Open‑Source Multi‑Cloud
Infrastructure Framework
Author KRM‑style YAML once, validate with Protobuf + Buf ProtoValidate, then execute with Pulumi or OpenTofu. Consistent APIs across AWS, GCP, Azure, and Kubernetes—no provider‑specific yak‑shaving.
Define once.Deploy anywhere.
Why ProjectPlanton?
Built for DevOps engineers, platform teams, and infrastructure architects who need consistency across clouds
One model, many clouds
A single CloudResourceKind enum and provider‑specific APIs (e.g., AwsStaticWebsite, GcpGkeCluster, AzureAksCluster, RedisKubernetes) with the same KRM‑style shape: apiVersion, kind, metadata, spec, status.
Validation & sane defaults
Field‑level rules via Buf ProtoValidate; default/recommended_default options and message‑level CEL guardrails; manifests fail fast with clear errors before any provisioning.
Modules under the hood
Curated Pulumi and OpenTofu modules reside alongside each API (apis/.../iac/pulumi/module, apis/.../iac/tf), so you never write raw Terraform or Pulumi code.
Dev‑grade workflow
pulumi preview/update/refresh/destroy and tofu init/plan/apply/destroy/refresh through one CLI; stack FQDN <org>/<project>/<stack>; reproducible workspaces under ~/.project-planton.
Security & governance
Provider credentials are first‑class stack‑inputs (e.g., aws-credential.yaml, gcp-credential.yaml, kubernetes-cluster.yaml); modules apply consistent planton.org/* labels and support foreign‑key references across resources.
Extensibility
Add kinds and modules in‑repo; APIs generate language stubs via Buf; modules are selected per kind/provider automatically; override any manifest value at the CLI with --set key=value.
How It Works
From YAML manifest to deployed infrastructure in five clear steps
Parse
apiVersion/kind/metadata/spec → Protobuf object
Validate
Buf ProtoValidate/CEL on spec
Build
stack‑input = { provisioner, pulumi|terraform, target, providerCredential }
Plan/Preview
pulumi preview or tofu plan
Apply
pulumi update or tofu apply (backends: local|s3|gcs|azurerm)
Input: YAML Manifest
Output: Status/Results
Get Started in Minutes
Four simple steps to deploy your first multi-cloud infrastructure
brew install project-planton/tap/project-plantonproject-planton validate manifest.yaml# Pulumi (example)
project-planton pulumi up --manifest manifest.yaml --stack myorg/myproject/dev --module-dir . --set metadata.labels.env=dev
# OpenTofu (example)
project-planton tofu init --manifest manifest.yaml --backend-type s3 --backend-config bucket=my-tf-state-bucket --backend-config dynamodb_table=my-tf-locks --backend-config region=us-west-2 --backend-config key=stacks/myproject/dev.tfstate
project-planton tofu plan --manifest manifest.yaml
project-planton tofu apply --manifest manifest.yaml --auto-approveproject-planton pulumi destroy --manifest manifest.yaml --stack myorg/myproject/dev
# or
project-planton tofu destroy --manifest manifest.yaml --auto-approvePrerequisites & Notes
- • Provide credentials via files in an input dir (e.g., aws-credential.yaml, gcp-credential.yaml, kubernetes-cluster.yaml) or explicit flags
- • Pulumi/OpenTofu CLIs must be installed separately
- • OpenTofu supports backends: local, s3, gcs, azurerm
- • Stack FQDN format is <org>/<project>/<stack>
Example Gallery
Real manifests from the repo (trimmed for clarity). Replace placeholders like <project-id>.
