DevOps Governance

How does ozone solve governance for DevOps?


Ozone provides a layer of CI/CD governance for you to help scale your CI/CD processes better. At the core of it is a comprehensive Role Based Access Control and the concept of Projects.
Project based resource scoping and RBAC helps set boundaries in terms of which clusters a team can deploy to, which repositories can they deploy from.
The definition of CI/CD workflows is typically done by senior architects and the rest of the development team only typically needs a way to request for their changes to be deployed.

Governance Features

These are the salient features that enable DevOps governance through ozone:
Projects: Enable you to group CI/CD resources and members so that there is just the right amount of context and access in terms of creation and consumption of workflows and access to CI/CD resources within the workflow context.
RBAC: Assign roles to a member within a project. For example, imagine a scenario where there is a front end team that works on Project A, and a backend team that works on project B. You may choose to include a front end developer with pure read permissions on Project B, and no edit access.
This enables a front end developer to gain visibility on backend releases without any access to push changes to the backend environments and workloads. Similarly you can assign certain sets of people to define your workflows and assume that the rest only need a way to trigger them.
Workflow Triggers: Trigger your CI/CD workflows when events on external systems occur. For example, you may need to run a bunch of quality scans for every pull request on github. Ozone supports the following external systems natively:
  • Github: Supports branch push and pull requests
  • Gitlab: Supports branch push and pull requests
  • Bitbucket: Supports branch push and pull requests
  • Azure Container Registry: Supports image push events on Azure Container Registry
Workflow Approvals: Add approvals to external change management systems from within the CI/CD workflows on Ozone. For more information, check the section on how we use gated approvals from within CI/CD workflows