Building a Cloud Platform Where Everything is Just Another Kubernetes Resource

At STACKIT, we took the Kubernetes API and turned it into our entire platform control plane. Not just for running containers. For everything. S3 buckets, databases, DNS records, IAM credentials, even entire child Kubernetes clusters. All defined as YAML manifests. All managed via GitOps. All continuously reconciled by controllers. We started with Terraform like everyone else. It worked fine until our infrastructure got complex. Monolithic state files that locked the whole team. Slow applies that recalculated everything when we only needed to change one thing. Drift that only surfaced when someone remembered to run a plan. So we rebuilt the platform on Crossplane and ArgoCD. One management cluster provisions and orchestrates cloud infrastructure per environment. Developers get self-service APIs by applying Kubernetes resources. Ops teams enforce policies through admission webhooks. Everything reconciles in real-time. No external state to manage. No waiting for tickets to get unblocked. This is the production architecture. How it works, why we designed it this way, what went wrong during the migration, and what we'd change if we started over today.