# Automated Promotion ## GitOps and Renovate *Nicholas Dille, Haufe Group*
Mastering GitOps 2024
## Setting the stage ![](images/logos/opengitops-icon-color.svg) ### GitOps [](https://opengitops.dev/) Declarative Versioned and immutable Pulled automatically Continuously reconciled ![](images/logos/renovate.png) ### Renovate [](https://www.mend.io/renovate/) Automated dependency updates Proposes pull / merge requests All platforms, all ecosystems --- ## ![](images/logos/opengitops-icon-color.svg)
![](images/logos/renovate.png)
## How Renovate works ![](140_gitops/renovate/renovate.drawio.svg) --- ## How Renovate works - Example ![](140_gitops/renovate/renovate_example.drawio.svg) --- ## How Renovate works
### Requires concept of a releases Mark code in version control Publish release artifact to... - Ecosystem - Release on development platform
### Requires versions - Preferably semantic versioning - Versions must be comparable ---
## Renovate focuses on ## software development ---
## Treat GitOps like ## Software development
## Software development workflow ### How does it work? ![](140_gitops/renovate/process.drawio.svg) Is this really so different from GitOps?
--- ## Commonalities and Differences
-
Both have a stream of updates -
GitOps has no ecosystem -
GitOps has no releases... -
...but knows about health/convergence -
Promotion - like a release - is a concious decision - Based on planned features OR - Based on time -
Automated promotion requires successful testing - Health instead of automated tests --- ## Align with Software Development ### Bringing artifacts to GitOps ![](140_gitops/renovate/process_gitops.drawio.svg) --- ## Artifacts in GitOps ![](140_gitops/renovate/artifacts.drawio.svg) --- ## Artifacts in GitOps ![](140_gitops/renovate/artifacts.drawio.svg) ### App Package Helm or Kustomize Transiton to fully versioned project Establish process for creating releases Implement health checks for release process Treat as software project --- ## Artifacts in GitOps ![](140_gitops/renovate/artifacts.drawio.svg) ### GitOps Application ArgoCD `Application` [](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#applications) Flux `HelmRelease` [](https://fluxcd.io/flux/components/helm/helmreleases/) or `Kustomization` [](https://fluxcd.io/flux/components/kustomize/kustomizations/) Both reference repo URL and revision Point to application package Version maintained by Renovate --- ## Artifacts in GitOps ![](140_gitops/renovate/artifacts.drawio.svg) ### Nested Applications Can help to tie a release across applications Must be able to reference a specific revision --- ### Release process Each app package has its own release process Infrastructure release consists of multiple app packages Health checks determine release version of an app package ![](140_gitops/renovate/release_process.drawio.svg)
## GitOps Patterns --- ## GitOps Patterns
### Operator Deployment Patterns [](https://cloudogu.com/de/blog/gitops-repository-patterns-teil-2-operator-deployment-patterns) Instance per cluster Hub and spoke ### Irrelevant for Renovate Renovate operates on repositories... ...regardless which instance consumes them --- ## GitOps Patterns
### Repository Patterns [](https://cloudogu.com/de/blog/gitops-repository-patterns-teil-3-repository-patterns) Monorepo Repo per Team Repo per App ### Irrelevant for Renovate Updates can occur in any file Monorepo for app packages - Different releases in the same repository - Prefix with app name: `app-name/v1.2.3` --- ## GitOps Patterns
### Promotion Patterns [](https://cloudogu.com/de/blog/gitops-repository-patterns-teil-4-promotion-patterns) Branch per Environment Folder per Environment ### Relevant for Renovate Separate app packages from GitOps applications Otherwise Renovate must use same repository as datasource --- ## GitOps Patterns
### Templating Considering support for collections of applications ### Helm Is aware of versioned releases Can contain versioned dependencies ### Kustomize No concept of packages No concept of dependencies Workaround using clever directory layout and overlays --- ## GitOps Patterns
### Wiring Patterns [](https://cloudogu.com/de/blog/gitops-repository-patterns-teil-5-verdrahtungs-patterns) Both Flux and ArgoCD support versioned sources - Source Controller [](https://fluxcd.io/flux/components/source/) - ArgoCD Application [](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#applications) Nesting is hard for both tools ### Helm Supports versioned releases Supports versioned dependencies ### Kustomize No concept of packages and dependencies Notes: - Kustomize: Workaround using clever directory layout and overlays --- ## Renovate lacks support for CRDs Updates must be maintained in resource definitions
### Enter Custom Managers Type RegEx Identify dependencies in resource definitions Extract package information and current version Inject new version ### Example ```Dockerfile FROM ubuntu:24.04 # renovate: datasource=github-releases depName=helm/helm ARG HELM_VERSION=3.14.4 #... ```
## Caveats
### Fast progress in stage How to keep track of release candidates? Apply semantic versioning Use preview environment tied to specific commit ### Asynchronous updates Make sure releases are triggered when apps are healthy ### Release of multiple apps Tied multiple app packages to a single release Use Helm chart with pinned dependencies Kustomize?!
## Summary
-
GitOps is a modern approach to operations -
Renovate enables automated dependency updates -
GitOps must follow software development patterns -
Versions and releases are key to automated promotion -
Automated promotion requires reliable health checks ### Upcoming events ~~2024-04-16 [Mastering GitOps](https://www.mastering-gitops.de) - [GitOps und RenovateBot](https://www.mastering-gitops.de/veranstaltung-21902-se-0-gitops-und-renovatebot-die-zukunft-der-automatisierten-promotion.html)~~ 2024-11-07 heise Workshop: [Einführung in GitLab](https://heise-academy.de/schulungen/einfuehrung-in-gitlab) (1 day) 2024-11-21/28 heise Workshop: [CI/CD mit GitLab](https://heise-academy.de/schulungen/cicd-gitlab) (2 days) 2024-11-13/14: ContainerConf?