GitLab version 15 goes big on visibility and observability

GitOps fans can take a spin on the free tier for pull-based deployment

One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

Of Opstrace, Johnston said: "We're going to be spending 15 integrating that really deeply with all of GitLab."

As well as having metrics, logs and traces on by default, Johnston spoke of a "fourth pillar of observability" in the form of error tracking. All would then be presented to the lucky developer cranking out code. "I can see this code has experienced 500 different types of errors in the last three weeks," Johnston said, by way of example, "so we can bring that right into context when a developer is writing code so that they're aware of how that application is performing or what kind of errors it receives."

The data also gives insight into the development process itself. "If you're a director or CTO, you want to know: is it working overall? But which groups are doing well? How can I learn from those groups and apply it to others?"

Heaven forbid that some less enlightened bosses might use all that data to administer a dressing down to whoever is dropping those 500 errors into the company's source.

As well as observability, plans are afoot for additional compliance and security features. As well as security policies, an intriguing feature is an exportable Software Bill of Materials and a signed attestation for build artifacts. "We're really excited about our ability to not just produce the bill of materials, but also produce that attestation that your bill of materials was secure along that whole delivery path," said Johnston.

Also upcoming in version 15 will be more support for data science teams and workloads.

Announced at Kubecon EU was support for pull-based deployment in GitLab's free tier, meaning a DevOps team can use the GitLab agent for Kubernetes to automatically spot and enact application changes.

"We've had that in our paid tiers," said Johnston, "but we found that there was a lot of interest in it, particularly for GitOps-style workflows for pull-based-style deployment workflow.

"Another component of us open-sourcing anything is that we also get contributors for it. You see a lot higher contributor volume to our open-source tech when it's in our free tier."

As for the future, Johnston told us that "we do see a lot more interest in SaaS and organizations not wanting to manage the software themselves," although, "the bulk of our business is in self-managed; customers oftentimes are choosing us over competitors because they can deploy [GitLab] wherever they want and deploy it within data sovereignty restrictions."

And the IDE? "Most people are using VS Code," said Johnston, "but we're seeing a lot more interest, particularly from enterprises [in a controlled environment]."

Shifting the security border from a developer's laptop to something a little more controlled certainly has an appeal and web-based IDEs from the likes of GitHub and Gitpod have been increasing in popularity. "We have an integration with Gitpod today," said Johnston, "but we'll be continuing to invest in our ability to have our own kind of code-space environment. ®

Other stories you might like

  • GitLab spots huge opportunity for DevOps platform as revenue soars
    All companies will need to embrace modern software development, says CEO, and we'll be waiting for them

    GitLab believes the world is in the midst of a "generational disruption" where all companies will need to embrace modern software development practices, and reckons it can take advantage by positioning itself as the enterprise-grade alternative to homegrown DevOps point solutions.

    In a bullish Q1 2023 earnings conference call, GitLab co-founder and CEO Sytse "Sid" Sijbrandij said the business need for digital transformations remains strong despite uncertain economic conditions. He added that GiLab believes all companies are becoming software-driven businesses and this will require an increasing number to build modern software development practices.

    "In a world where software defines a speed of innovation, we believe every company has to become great at developing, securing and operating software to remain competitive," Sijbrandij said.

    Continue reading
  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • Red Hat Kubernetes security report finds people are the problem
    Puny human brains baffled by K8s complexity, leading to blunder fears

    Kubernetes, despite being widely regarded as an important technology by IT leaders, continues to pose problems for those deploying it. And the problem, apparently, is us.

    The open source container orchestration software, being used or evaluated by 96 per cent of organizations surveyed [PDF] last year by the Cloud Native Computing Foundation, has a reputation for complexity.

    Witness the sarcasm: "Kubernetes is so easy to use that a company devoted solely to troubleshooting issues with it has raised $67 million," quipped Corey Quinn, chief cloud economist at IT consultancy The Duckbill Group, in a Twitter post on Monday referencing investment in a startup called Komodor. And the consequences of the software's complication can be seen in the difficulties reported by those using it.

    Continue reading

Biting the hand that feeds IT © 1998–2022