Cloud infrastructure management has historically presented a complex challenge, often involving a disparate collection of services, databases, and storage solutions spread across various cloud providers. While Infrastructure as Code (IaC) tools like Terraform brought much-needed structure and declarative definitions to this domain, they typically fall short in offering continuous reconciliation of the infrastructure’s actual state against its desired configuration.
In parallel, Kubernetes revolutionized application management by introducing a powerful control plane that relentlessly ensures the actual state of a cluster aligns with the desired state specified in YAML manifests. This elegant, declarative, and continuously reconciled approach raises a compelling question: why shouldn’t we apply the same robust principles to the management of our underlying cloud infrastructure? Crossplane steps in to answer this very question, extending Kubernetes’ inherent capabilities beyond application orchestration to establish it as a universal control plane for diverse cloud resources.
What is Crossplane and How Does It Work?
Crossplane acts as an innovative abstraction layer, enabling the declarative provisioning and orchestration of cloud resources across multiple vendors through a single, unified API. In essence, it transforms Kubernetes into a “universal remote” for your entire suite of cloud services, delivering two primary advantages:
- Enhanced Workload Portability: Development teams gain the ability to construct applications that can run seamlessly and without modification on any cloud provider, fostering true cloud independence.
- Continuous Reconciliation: Crossplane guarantees that your deployed infrastructure consistently matches its defined configuration. It actively monitors resources and automatically corrects any deviations, ensuring your infrastructure remains in the desired state.
How to Deploy Cloud Resources Using Crossplane
To begin managing your cloud infrastructure with Crossplane, follow these general steps, illustrated here with an example of deploying an AWS S3 bucket:
1. Set Up Crossplane in Your Kubernetes Cluster
Start by installing Crossplane within your existing Kubernetes cluster using Helm.
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane --namespace crossplane-system --create-namespace crossplane-stable/crossplane
After installation, verify that Crossplane is running correctly by checking the pods in its dedicated namespace:
kubectl get pods -n crossplane-system
Once operational, Crossplane seamlessly integrates into your cluster, ready to manage your infrastructure.
2. Install a Cloud Provider
Crossplane itself is cloud-agnostic. To interact with specific cloud environments, you need to install the relevant providers. For instance, to manage AWS resources, install the provider-aws:
kubectl crossplane install provider crossplane/provider-aws:v0.38.0
Similarly, providers for other major clouds like crossplane/provider-gcp and crossplane/provider-azure are available. Confirm your installed providers:
kubectl get providers
This step introduces new Custom Resource Definitions (CRDs) into your cluster, such as S3Bucket, RDSInstance, and VPC, which represent cloud resources as Kubernetes objects.
3. Configure Provider Credentials
For Crossplane to securely communicate with your cloud account, you must provide authentication credentials. For AWS, you would first create a Kubernetes Secret containing your AWS access details:
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./aws-credentials.conf
Next, define a ProviderConfig resource that references this secret. This tells Crossplane how to authenticate when provisioning AWS resources:
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: aws-creds
key: creds
4. Create a Cloud Resource (Example: AWS S3 Bucket)
With Crossplane configured, you can now declare cloud resources just like any other Kubernetes object. Below is an example YAML manifest for an AWS S3 Bucket:
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
name: demo-bucket
spec:
forProvider:
locationConstraint: us-east-1
providerConfigRef:
name: default
Apply this file using kubectl apply:
kubectl apply -f bucket.yaml
Crossplane’s dedicated controller will then establish a connection to AWS using the provided credentials, create the specified bucket, and continuously monitor its state. You can track the resource’s status:
kubectl get bucket
kubectl describe bucket demo-bucket
A “Ready: True” status indicates the successful live deployment of your cloud resource.
5. Clean Up Resources
The declarative nature of Crossplane extends to the full lifecycle management of resources. When you delete the YAML manifest for a resource, Crossplane will automatically decommission the corresponding real cloud resource, ensuring a clean and reversible process:
kubectl delete -f bucket.yaml
Troubleshooting Crossplane Deployments
When troubleshooting, begin by inspecting the claim using:
kubectl get claim -n <namespace>
If both synced and ready statuses are true, your resources are likely deployed correctly and ready for use. If either is false, it might simply be that resource creation is still in progress, as cloud resource provisioning can take some time. If the issue persists beyond initial deployment, the most common place to find valuable information about potential errors is by describing the composite resource (not the claim) and examining its events.
For more in-depth exploration of Crossplane, refer to the official Crossplane documentation.