What Is Crossplane?
Crossplane extends Kubernetes to manage any cloud resource using kubectl. Provision RDS databases, S3 buckets, Azure VNets, and GCP BigQuery β all with Kubernetes manifests. CNCF Graduated project.
How It Works
ββββββββββββββββββββββββββββββββββββββββββββ
β Kubernetes Cluster β
β β
β ββββββββββββββββββββββββββββββββββββ β
β β Crossplane Controller β β
β βββββββββββββββββ¬βββββββββββββββββββ β
β β β
β βββββββββββββββββΌββββββββββββββββββββ β
β β β β β
β βΌ βΌ βΌ β
β AWS Provider Azure Provider GCP Provider
β β β β β
ββββΌββββββββββββββββΌββββββββββββββββββββΌβββ
β β β
βΌ βΌ βΌ
ββββββββ βββββββββββββ ββββββββββββ
β AWS β β Azure β β GCP β
β RDS β β CosmosDB β β BigQuery β
β S3 β β AKS β β GKE β
ββββββββ βββββββββββββ ββββββββββββProvision Cloud Resources
RDS Database
apiVersion: rds.aws.upbound.io/v1beta2
kind: Instance
metadata:
name: production-db
spec:
forProvider:
region: eu-west-1
instanceClass: db.r6g.xlarge
engine: postgres
engineVersion: "16"
allocatedStorage: 100
storageType: gp3
masterUsername: admin
masterPasswordSecretRef:
name: db-password
namespace: crossplane-system
key: password
vpcSecurityGroupIds:
- sg-xxx
dbSubnetGroupName: production-subnet-group
providerConfigRef:
name: aws-productionS3 Bucket
apiVersion: s3.aws.upbound.io/v1beta2
kind: Bucket
metadata:
name: ml-artifacts
spec:
forProvider:
region: eu-west-1
tags:
Environment: production
Team: ml-platformCompositions (Platform Abstractions)
Create high-level APIs that hide cloud complexity:
# Define what a "Database" means for your org
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: databases.platform.company.com
spec:
group: platform.company.com
names:
kind: Database
plural: databases
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
spec:
properties:
size:
type: string
enum: [small, medium, large]
engine:
type: string
enum: [postgres, mysql]
---
# Teams request a database simply:
apiVersion: platform.company.com/v1
kind: Database
metadata:
name: orders-db
spec:
size: medium
engine: postgresThe Composition translates this into RDS + security groups + subnet groups + parameter groups automatically.
Crossplane vs Terraform
| Feature | Crossplane | Terraform |
|---|---|---|
| Reconciliation | β Continuous (K8s controller) | β Run-once |
| Drift detection | β Automatic (every 60s) | β Manual terraform plan |
| State | Kubernetes etcd | Separate state file |
| Language | YAML (K8s manifests) | HCL |
| Self-service | β Teams use kubectl | β Requires Terraform access |
| GitOps | β Native (Argo CD/Flux) | β οΈ Requires wrapper |
| Multi-tenancy | β Namespaces + RBAC | β οΈ Workspaces |
Key insight: Crossplane continuously reconciles β if someone manually changes a resource in the AWS console, Crossplane fixes it automatically. Terraform only detects drift on the next plan.
When to Use Crossplane
- β Platform team providing self-service infrastructure
- β GitOps workflow (Argo CD manages everything)
- β Multi-cloud or hybrid cloud
- β Want continuous drift detection
- β Kubernetes-native teams
When to Use Terraform Instead
- β Small team, simple infrastructure
- β Team already proficient in HCL
- β No Kubernetes cluster to run Crossplane
- β One-time provisioning (not continuous)
