Weave GitOps Manager Adds Policy Based Cluster Automation to Kubernetes

By bltd2a1894de5aec444
September 26, 2019

Introducing production ready clusters with GitOps. Instead of being held back by infrastructure bottlenecks, what if you can spin up a cluster when and where you need it with a choice of tools all managed with GitOps?

Related posts

Firekube - Fast and Secure Kubernetes Clusters Using Weave Ignite

WKSctl - A New OSS Kubernetes Manager using GitOps

Weave Kubernetes Platform with GitOps Policy Management

Today we are introducing Weave GitOps Manager - a major expansion of the Weave Kubernetes Platform. This is a commercial product for enterprises to manage applications and clusters via policy-based configuration -- i.e. GitOps.

Why configuration management matters

As Kubernetes becomes an industry standard tool, customers find they want to:

  1. Extend clusters with other components to create an “application platform”
  2. Reproduce multiple identical clusters easily
  3. Control who can change what, when and why, through policy

Many customers feel the choice of tools can be bewildering, yet to make Kubernetes fit for each of their use cases, different tools may be needed in different clusters. For example a web application cluster will be different from a machine learning cluster.

The key to success is a flexible and reproducible cloud native platform that allows you to quickly adopt the right technologies for your workloads, and then run them where you want: on premise, in public clouds or even in a hybrid-cloud environment. Solving these problems takes more than a cluster installer. Not only do you need to have a way of managing your workloads and clusters through their entire lifecycle, but preferably, you need to do it with the tooling that your engineering teams already use every day.

Automate configuration management with GitOps

Weave Kubernetes Platform (WKP) solves this problem for you. It implements and utilizes GitOps to configure and manage reproducible production ready clusters across your organization, including add-on components, templates and policies to help you scale.

The central hub and nerve centre of the platform is the Weave GitOps Manager, providing a unique and powerful GitOps operating model for managing the entire end-to-end Kubernetes cluster lifecycle.

With GitOps at the center of your operational model, teams can install production ready clusters on-premise, on public clouds such as AWS, GKE, or AKS and even onto pre-created OpenStack nodes. Since git maintains the cluster configuration, you can use GitOps to initiate a cluster patch or a minor version upgrade or add or remove cluster nodes without having to rebuild clusters from the ground up every single time.

Why choose Weaveworks?

Here are five reasons to use theWeave Kubernetes Platform today:

  1. Easily reproducible application-ready clusters, anywhere, with your choice of add-ons
  2. Apply policy and tame complexity -- configuration at scale
  3. Zero downtime upgrades
  4. Instant dashboards
  5. Full stack support

Buy WKP if you want full stack support across open source upstream, enterprise and hosted Kubernetes options, with any of the following features.

Add your choice of tools to upstream and hosted Kubernetes

WKP is the first platform that allows you to select and mix what’s best for your environments and to manage it all with GitOps. It brings together a complete set of Kubernetes tools, so that you can deliver flexibility and choice to your teams, along with consistent and reproducible production ready clusters wherever you need them.

WKP falls in between a completely DIY approach and one that is blackbox. Weaveworks believes you should be able to add the components you need with a proven method you can trust. Our emphasis is on Operators’ and SREs’ ability to integrate an upstream version of Kubernetes with the best open source tools in the community and to manage them with a flexible and secure GitOps-based architecture.

Reproducible clusters anywhere with GitOps

With both Kubernetes configuration and its stack managed with GitOps, entire clusters can be reproduced and rolled-out in a repeatable and predictable way. The creation of Development, Staging/QA and Production environments are reliably reproduced all from git using the same base configurations every single time.

Apply standards across your organization using policy

In addition to providing your team with the freedom to spin up clusters when they need to, you can also apply standards across your organization with predefined cluster profiles that contain pre-set defaults and any other required settings for security, auditing, and monitoring that can always be applied to the base configuration.

Custom cluster stacks

To meet your teams’ specific cluster environment requirements, for example Development, Test, Staging or Production or for managing large pools of clusters all at once, WKP provides the ability to automatically apply overrides using GitOps.

