Self-Service is the Future of Kubernetes Provisioning
In 2025, Kubernetes is the industry standard for container orchestration, but provisioning Kubernetes clusters and resources remains a complex, time-consuming task.
Imagine a typical scenario: A developer needs a Kubernetes cluster for a new feature or project. Today, this often involves submitting tickets to platform teams, waiting days for manual Terraform updates, and undergoing multiple rounds of review. This outdated process creates friction and frustrates developers and platform engineers.
In this post, we'll explore the challenges of current Kubernetes provisioning methods, why traditional provisioning models fall short, and how modern self-service provisioning solutions like Plural address them.
Current State of Kubernetes Provisioning
The current state of Kubernetes provisioning is paradoxical: while Kubernetes is designed to simplify the deployment, scaling, and management of containerized applications, provisioning Kubernetes has become sufficiently complicated as to warrant its own category of expertise. It poses challenges for organizations of all sizes.
Challenges for Smaller Companies and Startups
Smaller companies and startups at the beginning of their cloud-native journey have limited engineering resources, tight budgets, and the pressure to move quickly.
Manual Terraform
The problems that startups have with Kubernetes provisioning primarily have to do with wrangling manual Terraform config. While Terraform provides the benefits of Infrastructure as Code (IaC), creating configurations from scratch is time-consuming and error-prone. Without standardized templates, divergent setups emerge as engineers create configurations differently, leading to inconsistencies across deployments. Even small errors, such as typos or misconfigurations, can result in failed deployments, security vulnerabilities, or performance issues.
Resource Management Overhead
In startups, the responsibility for provisioning Kubernetes clusters often falls on developers who are already managing multiple roles. These developers must balance building features with handling provisioning tasks.
Lack of Standardization
Without clear guidelines or reusable templates, smaller companies struggle to maintain consistency, as each project tends to develop its own unique Kubernetes configuration, leading to higher maintenance costs and difficult onboarding.
Challenges for Enterprises
For enterprises, the challenge of Kubernetes provisioning primarily has to do with permissioning and compliance.
Permission Management
At big companies, giving employees the right amount of permissions is a perennial balancing act. While developers require sufficient access to provision Kubernetes clusters for their projects, unrestricted permissions increase the likelihood of errors, security vulnerabilities, and configuration drift, which can compromise the organization's infrastructure integrity.
Compliance Requirements
Depending on the industry, enterprises often operate under strict governance frameworks. Compliance requirements like FedRAMP (Federal Risk and Authorization Management Program) mandate rigorous controls over data security, access management, and infrastructure monitoring.
For organizations running Kubernetes, this means implementing end-to-end encryption for all communication between pods and services, enforcing strict role-based access control (RBAC) to limit user permissions, performing continuous vulnerability scanning and patch management to address security risks, maintaining detailed and immutable audit logs capturing every cluster activity, and enabling multi-factor authentication (MFA) for cluster access.
Compliance requirements significantly complicate Kubernetes provisioning as every cluster must adhere to specific standards. Organizations must implement comprehensive scanning regimes that include vulnerability, virus, and security technical implementation guide (STIG) scans on a regular basis. The encryption requirements are equally demanding, with FedRAMP mandating FIPS-validated encryption for all data, both in transit and at rest. This creates particular challenges in Kubernetes environments where service-to-service communication is constant and many popular open-source technologies may not have FIPS validation.
Limitations of Traditional Solutions for Kubernetes Provisioning
Traditional approaches to Kubernetes provisioning often fail to deliver the speed, consistency, and scalability needed by modern organizations, creating friction for both startups and enterprises. Some of the key limitations are:
Manual Creation of Terraform Modules
Teams often rely on Terraform to define and provision infrastructure as code for Kubernetes cluster resources. While Terraform simplifies repeatable infrastructure management, manually creating and updating Terraform modules doesn't scale.
Ticket-based Workflows
Many organizations use ticketing systems like JIRA or ServiceNow to manage infrastructure requests. While these systems provide structure, they introduce significant delays. Developers must wait for approvals and rely on platform teams to manually handle requests, which slows down development. These traditional processes weren’t built for today’s need for speed, automation, and quick feature delivery.
Custom Internal Tools
Some organizations invest in building Internal Development Platforms (IDPs) for self-service infrastructure provisioning. By combining user interfaces with automation, IDPs abstract infrastructure complexities, enabling more efficient and autonomous developer workflows.
Still, building and maintaining an IDP requires significant resources, often including a dedicated development team. These tools can also easily become outdated if new features and integrations aren’t being added.
Alternative Tools: Backstage, Crossplane
Organizations looking for advanced automation and self-service infrastructure provisioning often turn to tools like Spotify’s Backstage and Crossplane. However, these tools often require significant time and engineering effort to integrate.
For example, Backstage, while extensible, requires expertise in React and TypeScript to develop custom plugins, which can be a barrier for teams without front-end development skills. Crossplane, though powerful for managing cloud resources, has a complex object model and requires extensive configuration, which can lead to errors and complicate cloud resource management. Crossplane’s support for cloud services, like AWS, is also limited.
Both these tools offer flexibility but lack out-of-the-box usability needed to quickly deliver a self-service provisioning platform that can be easily adopted by teams. This makes them less ideal for organizations looking for a simple, ready-to-deploy solution.
Modern Self-Service Approach with Plural
So what might a modern self-service model for Kubernetes provisioning look like?
