Kasten is sponsoring The New Stack’s coverage of Kubecon+CloudNativeCon North America 2021.
Codefresh, the company behind the Kubernetes-based continuous deployment and continuous integration (CI/CD) platform, is making the move to a fully open core approach this week with the release of its Codefresh Argo Platform in advance of this year’s KubeCon+CloudNativeCon North America. While previously, Codefresh had participated in open source projects, its core offering remained separate and proprietary. With the release of Codefresh Argo Platform, its core will be the open source Argo workflow engine, with additional enterprise features and support added on top.
“We’ve decided to take our company really fully open source,” said Codefresh co-founder and chief open source officer Dan Garfield. “With Codefresh in the past, we’ve made contributions to Helm, to [Cloud Native Application Bundles], to some other important open source projects, and over the last year, we’ve been helping lead the GitOps project under the Cloud Native Computing Foundation, and what we’ve decided to do is, rather than making some open source contributions here and there, having some components that are open source, we’ve decided to kind of reverse and have a totally open core approach.”
Codefresh Argo Platform takes the four primary Argo components — Argo Workflows, Argo Events, Argo CD, and Argo Rollouts — and combines them into a single platform. While previously Codefresh had been working on features independently and then contributing some of them back to Argo, now the company will make the core of its platform the Argo open source project, with enterprise features separated out. Part of the benefit here, explained Garfield, is that Codefresh helps companies by providing scalability, security, and support around their Argo deployment, which otherwise might not be upgraded regularly.
“If you look at a large company, they’ll have 5,000 instances of Jenkins and 60% to 70% of them will have remote code execution vulnerabilities on them because maintaining all of those instances is really difficult,” said Garfield. “What we’re able to do with Codefresh Argo Platform is, we can basically spin up, manage, update, handle the security of many instances while providing insights into all the instances.”
Codefresh Argo Platform, by comparison, allows its users to handle all of those enterprise management tasks around deploying and running Argo, but from a single dashboard.
“The open source is Argo and you can run a single instance of it, you can run multiple instances of it, and then the layer on top of it — the control plane that allows you to manage the workflows at scale, allows you to handle security, allows you to do updates and provisioning and work behind the firewall, work deploying to edge clusters and things like that — that’s all part of the Codefresh Enterprise Platform and Codefresh Argo Platform,” said Garfield.
Another benefit of the Codefresh Argo Platform, explained Garfield, is that current Argo users might be building their own implementations to connect the four Argo pieces together, whereas Codefresh Argo Platform handles that integration. At the same time, by moving over to Argo as the open core, Codefresh’s end users benefit from the direction and contributions of the Argo open source community, and get more workflow templates, better integrations, and a better management path.
“We get to benefit and provide benefits to the community, and in always having something that is more up to date, we don’t have to invest as many resources on updating the core engine,” Garfield said. “We can focus more on those differentiating features that allow scale, security, and support. It’s very similar to why Google gets a benefit from Kubernetes.”
At this point, the Codefresh Argo Platform is being released for early access, which users can request to join starting now, and general availability is expected for January 2022.
Open GitOps Nears a 1.0 Release
Alongside the news of Codefresh’s move to an open core model, Garfield also offered an update on an initiative that we spoke with him about last year — the efforts of the GitOps Working Group, which is now a CNCF Sandbox project and a working group under the CNCF App Delivery special interest group (SIG).
The group was formed last year by Amazon, Codefresh, GitHub, Microsoft, and Weaveworks, and Garfield says that since then it has seen feedback on its Open GitOps principles by more than 60 companies. This week, the group is ready to finally announce the release of Open GitOps 1.0, in which it intends to lay out “a vendor-neutral, principle-led meaning of GitOps,” according to the new Open GitOps website.
Garfield mentioned that, at one recent event, they informally polled a crowd regarding their use of GitOps, with nearly half the crowd responding that they had indeed adopted GitOps principles. After giving a talk about GitOps, however, a much smaller fraction of that same crowd said they were actually practicing GitOps.
“What we found is there’s actually a pretty big delta between what people understand GitOps to be and what GitOps is,” he said. “That’s one of the good reasons that we’re coming out with version 1.0. As people read it, I think many people will be surprised to realize that they have only implemented maybe one part of GitOps, and there’s actually several parts in order to do it and meet the standards.”
While many companies have instituted a Git-based infrastructure as code, many have not implemented anything to monitor drift and reconcile infrastructure with the desired state — something laid out in the Open GitOps 1.0 principles.
Although Open GitOps 1.0 has not been officially announced at the time of this release, Garfield said that it was expected this week.
Amazon Web Services, Codefresh, The Cloud Native Computing Foundation, KubeCon+CloudNativeCon and Weaveworks are sponsors of The New Stack.