
Kubernetes Config Connector: Provision GCP Infrastructure Using Kubernetes - migueloller
https://github.com/GoogleCloudPlatform/k8s-config-connector
======
ec109685
AWS started building something similar but momentum seems to have stopped once
the developer left: [https://aws.amazon.com/blogs/opensource/aws-service-
operator...](https://aws.amazon.com/blogs/opensource/aws-service-operator-
kubernetes-available/)

It is too bad because declarative specifications and control loops to have
state converge to what it should be is a nice pattern.

Keeping up with all of AWS’s surface area though is hard if their heart isn’t
in it.

~~~
zxcmx
We thought about this pattern for a while and ultimately decided we didn't
want app compute to directly provision supporting infrastructure.

You end up in this weird place where your compute nodes can, at any time,
assume super powerful roles that can change nacls, security groups, completely
destroy database clusters or what have you.

It feels like running your app as root and database admin, but _more_. I guess
if you completely trust your kube control plane?

Like everything I'm sure it has a use somewhere.

~~~
captn3m0
We're trying it out in a dev-cluster/dev-account setup to let teams provision
their own buckets/SQS and some supporting infrastructure easily without AWS
access.

------
ec109685
Why doesn’t GCP use AWS’s feature announcement style and have a little blog
written that walks the developer through how to use it?

So much better to get an immediate feel for a service.

~~~
spew
The getting started guide may be what you are looking for:
[https://cloud.google.com/config-connector/docs/how-
to/gettin...](https://cloud.google.com/config-connector/docs/how-to/getting-
started)

------
jbigelow76
Spin up a k8s cluster to manage your other resources that will be used by
your... other k8s clusters. Is kubernetes just one big snake eating its own
tail now?

~~~
srmatto
Kubernetes Gardener uses a main cluster to provision and maintain child
clusters.

[https://gardener.cloud/](https://gardener.cloud/)

------
leg100
K8s is in one sense a convergence engine, bringing container resources across
a cluster into line with a given desired state.

So why not cloud resources too?

Having to run a cluster to do so doesn't feel quite right, however. But then
if you're using Terraform - which is the most popular "cloud convergence
engine" \- you've probably provisioned compute resources with which to run
Terraform. So not that strange.

------
robszumski
I am really interested in using this GCP Operator and the corresponding ones
from AWS and Azure to replace functionality from Open Service Brokers with a
more Kubernetes-native experience.

Even better, this model uses the RBAC, namespaces, quotas and tools that
developers are already using.

------
tracker1
Definitely cool... although AWS is really entrenched and Azure's getting there
too for a lot of orgs. Especially historically MS oriented shops and those
with some apps tethered to windows where others can be containerized.

------
ksajadi
I wonder if the k8s style infrastructure definition becomes the norm, what's
going to be the future like for tools like Terraform

~~~
zxcmx
Provisioning cloud stuff ends up being about the _relationships_ between all
the things. Plus a bunch of dirty domain knowledge about retries and resource
schemas.

It's very difficult to delete infra in AWS without a resource graph once you
have enough things that refer to each other.

You can only get so far with a bunch of isolated yaml manifests for single
resources.

So the MVP of anything that can solve the general case basically ends up doing
the exact same things as terraform... and might as well actually be terraform.

~~~
ec109685
Can’t the operator that expresses the state of cloud resources take into
account ordering and dirty tricks?

------
farisjarrah
Just gotta say, this looks much friendlier then Google CFT or Deployment
Manager tools that they were pushing before.

------
Yeroc
Sounds similar in concept to Crossplane
([https://crossplane.io/](https://crossplane.io/)) except that Crossplane is
trying to be cloud-agnostic?

~~~
techthumb
I wonder if Crossplane will use this behind the scenes.

