DevOps / Kubernetes / Software Development

WERF Automates Kubernetes-based GitOps from the Command Line

28 Oct 2020 2:18pm, by

A new project from infrastructure service provider Flant, called Werf, promises an easy way to set up GitOps-styled deployment pipelines, where code changes in a git repository trigger the appropriate containers to be rebuilt and pushed into a Kubernetes deployment — all automatically.

“It synchronizes the state of the registry with the state of the git, and the state of Kubernetes to the state in git,” explained Flant Chief Technology Officer Dmitry Stolyarov, in a recent webinar hosted by the Cloud Native Computing Foundation.

GitOps is a term popularized by Kubernetes platform provider Weaveworks, with the idea to “make git the center of control,” of cloud native operations. As soon as a change is made to code in the git repository, an automated workflow is kicked off to rebuild the application and push it into production. This approach can also be used to store and update system configurations, setting the stage for Infrastructure-as-code operations.

Weaveworks itself has developed a tool, called Flux, a CNCF sandbox project, to run GitOps workflows using a Kubernetes operator. Werf takes a simpler approach: The interface is a command-line interface, so it can be inserted into a continuous integration (CI) workflow, or run by a developer from a laptop.

Behind the scenes, Werf builds images from code in your repository and submits a Helm manifest to Kubernetes to run the resulting containers. It keeps track of the state of the system by calculating a digest for each Docker file, then checking it against the manifest. “If it doesn’t match, it changes the state in Kubernetes to that which is specified in git,” Stolyarov said, explaining this convergence process.

The approach discourages tampering with containers directly within Kubernetes because any changes made will soon get overwritten by a fresh Docker image. It also offers a level of feedback not offered by helm install or kubectl apply, as it will actually verify that the new update is in fact operational, information neither one of those tools routinely provide.

Thematically keeping to Kubernetes’ nautical theme, “Werf” is the Dutch word for shipbuilding site, Stolyarov pointed out.

Check out the demo in this presentation to see how Werf works:

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.