Getty Images

Weaveworks Magalix buy points to GitOps beyond Kubernetes

The merger between the GitOps platform company and a policy-as-code startup amounts to a bet that declarative code is about to become the new standard for IT management.

GitOps platform vendor Weaveworks made a tuck-in acquisition of a small policy-as-code startup this week, but its ambitions for the combined companies are anything but modest.

The company, Magalix, headquartered in Bellevue, Wash., was acquired for an undisclosed sum by Weaveworks, U.K.-based commercial backers of the Flux CD GitOps tool. Magalix markets policy-as-code tools based on the Open Policy Agent (OPA), an open source framework that isn't limited to use with Kubernetes -- and that's not a coincidence, according to Weaveworks execs.

"Our plan is GitOps beyond Kubernetes," said Alexis Richardson, CEO at Weaveworks. "A lot of customers are saying, 'When I deploy my application, Kubernetes is at the center of it, but it's not only Kubernetes -- help me fix that, as a whole solution.' That's where we're going next."

Envisioning a 'GitOps data center'

GitOps is primarily a set of organizational practices that base application and infrastructure management in version-controlled code repositories. Thus, GitOps practices don't technically require Kubernetes and container environments to work.

In fact, some industry watchers have seen such practices in use already, even if they aren't labeled as such.

The pattern described by GitOps is definitely not only applicable to Kubernetes.
James GovernorAnalyst, RedMonk

"Development shops do things that look like GitOps, even if they don't call it GitOps, without explicitly targeting Kubernetes platforms," said James Governor, an analyst at RedMonk. "The pattern described by GitOps is definitely not only applicable to Kubernetes."

The time is ripe for GitOps to propagate beyond Kubernetes, Governor said, and for declarative, policy-based management to take hold in enterprise IT. This shift will be spurred by the trend toward centralized DevOps platforms, ongoing concerns about cybersecurity and the equally hot topic of cloud resiliency in the wake of a high-profile AWS outage in December, according to Governor.

"I could have guidelines [in code] to say, 'Hey, maybe U.S.-East-1 isn't the best place to run this,'" Governor said. "Or, 'Hey, this service is now doing X number of transactions and maybe even dollars, you need to think about making this multi-region' -- those sorts of questions."

However, most of the best-known GitOps tools available now are oriented around Kubernetes, Richardson said. This is because the container infrastructure orchestration framework is built using declarative YAML code, which lends itself easily to GitOps workflows.

Some existing infrastructure-as-code and policy-as-code tools such as HashiCorp's Terraform and AWS' CDK, as well as OPA, can be used outside of containers, but in Richardson's view, technical tools in this area still have some maturing to do.

"There's a lot of room for other things that add self-orchestrated management [to declarative code], which we'll see coming into the market very soon," Richardson said. "Just as a few years ago, we went from having Linux to the a concept of a read-only operating system for containers -- a so-called container OS, we're not far from having a GitOps OS, which will be a completely config-driven, self-managed, self-healing image ... and one day in the future, a completely automated GitOps data center."

GitOps pipeline
GitOps is often associated with Kubernetes, as seen here, but the workflow is increasingly being applied beyond the container orchestration framework.

Weaveworks' near-term plan: Add policy to Kubernetes

While GitOps beyond Kubernetes is the long-term goal, the first focus for the newly combined companies will be securing Kubernetes-based GitOps processes. Magalix's 25 employees will be added to Weaveworks' staff as part of that effort.

Magalix isn't unique in applying OPA to policy-as-code -- OPA's open source creators also formed a commercial company, Styra, which sells similar tools. HashiCorp's Terraform also supports OPA, as do other infrastructure-as-code players such as Pulumi. Combining infrastructure-as-code with policy-as-code was even a common theme among IT vendor acquisitions in 2021, including Sysdig's deal for Apolicy and Aqua's tfsec acquisition.

Magalix stood out to Weaveworks because it's SaaS-based, according to Richardson. Weaveworks will also make an on-premises enterprise edition generally available this week that Magalix had rolled out in beta last year.

"For us, this is about enhancing the product more than [increasing] sales," he said. "The fact that Magalix originated as a SaaS company is appealing to us, because we have a lot of customers in the cloud. ... We want to have a foothold there and start to build up a presence so that our cloud partners can make their customers successful."

Another feature of the Magalix Policy Engine product that appealed to Weaveworks was the fact that it monitors multiple phases of GitOps pipelines, including code commits, application deployments and runtimes on production infrastructure. At each stage of the process, the tool can automatically suggest fixes IT pros can use to bring non-compliant code up to speed with policies.

"We're still in early days with policies -- we have a handful that are limited in scope," said Mohamed Ahmed, co-founder and CEO of Magalix. "But over time, rather than hundreds of policies, there are going to be thousands, and they're going to be dynamically applied in different situations, at different layers. And personally, I do not see any way to do this unless you have it done properly in a declarative way."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center