Skip to main content

Konfig Overview

Konfig is an enterprise-ready platform designed to streamline the deployment and management of cloud infrastructure and workloads. Currently, it integrates with Google Cloud Platform and GitLab. It is an opinionated platform, which means it provides a set of best practices and configurations out-of-the-box to help organizations rapidly and securely deploy their applications while maintaining strong governance and security standards around their cloud environment. While it provides certain opinionations which offer benefits similar to a PaaS, Konfig is designed to be a flexible platform that can adapt to an organization's needs.

Here's a high-level overview of Konfig and its key features and benefits:

Core Concepts

  • Control Plane: This is the heart of Konfig, managing orchestration and provisioning of resources. The Control Plane is provided to customers as a dedicated managed SaaS which securely connects to a customer's cloud environment and GitLab.
  • Platforms and Domains: Konfig organizes infrastructure into Platforms and Domains, corresponding to business units or product lines and their associated services. This structure facilitates management, governance, and cost allocation by mirroring organizational boundaries. This is modeled after Domain-Driven Design, and it allows for a DevOps model with significantly more standardization, structure, and efficiency.
  • Workloads: Workloads are artifacts that are deployed using Konfig such as applications, services, data pipelines, or other software. Konfig manages IAM and Resource dependencies for Workloads to ensure access is configured in a least-privileged way and infrastructure is consistent.
  • Resources: Resources are the infrastructure resources that a Workload depends on, such as databases, caches, queues, storage buckets, etc.
  • These concepts make up the Konfig hierarchy.

Integration with GitLab and GCP

  • Konfig leverages GitLab's CI/CD capabilities and GCP's managed services to provide a seamless and efficient development and deployment process. GitLab's hierarchical structure maps well to GCP's resource hierarchy, enabling consistent and secure management of resources.
  • Config Connector: Konfig uses GCP's Config Connector to manage infrastructure as code (IaC), offering a more integrated alternative to tools like Terraform.
  • We are actively exploring support for other platforms beyond GitLab and GCP, such as GitHub and AWS. Please let us know if this is something you're interested in.

Security and Governance

  • IAM and Permissions: Konfig ensures security through least-privilege IAM roles and permissions, which are managed through declarative YAML configurations. This model minimizes the risk of overly broad permissions and ensures that only necessary access is granted.
  • Resource Templates: To maintain organizational standards, Konfig uses Resource Templates that enforce specific configurations, such as database versions or high-availability settings, ensuring compliance and reducing configuration drift. Resource templates also help to abstract infrastructure complexity from developers, allowing them to simply declare what kinds of Resources their Workloads require while a platform or operations team manages base Resource configurations in a way that meets their organization's needs.
  • Platform as Code: Like Workloads, Platforms and Domains are managed declaratively using YAML-based configurations. These configurations manage foundational components like projects and folders in GCP and subgroups in GitLab. This model creates a unified management layer spanning your source control, CI/CD, and cloud environment and is central to Konfig's governance story. It allows you to manage things like user access and which cloud services are available to developers to use in a centralized, auditable way that follows normal SDLC processes.
  • Golden Paths: The combination of Resource Templates and Platform as Code allow organizations to provide "golden paths"—enforced standards for architecture, tech stack, and infrastructure configuration. This reduces sprawl and allows for greater efficiency while still enabling a DevOps model. This also better facilitates organizations to meet regulatory requirements or internal controls for their cloud environments.

Deployment-Driven Development

  • Konfig encourages a deployment-first approach, where applications are deployed to production-like environments from day one. This method, known as Deployment-Driven Development, accelerates time-to-production and minimizes the overhead typically associated with getting code into production. This is akin to a "shift-left" approach.
  • Workload configuration sits alongside application source code and declaratively specifies infrastructure resources and service settings.

User Experience and Automation

  • CLI Tool: The Konfig CLI provides a means for interacting with a control plane and its associated Platforms, Domains, and Workloads. It provides much of the same functionality of the UI in a CLI format.
  • Visual IaC: The Konfig UI provides a visual representation of the infrastructure state, allowing users to manage resources through a graphical interface while maintaining the benefits of IaC.

Flexibility and Avoiding Lock-In

  • While Konfig provides a structured and opinionated approach, it also offers flexibility through "escape hatches" that allow users to export configurations to Terraform or manage them directly with Config Connector. This ensures that organizations are not locked into a single way of doing things and can adapt as needed. And unlike a traditional PaaS which is often quite restrictive, with Konfig you have the full breadth of GCP at your disposal.

Key Benefits

  • Faster Time-to-Production: Streamlined setup and deployment processes enable faster delivery of software.
  • Enterprise-Grade Security: Built-in security best practices and fine-grained access controls ensure a secure cloud environment.
  • Governance: Platforms and Domains provide a flexible model balancing enterprise standards with team autonomy.
  • Scalability: Designed to scale with your business, accommodating growth without compromising efficiency.
  • Developer Experience: Focused on providing a great user experience for developers, enabling them to ship applications and services efficiently and without having to spend significant time dealing with infrastructure management.

Konfig functions like an operating system for your development organization, delivering a ready-to-use platform that integrates source control, CI/CD, and cloud infrastructure. This helps organizations focus on building innovative software products and delivering exceptional customer experiences rather than spending resources on non-differentiating work.