Multi-Cloud Strategy: Portability and Tradeoffs
Design for multi-cloud environments—avoiding vendor lock-in, managing multiple cloud providers, and understanding the real tradeoffs of multi-cloud architectures.
Multi-Cloud Strategy: Portability and Tradeoffs
Introduction
When multi-cloud makes sense
Multi-cloud makes sense when data residency or regulatory compliance requires it. Some data must remain within specific geographic boundaries or within specific providers due to contractual or regulatory requirements. Financial institutions and government agencies often face these constraints.
Multi-cloud also makes sense when you need best-of-breed services. If AWS has a machine learning service that Azure cannot match, or Azure has superior identity integration for your Windows workloads, using different providers for different workloads is reasonable when the workloads are genuinely distinct.
When to stick with a single cloud
Avoid multi-cloud for resilience. The theory sounds good—failover when one cloud has an outage—but maintaining an operational failover environment costs more than accepting the rare regional outage. True failover requires replicated data, synchronized configurations, and regular testing. Most organizations discover the operational burden exceeds the benefit.
Avoid multi-cloud if your team lacks the engineering capacity to manage complexity. Multi-cloud introduces networking, identity, billing, and operational challenges that require dedicated attention. A single-cloud architecture with proper high-availability design usually outperforms multi-cloud at lower cost.
Avoid multi-cloud if you are early in your cloud journey. Building expertise across multiple providers simultaneously dilutes your team’s depth. Master one platform first, then expand when you have clear requirements that one provider cannot meet.
Portability Patterns and Abstractions
True workload portability requires abstracting away provider-specific details. This happens at several layers.
Containerization abstracts compute. If your application runs in Docker containers, the underlying cloud VM matters less. Kubernetes further abstracts by providing a consistent API across providers.
# Kubernetes deployment - same everywhere
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp
spec:
replicas: 3
selector:
matchLabels:
app: webapp
template:
spec:
containers:
- name: webapp
image: myregistry/webapp:v1
ports:
- containerPort: 8080Service mesh adds another portability layer. Tools like Istio and Linkerd abstract network identity and routing policies away from the underlying cloud networking.
Terraform and other infrastructure-as-code tools abstract provisioning. Write Terraform once, deploy to AWS, Azure, or GCP by changing the provider. This works well for compute and networking but breaks down for provider-specific services.
# Abstract compute - same across clouds
resource "aws_instance" "server" {
instance_type = "t3.micro"
ami = "ami-0c55b159cbfafe1f0"
}
resource "azurerm_virtual_machine" "server" {
vm_size = "Standard_D2s_v3"
}
resource "google_compute_instance" "server" {
machine_type = "e2-micro"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
}Kubernetes as Multi-Cloud Layer
Kubernetes is the closest thing to a true multi-cloud abstraction. A cluster running on any major cloud provider looks the same from the application perspective. Your deployments, services, and ingresses work identically whether the underlying nodes run on AWS, Azure, or GCP.
This abstraction has limits. Cloud-specific load balancers differ in their integration with Kubernetes services. Storage classes tie to cloud-specific storage backends. Node provisioning varies between providers. But the application workload itself remains portable.
# Same kubectl commands regardless of cloud
kubectl apply -f deployment.yaml
kubectl get pods -n production
kubectl scale deployment webapp --replicas=5Managed Kubernetes services like EKS, AKS, and GKE reduce operational burden but introduce their own provider-specific tooling for cluster management, upgrades, and identity integration.
Cross-cloud Kubernetes clusters—where a single cluster spans multiple cloud providers—exist in research and enterprise projects but are not production-ready for most organizations. The networking complexity and operational burden exceed what most teams can sustain.
Cloud-Agnostic Tools and Services
Several tools deliberately abstract across cloud providers.
Terraform handles infrastructure provisioning consistently across all major providers. State management, providers, and modules work the same regardless of where you deploy.
Prometheus and Grafana provide monitoring that does not tie you to cloud-specific observability services. CloudWatch, Azure Monitor, and Cloud Logging are convenient but create dependencies.
Vault by HashiCorp manages secrets consistently across any environment. Cloud provider secret managers are convenient but tie you to those providers.
GitHub Actions, GitLab CI, and Jenkins run CI/CD pipelines without depending on cloud-specific build infrastructure.
The pattern is clear: infrastructure and operational tooling should be cloud-agnostic, while application code can remain portable across container platforms.
