GitOps goes beyond Kubernetes with Weave GitOps & Upbound’s Universal Crossplane
GitOps is going beyond Kubernetes to offer end-to-end management of cloud infrastructure. Learn how Weave GitOps & Upbound with Crossplane enables this.
A promising standard for continuous delivery and organizational practices, GitOps has grown past its niche of Kubernetes cluster management. With numerous recent developments in this field, users now have access to multiple ways of dealing with both applications and infrastructure - even beyond the Kubernetes ecosystem. This is made possible thanks to an integration between Weave GitOps and Upbound. What this opens up is the possibility to enforce policies defined declaratively across the entire spectrum of a hybrid cloud stack. This is the topic of an upcoming webinar Weaveworks and Upbound are hosting together. In this post, we discuss the key ideas of this webinar, and hope you get you excited enough to join us for the webinar itself.
The ever-expanding cloud stack
The cloud began with the likes of AWS and VMware pioneering the use of virtualization at scale. It graduated to containerization with the rise of Kubernetes. Today, any organization’s cloud stack is a combination of various cloud services, container and cloud-native technologies, on-premise infrastructure, and more. Alongside Kubernetes, organizations need to manage DNS, data stores, messaging gateways, AWS Lambda functions and so much more. All this adds to the management overhead and ends up slowing down the pace of cloud operations.
GitOps, with its declarative approach, has the ability to bring much-needed consistency, predictability, and confidence to cloud management. However, this is easier said than done. It takes more than a single tool or solution to achieve end-to-end integration of a complex cloud stack. By leveraging complementary solutions like Weave GitOps and Upbound, you can take GitOps practices far beyond Kubernetes.
GitOps and Upbound (creators of Crossplane)
Upbound’s Universal Crossplane (UXP) is a complete solution for scaling Crossplane and building your own internal cloud platform. Some of Crossplane’s features include:
- Crossplane in itself is a Kubernetes application.
- Its definitions are Kubernetes manifests.
- You can either choose to use resources from the common cloud providers or create resources according to your needs yourself.
All its definitions or manifests can be applied with kubectl and verified through manifest verification tools like kube-linter or kubeval. You can even template these definitions with Kustomize or Helm and use any tools in the Kubernetes ecosystem to read and manage them.
Furthermore, given the fact it is a standard manifest, you can store Crossplane definitions in Git and manage them with Weave GitOps to get a complete GitOps workflow. Simply by taking a look at Git you can get a snapshot of the infrastructure you have and know exactly what was changed and when. Moreover, the infrastructure state is no different from the Git state, unlike Terraform which has its own unique state which serves as the single source of truth and needs external credentials for accessing. Not to mention, with Git, you can revert to a previous version of your infrastructure with a simple command whenever required, thus eliminating the possibility of configuration drift.
This gives you an end-to-end solution that implements the GitOps principles for infrastructure and not just applications.
GitOps and Policy-as-Code
Scaling governance is key to fully realizing the benefits of going cloud-native. According to the Global Risks Report from the World Economic Forum, misconfigurations and human error alone account for 95% of cybersecurity threats. Given that, organizations must take steps to secure cloud-native applications and mitigate the risk from the human element.
Policy-as-code (PaC) is a major step towards implementing the principles of shift left security. PaC bets that declarative code will soon become the de-facto standard for IT management. It requires a policy engine to enforce policies across the stack — not just on Kubernetes.
Weave GitOps Enterprise now includes policy-as-code checks to detect misconfigurations, halt deployments, and alert the concerned teams automatically. All developers have to do now is push their code to the GitOps pipeline, and they’ll be notified if the system detects any issues related to compliance or security.
Moreover, given that these policies are defined declaratively, you can now automate a major chunk of your microservices and security policies deployment processes.
GitOps for Liquid Metal and EKS Anywhere
Going cloud-native has always been considered a way to modernize older, legacy applications. And while it’s difficult to move most real-world apps into containers completely, even virtualizing multiple Kubernetes clusters is not considered price-effective. To that end, Weaveworks has introduced Liquid Metal, a GitOps-powered Cluster-as-a-Service (CaaS) which will simplify scaling Kubernetes clusters across environments.
Liquid Metal, which was originally developed in collaboration with Deutsche Telekom to help bring 5G services to the edge, now natively provisions dynamic Kubernetes cluster-as-a-service across both bare metal and micro-VMs.
Furthermore, as an AWS advanced technology partner, Weaveworks has been working tirelessly to ensure that deploying EKS Anywhere using eksctl is smooth, thus doing away with all barriers to application modernization.
Final Thoughts
The whole idea driving GitOps is to facilitate automation in Kubernetes cluster management and support collaboration between teams. With Weave GitOps and Crossplane, you can now develop and manage end-to-end cloud infrastructure without relying on third-party tools.
The upcoming webinar goes into much more detail on all the ideas covered in this post. Join us December 7th as we showcase just how effective and secure application delivery is when Weave GitOps and Upbound work together.