# Crossplane vs Terraform vs Pulumi: Which Infrastructure Automation Fits Your Platform? Platform teams choosing infrastructure automation face a fundamental decision: traditional Infrastructure as Code (Terraform, Pulumi) or Kubernetes-native control planes (Crossplane). Each approach has different trade-offs for developer self-service, multi-cloud governance, and operational complexity. ## Quick comparison | | Crossplane (self-hosted) | Upbound (managed Crossplane) | Terraform / OpenTofu | Pulumi | |---|---|---|---|---| | **Approach** | Kubernetes-native control plane | Managed Kubernetes control plane | Declarative IaC, plan-and-apply | SDK-based IaC, imperative | | **State management** | Kubernetes etcd (no state files) | Managed by Upbound | State files (local, S3, Terraform Cloud) | State files (local, S3, Pulumi Cloud) | | **Reconciliation** | Continuous, detects and fixes drift | Continuous | Manual: `terraform plan && apply` | Manual: `pulumi up` | | **Developer self-service** | Native: `kubectl apply` or GitOps | Native: `kubectl apply` or GitOps | Requires CI/CD wrapper | Requires CI/CD wrapper | | **Multi-cloud** | Single control plane, any provider | Single control plane, any provider | Separate configs per provider | Separate programs per provider | | **Swiss providers** | cloudscale.ch, Exoscale providers available | cloudscale.ch, Exoscale via self-hosted | cloudscale.ch, Exoscale providers available | cloudscale.ch, Exoscale providers available | | **Maturity** | CNCF Graduated (2024) | Commercial (Upbound, founded 2020) | Mature (HashiCorp, since 2014) | Growing (Pulumi, since 2018) | | **License** | Apache 2.0 | Commercial SaaS | BSL 1.1 (Terraform) / MPL 2.0 (OpenTofu) | Apache 2.0 (engine) / Commercial (Cloud) | | **Best for** | Platform teams on Kubernetes | Crossplane without operations overhead | Traditional ops teams, brownfield infra | Developer-centric teams wanting real code | ## Terraform / OpenTofu Terraform is the most widely adopted IaC tool. You define infrastructure in HCL files, run `terraform plan` to preview changes, and `terraform apply` to execute them. **Strengths:** - Mature ecosystem with thousands of providers - Well-understood plan-and-apply workflow - Large community, extensive documentation - OpenTofu fork available under MPL 2.0 license **Limitations:** - **State file management is a constant operational burden.** Lost or corrupted state means manual recovery. - No continuous reconciliation. Drift between plan and reality goes undetected until the next `apply`. - No native developer self-service. Developers submit tickets or PRs; platform team runs `apply`. - HCL is a DSL, not a general-purpose language. Limited logic and testing capabilities. - HashiCorp's BSL license change (2023) created uncertainty; OpenTofu fork addresses this **Best for:** Teams managing traditional infrastructure (VMs, networks, DNS) that don't need developer self-service. ## Pulumi Pulumi uses real programming languages (Python, TypeScript, Go) instead of a DSL. Infrastructure is defined as code in the same languages developers already use. **Strengths:** - Real programming languages: loops, conditionals, tests, and IDE tooling - Familiar developer experience - Good for application-infrastructure co-location - Supports all major cloud providers **Limitations:** - Still requires state files (Pulumi Cloud or self-managed backend) - No continuous reconciliation. Same drift problem as Terraform. - No native Kubernetes integration. Separate tool from your container platform. - Smaller ecosystem than Terraform - **Small talent pool.** Fewer Pulumi engineers available in Switzerland compared to Terraform or Kubernetes specialists. Hiring or contracting for Pulumi expertise is harder. - Commercial cloud service for team features **Best for:** Developer-centric teams that want infrastructure in the same language as their applications. ## Crossplane (self-hosted) Crossplane runs as a Kubernetes controller. You define infrastructure as Kubernetes custom resources, and Crossplane continuously reconciles the desired state against reality. **Strengths:** - **No state files.** Kubernetes etcd is the source of truth. - **Continuous reconciliation.** Detects and fixes drift automatically. - **Developer self-service.** Developers provision infrastructure via `kubectl apply` or GitOps, same as deploying applications. - **Compositions.** Platform teams define guardrails and abstractions; developers get a simple API. - **Multi-cloud from one control plane:** AWS, Azure, GCP, cloudscale.ch, Exoscale, Kubernetes, Helm, SQL. - **Builds on Kubernetes skills.