When Multi-Cloud Makes Sense
Multi-cloud makes sense when regulatory or contractual requirements mandate specific providers for specific workloads. Financial services companies with data residency requirements often must use particular providers in particular regions.
Organizations with strong negotiating leverage may use multi-cloud as a bargaining chip with vendors. Running a workload on AWS and Azure gives you leverage in pricing negotiations with both.
Engineering-forward organizations with platform teams capable of managing abstraction layers can extract value from multi-cloud. The platform team builds the abstractions, and product teams deploy without caring where the workload runs.
When Multi-Cloud Does Not Make Sense
For most organizations, multi-cloud creates complexity without proportionate benefit. The cost of maintaining expertise in multiple clouds, managing different APIs and tooling, and debugging cross-cloud issues exceeds the value of the theoretical portability.
A single-cloud architecture with strong internal abstractions—containerization, infrastructure as code, and loose coupling—achieves most of the portability benefit at a fraction of the complexity.
The rare multi-day outages that make headlines rarely affect critical workloads. Regional redundancies within a single cloud provider handle most failure scenarios. Organizations that built multi-cloud architectures for resilience often find they did not actually test the failover paths and discover the gaps only during real failures.
Managing Complexity
If you proceed with multi-cloud, invest heavily in automation and abstraction. Every manual process multiplies in complexity when applied across providers.
Minimum viable multi-cloud automation stack:
- Terraform for infrastructure provisioning
- Kubernetes for compute abstraction
- Vault for secrets management
- Cross-cloud DNS and traffic management
- Unified monitoring and loggingWithout this investment, you end up with two (or three) separate cloud operations teams, each maintaining their own tooling and processes. This fragmentation undermines the portability goal and increases operational burden.
The complexity also affects hiring. Engineers with deep multi-cloud expertise are rare and expensive. Teams often end up with engineers who know one cloud well and are competent in others, creating knowledge gaps that slow down incident response.
Multi-Cloud Architecture Layers
flowchart TD
A[Application Layer] --> B[Containers / Docker]
B --> C[Kubernetes Orchestration]
C --> D[Terraform / IaC]
D --> E[Cloud Provider APIs]
E --> F[AWS]
E --> G[Azure]
E --> H[GCP]
F --> I[EC2, S3, IAM]
G --> J[VMSS, Blob, Entra ID]
H --> K[GCE, GCS, SA]Production Failure Scenarios
| Failure | Impact | Mitigation |
|---|---|---|
| Cross-cloud DNS failover not tested | Failover fails at the worst moment, extended outage | Test DNS failover quarterly, automate with health checks |
| Terraform state drift between providers | Infrastructure diverges from code, unpredictable behavior | Use remote backends with locking, run terraform plan in CI |
| Kubernetes storage class incompatibility preventing pod migration | Pods cannot move between clusters, capacity issues unresolved | Use cloud-agnostic storage solutions like Rook/Ceph for migration-critical volumes |
| Credential rotation failure in one cloud | Automation breaks for that cloud, deployments stop | Test credential rotation in staging first, have rollback procedure |
| Network latency difference between clouds | Users experience different performance by region | Test from each region, use geo-distributed load balancers |
Observability Hooks
Cross-cloud monitoring strategy:
# Query costs across clouds with CloudHealth or Spot.io
cloudhealth --report costs --split-by provider
# Aggregate metrics with Prometheus federation
prometheus --web.config.file=web-config.yml \
--rule.files=rules.yml \
--storage.tsdb.path=data/prometheus
# Centralized logging to a cloud-agnostic tool
# Example: shipping logs from all clouds to Loki
loki --config.file=loki-config.ymlWhat to monitor across all clouds:
- Cost per cloud — unexpected spikes indicate drift or misconfiguration
- API error rates per cloud — provider issues or your misconfiguration
- Cross-cloud network latency — DNS propagation, CDN performance
- IaC drift detection — terraform plan output as a metric
Common Anti-Patterns
Multi-cloud for resilience without testing failover. Running workloads on two clouds does not give you resilience if you never tested moving traffic between them. Most organizations discover their failover paths are broken when they need them.
Using different tools per cloud without abstraction. If you use CloudFormation for AWS and ARM templates for Azure with no shared abstraction, you double your operational burden without meaningful portability.
Ignoring cross-cloud networking costs. Egress fees between clouds can dwarf the compute savings. A workload that costs less on Azure than AWS may become more expensive when you add the data transfer costs.
