OpenMCF
OpenMCF
OpenMCF (Open Multi-Cloud Framework) is the open-source foundation that Planton's Infrastructure is built on. It provides three things: Protocol Buffer API definitions for infrastructure components, Infrastructure-as-Code modules (Pulumi and Terraform) that provision those components, and a standalone CLI for deploying them. OpenMCF is a separate project with its own documentation at openmcf.org.
The relationship between OpenMCF and Planton is architectural: OpenMCF defines how to deploy individual cloud resources. Planton adds workflow and governance β dependency orchestration via Infra Charts and Pipelines, credential management via Connections, team collaboration via the web console, and deployment policies via Flow Control. You can use OpenMCF without Planton; Planton uses OpenMCF under the hood.
Three Pillars
Protocol Buffer APIs
Every cloud resource type in OpenMCF is defined as a Protocol Buffer API following the Kubernetes Resource Model (KRM). Each deployment component defines:
- api.proto β The resource structure with
apiVersion,kind,metadata,spec, andstatus - spec.proto β The configuration schema with provider-specific fields and validation rules
- stack_input.proto β The input contract for IaC modules
- stack_outputs.proto β The output contract from IaC modules
These protobuf definitions are the canonical source of truth for Cloud Resource Kinds. Planton imports them directly β the resource kind taxonomy, the provider classifications, and the cross-resource dependency mechanism all originate in OpenMCF.
IaC Modules
Each deployment component includes one or both of:
- Pulumi module (Go) β A Pulumi program that provisions the infrastructure
- Terraform module (HCL) β A Terraform configuration that provisions the infrastructure
Modules are organized by cloud provider:
| Provider | Components |
|---|---|
| AWS | VPC, RDS, EKS, ECS, Lambda, S3, ALB, Route 53, and more |
| GCP | GKE, Cloud SQL, Cloud Run, VPC, Cloud Functions, GCS, and more |
| Azure | AKS, SQL Database, Storage Account, and more |
| Kubernetes | PostgreSQL, Redis, Kafka, MongoDB, Neo4j, NATS, Keycloak, Istio, cert-manager, Prometheus, and many more |
| Other | Cloudflare, DigitalOcean, Civo, OpenStack, MongoDB Atlas, Confluent, Snowflake, Auth0, OpenFGA, Scaleway |
CLI
The OpenMCF CLI (openmcf) provides standalone infrastructure deployment without requiring Planton:
- validate β Validate a Cloud Resource manifest against its protobuf schema
- pulumi β Run Pulumi operations (up, preview, destroy, refresh)
- tofu β Run OpenTofu/Terraform operations (apply, plan, destroy, refresh)
- apply β Deploy infrastructure from a manifest
- destroy β Tear down deployed infrastructure
- plan β Preview changes before applying
OpenMCF vs Planton
The boundary between OpenMCF and Planton is clear:
| Concern | OpenMCF | Planton |
|---|---|---|
| Resource definitions | Protobuf APIs for each cloud resource type | Imports OpenMCF APIs, adds platform metadata |
| Provisioning | IaC modules (Pulumi/Terraform) | Stack Jobs that execute IaC modules via Runner |
| Dependencies | ValueFromRef for cross-resource references | Infra Charts and DAG-based Infra Pipelines |
| Credentials | Local environment variables or config files | Connect (managed credential storage and resolution) |
| Orchestration | Single resource at a time | Multi-resource DAG orchestration with approval gates |
| Collaboration | CLI-only, single user | Web console, teams, audit trails, RBAC |
| State management | Local or configured backend | Managed state backends with multi-tenant isolation |
| Governance | None | Flow Control policies, deployment security tiers |
How Planton Uses OpenMCF
Planton imports OpenMCF at the API layer:
- Cloud Resource Kinds β The resource kind taxonomy defines every resource type Planton can deploy
- Cloud Resource Providers β The provider taxonomy identifies supported cloud platforms
- Cross-resource dependencies β The dependency mechanism enables resources in Infra Charts to reference outputs of other resources
- IaC provisioner selection β The provisioner taxonomy determines whether Pulumi or Terraform executes the deployment
- Component APIs β Each provider-specific component API defines the configuration structure stored in a Cloud Resource's spec
When a Stack Job executes, it uses the OpenMCF IaC module corresponding to the Cloud Resource Kind. The module receives a stack input (derived from the Cloud Resource spec), provisions the infrastructure, and returns stack outputs that are stored in the resource status.
Deployment Component Structure
Each OpenMCF deployment component follows a standard directory structure:
<provider>/<component>/v1/
api.proto # KRM resource definition
spec.proto # Configuration schema
stack_input.proto # IaC module input contract
stack_outputs.proto # IaC module output contract
README.md # Component documentation
examples.md # Usage examples
iac/
pulumi/ # Pulumi module (Go)
tf/ # Terraform module (HCL)
This structure ensures every component is self-contained with its API definition, documentation, and implementation co-located.
No Vendor Lock-In
Because OpenMCF is open-source and independent of Planton:
- Infrastructure definitions (protobuf APIs) are portable and version-controlled
- IaC modules work with standard Pulumi and Terraform toolchains
- The OpenMCF CLI can deploy resources without any Planton dependency
- Organizations can migrate between OpenMCF standalone and Planton at any time
Planton adds value through orchestration, governance, and collaboration β not by locking infrastructure definitions into a proprietary format.
Related Documentation
- Cloud Resources β Deployed instances of OpenMCF components
- Cloud Resource Kinds β The taxonomy defined by OpenMCF
- Infra Charts β Composing OpenMCF components into templates
- Stack Jobs β How OpenMCF IaC modules are executed
Next article
