Introduction 🎬

Infrastructure as Code (IaC) is writing out our infrastructure in declaritive code. Two popular examples are AWS Cloudformation and HashiCorp Terraform. Cloudformation declares infra using either yaml or json files against the AWS api. Terraform uses HashiCorp Configuration Language (HCL) and is cloud agnostic and can be run against AWS, GCP, Azure and others by using providers.

If you are writing IaC stored in files it follows naturally to store and version those files with git. So, now we have some nice methods of writing and provisioning infrastructure that can be used whenever and wherever we need it. Nice 🦉! However, I call this IaM Infrastructure as Meh 🫤 because it is just the beginning.

With GitOps we can bring IaC even further and accelerate our infrasructure management, deployments, and security.

Bringing IaC to the Next Level 🔼

IaC gets us to a good place in terms of versioning and repeatabilty. But it doesn't help us with lifecyle management of our infrastructure. We can't see what is happening in real time, we can't easily roll back changes, and we can't easily see who made changes. If we update the infrastructure outside the code there is no enforcement mechanism to assure the changes get ported back to the IaC and vice versa. This is called configuration drift and can lead to, at best, confusing states and, at worst, insecure or broken states. This is where GitOps comes into the picture.

GitOps 🏗️

GitOps is a way of managing infrastructure that uses git as the source of truth. This means that all changes to the infrastructure are made through git. This coupled with a continuous integration pipeline such as GitHub Actions ensures that changes made to the IaC are respected in our infrastructure environments. This is a powerful way to manage infrastructure and can be used to manage the entire lifecycle of the infrastructure.

Adhering to a GitOps workflow allows for automation of all IaC and takes the human error out of the equation. It also allows for a more collaborative approach to infrastructure management. Couple this with PR reviews, automated linting, testing, and deployment and we have a robust system for managing our IaC and infrastructure together as one. In other words the IaC reflects the infrastructure and the infrastructure reflects the IaC. Very much not meh 🦉! 🚀

GitOps:

• takes the human error out of the equation
• allows for faster and more reliable deployments (and rollbacks)
• allows for more collaboration

Conclusion 🏁

Getting started with Iac + GitOps can be a signifcant time investment. However, the benefits of having a robust and reliable infrastructure management system are well worth it. GitOps is a powerful way to manage infrastructure and can be used to manage the entire lifecycle of the infrastructure. It is a way to bring IaC to the next level and is a must have for any serious infrastructure management team. The returns will be in security, repeatability, and reliability, not to mention cost tracking and savings.