Thanks! That's a great conceptional positioning of crossplane and terraform in the context of k8s.

It was helpful in building my understanding, I need to go further but it provides some clarity!

Excellent! Your presentation brought clarity into my understanding.

Kelsey as usual you just helped me solve a problem I’ve been trying to understand/rectify/solve (and like a year ago, oy). For those of us who like writing modules in HCL and enjoy the verifiability and policy enforcement BEFORE code even hits the infra, this is exactly what I’ve been trying to achieve. Currently I have no idea how policy enforcement would work in a cross plane only environment - there’s gotta be some phase before any code reaches the cloud provider apis to really enforce anything. Building module definitions in HCL for CRDs can be incredibly useful for scoping declarative, modular, permission scoped workflows. Props to the Hashicorp team for working on this. Props to the cross plane team for recognizing and leveraging the control plane loops available in k8s for this type of infrastructure management. Now my question is: how do we develop patterns for logging and alerting on success/fail/unexpected change/cross plane-initiated change back? Meaning, if I have a user changing infra through some unexpected means (say, the web console) and cross plane wants to change it back, how does one alert and control the change back process in the hopes of a sounding data loss? Would that be done with more customized CRDs in cross plane? I imagine we would we enforce policy through code in something like Hashicorp Sentinel before those changes even hit the K8s control plane? Or, I suppose we just cut off change access to devs and let the robots manage the change that devs describe in code, and that’s the answer… Still doesn’t solve the problem of notifying people things are about to change because robots found a diff in our infrastructure from what Crossplane thinks it’s supposed to be.