What is Harness.io?
Harness is a continuous integration and continuous delivery (CI/CD) platform for cloud and on-premise projects. It enables DevOps engineers to automate code testing, deployment, and rollbacks. It offers ready-made CD pipeline templates, such as blue/green, canary, and rolling deployments, and also allows you to use YAML code to build custom templates.
Harness performs various automated tasks in software pipelines, including:
- Automatically detecting performance and quality regression in canary deployments.
- Automatic rollbacks and deployments, including self-service deployments with predefined role-based permissions.
Additional notable features of Harness include
- Event-based triggers
- Approval flows
- Notifications and alerting
- IP allowlisting
- Log analysis
- Authentication via SSO and OAuth
Harness Product Editions
The Harness solution has several editions:
- Enterprise Edition (SaaS/on-premise)—licensed on an annual subscription basis based on the number of software services managed by Harness. Supports flexible scaling, custom integrations, advanced data analytics, and 24/7 support.
- Team (SaaS)—offers most of the Enterprise features at a lower price per service, limited to 100 services. Does not include certain integration and security features, provides live support during standard business hours.
- Free (SaaS)—perpetually free version limited to 5 services, with most Team features, excluding service instance scaling.
- Community (on-premise)—free version available for use on-premises. Does not provide RBAC, audit trails, governance, or enterprise security features.
For more details, see the Harness pricing page.
Harness Architecture and Components
The image below visualizes how key Harness modules integrate with the software development life cycle (SDLC):
Image Source: Harness
Here are the two main components of the Harness platform:
- Harness Manager—the manager stores your CI/CD and various configurations and manages your pipelines. Alternatively, you can manage pipelines through Git. You can manually trigger pipelines in the manager or set up automatic triggers in response to Git schedules, events, new artifacts, and more. You can use the SaaS version of the manager or self-manage it in your infrastructure.
- Harness Delegate—you can install the Delegate software service in your environment, connecting it to the Harness Manager. Delegate performs tasks using various assets, such as container orchestration platforms, monitoring systems, and artifact repositories.
Image Source: Harness
Harness Platform and Tool Integration
Harness integrates with various resources, including repositories, cloud platforms, and your tools like Jira, Jenkins, ServiceNow, logging aggregators, application performance monitoring (APM), and Slack. Here are notable integrations:
- Cloud providers—Harness integrates with public and private cloud providers like Amazon Web Services (AWS), Google Cloud, and physical infrastructure.
- Connectors—you can use Harness Connectors to integrate artifacts, monitoring and collaboration tools, and repositories. Each connector represents a different resource or tool.
- Artifact servers—an artifact server is the source of an artifact delivered via a delivery pipeline like Jenkins, Nexus, Bamboo, Artifactory, Helm Repo, and Docker Registry.
- Verification providers—Harness integrates with various verification providers to automatically test and verify deployments and live production services. Verification providers include APM systems and logging aggregators such as Prometheus, AppDynamics, and Datadog.
- Source repo providers—a source repo provider connects Git repositories to Harness, syncing your Harness account and applications with the repo. It allows you to manage deployments using Git. It also lets you use Git repos for specifications like Kubernetes manifests, Terraform scripts, and Helm charts.
- Collaboration providers—Harness lets you integrate with various collaboration services, including Slack, email, ServiceNow, and Jira. Once integrated, you can use the tools as channels for approval steps within the deployment process and to automatically notify users of deployment events.
CD Abstraction Model
Harness employs a CD abstraction model incorporating various components to model the software delivery process. Here are the components included in this model:
- Applications—Harness organizes a deployment project in applications, which represent microservices, the associated deployment pipelines, and all pipeline building blocks.
- Services—in Harness’s CD model, services represent applications and microservices. You can define the source microservices artifacts, configuration variables, container specs, and microservices files.
- Environments—Harness groups deployment infrastructure into several environments, including dev, QQ, stage, and production. Note that this term distinguishes the deployment infrastructure from the cloud provider.
- Workflows—a workflow models several aspects, including the application’s deployment, verification, and rollback processes, and defines who gets notified. Workflows comprise the service, environment, and infrastructure definition for deployment steps.
- Pipelines—Harness uses a pipeline to model the entire release process. A pipeline can model a collection of one or several stages, including workflows for services and various deployment and verification steps.
- Triggers—you can use triggers to automate deployments in response to various conditions, including Git events, schedules, and new artifacts. You can also execute triggers with Webhook and cURL commands.
Harness Cloud Cost Management
Harness Cloud Cost Management (CCM) provides cloud cost management and analysis, offering hourly granular visibility into resource consumption.
Image Source: Harness
Harness Continuous Verification (CV)
Agile teams release software iteratively, which means many deployments. However, before deploying new service instances, you must validate their health. Continuous verification can help you rapidly detect anomalies and regressions and quickly roll back any failed deployment.
You can employ various application performance management (APM) and logging tools to measure deployment data continually. However, these tools quire connecting data to several systems and manually monitoring each provider for abnormal post-deployment activities.
Harness Continuous Verification (CV) helps simplify the verification process. It aggregates monitoring from several providers into a single dashboard and uses machine learning (ML) to learn what constitutes normal behavior for the monitored applications. It enables Harness to detect and flag anomalies in future deployments and perform automatic rollbacks.
