Watch Weave GitOps Release Features: Trusted Application Delivery with Policy as Code, VScode and Terraform extensions for Flux
In our Weave GitOps latest release recap, we introduce the newest enterprise features, including Trusted Application Delivery (policy as code), new observability dashboards and the latest Flux extensions for Terraform and VS Code.
The 16-point Checklist for GitOps Success
Liquid Metal is Here: Supported, Multi-Cluster Kubernetes on micro-VMs and Bare Metal
Level up Security Management with HashiCorp Vault and Flux
Even the best engineers make typos, especially when they’re trying to deliver software features and fixes as fast as possible. Velocity simply makes configuration mistakes all the more likely.
Or does it?
Not necessarily. Because thanks to the new policy as code features in Weave GitOps, you can apply policies at commit time, effectively installing instant guardrails for developers and DevOps engineers, helping you to shift security and compliance to the left.
Our most recent feature release of Weave GitOps covered everything you need to know about Trusted Application Delivery and how to implement policy as code in your GitOps pipelines, alongside all the other new features. In all, they comprise:
- Trusted Application Delivery – we are adding policy as code to GitOps pipelines
- A Terraform extension
- New observability dashboards
- Liquid Metal, for running clusters on micro-VMs
- Microsoft VS code extension
- Flux subsystem for ArgoCD
A Closer Look at Trusted Delivery
Presented by Weaveworks Product and Engineering managers, the webinar opened with an introduction on policy as code, explaining the kind of policies Weave GitOps allows you to codify. They are classified as:
- Security guardrails, e.g. approved container registries running as root and/or privileged, allowing direct ingress
- Resilience guardrails, e.g. health probes, resource limits, minimum replicas, and how services map to deployments
- Coding standards, e.g. required annotations and labels, and validation of annotation and label values
Policies can be implemented at every stage, from commit (where they will likely take the form of GitHub actions to prevent changes that violate the policy being made) through to build (using CI/CD tools and workflows), to through deployment, where Kubernetes’ admission controllers are used to block violations made through kubectl or the APIs. Once you’re in production, KubeNotifier can be used to report violations as they occur. And the beauty of all this is that it is a completely automated process, wholly embedded in your pipeline. From the perspective of your developers and DevOps engineers, there is nothing new to learn and no new tools to embrace.
You can create your own policies according to your needs, however, Weave GitOps comes with a built-in policy library containing over 100 usable examples that pertain to some of the enterprise world’s most common security and compliance challenges, including SOC2, GDPR, PCI-DSS, HIPAA, and the Mitre Attack. You can easily adapt any pre-supplied policies, using Rego.
New for Flux Users: VS Code and Terraform Extension
The first demonstration of the session covered the VS Code extension, essentially giving you a Weave GitOps button in the sidebar of your IDE that allows you to access GitOps features without switching to another dashboard. It lets you view GitOps components and components as well as triggering reconciliation and more. A preview release at present, you can download it here.
Next came the Flux Subsystem for Argo, aimed at Argo users who might want to migrate to Flux (to access features such as Trusted Delivery or better Helm support, for example).
The hosts explained how the new Terraform extension means you can use GitOps to control just about every resource you work with, including those that live outside Kubernetes. They then introduced Liquid Metal – a new feature in Weave GitOps that enables you to provision Kubernetes clusters declaratively on lightweight micro-VMs (e.g. Firecracker) and bare metal. This offers the best of two worlds: the dynamic flexibility of virtualized infrastructure and the hardware acceleration you can only get from bare metal. Crucially for AWS customers, its ability to manage EKS-A clusters makes hybrid cloud easier to manage and more cost-effective.
This introduction was followed by a live demo, showcasing the ease with which it can be put into action, thanks to the Weave GitOps browser-based GUI.
Watch the Demo on All Features
To learn more about policy as code and the new features in Weave GitOps, watch the webinar now.