Reimagining Infrastructure as Code: From Terraform to Kubernetes and Crossplane скачать в хорошем качестве

Reimagining Infrastructure as Code: From Terraform to Kubernetes and Crossplane

It’s 3 a.m., you’re staring at a Terraform state lock that won’t release, and your deploy is blocked. State files lock you out. Monolithic applies slow you down. Drift happens and you only find out when you remember to run a plan. What if your infrastructure could be managed like your Kubernetes workloads? Always reconciling. Always watching. No state files to wrestle with. Enter Crossplane: the Kubernetes-native approach that might be the IaC evolution you didn’t know you needed. Description Terraform dominated Infrastructure as Code for a decade, and for good reason. It brought declarative configuration, multi-cloud support, and repeatability to infrastructure management. But as teams scaled up and infrastructure grew more complex, some cracks started to show. In this episode, we walk through Terraform’s pain points that have become increasingly hard to ignore. The state file that locks out your entire team when someone runs a long apply. The monolithic plan that recalculates the world even when you want to change one database parameter. The drift that only gets caught when you remember to manually run a plan. The lack of continuous reconciliation. We explore Pulumi’s attempt to solve some of these problems by letting you write infrastructure in real programming languages—Python, TypeScript, Go—which is genuinely nice. But Pulumi still follows the Terraform execution model: one-shot CLI tool, state backend, no continuous drift correction. It’s “Terraform with a nicer language,” which is valuable, but doesn’t fundamentally change the paradigm. Then we dive into Crossplane: a Kubernetes-native control plane that runs continuously inside your cluster. Instead of a CLI tool you run occasionally, Crossplane extends Kubernetes with custom resources that represent cloud infrastructure. Controllers watch these resources and reconcile them against actual cloud state, just like Kubernetes reconciles Pods and Services. What does that get you? Continuous reconciliation that detects and corrects drift in near-real-time. No external state file—the Kubernetes API server is your source of truth. Parallel, independent operations instead of monolithic applies. Native integration with Kubernetes RBAC, admission controllers for policy enforcement, and GitOps workflows. When someone tries to create a database without encryption, the admission controller rejects it before it hits the cloud. We also cover the architectural patterns for running Crossplane, from single clusters with namespaces to dedicated management clusters to “control plane of control planes” for large organizations. And we’re honest about the trade-offs: you need Kubernetes skills, provider maturity isn’t quite at Terraform’s level yet, and you’re adding operational overhead by running another cluster. But for teams already invested in Kubernetes, who care about continuous compliance, and who want infrastructure that reconciles itself without manual intervention, Crossplane offers a compelling alternative. The future of IaC is cloud-native, and Crossplane is leading the charge. Key Topics Why Infrastructure as Code exists: version control, repeatability, and escaping snowflake servers Terraform’s decade of dominance: HCL, 1000+ providers, and the state file model Where Terraform starts to hurt: state file hell (50%+ of users encounter state issues), monolithic sequential applies, drift detection gaps The operational pain: 3 a.m. state locks, waiting 10 minutes for plans that touch 47 resources to change one thing Pulumi’s approach: real programming languages (Python, TypeScript, Go) but still one-shot execution model Crossplane’s paradigm shift: Kubernetes as your infrastructure control plane with continuous reconciliation Continuous drift correction: controllers run in a loop, detecting and reverting manual changes within seconds No external state file: Kubernetes API server (etcd) as source of truth, no locks, no corruption Parallel operations: independent resources reconcile simultaneously, targeted updates without global plans Policy enforcement via admission controllers: Kyverno or OPA/Gatekeeper rejecting non-compliant resources at API level GitOps for infrastructure: store YAML in Git, use Argo CD or Flux for continuous application Tight integration with application workloads: Crossplane auto-publishes connection details as Kubernetes Secrets Architectural patterns: single cluster, dedicated management cluster, control plane of control planes The trade-offs: Kubernetes skills required, provider maturity still growing, operational overhead of running clusters Real-world adoption: CNCF graduated project used by Accenture, Deutsche Bahn, and others Get full access to Compiling Ideas at patrickkoss.substack.com/subscribe (https://patrickkoss.substack.com/subs...)