Blueprints overview

A blueprint is a package of deployable, reusable configuration and policy that implements and documents a specific opinionated solution. Blueprints enable developers to design infrastructure, platforms, and application services by composing and connecting cloud resources with declarative configuration. They codify knowledge and expertise for rapidly deploying new systems and environments.

Best practices

Blueprints are designed to capture best practices for specific use cases, including appropriate resource groupings and policies. Once best practices are packaged into a blueprint, they can be shared internally within your organization or distributed on the internet to evangelize them more broadly.

Smart defaults

Because blueprints package multiple resources together to target specific use cases, they can provide sensible, contextual defaults which reduce the need to tune every option on each resource. This makes onboarding faster and reduces cost.

Policy guardrails

Blueprints don't just demonstrate best practices, they can also include policy guardrails that empower developers to move faster, without compromising security or compliance.

Self-service upgrades

Blueprints are released as versioned, shareable artifacts, which can be improved over time without breaking production systems. Blueprint consumers choose when they want to upgrade to newer versions, allowing for greater control and the ability to gradually roll out upgrades across an organization. Meanwhile, new users default to the latest configuration, getting a better out-of-the-box experience with the latest best practices.

Types of blueprints

Google provides blueprints for both Kubernetes and Terraform.

If you're already using Kubernetes or looking for a unified way to manage your applications and infrastructure with the same toolchain, check out KRM blueprints.

If you're already using Terraform or looking for a robust ecosystem supported by multiple cloud providers, check out Terraform blueprints.

Kubernetes Resource Model (KRM) blueprints

Config Connector, a component of Anthos Config Management, lets you to specify Google Cloud resources using the Kubernetes Resource Model. KRM makes it easy to declaratively specify resources with YAML or JSON.

Kubernetes resources can be packaged using kpt, a Kubernetes-native packaging tool which provides extensible support for customizing, validating, and deploying Kubernetes resources. Blueprints built with kpt can include any resource with a KRM representation, including native Kubernetes resources and Google Cloud resources using Config Connector.

You can deploy KRM blueprints to any Kubernetes cluster running Config Connector, including Config Controller, the hosted Anthos Config Management platform. Config Controller provides a central control plane for you to manage the configuration and policy of your entire cloud infrastructure.

Policies for KRM blueprints are written as Open Policy Agent (OPA) constraint templates. Policy Controller, a component of Anthos Config Management, provides server-side OPA policy validation using an admission webhook to reject invalid resource configurations before they are acted on by other Kubernetes controllers. OPA policies can also be validated client-side using kpt functions, which enables shift-left testing for faster feedback, earlier in your deployment pipeline. Because OPA policies can be defined using Kubernetes resources, they can be bundled and distributed in kpt packages, together with the resources they validate.

Get started with KRM blueprints today using the KRM blueprints catalog.

Terraform blueprints

Terraform uses the HashiCorp Configuration Language (HCL) to specify resources. Terraform resources can be packaged as modules that are published using Git repositories and the Terraform registry.

Policies for Terraform blueprints are also written as Open Policy Agent constraint templates. The Terraform Validator enables client-side policy validation by converting terraform plans into Cloud Asset Inventory asset metadata, which is then validated with OPA policies. This lets misconfigurations be detected earlier in your deployment pipeline. Check out the Policy Library for a selection of standard policy bundles.

Get started with Terraform blueprints today using the Terraform blueprints catalog.

What's next