Cozystack AGL Backends

Two design drafts for adding Terraform/OpenTofu support to Cozystack’s Application Generation Layer (AGL), plus a short presentation deck.

What is this?

Cozystack’s AGL today maps user-facing Kubernetes resources (Postgres, Kafka, Bucket, …) to Flux HelmRelease objects. Helm is the only supported backend.

These drafts propose two ways to also emit Terraform CRs of flux-iac/tofu-controller — so platform engineers can describe cloud primitives (VPCs, DNS zones, managed services) under the same AGL abstraction.

Documents

  • Draft 1 — Parallel Tofu Stack A new TofuApplicationDefinition CRD with its own apiserver and reconciler, mirroring the existing Helm AGL one-to-one.

  • Draft 2 — Pluggable Backend Refactor AGL so Helm and Terraform are two implementations of one Backend interface, behind a single ApplicationDefinition CRD.

  • Presentation Slide deck summarising both drafts, side-by-side comparison and recommendation.

Recommendation in one paragraph

Ship Draft 1 as a feature-branch PoC first to surface concrete requirements (vars marshalling, cloud-creds runner pods, output secret handling). Then, with two working backends in hand, refactor toward Draft 2 — the interface is designed against real code, not speculation. Trades a small amount of throwaway code for much lower risk of a bad abstraction.

Source

Repository: github.com/kitsunoff/cozystack-agl-backends. Drafts target cozystack/cozystack.

Draft proposal · 2026 · maintained by kitsunoff

This site uses Just the Docs, a documentation theme for Jekyll.