https://platformengineering.org logo
Title
r

RG

11/21/2022, 1:39 PM
Hello Platform Engineers! I’m relatively new to platform engineering, and I realised I still have a lot of things I don’t know! One specific thing I’m curious about is the design patterns/conventions/common solutions for using Kubernetes as a control plane for running multicloud operations. As an example, say I create an operator that takes care of spinning up a new instance of some AWS service, and I have a workload running in GCP that I want to bind to the AWS service, how do I do that? What are the common ways teams solve this? In addition, how do I make the Kubernetes operator monitor the status of the AWS service instance? Is that through some webhook mechanism, a message broker, or is that dependent on how the specific AWS service do pub/sub?
For binding multi-cloud services, what are the common/trusted/battle tested auth mechanisms?
d

Daniel Förberg

11/21/2022, 2:20 PM
Anthos
Supports Multicloud workloads which spans över various cloud and on-prem
r

RG

11/21/2022, 2:26 PM
So a service mesh then? I have limited experience with service meshes, but I think Istio uses mTLS for encryption. Is that the same for Anthos?
h

Hugo Pinheiro

11/21/2022, 2:32 PM
Crossplane is your friend 😄 for infra, argocd for apps
r

RG

11/21/2022, 2:34 PM
I should probably give Crossplane another go. I tried it not too long ago and got discouraged with how cumbersome the “hello world” setup is.
d

Daniel Förberg

11/21/2022, 2:50 PM
Antos Service Mesh are managed Istio
Instead of Istiod, meshca
r

RG

11/21/2022, 2:56 PM
I see. Cool. Thanks. So I guess if I’m interested in how that actually works, I have to look into the Istio architecture.