Crossplane is an open-source project for managing and provisioning infrastructure through a Kubernetes-native environment. It extends Kubernetes’ capabilities to manage external resources, letting developers deploy infrastructure components using kubectl as if they were deploying native Kubernetes applications.
Crossplane takes a declarative approach, where users define the desired state of their infrastructure through custom resources. This allows for the reconciliation process, where Crossplane continually manages the external resources to match the declared specifications. The project supports a range of infrastructure services provided by AWS, Azure, Google Cloud, and other providers, simplifying the integration process.
Crossplane uses the permissive Apache 2.0 license. It has over 200 contributors on GitHub and 6K+ GitHub stars. The project was accepted to CNCF in June 25, 2020 and received the Incubating maturity level in September, 2021.
Source: Crossplane
You can get Crossplane from the official GitHub repo.
This is part of a series of articles about Kubernetes management
Key Features of Crossplane
Crossplane offers the following features to simplify infrastructure management.
Unified API for Infrastructure
Crossplane offers a unified API that abstracts infrastructure setup across different cloud providers. Developers can handle resources across AWS, Azure, and Google Cloud using a consistent approach. It uses Kubernetes Custom Resource Definitions (CRDs) to ensure that users interact with infrastructure uniformly, regardless of the underlying provider.
The unified API simplifies the complexity associated with multi-cloud environments. Developers can use familiar Kubernetes tooling and practices to manage resources like databases, clusters, and storage across multiple clouds. This reduces the learning curve and accelerates the development process.
Infrastructure as Code
Crossplane uses an IaC approach, allowing teams to define, version, and reuse infrastructure configurations through code. The ability to check these configurations into version control systems brings traceability and collaboration to infrastructure management tasks. Crossplane configurations can be shared and repeated, improving consistency across deployments.
Crossplane integrates with continuous integration/continuous deployment (CI/CD) workflows, enabling automated testing, deployment, and scaling of infrastructure in line with application needs. Infrastructure is managed as code, meaning that changes are auditable and rollback is simplified, providing greater operational stability.
Composition Engine
Crossplane has a composition engine that allows users to define custom composite resources. These represent higher-level abstractions that bundle multiple infrastructure components into a single deployable unit. This encapsulation helps in managing complex setups with fewer errors.
The composition engine also supports defining dependencies and their lifecycle connections within the IT infrastructure. By creating custom compositions, organizations can tailor their infrastructure to their workflows and needs, enabling clear separation between different teams or services.
Extensibility and Custom Resources
Crossplane makes it possible to extend the Kubernetes API to include custom resources for various infrastructure tasks. Users can define CRDs to represent external resources, allowing Kubernetes to manage these resources alongside native ones. This makes integrations smoother and more manageable.
Custom resources in Crossplane can include customized service compositions or entirely new services. This leads to a highly customizable platform that can grow and adapt to the needs of business teams and developers, offering a competitive advantage.
Tips from the expert
Itiel Shwartz
Co-Founder & CTO
In my experience, here are tips that can help you make better use of Crossplane:
Leverage composite resources for scalability:
Use Crossplane’s composite resources to encapsulate complex setups. This approach reduces configuration errors and simplifies management, especially in multi-cloud scenarios.
Create reusable configuration templates:
Develop reusable Crossplane configuration templates for common infrastructure setups. This improves consistency and reduces the time needed for deployment in different environments.
Implement custom health checks:
Integrate custom health checks for managed resources to provide more detailed insights into their status and performance, beyond the basic Kubernetes status indicators.
Automate provider updates:
Set up automation to regularly check for and apply updates to Crossplane providers. Keeping providers up to date ensures compatibility with cloud services and access to new features.
Monitor resource quotas and limits:
Regularly monitor and adjust Kubernetes resource quotas and limits to ensure Crossplane operates efficiently, especially in environments with multiple namespaces and teams.
CrossPlane vs. Terraform: What Is the Difference?
Crossplane and Terraform are both widely used tools for managing infrastructure as code, but they have different approaches and use cases.
