[sofixa]

More and more companies (newer ones of course, those unburned by legacy) use public clouds as "managed Kubernetes and maybe a few other things like a database, load balancer, object storage". That way there is close to no lock-in, so the biggest challenge in switching clouds would be how to migrate the data and do the failover with minimal downtime.

[raffraffraff]

It may be easier, but still take a lot of work to migrate. Perhaps k8s + object store + LB is easier for the developer, who has a few AWS APIs to replace, but is otherwise not affected. But talk to the person who has to rewrite 5k+ lines of terraform, figure out users, roles & policies in a new IAM, aunderstands the differences between EKS and GKE (what's the Google equivalent for IRSA?). None of it is rocket science, but it's time consuming. And while Google can migrate data from external databases (including AWS Aurora) it's still a big squeaky-bum moment.

[ahmedtd]

Not really the point of your comment, but...

The GKE equivalent of EKS IRSA is GKE Workload Identity.

It's pretty much the same user experience:

* Enable Workload Identity on your cluster

* Create a GCP service account

* Grant your Kubernetes service account permission to act as the GCP service account.

It's a bit more seamless because you don't need to upgrade your client libraries. Instead there is an on-node metadata server that provides access tokens to workloads.

Disclosure: I work on this

[raffraffraff]

Thanks. I may have to work on this pretty soon!