Defining the integration for GitOps

Each DataPower® domain supports a single GitOps instance that operates in either read-only mode or read/write mode.

Before you begin

To define the connection for GitOps integration, you need to know the location of the remote repository and how to secure the connection with this repository. The connection can be secured with the HTTPS or SSH protocol.

HTTPS: The connection uses HTTPS basic authentication where you must provide the username and password. Because the credentials use a password, you must create a password alias for the password. Beyond credentials, you must define the truststore, which is DataPower validation credentials.
SSH: The connection uses SSH where you must provide an SSH client profile. Beyond the client profile, you need an SSH authorized key file.

About this task

The DataPower GitOps implementation supports the following modes for integration with the remote Git repository that commits by using a branch identifier, commit hash identifier, or a tag identifier. For a GitOps write operation, you need to define the git config requires a user.name and user.email.

Read-only mode: In read-only mode, the system pulls the domain configuration and local files from the Git repository. The pull interval from the repository is configurable, but you can disable polling. This mode is for production environments and facilitates the deployment of configurations that you develop in read/write mode.
Read/write mode: In read/write mode, the system pulls and applies changes from the Git repository to the running domain configuration. This mode for development environments and facilitates the development and publishing of configurations to the repository that are pulled when in read-only mode.

Procedure

In the search field, enter gitops.
From the search results, click GitOps.
Set the Administrative state setting to enabled.
Optional: In the Comments field, specify a brief, descriptive summary.
In the Remote location field, specify the URL of the remote Git repository.
In the Connection type field, specify the protocol to secure the connection.
The supported protocols are HTTPS and SSH.
HTTPS
1. In the Username field, specify the username for basic authentication.
2. In the Password field, specify the password alias that defines the password for basic authentication.
3. In the TLS validation credentials field, specify the validation credentials that define the truststore.
SSH
1. In the SSH client profile field, specify the client profile to secure connections.
2. In the SSH authorized key file field, specify the file that contains the authorized SSH keys. This file must be in the cert: or sharedcert: directory.
In the Operation mode, specify the operational mode of the Git repository.
The supported modes are read-only and read/write.
Read-only
1. In the Sync interval field, specify the interval in minutes to poll the repository for changes. Enter a value in the range 0 - 1440. The default value is 5. To disable polling, specify 0.
2. In the Commit identifier type field, specify the type that is branch, commit hash, or tag.
3. In the Commit identifier field, specify the identifier for the branch, commit hash, or tag.
4. In the JSON parser settings field, specify the JSON settings configuration that defines the limits to apply to JSON files.
Read/write
1. In the Commit identifier type field, specify the type that is branch, commit hash, or tag.
2. In the Commit identifier field, specify the identifier for the branch, commit hash, or tag.
3. In the Git user field, specify the full username that controls user.name in git config.
4. In the Git email field, specify the user email that controls user.email in git config.
5. In the JSON parser settings field, specify the JSON settings configuration that defines the limits to apply to JSON files.
In the Templates area, assign template policies.
1. Click Add.
2. In the Template policies field, specify a GitOps template.
3. Click Apply.
4. Repeat this step to assign another GitOps template.
Click Apply to save changes to the running configuration.
Click Save to save changes to the persisted configuration.