What are overrides managed with GitOps? Overrides are like meta-variables controlled through git that provide a way for your teams to customize a base cluster configuration with a simple pull request. Several common scenarios are provided out of the box, and for special cases, a javascript library is also available for complete control.

GitOps-powered cluster configuration

Cluster configuration via pull request is available for:

Customized cluster environmentsAdapt base cluster setups for different environments like test, development or production and other specific use cases.
Specify Kubernetes configuration settingsAutomatically set up AWS accounts and credentials, as well as cluster size and machine type.
Setup and include additional cluster componentsAdd a Kubernetes dashboard, or specify the Prometheus time-series data retention time.
Application workload settingsSpecify configuration settings for services deployed with GitOps.

GitOps policy manager

Meet business and regulatory compliance requirements by allowing and restricting who does what, when, to the cluster. Git-based rules built on top of the Open Policy Agent (OPA) standard, all managed by pull request to ensure that cluster changes are only initiated by the roles that are permitted to do so.

Extensible RBAC roles and permissions are checked in and confirmed at git commit time. Feedback is provided in git before any changes are made and applied. Users may also add their own roles and policies through the OPA framework.

When a new cluster is provisioned, default roles and permissions are automatically set up for Cluster Operators who are permitted to update cluster components and another for Application Developers/SREs who can only manage workloads outside of cluster component namespaces, or in some cases may only do so within a specific namespace.

Zero downtime upgrades and instant dashboards

We have a few more product upgrades to help you in this release.

Zero downtime cluster life-cycle management

GitOps has always been a great solution for dealing with upgrades, rollback and D/R. In this new WKP release we have integrated the GitOps Manager more deeply into our Kubernetes tooling.

Users may now initiate rolling upgrades to production clusters by applying patches in-place with zero downtime. Manage the entire cluster lifecycle with GitOps, aligning your changes with any planned upstream maintenance windows. Easily apply security patches to your base Kubernetes configuration or upgrade any additional Kubernetes components in your stack as needed.

Instant operations dashboards

Verifying deployments and alerting on change is another great GitOps feature. To date this has been available in our open source and SaaS (Weave Cloud).

From today, users of WKP have a single view into the health and state of any cluster and its workloads.

  • Observe the health of your cluster and application deployments with instantly available Grafana dashboards and alerts preconfigured straight from git after a new base cluster is provisioned.
  • Pre-canned dashboards can be used ‘out-of-the-box’ or in this case ‘out-of-the-repo’ as soon as you’ve spun up a cluster.

WKP- Ops-dashboard.png

Final thoughts

“Cloud native applications increase business agility and speed. However, achieving these benefits requires a new runtime platform and environment for operating cloud native applications reliably, securely and at scale.” Steve George, COO Weaveworks

This is part 1 of a two part post on the Weave Kubernetes Platform, where we discussed how you can use GitOps to manage the entire life-cycle of a cluster from creation to upgrades and applying patches. In the next post, we’ll discuss where and how you can install Kubernetes. Then we’ll show you how to leverage GitOps policies for specific cluster stacks for different environments. Finally, we’ll describe the cluster extensions that you can manage and maintain with GitOps in the Weave Kubernetes Platform.

Have questions on what you need to create a cloud native platform?

The Weaveworks team can help you navigate the vast landscape of cloud native technologies – OSS and paid. Together we can create a cloud native reference architecture that fits your business needs. You can benefit from a Weaveworks’ validated design or you can design, review and select technology options with our help.

Weaveworks has the deep experience necessary to provide highly skilled integration support for users who already have solutions for cluster distribution, application config management, application delivery, service routing, metrics, observability, service routing, etc.

Contact us for a demo of the Weave Kubernetes Platform.

Related posts

Firekube - Fast and Secure Kubernetes Clusters Using Weave Ignite

WKSctl - A New OSS Kubernetes Manager using GitOps

Weave Kubernetes Platform with GitOps Policy Management

Find out what a production ready cluster looks like with these Kubernetes checklists.