Cristian Prevedello works as chief architect at Previnet, defining new applications architecture and working on their private cloud infrastructure.
GitOps Reloaded: Orchestrated Infrastructure Change Management in Mixed Enterprise Environments
GitOps got popular in the past few years, as kubernetes became the de facto standard for containers orchestration. Applying gitops to kubernetes is rather “easy”, since all resources are managed by kubernetes through yaml files. However, in enterprise environments adopting gitops is more problematic, since we usually have a melting pot of IT systems: cloud services, on premise cloud native services, on premise legacy services and systems etc. etc.
A new enterprise application release impacts more than one system, and traditionally the release processes required operations to manually configure and patch each system, and the orchestration of such changes was lengthy and error prone. In Previnet we built our own on premise private cloud infrastructure, and wrapped on premises non cloud native resources (like old balancer, firewall, legacy databases, kafka, etc. etc), so they can be managed in an automated, repeatable, zero manual intervention way. Finally, adopting security by design principles, fine grained security permission and quality and approval gates are be in place.
The platform involves an heavy use of jenkins and several custom scripted pipelines to orchestrate and react to infrastructure management events: requests coming from dev teams committed to git and events coming from systems. Dedicated pipelines are employed to discover the work to be done, which is then organized and put on the to-be-done queue. Worker pipelines will pickup work items, and will offload the work to idempotent ansible playbooks to perform the heavy work on individual systems.