Google gets serious about Gitops

Google has made its most significant commitment yet to the emerging practice of Gitops, by building out a set of open source tools aimed at helping organizations consistently configure and manage their containerized applications at scale.

As the container orchestrator Kubernetes—which emerged from Google in 2014—continues to become a core layer for cloud-native organizations, being able to manage fleets of containers and reconcile the desired state with the actual state has become a specialist task that typically requires deep domain knowledge. This includes the ability to write Helm charts and code in the much-maligned YAML language.

“Companies of all sizes are leveraging Kubernetes to modernize how they build, deploy, and operate applications on their infrastructure. As these companies expand the numbers of development and production clusters they use, creating and enforcing consistent configurations and security policies across a growing environment becomes difficult,” Google distinguished engineer and one of the original architects of Kubernetes, Brian Grant, wrote in a technical blog post last week.

Gitops: Devops starts with Git

Gitops has emerged as an extension of existing devops principles to tackle some of these challenges. By primarily treating infrastructure as code, both an application and its underlying infrastructure can be stored in a version control system, most likely Git, which then becomes a single source of truth for both dev and ops teams.

A software agent—most commonly the open source Argo or Flux continuous delivery tools—then ensures that the actual state of an application matches the desired state as declared in the configuration files. Now, on top of that, vendors like Weaveworks and Codefresh are looking to build hosted Gitops platforms to ease enterprise adoption.

“If you squint, Gitops is similar to Puppet,” Grant told InfoWorld in an interview. “It is a declarative approach, complete with a software agent that keeps things in sync.”

However, the nascent practice still requires some significant heavy lifting from operations specialists to write and maintain these Kubernetes configuration files and ensure that the processes are in place to give their developers what they need, without sacrificing security and consistency.

How Google is working to simplify Gitops

Grant says that he has been supportive of Gitops since its earliest days, and Google certainly sees Kubernetes and Gitops as going together like peanut butter and chocolate. The problem to date has been that too many enterprises struggle to consistently configure and manage various Kubernetes configurations at scale.

Specifically, Google Cloud is working on several tools that should help simplify the management of Kubernetes environments using Gitops principles, by making various configuration tasks more compatible with developer-friendly tools, such as graphical user interfaces (GUIs) and command-line interfaces (CLIs).

“We’ve heard from users that changes that take only seconds to make in a GUI can take days to make through configuration tools,” Grant wrote. “To really make Gitops usable, we need to address the inherent dichotomy between preferred client surfaces and configuration tools.”

At the heart of these efforts is kpt, a previously open sourced “package-centric toolchain for helping platform teams manage their infrastructure.”

Grant says that Google is now extending that toolchain to work with the package orchestrator Porch so that developers can author and automate “what you see is what you get” (WYSIWYG) configurations, including package creation, editing, transformation, and upgrade tasks.

Google has also built an open source plugin for Backstage, a popular open source platform which emerged out of Spotify to help platform teams build self-service internal developer portals. “That provides a WYSIWYG GUI experience. It builds on the package orchestrator to allow platform and application teams to easily author and edit configuration, while enforcing guardrails,” Grant wrote. “You don’t need to write YAML, patches, or templates, or even branch, commit, tag, push, and merge changes.”

While using a GUI to execute Gitops practices isn’t new, “prevailing approaches require creating abstractions, often thin ones, that need to be custom built on top of the Kubernetes resource model,” Grant wrote. “This creates a situation where platform teams need to do a lot of additional work to create a management experience on top of Kubernetes.” Now, with these efforts, Google hopes that it can “enable a GUI that complements the existing ecosystem, rather than requiring thin abstractions that just get in the way.”

While these initial steps may only support provisioning and managing namespaces and their adjacent Kubernetes policy resources, Google plans to continue working on enabling more and more cluster administration tasks in the future.

Cluster operators and platform administrators can also start to use kpt in a similar way to something like kustomize for simplified configuration management, in that it enables the selection of functions to transform resources and create variants. These functions can then be used as the basis for a configuration catalog, so that similar instances can be spun up more quickly in the future.

“Composable functions enable a low-code experience for platform builders and a no-code experience for platform users,” Grant wrote.

Google has also recently open sourced its own Gitops reference implementation, called Config Sync, and included it as part of kpt.

Finally, Grant highlighted the Linux Foundation’s cloud-native network automation project Nephio, which he says is “building on kpt, Porch, and Config Sync to automate the configuration of interconnected network functions and the underlying infrastructure that supports those functions.”

What’s next for Gitops?

Google wants kpt to become an open standard that can help simplify the broader adoption of Gitops, with Grant writing that the cloud vendor is “looking to engage with the community to advance this technology forward.”

“We are very excited to see Google invest in Gitops and join the community,” Weaveworks founder Alexis Richardson, who coined the term Gitops, told InfoWorld over email. “Customers are asking for developer tools to roll out new services without knowing about the details of Kubernetes. The new Google system does exactly that, and works out of the box with all our tools. Best of all, anyone can use and build on it to ship enterprise-grade solutions.”

RedMonk analyst James Governor sees this announcement as further evidence that Gitops is continuing to establish itself across the industry. “Google Cloud putting its weight squarely behind Gitops is another strong marker in the workflow approach’s favor,” he told InfoWorld.