CASE 25 · POLARIS · 2025
GitOps for infrastructure, not just for Kubernetes manifests.
A climate-tech company had GitOps for their EKS workloads via ArgoCD but managed their AWS infrastructure through a mix of Terraform, the AWS Console, and one rogue Pulumi project. We unified everything under GitOps with Crossplane — including the AWS infrastructure.
Climate tech
PLATFORM
2025
RESULTS
What changed, by the numbers.
INFRA OUTSIDE GITOPS
0
DRIFT INCIDENTS
−100%
INFRA PR LEAD TIME
−54%
TERRAFORM STATE FILES
12 → 0
HOW IT WENT
The team’s GitOps story for workloads was solid, but every quarter there was a Console-vs-Terraform drift incident. The AWS resources owned by the application team and the AWS resources owned by the platform team had different lifecycles, different approval flows, and different tools.
We introduced Crossplane on the existing EKS cluster with AWS provider, and let application teams declare their AWS dependencies (S3 buckets, SQS queues, Aurora instances) alongside their Kubernetes manifests. The platform team kept Terraform for the things below the Kubernetes line (the cluster itself, the VPC, the org SCPs).
Drift incidents dropped to zero in the 90 days following rollout. Kyverno policies enforced what Crossplane manifests were permitted, preventing one team from accidentally creating a public S3 bucket. The team retired the rogue Pulumi project in week six.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.