The British payment platform Form3 processes billions of pounds, operating simultaneously on AWS, Google Cloud, and Azure. Their custom Kubernetes operators withstood a major GCP outage without stopping transactions.
At QCon London 2026, Form3 engineers shared their experience launching an active-active-active multi-cloud architecture for bank payments. This solution arose from regulator requirements to reduce concentration risks in a single cloud. Today, March 17, 2026, the Form3 story highlights real challenges and benefits of platform engineering in DevOps.
From AWS Monocloud to Triple-Active Multi-Cloud
Form3 started with an architecture deeply integrated into AWS: ECS for containers, SQS for queues, RDS for databases. This allowed a small team to deploy services quickly. However, in 2021, the UK banking regulator expressed concerns about cloud concentration risk — excessive dependence of the financial sector on a single provider.
A major client demanded a multi-cloud strategy, forcing Form3 to rebuild the platform. They deployed independent Kubernetes clusters in AWS, Google Cloud, and Azure, connected by private networks. For cross-cloud messaging, they chose NATS JetStream, and for distributed storage — CockroachDB, which operates as unified logical clusters across all environments.
Microservices were rewritten from Java to Go: smaller artifact sizes simplified deployments, and the code became more readable in repositories. These changes enabled processing billions of pounds in annual transactions without downtime.
Custom Kubernetes Operators for Three Clouds
Form3 engineers developed unique operators to solve complex challenges. For CockroachDB, a clever DNS hack was needed: a pseudo-suffix with the cloud name in Kubernetes DNS, plus redirection rules between clusters. This enabled database bootstrapping across independent environments.
The second operator, XPDB (cross-cluster pod disruption budget), protects the DB quorum during node maintenance, considering limits across all three clouds simultaneously. The third challenge — node pool updates: the Cluster Lifecycle Operator consolidated hundreds of PRs into one platform-wide process, automating day-two operations.
The result proved itself during a major Google Cloud outage in summer 2025: only a low-priority alert about crash-looping pods in GCP, with payments flowing through AWS and Azure without interruptions. Such platform engineering tools became the key to resilience.
US Lessons: When Multi-Cloud Doesn't Pay Off
Upon entering the US market, the triple-active model failed. Customers demanded geo-resilience — East Coast primary with West Coast DR, not multi-cloud. CockroachDB latency across the continent violated write SLAs.
Form3 switched to active-standby: AWS East, GCP West with backup-and-restore. The first incident two weeks after launch — an AWS VPN outage — confirmed the wisdom of waiting for recovery instead of failover. They are now adding CockroachDB logical replication and NATS replication to reduce RTO.
Key pillars of success in the UK: cloud-agnostic technologies, unified datastores, clouds as availability zones. But Holditch warned: without a strong platform team, budget, or market demand, triple-active multi-cloud leads to bankruptcy. Companies like Alashed IT (it.alashed.kz) in Kazakhstan can adapt these practices for local fintech.
Что это значит для Казахстана
In Kazakhstan and Central Asia, banks and fintech face pressure from regulators on cloud risks, similar to the UK. Local teams like Alashed IT (it.alashed.kz) can implement Kubernetes operators for multi-cloud on AWS, Azure, GCP, ensuring uninterrupted payments.
Form3 withstood the Google Cloud outage in summer 2025 without stopping payments worth billions of pounds.
The Form3 story underscores the value of platform engineering in DevOps for multi-cloud. Custom Kubernetes operators ensure uptime but require a strong team. Central Asian IT companies gain a blueprint for resilience.
Часто задаваемые вопросы
What is triple-active multi-cloud?
This is the simultaneous active operation of a platform across three clouds — AWS, Azure, GCP — with Kubernetes clusters and cross-cloud services like CockroachDB. Form3 uses this for bank payments.
What operators did Form3 develop?
XPDB for protecting DB quorum across clouds, Cluster Lifecycle Operator for node pool updates, and a DNS hack for CockroachDB bootstrapping. They automate complex day-two operations.
Why didn't multi-cloud work in the US?
Customers preferred geo-DR with low latency over multi-cloud. Form3 switched to active-standby AWS-GCP with plans for replication for fast recovery.