Integration with Kubernetes
Crossplane integrates deeply with Kubernetes, allowing you to manage both Kubernetes resources and cloud infrastructure using Kubernetes CRDs and controllers. This means you can use Kubernetes-native tools like kubectl to manage infrastructure, which can simplify operations if you’re already using Kubernetes.
Terraform is a standalone tool that manages infrastructure independently of Kubernetes. It is more versatile for developers who are not exclusively using Kubernetes.
Declarative Approach
Both tools use a declarative approach to infrastructure management, where you define the desired state of the infrastructure, and the tool ensures that this state is achieved. However, they offer different levels of control over state.
Crossplane uses Kubernetes’ existing reconciliation loops to manage state, integrating seamlessly into the Kubernetes ecosystem. However, it can potentially introduce performance overhead due to continuous reconciliation.
Terraform’s state management is more explicit, requiring a state file to track resources. While this approach can lead to more complex workflows, it also provides a clearer picture of resource dependencies and changes.
Extensibility
Crossplane is extensible through Kubernetes CRDs and providers, but is primarily focused on cloud infrastructure and services. This can limit its use cases, making it highly specialized for cloud-native environments.
Terraform has a larger ecosystem of providers and modules, making it more extensible than Crossplane. It is versatile, with a wider range of use cases.
Community and Support
Crossplane, as a CNCF project, benefits from a strong open-source community. It is rapidly evolving with contributions from the cloud-native community, particularly those focused on Kubernetes.
Terraform, maintained by HashiCorp, has a large and active community. It also offers extensive documentation and commercial support options, making it suitable for enterprise environments.
Crossplane Providers
Crossplane integrates with providers to set up infrastructure on external services.
Provider AWS
The AWS provider for Crossplane allows users to manage AWS resources directly from the Kubernetes environment. It simplifies tasks such as configuring S3 buckets, RDS instances, and IAM roles by using Kubernetes manifests. It translates Kubernetes API calls into AWS API requests, maintaining consistency with other Kubernetes operations.
Provider Azure
Crossplane’s integration with Azure, through Provider Azure, lets users manage Azure services directly from Kubernetes. This setup supports a range of Azure resources including VMs, Storage Accounts, and Azure SQL databases. Users interact with these resources through Kubernetes-style configurations, making cloud management simpler and more intuitive.
Provider GCP
Provider GCP in Crossplane integrates Google Cloud services within the Kubernetes infrastructure, enabling the management of Google Cloud resources like Google Compute Engine instances, Google Kubernetes Engine clusters, or Cloud SQL databases.
Provider Kubernetes
With Provider Kubernetes, Crossplane extends its management capabilities to include external cloud resources and Kubernetes clusters themselves. This provider simplifies the setup and operation of new Kubernetes clusters across different environments. It harmonizes cluster management using the familiar Kubernetes API, improving usability and control.
This integration ensures that managing Kubernetes resources, whether clusters or workloads, follows a standardized process. It supports scaling up operations while enabling cohesive management of multi-cluster environments.
Crossplane Limitations
When evaluating Crossplane, you should be aware of the following limitations.
Complexity in Setup and Management
Implementing Crossplane involves a complex setup process. This is due to its extensive integration with Kubernetes and the need for detailed configuration of providers and resources. For organizations new to Kubernetes or with limited technical capability, the initial setup can be challenging and resource-intensive.
Ongoing management can also become complicated as dependencies and configurations increase. Without proper documentation and skilled personnel, maintaining an environment managed by Crossplane can lead to challenges in large-scale deployments or multi-cloud configurations.
Dependency on Kubernetes Expertise
Crossplane’s reliance on the Kubernetes ecosystem can impose a steep learning curve. Organizations must have a strong understanding of Kubernetes to use it, which can pose a barrier for teams without prior Kubernetes experience or with limited technical resources.
Performance Overhead
Using Crossplane introduces additional overhead on system performance, mainly due to its operation on top of Kubernetes and the continuous reconciliation processes it performs. These operations, essential for maintaining the desired state of infrastructure, consume computational resources, which can affect overall system efficiency.
