Weave GitOps Core Integrates Git with Kubernetes
Continuous delivery software provider Weaveworks has launched Weave GitOps Core, a software package intended to help DevOps teams streamline the continuous delivery (CD) process of deploying applications and updates from a Git repository on Kubernetes clusters.
As an open source alternative, Weave GitOps Core helps to simplify and automate the process of deploying code on what the company says can be “any Kubernetes cluster.” This involves a two-command line process without having to manually configure the cluster settings. Among other things, Weave GitOps Core also pre-configures the monitoring and observability tools for the clusters so that they continue to run uninterrupted during the deployment process.
Once Weave GitOps Core is installed, a reconciliation loop with the target environment is set as cluster configurations for the operators are stored to immediately serve as a customized platform for developers, Jordy Mon Companys, product marketing director at Weaveworks, told The New Stack.
“Such automation is waiting for changes in Git to deploy them immediately to the target environment,” he said. “From a development perspective, not much changes: developers focus on pushing code to their repos, running tests and CI if such things are in place and Weave GitOps Core will take any change in the workload and update the specific namespace with it. Weave GitOps Core meets developers where they work (Git) and takes full ownership of the deployment to Kubernetes.”
Tighter security and overall control over the CI/CD process for GitOps is an additional feature Weaveworks intends to provide with the open source release. Previously, DevOps teams have been struggling to “push builds into their Kubernetes cluster themselves or allowing their CI servers to do it for them,” Companys said.
“In either of these approaches it is required that the CD pipeline would be granted access and would carry the required credentials to access the cluster,” he noted. “Regardless of the security risk this approach involves, this workflow is one way only. One would never know if someone had manually accessed and changed anything in the target environment.”
This consequent cause of so-called infrastructure ‘drift” is very frequent and is yet another source of concern for security, Companys said. “In a way, with the old approach, you are forced to ship and push to your environment frantically and, if this fails, figure out where the mismatch is. GitOps Core was designed to change this paradigm completely with a pull-based approach — there is no pipeline but a continuously running GitOps automation separate from the CI pipeline,” he said.
Companys added that this standalone process is separate from the CI process preventing any manual, ad hoc access to the cluster.
“The automation lives within Kubernetes and it impersonates the different teams — with proper RBAC one-off configuration — and delivers each workload to the target environment it corresponds to,” he said.
Weave GitOps Core automates the process of ensuring what Companys described as a “reconciliation loop between Git and Kubernetes.” In this way, since Weave GitOps Core and the clusters remain in sync, as Weave GitOps Core’s user interface (UI) provides extended visibility into the GitOps-enabled cluster, Companys explained. “So, whether our clients want to run Prometheus, Grafana or Linkerd in their clusters, they can easily install those from within Weave GitOps Core as cluster components,” he said. “Weave GitOps Core focuses on keeping both sides of the equation in permanent sync.”