apiVersion: aws.project-planton.org/v1
kind: AwsStaticWebsite
metadata:
name: my-site
labels:
env: dev
spec:
enableCdn: true
# Minimal example; additional fields include SPA routing, aliases, TLS, cache TTLs, and logging.Deploy:
project-planton validate aws-static-website.yaml
project-planton pulumi up --manifest aws-static-website.yaml --stack myorg/site/devapiVersion: aws.project-planton.org/v1
kind: AwsEc2Instance
metadata:
name: app-vm
spec:
subnetId:
valueFrom:
kind: AwsSubnet
name: my-vpc-subnet
fieldPath: status.outputs.subnet_id
securityGroupIds:
- valueFrom:
kind: AwsSecurityGroup
name: app-sg
fieldPath: status.outputs.security_group_id
amiId: ami-0123456789abcdef0
instanceType: t3.micro
connectionMethod: SSMDeploy:
project-planton tofu plan --manifest aws-ec2.yaml
project-planton tofu apply --manifest aws-ec2.yaml --auto-approveCLI Reference
Complete command reference for the ProjectPlanton CLI
project-planton pulumi previewPreview Pulumi changes
project-planton pulumi updateApply Pulumi changes
project-planton pulumi refreshRefresh Pulumi state
project-planton pulumi destroyDestroy Pulumi resources
project-planton tofu initInitialize OpenTofu backend
project-planton tofu planCreate OpenTofu execution plan
project-planton tofu applyApply OpenTofu changes
project-planton tofu destroyDestroy OpenTofu resources
project-planton tofu refreshRefresh OpenTofu state
project-planton validate <manifest.yaml>Validate manifest with Buf ProtoValidate
project-planton versionShow CLI version
| Flag | Description | Required |
|---|---|---|
| --manifest <path> | path to the deployment‑component manifest file | Required |
| --stack <org/project/stack> | Pulumi stack FQDN (required for pulumi commands) | Required |
| --module-dir <dir> | directory containing the Pulumi/Tofu module (defaults to current dir) | Optional |
| --input-dir <dir> | directory containing target.yaml and/or credential yamls | Optional |
| --set key=value | override manifest fields (deep dot‑paths supported) | Optional |
| --auto-approve | skip interactive approval (tofu apply/destroy) | Optional |
| --destroy | create a destroy plan (tofu plan) | Optional |
| --backend-type {local|s3|gcs|azurerm} | choose backend (tofu init) | Optional |
| --backend-config key=value | repeatable backend arguments (tofu init) | Optional |
Supported by stackinputcredentials
--aws-credential <file>AWS credential file
--gcp-credential <file>GCP credential file
--azure-credential <file>Azure credential file
--kubernetes-cluster <file>Kubernetes cluster config file
--confluent-credential <file>Confluent credential file
--mongodb-atlas-credential <file>MongoDB Atlas credential file
--snowflake-credential <file>Snowflake credential file
CI/CD Integration
Deploy your infrastructure automatically with GitHub Actions
name: Deploy with ProjectPlanton
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install ProjectPlanton CLI
run: brew install project-planton/tap/project-planton
- name: Install Pulumi & OpenTofu
run: |
curl -fsSL https://get.pulumi.com | sh
echo "$HOME/.pulumi/bin" >> $GITHUB_PATH
curl -L https://github.com/opentofu/opentofu/releases/latest/download/tofu_linux_amd64.zip -o tofu.zip
sudo unzip -o tofu.zip -d /usr/local/bin
- name: Plan (Tofu)
run: project-planton tofu plan --manifest infra/manifest.yaml
- name: Apply (Pulumi)
run: project-planton pulumi up --manifest infra/manifest.yaml --stack myorg/myproj/prodDeterministic
Same commands, same results across all environments
Version Controlled
Infrastructure as code with full Git history
Portable
Works with any CI/CD system that supports CLI tools
How We Compare
Short, factual comparison with other infrastructure tools
Crossplane: In‑cluster controllers
ProjectPlanton: Runs on‑demand via CLI with Pulumi/OpenTofu modules
Terraform HCL: Imperative DSL
ProjectPlanton: Declarative KRM‑style YAML with strict proto validations
Pulumi code: App‑like programs
ProjectPlanton: Declarative manifests while Pulumi executes curated modules
| Feature | ProjectPlanton | Crossplane | Terraform | Pulumi |
|---|---|---|---|---|
| Declarative YAML | Yes | |||
| Multi-cloud consistency | Yes | |||
| Strong validation | Yes | |||
| Multiple backends | Yes | |||
| CLI workflow | Yes | |||
| Kubernetes native | ||||
| Programming languages | ||||
| Curated modules | Yes |
Frequently Asked Questions
Everything you need to know about ProjectPlanton