DEVOPSdigest

Weaveworks announced the General Availability of Weave GitOps 2022.03, a full-stack GitOps platform to automate trusted application delivery and secure infrastructure operations on premise, in the cloud and at the edge.

The latest release embeds policy as code capabilities within Weave GitOps, enabling applications teams to safely deploy and manage applications continuously for faster innovation, agility, and competitive advantage.

“As it stands, the entire industry has grown used to an approach whereby configuration is verified after deployment and problems are fixed after the fact,” explained Alexis Richardson, founder and CEO of Weaveworks. “Integrating policy as code into the GitOps pipeline allows errors or vulnerabilities to be caught automatically before they make it into production and become a significant cost to the organization. Trusted application delivery – with its declarative approach to compliance and security – will certainly become standard in enterprise’s use of GitOps.”

The 2022.03 Weave GitOps release integrates DevSecOps into application CI/CD pipelines. Trusted application delivery consists of the following features:

- Continuous security and compliance: through the integration of policy as code into the GitOps pipelines. Configuration and security policies are held in Git’s version control, where changes can be made, reviewed and fed through an automated pipeline that verifies, deploys and monitors every update and change.

- Deployment guardrails: guarantee the highest level of governance and compliance while maintaining the highest deployment frequency. Deployments can automatically go through pre-flight checks reducing the steps development teams need to remember.

- Custom policy application: allows users to decide where and how policies are applied based on environment, workload, geography or other criteria.

- Multi-layered protection: The GitOps policy as code engine protects the system throughout the software lifecycle - during code commit, deployment and at runtime. Weave GitOps allows each leaf cluster to run its own engine, ensuring continuous policy evaluation should network disruptions occur.

- Continuous compliance monitoring: any policy violation, across applications and clusters in any environment, will cause an alert on the central management console.

"A growing number of enterprises running a zero-trust security model are turning to GitOps to bring DevOps to cloud-native application development and IT operations,” said Paul Nashawaty, Senior Analyst at Enterprise Strategy Group. “Similar to how DevOps disrupted infrastructure management, we believe that integrating security into GitOps automated pipelines will deliver considerable agility and speed, preventing errors during CI/CD and protecting against attacks that could shut down the entire platform.”

Weave GitOps Core - the free and open source extension for Flux - has been enhanced with an application observability UI. It shows the Flux system’s health, and the status of workloads that are being deployed using GitOps. Existing Flux users can install the UI using a simple upgrade process.

Other enhancements in this Weave GitOps release include multiple improvements to accelerate self-service and velocity for application operations. Customers can use the profile catalog to define common services that are available for development teams to deploy: for example specific databases, tools or Kubernetes extensions. As part of the cluster deployment process these extensions can be set as required installations to ensure that standards are being followed: for example requiring security tools to be deployed in all clusters. Layered profiles allow complex deployments of entire application stacks for self-service application platforms.

Terraform Flux integration (Tech Preview): Configure a full stack environment on any cloud by using Terraform with GitOps. For example, during an application deployment create a managed database in a single GitOps workflow. The Terraform controller makes the ecosystem of Terraform modules available in GitOps: configure resources on any cloud (AWS, Azure, Google, etc), and different parts of the software stack including databases, networking and security. Terraform resources are continuously reconciled so that any drifts in the runtime away from the deployed resource will be alerted on.

GitOps for Visual Studio Code (Tech Preview): The GitOps Tools for Visual Studio Code extension brings GitOps into your IDE. Developers can deploy workloads, update them and check their health. It makes it simple to add GitOps to any Kubernetes cluster, with special support for Azure Arc-enabled clusters. Then with a few clicks you can create deployments and use GitOps to push them to your clusters.