Harness Continuous Integration (CI)
Harness provides CI through Drone, which was acquired by Harness in 2020. Drone now works as part of the Harness ecosystem to provide a unified CI/CD platform for software delivery.
Harness CI helps eliminate various engineer tasks that drain time and energy, including version dependencies and scripting. It enables engineers to focus on delivering software instead of manually building delivery pipelines.
Security Testing Orchestration
Harness Security Testing Orchestration (STO) helps teams shift security testing left. STO can orchestrate scanning, prioritize remediations, enforce governance into the pipeline, and intelligently deduplicate scanner output. It adds scanning directly into the pipelines to help catch and fix vulnerabilities before product release.
Here are notable features of Harness STO:
- Test—Harness STO lets you test code, containers, open source libraries, and live applications as part of the CI/CD pipeline, using popular security scanners. It orchestrates various scanners to ensure timely scanning.
- Remediate—you can employ Harness STO to fix security vulnerabilities with the help of a prioritized list. Harness STO intelligently deduplicates the list across all scanners, providing dashboards with clear information on identified security vulnerabilities.
- Govern—Harness STO provides real-time security dashboards and lets you use governance policies to catch critical security issues before they reach production. Harness also provides an existing OPA policy governance that can enforce security testing practices.
Harness CI provides a simple way to develop and test code. Harness pipelines let you visually model a build and test various processes as CI stages. Each CI stage includes several steps to help build, test, and push code.
Harness CI executes steps as packaging code, containers, and dependencies separately from other steps. Once you specify a container, Harness finds and launches it, running the job in the container. When steps and plugins run in separate containers, there is no need to use a dependency chain to manage the process.
Here is an image that visualizes the architecture of the Harness CI setup:
Image Source: Harness
Harness Delegate is in charge of all CI operations. You can run it in various environments, including a local network, cluster, or virtual private cloud. Delegate connects the Harness Manager in a SaaS instance to all code repositories, infrastructure, cloud providers, and artifacts.
Harness allows the build infrastructure to communicate directly with cloud providers and repositories. You can maintain code and artifacts internally and on public platforms like DockerHub and GitHub.
Delegate manages the build infrastructure, running build jobs and tests as needed and sending data to the manager. This data can help support various aspects, including DAG orchestration, health checks, debugging, analytics, ML model generation, and notifications.
Once a Build finishes successfully, the build infrastructure sends these artifacts to your registry.
Harness CD and GitOps
Harness is currently working on GitOps functionality. The GitOps feature will make it possible to define the desired state of a service you want to deploy in a Git manifest. Harness will sync this configuration with the state of a live Kubernetes cluster. The diagram below illustrates the proposed Harness GitOps architecture.
At the time of this writing, full details on the Harness GitOps implementation are not available, and we will update this post when they are.
Image Source: Harness
Harness Pros and Cons
Here are pros and cons of the Harness solution, based on customer reviews published by G2.
- Supports the complete CI/CD process across multiple teams
- Built-in secrets management solution
- Git sync feature enables the use of pull requests to all CI/CD changes
- Helpful customer success and support for enterprise edition
- Platform is easy to learn and use and is readily adopted by developers
- Provides reusable templates that make it easy to build CI/CD pipelines and promotes consistency
- Advanced software delivery capabilities such as feature toggles, continuous verification, deployment monitoring and alerting
- Integrates with existing infrastructure as code (IaC) tools like Terraform
- Missing full GitOps functionality, in particular a reconciliation loop.
- Configuration behind the scenes, such as delegate profiles, can be confusing for new users.
- Adding custom scripting to pipelines can be tricky, and debugging of custom scripts is difficult.
- RBAC capability can be difficult to configure and maintain.
- It is necessary to create flows manually and then generate templates from them, while some users prefer to start from scratch with templates.
- Verification runs slowly, with some verification steps requiring a 5 minute startup or required to run for at least 15 minutes.
At the time of writing Harness GitOps is under beta, so it is hard to make comparisons between the two platforms. Looking at the existing products and their history we can make the following observations:
- Codefresh is and has always been a very focused solution. It is a Kubernetes native CI/CD platform based around GitOps. The end result is a unified platform designed from the ground up to accommodate full traceability for the whole software lifecycle.
- Harness started as a CD solution for virtual machines. Then it was extended to cover CI with the acquisition of Drone.io in 2020. Harness is now retrofitted with GitOps capabilities. Even after the Drone.io acquisition, there was a long period of time where Harness CI and Harness CD were disjointed products. It remains to be seen whether GitOps support would be central to the platform or just an afterthought.
To address the critical point of the GitOps implementation in these products:
- Harness is in the early stages of adding GitOps functionality to its product.
- Codefresh is one of the founding members of the GitOps workgroup at opengitops.dev (Harness is not a member there)
- Codefresh is an active contributor to the Argo Project, as evidenced by the project contribution stats. At the time of this writing, Harness does not contribute to the Argo Project.
- Codefresh is fully invested and committed to GitOps and the Argo community.
Conquer DevOps with Codefresh
Realize your true DevOps potential with the premier GitOps solution powered by Argo.Check It Out