Skip to main content

FAQ

Is Konfig a Platform as a Service (PaaS)?

Konfig is not exactly a PaaS, but it provides many of the same benefits without the usual constraints. A PaaS provides a platform allowing developers to build, deploy, and manage applications without worrying about the underlying infrastructure. Typically this abstracts infrastructure such as the application runtime, databases, caches, queues, and other middleware. This allows developers to focus more on product and feature development and less on infrastructure configuration and management. The trade-off, typically, is a PaaS tends to be quite rigid in its opinionations and can have vendor lock-in concerns.

Konfig similarly provides abstractions for infrastructure in the form of Resource Templates, and the Control Plane handles provisioning and managing the infrastructure. The infrastructure itself, however, is not hidden from developers in any way. Instead, Konfig acts as an orchestrator for the cloud platform, working to configure and create Resources, manage IAM, and ensure the infrastructure matches the desired state. Through this lens, Konfig is more akin to Infrastructure as Code (IaC).

Unlike a PaaS, with Konfig you have the full breadth of the underyling cloud platform at your disposal. What Konfig does is expose it in a way that allows developers to work more efficiently, securely, and conforming to organizational standards and controls. A platform or operations team can manage cloud governance and enterprise standards for their organization through Platforms, Domains, and Resource Templates. This means developers can once again focus on product and feature development, but if they hit a constraint with Konfig, they have a means to resolve it. This concept is something we call an escape hatch.

Are platforms other than GitLab and Google Cloud supported?

Today, Konfig only supports GitLab and Google Cloud Platform (GCP). We are actively exploring support for GitHub and Amazon Web Services (AWS). If Konfig interests you but it doesn't support your platform, please reach out and let us know.

Does Konfig work with Terraform?

Partly. At a high level, Konfig is comprised of two layers: the Platform Layer and the Workload Layer. Terraform or other IaC tools can be used in combination with the Platform Layer, but you'll lose many of the benefits of the Workload Layer.

The Platform Layer is responsible for establishing an enterprise-grade platform spanning source control, CI/CD, and cloud provider. This includes things like establishing project structures in the cloud environment and source control system, creating IAM resources for allowing CI/CD pipelines to authenticate with the cloud environment, managing access control and governance, and configuring foundational infrastructure like VPCs.

The Workload Layer is responsible for managing Workloads and their associated Resources. This includes provisioning infrastructure, managing IAM, and ensuring Resources are in a running state and that configuration is correct. In this sense, the Workload Layer is an IaC solution with some opinionation. In particular, Konfig builds upon and extends GCP's Config Connector, which is an operator that allows you to manage your Google Cloud infrastructure the same way you manage Kubernetes applications. While the Workload Layer is opinionated, this model allows you to step outside of Konfig's opinions when needed. See above for more on this.

If using Terraform, the Platform Layer would effectively create and manage the underlying platform that Terraform would deploy resources into. It would also provide credentials to allow Terraform to securely authenticate. However, with this model, the developer would be responsible for implementing their infrastructure and IAM using Terraform and wiring everything together. You would lose the benefits of the Workload Layer, such as Resource Templates and automatic IAM, as well as many of the benefits of the Konfig UI. You would, however, still gain the governance provided by Platforms and Domains.

Can I self-host Konfig?

Currently, Konfig is only available as a dedicated managed SaaS. If you are interested in self-hosting Konfig, please contact us.

Does Konfig have "root" access to my GCP organization and GitLab?

Konfig's access is limited and can be revoked at any time. It is designed with security as a foundational principle. You can read more about Konfig's security model here.