Are we Already Following All the Commandments?

Before we take a break, let’s see how many of the ten commandments we’re following so far.

1. Git is the only source of truth#

Everything we did on both the application and the environment level started with a push of a change to a Git repository. Therefore, Git is our only source of truth.

2. Everything must be tracked, actions should be reproducible, and idempotent#

Since everything is stored as code through commits and pushes, everything we did is tracked and reproducible due to idempotency of Helm and other tools.

3. Communication between processes must be asynchronous#

Changes to Git fire webhook requests that spin up one or more parallel processes in charge of performing the steps of our pipelines. Hence, communication between processes is asynchronous.

4. Processes should run for as long as needed, but not longer#

One rule that we do not yet follow fully is that processes should run for as long as needed, but not longer. We are only half-way there. Some of the processes, like pipeline builds, run in short-lived Pods that are destroyed when we’re finished with our tasks. However, we still have some processes running even when nothing is happening. A good example is Jenkins. It is running while you’re reading this, even though it is not doing anything. Not a single build is running there at this moment, and yet Jenkins is wasting memory and CPU. It’s using resources for nothing and, as a result, we’re paying for those resources for no apparent reason. We’ll solve that problem later. For now, just remember that we are running some processes longer than they are needed.

5. All binaries must be stored in registries#

Commandment number five says that all binaries should be stored in registries. We’re already doing that.

6. Information about all the releases must be stored in environment-specific repositories or branches#

Similarly, information about all the releases is stored in environment-specific repositories.

7. Everything must follow the same coding practices#

We are following the same coding practices no matter whether we are making changes to one repository or the other, and no matter whether the changes are done by us or the machines.

8. All deployments must be idempotent#

Furthermore, all our deployments are idempotent, and we did NOT make any change to the system ourselves.

9. Git webhooks are the only ones allowed to initiate a change that will be applied to the system#

Only webhooks are notifying the system that the desired state should change. That state is expressed through code pushed to Git repositories, sometimes by us, and sometimes by Jenkins X.

10. All the tools must be able to speak with each other through APIs#

Finally, all the tools we used so far are speaking with each other through APIs.

1. Git is the only source of truth. ✅
2. Everything must be tracked, every action must be reproducible, and everything must be idempotent. ✅
3. Communication between processes must be asynchronous. ✅
4. Processes should run for as long as needed, but not longer. ❌
5. All binaries must be stored in registries. ✅
6. Information about all the releases must be stored in environment-specific repositories or branches. ✅
7. Everything must follow the same coding practices. ✅
8. All deployments must be idempotent. ✅
9. Git webhooks are the only ones allowed to initiate a change that will be applied to the system. ✅
10. All the tools must be able to speak with each other through APIs. ✅

We’re fulfilling all but one of the commandments. But, that doesn’t mean we’re done as soon as we can find the solution to make our Jenkins run only when needed. There are many more topics we need to explore, there are many new things to do. The commandments will only add pressure. Whatever we do next, we can’t break any of the rules. Our mission is to continue employing GitOps principles in parallel with exploring processes that will allow us to have cloud-native Kubernetes-first continuous delivery processes.

Let’s wrap up this chapter in the next lesson.