Weaveworks Brings Policy-as-Code to GitOps for K8s
Weaveworks today announced general availability of an update that embeds policy-as-code capabilities into its continuous delivery (CD) platform to improve application security. Those capabilities are based on technologies the company gained with the acquisition of Magalix earlier this year.
The Weave GitOps 2022.03 edition of the platform also makes it possible to use the profile catalog to define services that can be used across multiple application development teams.
In addition, Weaveworks is making available technology previews of integrations with the open source Terraform tool for provisioning infrastructure-as-code and the Visual Studio Code integrated development environment (IDE) provided by Microsoft.
Finally, Weaveworks has added a graphical observability tool for tracking the health of applications to Weave GitOps Core, which is an extension of the open source Flux tool for managing the delivery of container images that is at the core of the Weaveworks CD platform.
Weaveworks COO Steve George says that as application development continues to evolve, it’s apparent that CD is becoming a separate DevOps discipline that stands apart from continuous integration (CI) platforms used by developers to manage the application build process.
As that shift occurs, it’s critical to also enable IT operations teams to put guardrails in place so that organizations can manage security and compliance policies as code, notes George. The Weaveworks approach is to enable configuration and security policies to be held in a Git repository alongside the code created to manage infrastructure, adds George. Any changes can be made, reviewed and then pushed through an automated pipeline that verifies, deploys and monitors every update, he says.
IT teams can then decide where and how custom policies are applied using a policy-as-code engine embedded within a pipeline, says George. The goal is to make it simpler to not only protect applications but also ensure the integrity of the software supply chain, he adds.
The degree to which DevOps teams will manage CD apart from CI is now the subject of a fierce DevOps debate. Advocates of an approach that loosely couples CI and CD processes argue that very few DevOps teams are employing CD best practices because they are too difficult to implement across multiple platforms. Kubernetes, however, presents IT teams with a standard application programming interface (API) that makes it simpler to implement CD processes.
George says as those CD processes evolve, a team of IT professionals with varying skill levels will manage those processes. In some cases, a site reliability engineer (SRE) will automate processes via an API. In other instances, an IT administrator will manage a task using a graphical tool. Sometimes, an SRE may even decide it is more expedient to use a graphical tool themselves.
It’s clear a new approach to DevOps is evolving as GitOps processes mature. Each IT organization will need to determine the degree to which they want to shift to GitOps processes, given their previous commitments to legacy DevOps workflows. However, one thing that is certain is that Kubernetes, more than any other platform, makes it easier to embrace GitOps.