Over-engineering abstraction from day one. Build the abstraction when you actually need to move workloads, not before. Most organizations start with one cloud and add another slowly—plan for that trajectory rather than designing for an idealized three-cloud deployment from the start.
For more on cloud cost management, see our post on Cost Optimization. For container orchestration across clouds, see Kubernetes. For infrastructure-as-code that abstracts cloud providers, see Terraform.
Trade-off Summary
| Approach | Resiliency | Complexity | Cost | Best For |
|---|---|---|---|---|
| Single cloud (HA) | High | Low | Lower | Most applications |
| Active-passive failover | Very high | Medium | Medium-high | Critical workloads |
| Active-active multi-cloud | Highest | Very high | Very high | Hyperscale requirements |
| Multi-vendor (distinct workloads) | Medium | Medium | Varies | Regulatory/compliance |
| No abstraction (pure provider API) | N/A | Lowest | Varies | Learning / prototyping |
| Abstraction layer | Portability | Complexity | Ecosystem |
|---|---|---|---|
| Kubernetes | High (workloads) | Medium | Massive |
| Terraform | High (infra) | Medium | Largest |
| Pulumi | High (infra) | Higher | Large |
| cloud-ndk /TerraForm | Medium | High | Growing |
| Direct provider SDK | None | Low | Native only |
Interview Questions
Multi-cloud makes sense for a startup only if regulatory or contractual requirements mandate specific providers, or if you have a specific managed service that one provider offers and others don't. If you're building on AWS and Azure has something Azure doesn't, it's worth considering.
For most startups, single cloud wins. The engineering capacity to manage multi-cloud abstractions, different provider APIs, and cross-cloud networking is enormous. That capacity is better spent on product. Start with one provider, build strong internal abstractions, and consider multi-cloud only when you have clear requirements that one provider cannot meet.
Kubernetes abstracts compute—your deployments, services, and ingresses work the same regardless of where nodes run. The breakdown points are load balancer integration, storage classes, and node provisioning. Cloud-specific load balancers integrate differently with Kubernetes services. Storage classes tie to cloud-specific backends. Node provisioning varies between providers.
Terraform abstracts infrastructure provisioning. Write once, deploy to AWS, Azure, or GCP. It breaks down for provider-specific services—Lambda versus Azure Functions versus Cloud Functions are fundamentally different. The networking, compute, and storage layers port well; managed services don't.
Service meshes like Istio abstract network identity and routing. They help with portability but add significant operational complexity.
Egress fees are the hidden killer. A workload that costs less on Azure than AWS becomes more expensive when you add cross-provider data transfer costs. The rule: keep data and compute in the same provider unless you have a strong reason not to.
Use cloud-agnostic tools for cost management—Prometheus for metrics, Loki for logs, Terraform for provisioning. Native cost tools like Cost Explorer and Cloud Health are provider-specific and don't give you cross-cloud visibility.
For true cost arbitrage, look at specific managed services where one provider is dramatically cheaper. GPU workloads on Lambda Labs or CoreWeave, Cloudflare R2 for zero-egress storage. These work when the workload is genuinely distinct and data transfer costs are minimal.
Start with health checks. Each cloud endpoint should have an health check that tests actual responsiveness, not just that the IP is reachable. Route53 or any major DNS provider can use these health checks to fail over.
The strategy: primary in Cloud A, secondary in Cloud B. When the health check fails for N consecutive checks, DNS updates to point to the secondary. Set TTL low enough that failover happens quickly, but high enough that normal operation doesn't incur excessive DNS resolution overhead.
Test the failover quarterly. Most organizations discover their failover paths don't work when they actually need them. Automate the test—spin up traffic in the secondary, verify responses, then clean up.
Active-active means both clouds receive traffic simultaneously. This gives you true high availability—if one cloud fails, the other handles all load. The complexity and cost are highest because you're running full capacity in both locations all the time.
Active-passive means secondary cloud is on standby. It only receives traffic when the primary fails. This is cheaper—secondary runs at minimal capacity until failover—but there's risk. The secondary's infrastructure may not handle the load it suddenly receives, especially if you didn't test the failover.
For most organizations, active-passive with regular failover testing is the practical choice. True active-active across clouds is only worth it for hyperscale requirements with dedicated platform teams.
Cloud-specific storage classes are a portability killer. A PersistentVolumeClaim in AWS using EBS doesn't port to GCE. The solution is cloud-agnostic storage solutions like Rook/Ceph that run in Kubernetes itself.
