In this session, we’ve partnered with Upbound to showcase how to effectively manage application delivery while maintaining a high level of security using Weave GitOps and Upbound. Managing a stateful application deployment with a relational database, Weave GitOps can recognize if there is a policy violation and correct it before deploying the application.
Join us as we demonstrate the scenarios where:
All changes to application configuration are managed through Git workflows
Upbound’s Universal Crossplane allows you to build, deploy, and manage your cloud platforms
GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters
Policy-as-Code guarantees security, resilience and coding standards compliance
Watch the recording: xx
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossplane
1. Confidential do not distribute
Successfully Shift Left Security in
Application Delivery with Weave
GitOps Enterprise and Upbound’s
Universal Crossplane
In partnership with:
2. 2
Webinar Platform - FAQs
Using Zoom
• You are in listen only mode
• This webinar is being recorded
• Q&A session will follow the presentation, please use the Q&A panel to
submit questions
• Hit escape to exit full screen
• Slides and recording will be shared after the webinar
Technical Issues - please visit Zoom Help
https://support.zoom.us/hc/en-us/articles/206175806-Top-Questions
3. 3
Dan Mangum
Principal Software Engineer,
Upbound
Dan Mangum is a Principal Software Engineer
at Upbound and a maintainer of the
Crossplane project. In addition to his work in
the Crossplane community, Dan has held
technical leadership roles in the upstream
Kubernetes community.
Paul Curtis
Principal Solutions
Architect, Weaveworks
Paul started as a developer working in
financial institutions. Paul proceeded to take
on technical account management at
Netscape & Sun, along with system and dev
operations at start ups. Paul now provides
field enablement and engineering in the big
data world.
Speaker introductions
4. Confidential do not distribute 4
The problem:
● Service and resource provisioning slows development
● Resources are spread between different environments (Kubernetes, VMs, Provider Services)
● Managing current state, recovery, and rollbacks is difficult
The solution:
● Declarative and auditable provisioning across all resources
● Application and resource lifecycle management with GitOps
● Policy enforcement across all resources
Shifting Security Left in Application Delivery
5. Confidential do not distribute 5
Weave GitOps Enterprise with Upbound demo
Weave GitOps Enterprise
● Policy guardrails for every declarative action
● Declarative deployment of applications and deployment pipelines across multiple clusters
● Declarative provisioning of Kubernetes clusters and bootstrapping services
Upbound
● All the benefits of GitOps across any resource
● Declarative, audited, and observable
● Lifecycle management of resources external to Kubernetes
6. Confidential do not distribute
Weaveworks is backed by solid investors
Weaveworks is a key partner with all the
major infrastructure and Kubernetes vendors
Weaveworks: the GitOps company
Weaveworks is deeply committed
to the Open Source Community
7. Confidential do not distribute 7
Test
IDE
Build
GitOps – An Operating Model for Cloud Native
Unifying Deployment,
Monitoring and Management.
Git as the single source of truth
of a system’s desired state
ALL intended operations are
committed by pull request
ALL diffs between intended and
observed state with automatic
convergence
ALL changes are observable,
verifiable and auditable
Kubernetes
GitOps
Continuous
Integration
GIT
“Immutability
Firewall”
Deployment
(clusters, apps)
Monitoring
Logging
(Observability)
Management
(operations)
8. Confidential do not distribute 8
Continuous Application Delivery -
use GitOps to deploy and operate
applications. Automation increases
deployment velocity and developer
productivity.
Weave GitOps - Use Cases
Kubernetes Everywhere - in the
cloud or the datacenter Kubernetes
is a universal platform that’s easy
to manage with GitOps.
DevOps Automation - Lifecycle
management of the entire platform.
All clusters and services, using
automation and policy.
1
4
2
5
3
6
Self-Service Platforms - a complete
platform giving developers
autonomy while ensuring
consistency and manageability.
Trusted Delivery - shift policy and
security left - governance, risk, and
compliance are non-negotiable.
Progressive Delivery - deploy
services across many environments
and regions reliably using GitOps
9. 9
● Built on OPA standard - Rego
● Curated library of 100+ policies
● SOC II, PCI-DSS, GDPR, HIPAA, MITRE ATTACK
● Security, resilience and coding standards
● Validation throughout SDLC
○ Commit, Pull Request
○ Build
○ Deploy
○ Runtime
● Automatic remediation via pull request
Weave GitOps PaC
10.
11. Control Plane Revolution
11
🔥 3,000+ Companies in Production
🔥 7,000+ Slack channel members
🔥 6,000+ GitHub stars
🔥 40M+ Pulls on Docker Hub
🔥 Open Source and CNCF project
Scripting
• Legacy
• Imperative Configuration
Infrastructure As Code
(Terraform, Ansible, Chef)
• Declarative Configuration
• Configuration Management
• Provisioning Management
• Sprawling Complexity
Control Planes
The Crossplane Revolution
• Compliment IaC
• Declarative API
• Self-Service
• Full Automation
2020s
1990s
Who is
12. ● Founders of
● Growing 700% YoY
● Commercial, Open-Core Company
○ Ease-of-Use: UX, Marketplace
○ Enterprise-Grade: Scalable, Secure, Controlled
○ Solution-Agnostic: Any cloud, Any
environment, Any service
● Complement, rather than compete
Who is
13. Why Now
Enterprises are Re-Platforming - Again!
Security Cost Multiple
Vendors
Developer
Productivity
Standardization
Enforcing best-practices and
controls consistently across
the entire organization
Future Proofing
20. 1. Configure management cluster with UXP
and the Crossplane package for
Discourse on AWS
2. Create a pull request to a repository
added as a Weaveworks GitOps source
3. Observe policy violation
4. Fix policy violation
5. Weaveworks GitOps syncs manifest to
cluster
6. UXP provisions infrastructure and
application, providing the necessary
connection data
21. 21
Confidential do not distribute
Questions?
(Please use the Q&A panel in your Zoom menu)
22. 22
Whitepaper: Shifting Security Left with
GitOps and Trusted Delivery
https://bit.ly/3MvzXgQ
Learn more about Weave GitOps
www.weave.works/enterprise
Request a personal demo
www.weave.works/contact
Thank You
23. Next Steps
Sign Up
Create a Free Account
Learn More About UXP
Universal Crossplane
Visit the Marketplace
https://marketplace.upbound.io