Skip to content

Gitops

← Back to all decks

48 cards — 🟢 8 easy | 🟡 16 medium | 🔴 9 hard

🟢 Easy (8)

1. Explain how GitOps aligns with DevOps principles.

Show answer GitOps embodies key DevOps principles like collaboration, automation, and continuous improvement. It aligns with the DevOps culture by enabling version control, automation, and collaboration in software development and deployment.

Remember: GitOps is DevOps + Git as single source of truth. The key innovation: infrastructure changes go through the same PR review process as application code.

Name origin: Coined by Weaveworks in 2017. Alexis Richardson popularized the term.

2. What is GitOps, and how does it differ from traditional CI/CD?

Show answer GitOps is like having a magic book that keeps track of how something should be done, and whenever you want things to be a certain way, you just follow the instructions in the book. Technically speaking, GitOps is a paradigm where the entire system state is versioned in a Git repository. It extends CI/CD by using Git as the source of truth for declarative infrastructure and application code, ensuring all changes are managed through version control and automated pipelines.

3. Explain the key benefits of adopting GitOps.

Show answer GitOps ensures that everyone works from the same page, helping in maintaining consistency and control over software delivery. GitOps offers benefits like declarative configuration, version-controlled infrastructure, improved traceability, auditability, enhanced collaboration, and increased reliability through automated reconciliation.

4. Describe the GitOps workflow.

Show answer GitOps uses Git for managing changes and updates to infrastructure and applications. It works in a way similar to how we manage different versions of documents or files. It sets up automatic mechanisms that ensure changes made in the Git repository are automatically applied to the systems, reducing manual intervention. In GitOps, the workflow involves developers making changes to the declarative configuration in Git, triggering a CI/CD pipeline. The changes are then automatically applied to the target environment through continuous deployment and reconciliation processes.

5. How does GitOps leverage version control for managing deployments?

Show answer By using version control, GitOps ensures that every change made is recorded, enabling a consistent and organized management of updates and deployments.
GitOps uses version control to manage infrastructure and application code. All changes are made through pull requests, reviewed, versioned, and audited, ensuring that the entire system state is captured and trackable.

6. What tools are commonly used in a GitOps workflow?

Show answer Git as the source of truth, along with tools like Kubernetes for orchestration, Helm for package management, Flux or ArgoCD for deployment automation, and other CI/CD tools like Jenkins or GitLab for the pipeline.

7. Explain the role of Kubernetes in a GitOps setup.

Show answer Kubernetes manages and orchestrates the applications and services, ensuring they run smoothly and consistently across different environments. In technical terms Kubernetes serves as the container orchestration platform, providing the infrastructure where applications are deployed and managed. GitOps leverages Kubernetes to ensure the desired state is continuously reconciled with the declared configuration stored in Git.

8. What does 'helm rollback grokdevops 0' do?

Show answer Revision 0 means 'roll back to the previous revision'. Helm restores the values and templates from the last successful release. Combined with --wait, it ensures pods are healthy before returning. This is the fastest recovery from a bad upgrade.

🟡 Medium (16)

1. What are some best practices for versioning in GitOps?

Show answer Best practices include using meaningful commit messages, following branching strategies like Git Flow or Trunk-Based Development, and applying semantic versioning for the infrastructure and application code.

Example: Semantic versioning for infra: v1.2.3 where major=breaking, minor=feature, patch=fix. Tag Helm charts and Terraform modules.

Gotcha: Avoid long-lived branches in GitOps repos — they cause merge conflicts and drift. Trunk-based development is preferred.

2. How does GitOps support monitoring and observability?

Show answer GitOps integrates monitoring tools like Prometheus, Grafana, or other observability tools to monitor the state of the system. It enables proactive alerting and observability, ensuring compliance with the desired state.

3. How does Helm support GitOps for managing Kubernetes applications?

Show answer Helm organizes Kubernetes applications into 'charts,' making it easier to manage, package, and deploy these applications consistently across various environments. As the job of helm is to perform packaging, versioning, and managing Kubernetes applications. In a GitOps setup, Helm charts (declarative representations of Kubernetes resources) are versioned in Git, enabling automated deployments and rollbacks.

