In a recent webinar, Paul Fremantle (@pzfreo), VP Product Strategy and Paul Curtis (@pfcurtis_NY), Solutions Architect walked us through the new features in version 2.4 of Weave Kubernetes Platform (WKP). The standout features from this release of WKP are Team Workspaces for app development on Kubernetes as well as the ability to implement GitOps in your choice of existing Kubernetes environments.

In this post, we take a close look at Team Workspaces with RBAC security controls for self service Kubernetes development.

What is Weave Kubernetes Platform?

The Weave Kubernetes Platform is a production-ready platform with absolutely no lock-in. GitOps is both the underlying architecture and developer experience of WKP. It simplifies the configuration and management of Kubernetes platforms across your organization by allowing platform teams to deploy and manage 100’s of clusters wherever they are needed: on premise, in the cloud or at the edge.

WKP brings together all of the tools necessary for managing and developing on Kubernetes including: cluster components and add-ons, as well as application workloads from a single GitOps workflow. Customers such as Mettle from NatWest, Deutsche Telekom and Datascan have achieved significant improvements in key agility metrics such as time to release, mean time to recovery and many other gains.

Velocity metrics from the financial services company, Mettle by NatWest after implementing self-service Kubernetes and GitOps include:

Mettle-numbers.png

Kubernetes platforms made simple with GitOps

WKP is built on open and standard technologies like the Cluster API that make it simple for platform teams to use GitOps to manage the configuration of complete platforms as well their upgrade lifecycles. Teams can maintain multiple clusters and development platforms, and since it’s all declarative, they can use GitOps to configure and deploy complete and consistent clusters anywhere.

workspaces-demo.png

Installed platform components kept in Git

Why workspaces?

Organizations looking to adopt cloud-native technologies and approaches such as Kubernetes and GitOps can achieve greater velocity in their software releases if they can work independently, securely and have the confidence to rollback.

Workspaces is the first of a series of WKP features that focus on the developer experience for enabling team velocity. In Kubernetes, namespaces are great for making efficient use of Kubernetes resources across teams, but enabling them and managing them through the command line is cumbersome and can be error prone. With WKP 2.4, Workspaces builds on and creates secure namespaces to deliver multi-tenancy and application portability so that teams can immediately start shipping from Git.

How WKP Workspaces work

A Workspace Git-clones all of the tools needed for development and monitoring like Flux2, Helm, Prometheus, Ingress, Sealed Secrets, Grafana and Weave Scope and creates a new repo and then installs the stack onto a newly created namespace in a cluster. WKP allows you to define specific workspaces for individual teams and can also deliver the same workspace across multiple clusters and namespaces.

team-workspaces-rbac.png

Team workspaces create cluster namespace

Operators and Platform Teams implement RBAC to scope each namespace and workspace to limit the configuration changes that application developers can make to a cluster or namespace. This makes for enhanced collaboration without compromising security.

RBAC for policy enforcement at scale

RBAC is key to enabling secure workspaces in WKP. There are two default roles in WKP - workspace-member, and namespace-admin. The workspace-member is a member of the Dev team and has the ability to deploy applications, but not to modify quotas or limits. The namespace-admin can modify quotas and limits, but not create additional namespaces, or deploy CRDs. These default roles can be modified as needed. You can also create your own custom roles and policies within WKP if required.

By combining Workspaces and RBAC with GitOps, you have a simple way to create multi-tenancy for Kubernetes. You can also easily enforce centralized security without the overhead of provisioning and managing it separate from your Kubernetes cluster.

Impact of Workspaces and RBAC on the organization

WKP makes a GitOps approach to Kubernetes management a reality. Whether it’s running EKS or another flavor of Kubernetes, WKP has you covered. It enables you to scale individual components, teams, and clusters, no matter where you decide to run your Kubernetes.

View the webinar in its entirety to learn more about workspaces and also how CAPEI helps deliver GitOps on your existing infrastructure or anywhere:

Join our Workspaces deep dive webinar

As a follow-up to the above webinar, Paul Curtis will be delivering another webinar diving deeper into the Team Workspaces feature of Weave Kubernetes Platform. Join us 01/26 at 10am PT / 6pm GMT. Sign up to learn more.