and we update the image tag in Helm values file and push the updated file back to GitHub repo.
5. There is one more way of updating Helm charts, if there is a requirement to update any other K8s manifest like configmap/deployments etc, the update is done by the Ops team and the changes are pushed to config Github repo post PR process.
6. ArgoCD is kubernetes native tool and is present inside our EKS cluster in its own namespace, and it has the capability to deploy to other namespaces, it works on the pull based mechanism and it is integrated with config Github repo.
7. We use argocd to create all our applications, and to on board any new application, we make changes to argocd helm chart.
8. Whenever there is an update on the config Github repo, argocd detects it and syncs/creates applications on AWS EKS cluster.
9. Post application create/update/delete process, argocd notification notifies the stakeholders over slack channel

Thank you!!