GitOps Service

Use GitOps to Automate Infrastructure and App Deployments

Rafay’s GitOps Service provides infrastructure orchestration and application deployment through multi-stage, git-triggered pipelines.

Fully Automated, Zero-Effort Deployments

GitOps is an efficient and effective approach to continuous deployment (CD) that leverages Git as a single source of truth for both infrastructure and applications. By being declarative, it provides for better standardization, enhanced security, and ultimately, improved productivity. With Rafay’s GitOps Service, you can:

Build a multi-stage pipeline for both applications and clusters in minutes

Fully automate deployments and remove error prone, manual steps

Guarantee that the desired state specified in your Git repos are instantly enforced on Kubernetes clusters

Tightly integrate your Kubernetes management solution with GitOps deployment

CD Comparison

Key Capabilities Description RafayCD ArgoCD FluxCD
SaaS 100% cloud-based service is up and running immediately. Supported Unsupported Unsupported
Application Deployments Deploy your applications to one or more clusters based on fine grained placement policies and continuous reconciliation. Supported Supported Supported
Application Templates Templatize applications and dynamically customize them during deployment based on the deployment / environment context. Supported Unsupported Unsupported
Pull from Repos Behind Firewalls Integrate with private (behind firewall) Git and Helm repositories. Supported Unsupported Unsupported
Deploy to Clusters Behind Firewalls Deploy to remote clusters operating behind firewalls without requiring any form of inbound access. Supported Unsupported Unsupported
Pipelines Support for directed acyclic graph (DAG) style pipelines to build complex enterprise CD workflows (instead of dumb, brute-force reconciliation). Custom, multi-staged Non-customizable, single stage Non-customizable, single stage
Conditional Stage Execution Support for preconditions configured as expressions which are evaluated before a stage is executed. Supported Unsupported Unsupported
Multi-cluster App Deployments Support for static and dynamic placement policies to select multiple clusters matching cluster labels or k8s style resource selectors. Supported Partial Supported
Non-K8s Deployments Ability to support non k8s resources in pipeline stages enabling automation of infrastructure provisioning and changes. Supported Unsupported Unsupported
Drift Detection Block unauthorized changes to applications deployed on remote clusters Prevent issues before they occur Detect with manual healing of drift Unsupported
Non-Git Approvals Ability to incorporate approval stages for one or more users in a pipeline. Execution is blocked until the stage is approved by authorized users. Supported, Bi-directional Unsupported Unsupported
Fleet-wide Blueprint Upgrades Ability to perform controlled upgrades of blueprints across an entire fleet of clusters Supported Unsupported Unsupported

Create Multiple Pipelines Each with Multiple Stages

Integrated GitOps pipelines in the Rafay KOP can comprise multiple stages. The stages in the pipeline are then executed sequentially one after another. Pipelines in Rafay can either be triggered manually or by updates to a Git repository. For production environments, users can optionally incorporate a manual approval stage in the pipeline to ensure an authorized user has to review and approve the changes before the workloads are automatically updated on remote clusters.

https://rafay.co/wp-content/uploads/2021/04/example_pipeline_job_CROPPED01.png

Instantly Update Clusters & Apps Using GitOps

For environments requiring agile development cycles, users can go from a Git push to an updated application on managed clusters in seconds — 100+ times a day. This is particularly suited for developer environments where updates are very frequent.

https://rafay.co/wp-content/uploads/2021/04/GitOps-Single-Stage.gif

Support for Git or Helm Repositories and Clusters Behind Firewalls

It is a security best practice to not operate an organization’s infrastructure in a flat network where everything can see and access everything else. As a result, it is common for organizations to isolate their Git repositories and their Kubernetes clusters behind separate firewalls. Rafay enables organizations to implement a Zero-Trust security model for GitOps ensuring that changes made to Git repos can be seamlessly propagated to remote clusters operating behind dedicated firewalls in a separate network. Organizations do not have to punch holes in their firewalls or lower their security posture to implement GitOps.

https://rafay.co/wp-content/uploads/2021/04/diagram-firewalls-2.svg
Download the Service Brief

GitOps Service

Use GitOps to declaratively define and manage your K8s and workloads

Configure GitOps Pipelines with Flexible Triggers

Triggers are external events that start a pipeline job and/or stage. Rafay supports two types of triggers: Webhooks and Cron Job-based Repository Sync. If the Webhook payload satisfies the specified criteria, the pipeline job is started (example below). For Cron Jobs, the sync operation notices that monitored files have been updated and starts the pipeline.

https://rafay.co/wp-content/uploads/2021/04/webhook_trigger_CROPPED01.png

Easily View & Manage Multiple Pipelines

Add, modify, pause, delete, and check the status of any number of pipelines, each with any number of stages. Pipelines are integrated into Rafay’s Kubernetes Operations Platform and therefore seamlessly inherit and follow the configured RBAC and project-based isolation configuration. This ensures a seamless user experience for authorized users and makes security/governance seamless and low burden for organizations by completely eliminating the operational burden of managing yet another product just for GitOps. Every pipeline job’s details are visualized for users, including their start time, status, total run time, and history.

https://rafay.co/wp-content/uploads/2021/04/all_pipelines_CROPPED01.png