Kubernetes GitOps Service
Use GitOps for Kubernetes to Automate Infrastructure and App Deployments
Rafay’s GitOps Service provides infrastructure orchestration and application deployment through multi-stage, git-triggered pipelines.
Fully Automated, Zero-Effort Deployments
GitOps is an efficient and effective approach to continuous deployment (CD) that leverages Git as a single source of truth for both infrastructure and applications. By being declarative, it provides for better standardization, enhanced security, and ultimately, improved productivity. With Rafay’s GitOps Service, you can:
Build a multi-stage pipeline for both applications and clusters in minutes
Fully automate deployments and remove error prone, manual steps
Guarantee that the desired state specified in your Git repos are instantly enforced on Kubernetes clusters
Tightly integrate your Kubernetes management solution with GitOps deployment
CD Comparison
| Key Capabilities | Description | RafayCD | ArgoCD | FluxCD |
|---|---|---|---|---|
| SaaS | 100% cloud-based service is up and running immediately. | Supported | Unsupported | Unsupported |
| Application Deployments | Deploy your applications to one or more clusters based on fine grained placement policies and continuous reconciliation. | Supported | Supported | Supported |
| Application Templates | Templatize applications and dynamically customize them during deployment based on the deployment / environment context. | Supported | Unsupported | Unsupported |
| Pull from Repos Behind Firewalls | Integrate with private (behind firewall) Git and Helm repositories. | Supported | Unsupported | Unsupported |
| Deploy to Clusters Behind Firewalls | Deploy to remote clusters operating behind firewalls without requiring any form of inbound access. | Supported | Unsupported | Unsupported |
| Pipelines | Support for directed acyclic graph (DAG) style pipelines to build complex enterprise CD workflows (instead of dumb, brute-force reconciliation). | Custom, multi-staged | Non-customizable, single stage | Non-customizable, single stage |
| Conditional Stage Execution | Support for preconditions configured as expressions which are evaluated before a stage is executed. | Supported | Unsupported | Unsupported |
| Multi-cluster App Deployments | Support for static and dynamic placement policies to select multiple clusters matching cluster labels or k8s style resource selectors. | Supported | Partial | Supported |
| Non-K8s Deployments | Ability to support non k8s resources in pipeline stages enabling automation of infrastructure provisioning and changes. | Supported | Unsupported | Supported |
| Drift Detection | Block unauthorized changes to applications deployed on remote clusters | Prevent issues before they occur | Detect with manual healing of drift | Supported |
| Non-Git Approvals | Ability to incorporate approval stages for one or more users in a pipeline. Execution is blocked until the stage is approved by authorized users. | Supported, Bi-directional | Unsupported | Unsupported |
| Fleet-wide Blueprint Upgrades | Ability to perform controlled upgrades of blueprints across an entire fleet of clusters | Supported | Unsupported | Unsupported |
Create Multiple Pipelines Each with Multiple Stages
Integrated GitOps pipelines in the Rafay KOP can comprise multiple stages. The stages in the pipeline are then executed sequentially one after another. Pipelines in Rafay can either be triggered manually or by updates to a Git repository. For production environments, users can optionally incorporate a manual approval stage in the pipeline to ensure an authorized user has to review and approve the changes before the workloads are automatically updated on remote clusters.
Instantly Update Clusters & Apps Using GitOps
For environments requiring agile development cycles, users can go from a Git push to an updated application on managed clusters in seconds — 100+ times a day. This is particularly suited for developer environments where updates are very frequent.
Support for Git or Helm Repositories and Clusters Behind Firewalls
It is a security best practice to not operate an organization’s infrastructure in a flat network where everything can see and access everything else. As a result, it is common for organizations to isolate their Git repositories and their Kubernetes clusters behind separate firewalls. Rafay enables organizations to implement a Zero-Trust security model for GitOps ensuring that changes made to Git repos can be seamlessly propagated to remote clusters operating behind dedicated firewalls in a separate network. Organizations do not have to punch holes in their firewalls or lower their security posture to implement GitOps.
Use GitOps to declaratively define and manage your K8s and workloads
Configure GitOps Pipelines with Flexible Triggers
Triggers are external events that start a pipeline job and/or stage. Rafay supports two types of triggers: Webhooks and Cron Job-based Repository Sync. If the Webhook payload satisfies the specified criteria, the pipeline job is started (example below). For Cron Jobs, the sync operation notices that monitored files have been updated and starts the pipeline.
Easily View & Manage Multiple Pipelines
Add, modify, pause, delete, and check the status of any number of pipelines, each with any number of stages. Pipelines are integrated into Rafay’s Kubernetes Operations Platform and therefore seamlessly inherit and follow the configured RBAC and project-based isolation configuration. This ensures a seamless user experience for authorized users and makes security/governance seamless and low burden for organizations by completely eliminating the operational burden of managing yet another product just for GitOps. Every pipeline job’s details are visualized for users, including their start time, status, total run time, and history.