** Any engineer familiar with Kubernetes controllers and CRDs can operate Crossplane, unlike tools that require learning a separate ecosystem. - CNCF Graduated project with vendor-neutral governance. - Apache 2.0 license. No BSL surprises. **Limitations:** - Steeper learning curve than Terraform, especially Composition Functions - Kubernetes cluster required to run the control plane - Smaller provider ecosystem than Terraform (growing rapidly) - Debugging can be harder (Kubernetes events vs Terraform output) **Best for:** Platform teams already on Kubernetes that want developer self-service and continuous reconciliation. ## Upbound (managed Crossplane) Upbound offers a managed Crossplane control plane as a SaaS product, plus commercial features for enterprise teams. **Strengths:** - Crossplane without operating the control plane yourself - Commercial support and enterprise features - Upbound Marketplace for provider packages **Limitations:** - US-based SaaS. Data processed outside Switzerland. - Starting at $1,000+/month for managed control planes - Vendor dependency for a control plane that could be self-hosted - Less flexibility than self-hosted for Swiss provider integrations **Best for:** US/global teams wanting Crossplane without Kubernetes operations expertise. ## VSHN Crossplane Consulting and Operations VSHN is an official Crossplane commercial vendor (listed on crossplane.io). We help Swiss platform teams adopt Crossplane: architecture review, composition development, migration, and production operations. **What VSHN offers:** - **Architecture review:** Assess your infrastructure automation needs and design a Crossplane architecture (1-day engagement). - **Composition development:** Build custom Compositions and Composition Functions for your team's self-service APIs. - **Migration from Terraform:** Plan and execute migration of existing Terraform-managed infrastructure to Crossplane. - **Training:** Hands-on Crossplane training for your platform team, delivered with training partners. - **24/7 operations:** VSHN operates your Crossplane control plane on APPUiO Cloud or your own Kubernetes cluster. - **Swiss providers:** Production-proven Crossplane providers for cloudscale.ch and Exoscale. **Pricing:** CHF 250/hour consulting. Scoped engagements from 1-day architecture reviews to multi-month platform builds. **Production track record:** VSHN has run Crossplane in production since 2021, powering the entire VSHN Application Catalog on APPUiO Cloud. Hundreds of managed service instances are provisioned and reconciled daily. **Best for:** Swiss platform teams adopting Crossplane who want hands-on expertise and operational support from an official vendor. ## Crossplane vs Terraform: the key difference Terraform automates infrastructure provisioning. Crossplane builds an **infrastructure platform** with developer self-service. If your developers submit Jira tickets for infrastructure and your platform team runs `terraform apply`, Crossplane eliminates that bottleneck. Developers provision what they need via `kubectl` or GitOps, within the guardrails your platform team defines. If you manage static infrastructure that rarely changes, Terraform's plan-and-apply workflow is simpler and more mature. ## When to choose Crossplane with VSHN Crossplane with VSHN makes sense when: - Your platform team wants to offer developer self-service for infrastructure - You're already on Kubernetes and want infrastructure automation in the same ecosystem - You need multi-cloud governance from a single control plane - Terraform state management has become a pain point - You want Swiss-specific providers (cloudscale.ch, Exoscale) or custom Crossplane providers implemented for your control plane - Your team needs hands-on help from an official Crossplane vendor Try Swiss cloud infrastructure with Crossplane: [Exoscale]({{partner:exoscale.signup_url}}) (Swiss IaaS with Crossplane provider). Want help? [Contact us](#contact). For a detailed sovereignty analysis, see our [Crossplane sovereignty assessment](/sovereignty/).

Evaluate Crossplane for your platform

30-minute call with our Crossplane team. We review your setup and outline next steps.

Book a free consultation
## Next steps Ready to evaluate Crossplane for your platform? [Book a free 30-minute call](#contact) with our Crossplane team. We discuss your current setup, identify where Crossplane fits, and outline next steps.