#IaaS #Kubernetes #Cloud Infrastructure #DevOps #Open Source

Cloud & Platform Engineering · Infrastructure · Open Source

Kubernetes as a control plane for modular compute units

100% open source stack · 6 integrated layers · 0 manual cluster setup

A client selling modular, plug-and-play compute deployment units needed a software layer to turn raw hardware into a fully-managed cloud experience — standard VMs, persistent storage, networking, and managed Kubernetes clusters — built entirely on open source primitives, from scratch.

Challenge

Full IaaS stack from bare metal with no managed cloud to lean on. Open source only. Kubernetes inside Kubernetes to offer managed clusters as a product. GitOps from day one.

Approach

Vanilla Kubernetes as the single control plane. Rook + Ceph for unified block and object storage from one operator. CAPI + KubeVirt + K0smotron for managed Kubernetes clusters as declarative workloads inside the host cluster.

Outcome

Production-grade IaaS platform with zero proprietary dependencies. All six layers — compute, storage, networking, managed clusters, and observability — managed through a single Kubernetes-native API.

100%
Open source stack — zero proprietary dependencies across all six platform layers
6
Integrated platform layers under one control plane: compute, block storage, object storage, networking, managed clusters, and observability
0
Manual cluster setup — fully GitOps-driven from day one, all clusters provisioned declaratively as CRDs
1
Control plane for VMs, storage, clusters, and networking — single Kubernetes-native API surface

The background

Built on open source. Greenfield. Every layer from scratch.

The client builds modular deployment units — self-contained, high-density compute designed to be deployed rapidly inside existing real estate. To make that product viable, they needed a software layer that turned raw hardware into a cloud experience. The entire stack was greenfield. Every architectural decision had to be made from scratch.

Open source was a non-negotiable requirement — for cost, auditability, and long-term independence. The stack had to cover the full IaaS surface: network, block storage, object storage, VM management, and managed Kubernetes, with no managed cloud provider to lean on.

The challenge

Three hard constraints to solve simultaneously.

1 — Full stack
No managed cloud to lean on

Network, block storage, object storage, VM management, and managed Kubernetes — all had to be built and integrated from bare metal. No AWS, no GCP, no shortcut. Every layer required an explicit architectural decision.

2 — Open source
No proprietary tooling — at all

Proprietary tooling was a non-starter. Every component had to be open source — for cost, auditability, and long-term independence from vendor decisions. This was a non-functional requirement, not a preference.

3 — K8s in K8s
Kubernetes inside Kubernetes

Offering managed Kubernetes clusters to customers meant provisioning and managing them as workloads running inside the control plane itself. Declarative, Git-driven operations were a requirement — no manual cluster setup, consistent state across all deployment units, auditable changes.

What was built

One control plane. Six layers. All open source.

Rather than building bespoke orchestration, we put Vanilla Kubernetes at the centre of the architecture — the single control plane for all resources. This gave us a proven reconciliation engine and a declarative API surface without introducing custom abstractions that accumulate complexity.

Storage layer: Rook + Ceph

We evaluated Longhorn — simpler setup, but limited scalability and no object storage — and OpenEBS — flexible, but less mature for production block storage. We chose Rook + Ceph for product maturity, proven scalability, and the ability to support both block and object storage patterns from a single unified operator. One operator handles persistent volumes, S3-compatible object storage, and file storage — eliminating an entire category of architectural decisions.

Managed Kubernetes inside Kubernetes

Customer Kubernetes control planes run as workloads inside the host cluster via K0smotron — fully isolated and GitOps-managed. KubeVirt runs VMs as native Kubernetes workloads. CAPI provides the declarative, GitOps-compatible interface for provisioning and lifecycle management of all clusters. Every customer cluster is a Kubernetes custom resource — provisioned by applying a manifest, upgraded the same way, with a complete audit trail of every state change.

Compute and VM layer

Standard VM lifecycle — create, resize, migrate, delete — managed entirely through the Kubernetes control plane via KubeVirt. No separate hypervisor layer. Every VM is a Kubernetes custom resource managed through the same API surface as clusters and storage volumes. The operational model for the entire platform is consistent: kubectl, GitOps, declarative manifests — regardless of whether you're managing a VM or a storage bucket.

Observability and messaging

ClickHouse for analytics and time-series data. Grafana for dashboards. NATS for high-throughput internal messaging. PostgreSQL for persistent state. All wired into the same declarative control plane — no separate observability stack to operate. The same GitOps workflow that manages compute and storage also manages the monitoring infrastructure.

Architecture

From raw hardware to a fully managed cloud product.

All resources — VMs, storage volumes, network policies, customer clusters — are Kubernetes custom resources managed through a single API surface. Managed customer clusters run as workloads inside the host cluster, provisioned on demand with full isolation and a complete GitOps audit trail.

Resources Compute VMs via KubeVirt Native K8s workloads Block storage Rook + Ceph Persistent volumes Object storage Rook + Ceph S3-compatible Control plane Control plane Vanilla Kubernetes Single API — VMs, clusters, storage, networking all as CRDs Cluster lifecycle CAPI GitOps-compatible provisioning GitOps Declarative state All changes tracked, auditable Customer layer Managed clusters K0smotron Isolated · GitOps-managed Observability ClickHouse · Grafana Analytics + dashboards Audit trail GitOps state Declarative · auditable

All layers are Kubernetes custom resources managed through one control plane API surface. Every cluster provisioned via CAPI as a CRD, GitOps-driven from day one.

Results

Production-grade IaaS. Zero proprietary dependencies.

100%
Open source stack. Zero proprietary dependencies — every component is open source, auditable, and replaceable.
1
Control plane for everything. Vanilla Kubernetes as the universal orchestration layer for VMs, storage, clusters, and networking.
0
Manual cluster setup. Fully GitOps-driven — every cluster is a CRD, provisioned declaratively, with auditable changes.
6
Integrated layers under one API. Compute, block storage, object storage, networking, managed Kubernetes, and observability — no separate systems.

Tech stack

Kubernetes CAPI KubeVirt K0smotron Rook + Ceph Go React PostgreSQL ClickHouse NATS Grafana Terraform

Building infrastructure as a product and need an open source foundation?
Let's design the right control plane — before complexity does.

Get in touch →
← Back to Case studies