- Developers should be able to quickly provision secure, fully-configured Kubernetes clusters with simple inputs like cluster size, region, and purpose, eliminating complex setup processes.
- All infrastructure changes are managed as code (IaC), versioned in Git, and orchestrated through APIs, ensuring transparency and repeatability.
- Every provisioned resource adheres to organizational security policies, compliance requirements, and best practices.
- Users have real-time visibility into infrastructure requests through intuitive dashboards and receive notifications at key stages of the provisioning workflow.
At Plural, we’ve developed just such a self-service provisioning solution that simplifies workflows for developers and platform teams alike. Here’s how it works:
Key Components of Plural’s Self-Service Model
1. Pull Request (PR) Automation
Plural uses GitOps principles to streamline Kubernetes provisioning by leveraging pull request (PR) automation with a focus on template-driven code generation, review workflows and Infrastructure as Code (IaC) principles. By using a predefined template, developers are spared having to write configurations from the ground up, as the necessary IaC configurations are generated automatically. Each provisioning request is made through a pull request, allowing platform teams to assess the generated IaC code. This process ensures that all modifications comply with security, compliance, and best practices before they are merged and executed, fostering a transparent and auditable workflow.
By adhering to IaC principles, Plural ensures that all infrastructure modifications are version-controlled, repeatable, and traceable. This reduces the risk of errors, enhances collaboration, and simplifies troubleshooting when issues arise.
2. Manage infrastructure as code with Stacks
Plural Stacks is a scalable framework for managing Infrastructure as Code (IaC) with a Kubernetes-friendly, API-driven approach. It allows users to declaratively define a "stack" by selecting the IaC type (e.g., Terraform, Ansible, or Pulumi), the Git repository that holds the source code, and the target Kubernetes cluster for execution. Powered by the Plural deployment operator, Stacks automatically detects changes in the repository, triggering the appropriate execution runs. This ensures that every commit is seamlessly applied to the target cluster, making infrastructure management more streamlined and consistent. By leveraging GitOps principles, Stacks automates the entire workflow, eliminating manual intervention and reducing human error.
Stacks simplify infrastructure provisioning while enabling customization and robust post-deployment management capabilities. By integrating directly with Terraform, it leverages robust IaC capabilities to efficiently provision and manage resources. Customizations are defined declaratively in the stack configuration, allowing users to modify stack parameters such as cluster configurations, and network setups. After provisioning, Plural offers a centralized interface for managing Terraform states, monitoring outputs, and visualizing resource dependencies featuring pre-merge plans and automated drift detection to ensure effective management throughout the deployment lifecycle.
How Self-Service Provisioning Works with Plural
Plural streamlines the traditionally complex process of infrastructure provisioning by combining self-service GitOps automation and stack management. This approach creates a seamless, governance-compliant workflow that is intuitive for developers while maintaining control and security for platform teams.
When a developer provisions a new Kubernetes cluster using Plural's intuitive centralized user interface, they begin by selecting a template from pre-approved pull request automation templates.
Next, the developer can input customized parameters as defined in the template based on the project’s requirements.
After that, the request is submitted as a pull request, which is reviewed by the team for approval. The review process serves as a quality control mechanism that ensures all changes adhere to established standards and best practices.
Once approved, Plural's GitOps engine will detect the merged code changes and initiate provisioning. This process leverages Terraform code through Stacks or Kubernetes manifests via Plural CD, as merged in the previous PR.
This end-to-end automation eliminates delays, ensures consistency, and allows developers to focus on building applications rather than managing infrastructure.
Beyond Kubernetes Provisioning: Additional Use Cases
Plural’s self-service model will extend beyond Kubernetes provisioning, as we will soon provide pre-written Terraform templates that simplify provisioning for high-value software such as Dagster, SAP Hana, Opia, OPA Gatekeeper, Trivy operator, and more. Using these templates and Plural’s self-provisioning features, developers will be able to quickly spin up PostgreSQL or MySQL instances, or provision a fully operational Kafka cluster.
Walkthrough: Using Plural's Service Catalog - Dagster
In this walkthrough video, we showcase how Plural's Service Catalog simplifies provisioning of a complex, full-stack application like Dagster on AWS. This setup leverages various AWS services including IAM, S3, and RDS to create the necessary infrastructure for Dagster, all managed through Plural Stacks. Under the hood, Plural OIDC is seamlessly integrated, offering a unified access solution that streamlines user authentication and authorization across the deployed services.
The deployment process is fully GitOps-managed, utilizing Plural's PR Automation alongside Terraform for infrastructure as code and Helm charts for Kubernetes resource management. The result is a streamlined, repeatable, and compliant self-service provisioning workflow, empowering teams to efficiently manage and deploy sophisticated applications like Dagster in a cloud environment.
Conclusion
Self-service provisioning is transforming the way organizations manage infrastructure, enabling teams to move faster, operate more efficiently, and maintain consistent, secure environments. By enabling developers to provision resources on-demand, automated self-service workflows drive real results, including faster development cycles, improved platform team productivity, and consistent, secure infrastructure management.
Plural’s modern self-service provisioning solution merges the power of GitOps-based automation and Infrastructure as Code (IaC) with an intuitive self-service interface. Whether you're a startup aiming to scale quickly or an enterprise managing complex, multi-cluster environments, Plural streamlines the Kubernetes provisioning process while ensuring governance and reliability.
Ready to modernize your Kubernetes setup with Plural? Schedule a demo today to see how we can help your teams achieve faster, more efficient, and more secure Kubernetes provisioning.