If you must use cloud-native storage, design for migration from day one. Keep data in a format that transfers—block storage images you can snapshot and recreate in another provider, or object storage that both providers can access.
For critical workloads, test migration paths before you need them. Move a pod with a test volume between clusters, verify the data integrity, time how long it takes. This is not theoretical—I've seen teams discover their "portable" architecture breaks at the exact moment they need to migrate.
The platform team builds and maintains the abstractions that let product teams deploy without caring where workloads run. They own Terraform modules, Kubernetes operators, service mesh configuration, secrets management, and observability stack.
Without this investment, you end up with product teams needing deep cloud knowledge to deploy anywhere, which defeats the portability goal. The platform team shields product teams from complexity.
This requires engineers with deep multi-cloud expertise—rare and expensive. Most organizations underestimate the staffing requirements. Without dedicated platform engineers, multi-cloud becomes an operational nightmare.
Because failover sounds easy but is operationally hard. Running workloads on two clouds does not give you resilience if you never tested moving traffic between them. The actual requirements—replicated data, synchronized configurations, regular testing, automated rollback—multiply in complexity across providers.
Regional redundancies within a single cloud handle most failure scenarios. The rare multi-day outages that make headlines rarely affect critical workloads in a way that justifies the cost of full multi-cloud redundancy.
Organizations that succeed with multi-cloud planned for it from the start, have dedicated platform teams, test failover regularly, and accept the complexity as a business requirement. Everyone else discovers the gaps only during actual failures.
All three providers follow a shared responsibility model, but the boundaries differ. AWS covers the hypervisor and physical infrastructure; you own the OS, containers, and data. Azure draws the line at the host services layer for IaaS, but for PaaS services like Azure SQL, Microsoft manages more of the stack. GCP covers the underlying hardware and virtualization for Compute Engine but delegates more network configuration to users.
In a multi-cloud setup, these differences mean your security and compliance posture must account for different provider boundaries. A control that works for AWS EC2 may not map directly to Azure VMSS or GCP Compute Engine. Document the boundary for each service you use in each cloud, and ensure your security tooling can cover the gaps appropriately.
For regulated workloads, the shared responsibility confusion is where compliance breaks down. Auditors often find that teams assume the provider covers something that the team actually owns. Map it explicitly per service.
EKS runs Kubernetes upstream with AWS-specific overrides for networking, load balancing, and storage. Node provisioning uses AWS Cloud Formation or eksctl. AKS uses Azure-specific CNI plugins and Azure Policy integration. GKE has the most polished multi-cluster support with config sync built in, but its Autopilot mode removes node management entirely—which changes the portability calculus.
The portability killer is node provisioning and storage. EKS node groups don't map to AKS agent pools or GKE node pools. Managed node groups in EKS are AWS-specific. Storage classes are provider-specific—ebs-sc in AWS, managed-premium in Azure, standard in GCP. Your application PersistentVolumeClaims may not resolve the same way across clusters.
If Kubernetes portability matters, use a managed container orchestration layer on top or abstract storage with cloud-agnostic solutions like Rook/Ceph. The control plane ports well; the data plane is where portability breaks.
Cross-cloud network latency is the enemy of multi-cloud architecture. Traffic that crosses cloud boundaries adds 2-10ms of latency depending on region and provider peering. Users notice this in API calls between services running in different clouds.
The rule: co-locate related services in the same cloud. Only distribute across clouds when you have a specific reason—regulatory requirements, failover, best-of-breed services for specific workloads. Design for minimal cross-cloud traffic. Use async messaging (SQS, Service Bus, Pub/Sub) when synchronous cross-cloud calls are unavoidable.
For DNS and traffic management, use a global load balancer that can route based on geography and health. Cloudflare or Route53 with latency routing records helps direct users to the closest healthy endpoint. Egress between VPCs in the same region is cheap; cross-cloud egress is expensive and slow.
Abstraction layers at the application boundary. Use open-source tooling where possible—PostgreSQL instead of RDS-specific features, Redis instead of ElastiCache, Kafka instead of cloud-specific event streaming. The more you rely on managed services with provider-specific APIs, the tighter the lock-in.
Build a portability assessment into your architecture review. Before adopting any managed service, ask: can we run this on an open-source equivalent? If yes, prefer the open-source path or a portable managed service like PlanetScale for databases, Confluent for Kafka, or Grafana Cloud for observability.