In environments with high complexity or a large number of managed resources, there can be a greater impact on performance. Organizations need to balance the benefits of automation and uniform management against the potential decrease in performance, especially in resource-constrained scenarios.
Tutorial: Getting Started with Crossplane on AWS
The instructions and code below are adapted from the official Crossplane documentation.
Prerequisites
Before you begin, ensure you have the following:
- A Kubernetes cluster with 2 GB or more of RAM.
- Permissions to create pods and secrets in the Kubernetes cluster.
- Helm v3.2.0 or a later version.
- An AWS account with permissions to create S3 storage buckets.
- AWS access keys.
Installing Crossplane
To install Crossplane in your existing Kubernetes cluster, you can use Helm:
- Add the Crossplane Helm Chart repository:
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
- Next, run a Helm dry-run to see all the Crossplane components:
helm install crossplane crossplane-stable/crossplane --dry-run --debug --namespace crossplane-system --create-namespace
- Install the Crossplane components with Helm:
helm install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace
- Verify the installation using the
kubectl get podscommand:
kubectl get pods -n crossplane-system
You should see output similar to:
NAME READY STATUS RESTARTS AGE
crossplane-c4gd8b587-ldbfc 1/1 Running 0 48s
crossplane-rbac-manager-85679d548-6mw6f 1/1 Running 0 48s
Installing the AWS provider
You can install the provider for AWS S3 into a Kubernetes cluster with the following configuration file:
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-aws-s3
spec:
package: xpkg.upbound.io/upbound/provider-aws-s3:v1.1.0
EOF
Verify the provider installation using the kubectl get providers command. You should see the following:
NAME INSTALLED HEALTHY PACKAGE AGE
provider-aws-s3 True True xpkg.upbound.io/upbound/provider-aws-s3:1.1.0 89s
upbound-provider-family-aws True True xpkg.upbound.io/upbound/provider-family-aws:1.1.0 79s
Create a Kubernetes Secret for AWS
- Create a text file containing your AWS access keys:
[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY
- Save this file as aws-credentials.txt.
- Next, create a Kubernetes secret with these credentials:
kubectl create secret generic aws-secret -n crossplane-system --from-file=creds=./aws-credentials.txt
- Verify the secret with:
kubectl describe secret aws-secret -n crossplane-system
Create a ProviderConfig
Apply the following configuration to customize the settings of the AWS Provider:
cat <<EOF | kubectl apply -f -
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: aws-secret
key: creds
EOF
This configuration links the AWS credentials stored in the Kubernetes secret to the provider.
Create a Managed Resource
In this example, we’ll use Crossplane to create an AWS S3 bucket as a managed resource:
- Use the following configuration file to create an S3 bucket:
cat <<EOF | kubectl create -f -
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
generateName: crossplane-bucket-
spec:
forProvider:
region: us-east-2
providerConfigRef:
name: default
EOF
- Verify the creation of the bucket with:
kubectl get buckets
- You should see:
NAME READY SYNCED EXTERNAL-NAME AGE
crossplane-bucket-aadhx True True crossplane-bucket-aadhx 8s
Simplifying Kubernetes Management with Komodor
Komodor is the Continuous Kubernetes Reliability Platform, designed to democratize K8s expertise across the organization and enable engineering teams to leverage its full value.
Komodor’s platform empowers developers to confidently monitor and troubleshoot their workloads while allowing cluster operators to enforce standardization and optimize performance. Specifically when working in a hybrid environment, Komodor reduces the complexity by providing a unified view of all your services and clusters.
By leveraging Komodor, companies of all sizes significantly improve reliability, productivity, and velocity. Or, to put it simply – Komodor helps you spend less time and resources on managing Kubernetes, and more time on innovating at scale.
If you are interested in checking out Komodor, use this link to sign up for a Free Trial.
In addition, check out Komodor’s Open Source Project, Komoplane, which helps you experiment with visualizing Crossplane resources. The goal is to help Crossplane users to understand the structure of their control plane resources and speed up troubleshooting.