4. Describe the process of rollbacks in a GitOps environment.

Show answer Rollbacks in GitOps are performed by reverting changes in the Git repository to a known good state. The CI/CD pipeline detects the changes and automatically rolls back the system state to the last known good state.

5. Explain the role of pull requests in a GitOps workflow.

Show answer Pull requests in GitOps serve as the mechanism for proposing changes to the desired system state. They go through review, ensuring changes are validated, and upon approval, are merged, triggering automated deployments.

6. How does GitOps support automated testing and validation?

Show answer GitOps employs automated testing tools that run in the CI/CD pipeline, ensuring changes made to the system align with the desired state. Testing and validation are part of the continuous integration process.

7. Discuss the automation strategies and tools used in GitOps.

Show answer Automation strategies include CI/CD pipelines, Git hooks, and continuous reconciliation mechanisms. Tools like Jenkins, Flux, ArgoCD, and Ansible aid in automating the deployment and reconciliation processes.

Remember: ArgoCD and FluxCD are the two dominant GitOps controllers. Both are CNCF projects.

Example: ArgoCD for UI-driven teams, FluxCD for CLI/API-driven teams. Jenkins for build, ArgoCD for deploy.

8. Compare Flux and ArgoCD for GitOps deployments.

Show answer Both Flux and ArgoCD are GitOps tools for continuous deployment on Kubernetes. Flux focuses on automated reconciliation of the cluster state with Git, while ArgoCD offers a more user-friendly interface and application management capabilities.

9. How does GitOps ensure security and compliance in software delivery?

Show answer GitOps ensures that any modifications or updates are done through a controlled and traceable process, reducing the risk of unauthorized changes.
With version control, GitOps maintains records of all changes, aiding in audits and compliance checks. GitOps promotes security by ensuring that all changes are traceable, auditable, and consistently applied through automated pipelines. Policies, configurations, and access controls can be enforced within Git, ensuring compliance and minimizing human errors.

10. How does GitOps handle configuration drift or divergence from the desired state?

Show answer GitOps continuously reconciles the actual system state with the declared configuration stored in Git. In case of drift, the automated reconciliation process ensures that the system state is always aligned with the desired state.

11. How does GitOps facilitate collaboration among teams?

Show answer GitOps encourages collaboration by allowing all team members to contribute to the system's state using Git's branching and pull request mechanisms. It ensures transparency, auditability, and traceability in the development and deployment process.

12. Explain the role of observability in GitOps.

Show answer Observability in GitOps involves using tools to collect and analyze metrics, logs, and events to understand the system's behavior. It aids in proactive troubleshooting, optimizing performance, and ensuring the desired system state is maintained.

13. Explain the relationship between GitOps and Infrastructure as Code (IaC).

Show answer GitOps relies on Infrastructure as Code principles to define and manage infrastructure configuration and application deployment. Infrastructure and application configuration are versioned in Git, ensuring automation and reproducibility.

Example: Terraform for infrastructure provisioning, Helm charts for K8s deployment, both stored in Git. GitOps applies the same version-control discipline to ops.

Remember: IaC = declarative infrastructure definitions. GitOps = IaC + automated reconciliation + Git as source of truth.

14. How can monitoring and alerting be integrated into a GitOps workflow?

Show answer Monitoring tools like Prometheus or Grafana can be integrated into the GitOps workflow to capture performance metrics, visualize data, and trigger alerts based on predefined thresholds or anomalies.

Example: Prometheus alerts on sync failures, Grafana dashboards showing deployment frequency and rollback rate. ArgoCD has built-in Prometheus metrics.

Gotcha: Monitor the GitOps controller itself — if ArgoCD goes down, drift goes undetected.