For services where portability is impossible—like AWS Lambda or Azure Functions—accept the lock-in as a trade-off and isolate those components from the rest of your architecture. Use a clean interface boundary so the function logic could theoretically be ported if needed. Don't let a single serverless function become a monolith dependency.
Identity is one of the hardest multi-cloud problems. AWS IAM, Azure Active Directory (Entra ID), and GCP IAM have fundamentally different models. AWS uses identity-based policies attached to roles. Azure uses role assignments against Entra ID principals. GCP uses resource-based policies with member lists.
Tools like Vault by HashiCorp and cloud-agnostic identity solutions help, but you still need a consistent identity strategy across providers. The practical approach: establish a common identity layer for human access using SAML or OIDC federation. For workload identity, use short-lived credentials issued by each provider's metadata service rather than long-lived API keys.
Cross-cloud service-to-service authentication is where it gets messy. A service in AWS calling a service in Azure needs a trust relationship, shared secrets, or a central identity provider. The cleanest architecture is a service mesh that handles mTLS and identity abstraction across clusters, but that adds operational overhead.
Terraform is the primary infrastructure abstraction tool for multi-cloud. Write once, deploy to AWS, Azure, or GCP by changing the provider. State management with remote backends and locking through Consul or S3/Blob storage keeps infrastructure consistent and prevents concurrent updates from conflicting.
It falls short for provider-specific managed services. Lambda functions, Azure Functions, and Cloud Functions are fundamentally different at the code level despite similar runtime interfaces. Database services—RDS, Azure SQL, Cloud SQL—share a compatible API surface but differ in available engine versions, backup mechanisms, and failover behavior. Use Terraform for compute, networking, and storage provisioning; accept provider-specific tooling for managed services that require deep configuration.
Terraform state drift between providers is a real risk. Run terraform plan in CI for every provider. Use terraform import to capture resources created outside of Terraform. Without this discipline, your Terraform state becomes fiction and your infrastructure diverges from code.
Don't use cloud-provider-native secret managers as your primary secrets store if portability matters. AWS Secrets Manager, Azure Key Vault, and GCP Secret Manager are provider-specific. Vault by HashiCorp is the standard solution for cloud-agnostic secrets management—centralized, open-source, and works across any environment.
If you must use native secret stores, abstract them behind a common interface. Your application should never call AWS Secrets Manager directly. Instead, use a wrapper or sidecar that resolves secrets from the appropriate provider based on environment. This gives you portability at the cost of added complexity.
Credential rotation is critical and often neglected. Test automatic rotation for database passwords and API keys in staging before production. If rotation fails in one cloud but succeeds in others, you have a silent failure that surfaces during incidents.
Compliance becomes significantly harder in multi-cloud because you're now responsible for meeting regulatory requirements in each provider's environment. SOC 2, HIPAA, PCI-DSS, and GDPR each have provider-specific attestations, but the controls you implement must meet the standard regardless of which provider hosts your workload.
Data residency is the most common compliance driver for multi-cloud. GDPR data must remain in EU jurisdictions for EU users. Some regulations require specific data to stay within national borders. Multi-cloud lets you route data to the appropriate provider and region to meet these requirements—but it requires careful network architecture to enforce data flow controls.
The compliance audit burden doubles or triples in multi-cloud. Auditors need evidence from each provider's environment. Your logging, monitoring, and access controls must aggregate across providers in a way that produces a coherent compliance picture. Without centralized logging, compiling audit evidence is manual and error-prone.
Egress fees can make a theoretically cheaper multi-cloud setup more expensive than single cloud. Moving data between AWS and Azure costs approximately $0.02-0.05 per GB depending on volume and provider. A workload that saves $500/month in compute costs by running on Azure can easily cost $800/month in egress fees if data transfer is heavy.
Design with egress costs in mind from day one. Minimize cross-cloud data transfer through strategic data placement—keep related data and services in the same provider. Use regional endpoints and CDN to reduce distance-based egress. For large data transfers, use provider-specific data transfer services like AWS Snowball or Azure Data Box which bypass egress fees for bulk transfers.
For analytics and data processing workloads, consider running the processing where the data lives rather than moving data to a central location. Cross-cloud JOINs at the database level are expensive and slow; push-down predicates and processing where data resides is more efficient.
