A key principle of cloud native is to adopt proven software development methodologies for operations. Frameworks are ubiquitous in software development because they:
- provide tested, reusable implementations of common components,
- foster a unified approach across a jointly owned code base,
- speed up time to value and
- reduce long term maintenance effort.
But the infrastructure as code ecosystem is far less mature and building bespoke automation from scratch is still the unfortunate and costly norm.
Kubestack is a GitOps framework that integrates Terraform and Kustomize to bring the benefits of frameworks to teams building infrastructure automation for Kubernetes.
Terraform modules and Terraform providers
As a framework, Kubestack natively integrates into the Terraform ecosystem. Kubestack maintains various Terraform modules as well as a Terraform provider to integrate Kustomize and Terraform.
Kubestack differentiates between two types of Terraform modules:
- Cluster modules use the respective cloud's Terraform provider to provision managed Kubernetes clusters from Amazon (EKS), Azure (AKS) and Google (GKE).
- Cluster service modules use the Kubestack maintained Kustomization provider to deploy Kubernetes services required by application workloads on top of those Kubernetes clusters.
Inheritance model and GitOps flow
Both, cluster modules and cluster service modules follow Kubestack's inheritance model to make differences between environments explicit and avoid configuration drift.
By including cloud infrastructure and Kubernetes resources in Terraform's plan/apply lifecycle, the Kubestack framework enables you to build fully integrated automation for your complete platform.
Following the GitOps workflow, teams can peer-review proposed changes and validate them before they get promoted to the mission critical environment.
Purpose built and open-source
Kubestack is based on a decade of hands-on infrastructure automation experience. It allows teams to jointly build and maintain reliable infrastructure automation for Kubernetes.
Using an open-source framework drastically reduces the upfront and maintenance effort compared to building bespoke infrastructure automation.
The core design principles of the Kubestack GitOps framework are:
- All changes start with a commit in a Git repository and follow a GitOps process.
- Teams jointly maintain all configuration using inheritance to avoid configuration drift.
- Automation validates changes against the ops environment before it applies them to the apps environment.
Kubestack differentiates between committed, desired and current state.
- Committed state: Is the state committed to the Git repository.
- Desired state: Is the state last applied to the active control plane.
- Current state: Is the state the resources are currently in.
Kubestack syncs committed and desired state. Reconciliation of desired and current state is the responsibility of the cloud provider or the Kubernetes control plane.
To understand the scope, consider what Kubestack does do and does not do:
- bootstrap an infrastructure automation repository
- provide tested, reusable Terraform modules
- provide a GitOps workflow for teams
Kubestack does not:
- replace a CI/CD system
- replace managed Kubernetes services
- replace Kubernetes controllers or operators