15. Explain progressive delivery and how it's achieved in GitOps.

Show answer Progressive delivery in GitOps involves gradually exposing features to users, allowing gradual testing and rollback capabilities. GitOps enables this through version control and controlled rollouts managed by CI/CD processes.

Example: Flagger (by Weaveworks) automates canary releases in GitOps: deploys canary, monitors metrics, promotes or rolls back automatically.

Remember: Progressive delivery tools: Flagger, Argo Rollouts. Both integrate with Istio/Linkerd for traffic splitting.

16. What is configuration drift in a GitOps context?

Show answer Config drift occurs when the live cluster state diverges from the declared state in Git. Causes: manual kubectl edits, hotfixes applied directly, or controllers modifying resources. ArgoCD detects this as 'OutOfSync'. Fix by either codifying the change in Git or syncing to revert.

🔴 Hard (9)

1. What are the challenges of implementing GitOps, and how can they be addressed?

Show answer Challenges include complex deployment scenarios and handling large-scale infrastructure. Addressing these involves breaking down complex deployments into manageable units, ensuring thorough testing and automating error handling.

Example: Challenge — managing 50 clusters across 3 clouds. Solution: use ApplicationSets (ArgoCD) or Kustomize overlays to template per-cluster config.

Gotcha: Secret management is the hardest GitOps challenge. Never store plaintext secrets in Git.

2. What strategies are employed for disaster recovery in GitOps?

Show answer GitOps employs strategies like repository backup, Git repository mirroring, and disaster recovery drills to ensure the rapid recovery of the desired system state in case of catastrophic events.

Example: Mirror your GitOps repo to a secondary Git provider (GitHub to GitLab). Test DR quarterly by deploying from the mirror.

Remember: GitOps DR = Git repo DR + cluster DR. If the repo is lost, you lose the desired state definition.

3. Discuss the role of GitOps in enabling DevSecOps practices.

Show answer GitOps integrates security practices early in the development cycle, ensuring secure coding, access controls, and audit trails. It supports DevSecOps by automating security processes and incorporating security into CI/CD pipelines.

4. Tell me about canary deployments and blue-green deployments in a GitOps context.

Show answer In GitOps, canary and blue-green deployments are used for rolling out new versions gradually or switching traffic between different versions seamlessly. These deployment strategies are managed through Git, allowing controlled, automated deployments.

5. How does GitOps ensure compliance and auditability in the software delivery process?

Show answer GitOps ensures compliance by maintaining a clear audit trail of all changes made to the system. By tracking changes through version control, it ensures compliance with policies and regulations.

Example: Every kubectl apply in GitOps becomes a git commit with author, timestamp, and PR approval. Auditors can trace any change to a specific commit.

Remember: Git log = audit trail. PR approvals = change control. Branch protection = enforcement.

6. How does GitOps handle potential conflicts in deployments?

Show answer GitOps uses automated pipelines to detect and resolve conflicts. Changes made directly to the system are automatically reverted or reconciled with the desired state in the Git repository.

Example: Engineer runs `kubectl scale deploy/api --replicas=5` directly. Next ArgoCD sync detects drift and reverts to the Git-declared 3 replicas.

Remember: In GitOps, live state always converges to Git state. Manual changes are temporary by design.

7. Discuss the role of GitOps in enforcing security policies and access control.

Show answer GitOps enforces security policies by enabling RBAC (Role-Based Access Control) for managing access to Git repositories and CI/CD pipelines. It ensures that only authorized users can make changes to the system state.

8. Explain GitOps best practices for managing secrets and sensitive information.

Show answer Best practices include storing secrets in a secure, encrypted manner using tools like Vault or Kubernetes secrets, and utilizing secret management solutions that ensure sensitive data is never exposed in the Git repository.

9. How do you reconcile drift without losing a production hotfix?

Show answer 1) Diff live state vs declared state (helm get manifest vs kubectl get);
2) If the drift was intentional (hotfix), codify it in values/manifests and commit to Git;
3) If accidental, trigger a sync to revert;
4) Set up admission webhooks or RBAC to prevent direct changes.