Prometheus and Grafana are the standard for cloud-agnostic observability. Deploy Prometheus in each cloud cluster and federate metrics to a central Grafana instance. CloudWatch, Azure Monitor, and Cloud Logging are convenient but tie you to those providers' ecosystems.
OpenTelemetry is the emerging standard for distributed tracing and metrics collection that doesn't tie you to a vendor. Instrument your applications with OTel SDKs, export to any backend—Jaeger, Tempo, Prometheus, or commercial backends. This gives you portability in your instrumentation even if your infrastructure is provider-specific.
Log aggregation across clouds requires a cloud-agnostic pipeline. Ship logs from each cluster to Loki or Elasticsearch running outside any single cloud provider. Without centralized logging, debugging cross-cloud issues requires manually correlating logs from different provider consoles—slow and error-prone.
Kubernetes Federation (KubeFed) was designed to manage multiple clusters across cloud providers from a single control plane. It provides cross-cluster service discovery, DNS-based load balancing, and resource synchronization. The idea: deploy once, distribute across clouds.
In practice, KubeFed is complex to operate and limited in production readiness. Cross-cluster networking, DNS propagation delays, and inconsistent RBAC policies across providers create friction. Most teams find that operating Kubernetes federation adds more complexity than managing separate clusters with consistent tooling.
The practical alternative is GitOps-based multi-cluster management with ArgoCD or Flux. Each cluster is self-contained with its own configuration, but deployment pipelines push consistent manifests to all clusters from a single source of truth. This gives you consistency without the tight coupling that federation requires.
Step 1: Containerize the application. Docker images are the portability layer—same image tag, different cloud registries. Push to a central registry (Docker Hub, GHCR, or self-hosted) and pull from there in each cloud deployment.
Step 2: Use a cloud-agnostic CI tool—GitHub Actions, GitLab CI, or Jenkins. Define pipeline stages that build the image, run tests, and push to each cloud registry. Do not use cloud-specific build infrastructure like AWS CodeBuild or Azure DevOps pipelines unless portability isn't a requirement.
Step 3: Terraform handles infrastructure provisioning in each cloud—VPCs, clusters, service accounts, and load balancers. The same module structure with provider-specific variable files produces consistent infrastructure. Store Terraform state in a centralized remote backend with state locking.
Step 4: ArgoCD or Flux for GitOps-based deployments. Each cloud cluster runs ArgoCD watching the same Git repository. When you update the manifest in Git, ArgoCD in each cluster reconciles the state. This gives you consistent deployments across clouds with a single source of truth.
Step 5: Smoke tests after deployment in each cloud. Automated health checks post-deployment catch provider-specific failures before they reach users. Use the same test suite in each environment.
Further Reading
- Kubernetes Documentation — Official docs for workload management and portability
- Terraform Documentation — Infrastructure as code across cloud providers
- HashiCorp Vault — Secrets management across multi-cloud environments
- Prometheus — Cloud-agnostic monitoring and alerting
- CNCF Projects — Cloud-native computing foundation for portability standards
- Microsoft Cloud Adoption Framework — Multi-cloud strategy guidance from Azure
Conclusion
Key Takeaways
- True multi-cloud resilience requires tested failover paths, not just running on two clouds
- Kubernetes and Terraform provide the main portability abstractions for most workloads
- Multi-cloud complexity grows faster than most organizations anticipate
- Start with strong single-cloud abstractions before adding a second provider
Multi-Cloud Decision Checklist
# Before going multi-cloud, verify:
# 1. Do you have a platform team to maintain abstractions?
grep "platform team" /dev/null # Should exist
# 2. Have you tested cross-cloud DNS failover?
dig failover.example.com # Verify secondary resolves
# 3. Is your Terraform state centralized and locked?
ls -la terraform/*/terraform.tfstate # Should use remote backend
# 4. Do you have cloud-agnostic monitoring?
curl -s localhost:9090/metrics | grep ^prometheus # Prometheus running
# 5. Are storage classes portable?
kubectl get storageclass # Check for cloud-specific provisionersCategory
Related Posts
Choosing a Git Team Workflow: Decision Framework
Decision framework for selecting the right Git branching strategy based on team size, release cadence, and project type.
Git Flow: The Original Branching Strategy Explained
Master the Git Flow branching model with master, develop, feature, release, and hotfix branches. Learn when to use it, common pitfalls, and production best practices.
Alerting in Production: Building Alerts That Matter
Build alerting systems that catch real problems without fatigue. Learn alert design principles, severity levels, runbooks, and on-call best practices.