Untangled GitOps

140_gitops/definition.md

@@ -0,0 +1,84 @@
+## What is GitOps
+
+Continuous Deployment for Cloud Native Applications
+
+Developer centric experience when operating infrastructure
+
+Version control as single source of truth
+
+Declarative infrastructure as desired state
+
+Automation is key
+
+Ops can learn from devs
+
+Invented by WeaveWorks in 2017
+
+--
+
+## GitOps != DevOps
+
+### DevOps is cultural change
+
+Shared responsibility
+
+Tools can support but are not essential
+
+### GitOps is a methodology
+
+Technical implementation
+
+--
+
+## How to do GitOps?
+
+Version control
+
+Declarative infrastructure
+
+Automation to *make it so*
+
+Minimize glue code
+
+You decide
+- Repository layout (monorepo or multirepo)
+- Development mode (trunk-based or gitflow)
+- Stages (one or more)
+
+--
+
+## How to do GitOps?
+
+When this becomes religion...
+
+### Push deployment
+
+All-knowing CI/CD pipeline
+
+Extensive permissions required
+
+WeaveWorks calls this *CIOps*
+
+### Pull deployment
+
+Preached by WeaveWorks
+
+Smaller attack surface due to few permissions
+
+--
+
+## Do not be religious
+
+### Doing CIOps is just fine
+
+Select well-established CI/CD tool
+
+Do pipeline-as-code
+
+Do fully automated deployments
+
+Redeploy regularly
+
+Calling it GitOps is also fine ;-)
+
+### *Official GitOps* may be an evolutionary step

140_gitops/flux/slides.template.md

@@ -1,6 +1,18 @@
 ## flux
 
-XXX
+GitOps for Kubernetes
+
+Cluster state is stored in git repository
+
+Changes are deployed automatically every 5m
+
+Automated image updates
+
+CLI `fluxctl`
+
+--
+
+## Demo: flux
 
 <!-- include: flux-0.command -->
 

140_gitops/projects.md

@@ -0,0 +1,31 @@
+## Noteworthy projects
+
+Most certainly not exhaustive ;-)
+
+### [flux](https://fluxcd.io/)
+
+The GitOps reference project
+
+Created by [WeaveWorks](https://www.weave.works/), CNCF [sandbox project](https://www.cncf.io/sandbox-projects/)
+
+### [tekton](https://tekton.dev/)
+
+Kubernetes native CI/CD
+
+Part of the [cd.foundation](https://cd.foundation/)
+
+Jenkins X builds on top
+
+--
+
+## Demo: flux
+
+GitOps for Kubernetes
+
+Cluster state is stored in git repository
+
+Changes are deployed automatically every 5m
+
+Automated image updates
+
+CLI `fluxctl`

140_gitops/quote_keysey_hightower.md

@@ -0,0 +1,6 @@
+<!-- .slide: class="center" -->
+
+*GitOps: versioned CI/CD on top of declarative infrastructure. Stop scripting and start shipping.*
+
+[Kelsey Hightower, Developer Advocate @ Google](https://twitter.com/kelseyhightower/status/953638870888849408)
+<!-- .element: style="text-align: right;" -->

140_gitops/security.md

@@ -0,0 +1,49 @@
+## Secrets
+
+### Push deployment
+
+Permissions in target environment required
+
+Secrets are injected by pipeline
+
+### Pull deployment
+
+Deployments performed from inside the target environment
+
+Secrets using [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) or pulled from Vault
+
+--
+
+## Privileges
+
+### Least privileges
+
+Deny by default and add permissions
+
+Use deploy keys but harder for auditing
+
+Do not compromise
+
+### Separation of concerns
+
+Dedicated account per use case
+
+Evaluate permissions per account
+
+--
+
+## Security in dev and ops
+
+Make human interaction more secure
+
+### Local development
+
+Always add `.env` to your `.gitignore`
+
+Place required environment variables in `.env`
+
+### Troubleshooting
+
+Default to read access to live environment
+
+Limit interactive access to target system

140_gitops/summary.md

@@ -0,0 +1,31 @@
+## Summary
+
+WeaveWorks invented GitOps in 2017
+
+GitOps is...
+
+...automated ops
+
+...from version control
+
+...using declarative infrastructure
+
+(...using pull deployments)
+
+WeaveWorks `flux` implements GitOps
+
+CIOps is also fine ;-)
+
+--
+
+## Further reading
+
+[gitops.tech](https://www.gitops.tech/)
+
+[Weave Works blog](https://www.weave.works/blog/category/gitops/)
+
+[Guide to GitOps](https://www.weave.works/technologies/gitops/)
+
+[CIOps as an anti-pattern](https://www.weave.works/blog/kubernetes-anti-patterns-let-s-do-gitops-not-ciops)
+
+[Awesome GitOps](https://github.com/weaveworks/awesome-gitops)

140_gitops/tekton/slides.template.md

@@ -0,0 +1,58 @@
+## tekton
+
+Pipelines executed natively inside Kubernetes
+
+Pipelines are expressed as YAML documents
+
+Example `Task`:
+
+```yaml
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+    name: echo-hello-world
+spec:
+    steps:
+    - name: echo
+    image: ubuntu
+    command:
+    - echo
+    args:
+    - "Hello World"
+```
+
+--
+
+## tekton
+
+Example `TaskRun`:
+
+```yaml
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+    name: echo-hello-world-task-run
+spec:
+    taskRef:
+    name: echo-hello-world
+```
+
+--
+
+## Demo: TaskRun
+
+<!-- include: taskrun-0.command -->
+
+<!-- include: taskrun-1.command -->
+
+<!-- include: taskrun-2.command -->
+
+--
+
+## Demo: PipelineRun
+
+<!-- include: pipelinerun-0.command -->
+
+<!-- include: pipelinerun-1.command -->
+
+<!-- include: pipelinerun-2.command -->