In highly regulated industries, customers rely on you to protect their livelihood and personal identity. Decisions about Governance, Risk, Compliance (GRC) and security impact how you store data and build applications, requiring you to be able to provide a full audit trail of what was done to an application or cluster configuration by whom and when. 

GitOps removes the complexity of managing Kubernetes by allowing developers to commit changes to the cluster from Git through a pull request. It relies on software agents to automatically find and reconcile cluster changes with changes in the Git repo. GitOps and DevOps together, create more efficient and secure workflows for application and infrastructure developments and deployments.

What it Does

At the core of reproducible, correct cluster configuration is the GitOps Policy Manager, a standard component in the Weave Kubernetes Platform (WKP) that helps you meet business and regulatory compliance requirements more efficiently. Policies and rules can be set up by Platform or DevOps teams to determine roles and permissions on who can commit changes to the base Kubernetes configuration. 

The GitOps Policy Manager implements a set of Git-based rules built on top of the Open Policy Agent (OPA) standard and managed by pull request. This ensures that cluster changes are only initiated by the roles that are permitted to do so.


Extensible role-based access control (RBAC) permissions are checked in and confirmed in Git at commit time and feedback is provided in Git before any changes are applied. Users may also add their own roles and policies through the OPA framework.

Developers and operators alike can adopt GitOps to improve their Kubernetes experience: 

  • Single pane of glass for policy updates and management. 
  • Easily specify roles and permissions for teams in Git. 
  • Allow only authorized teams to fork, or clone a new cluster. 
  • Make configuration changes with a full audit trail of any changes. 

Why should I care?

With Git-based rules DevOps teams can securely update clusters without involving the platform team. The GitOps process works by having developers write and store everything in Git creating a built-in audit trail. Likewise, Git’s strong encryption and security guarantees improve overall Governance.  And, since GitOps describes your whole system in Git, the system can be easily reproduced when disaster strikes, making it an effective Disaster Recovery plan.

  • Control namespace RBAC and tenant application stacks - Apply and control policy, authorization, and auditing at each level of the cluster. 
  • Secure containers and registry - Catch unauthorized or unsafe applications and containers before they are deployed.
  • Manage network policy and service meshes - Apply access control, authorization, and auditing between services at each level.
  • SOC 2 compliance and disaster recovery - GitOps strengthens your governance Risk and Compliance (GRC) and security practices. Similarly, Kubernetes requires you to set and adhere to a governance and operational framework. 

Find out more 

The Weave Kubernetes Platform is a production ready platform that uses GitOps as the underlying architecture and developer experience. It simplifies cluster configuration and management across your organization by bringing together all the tools, services, and components that your team needs to run into a single platform. WKP also provides policy and Git-based rules to specify, audit, and control who can change what in the cluster configuration.


Master Kubernetes security and compliance with GitOps

In this eBook we discuss how to meet business and regulatory compliance with GitOps Policy Manager.

Download eBook