Getting Started with Crossplane

What Is Crossplane?

Crossplane is a cloud-native control plane that enables you to manage infrastructure across multiple cloud providers using Kubernetes-native APIs. Think of it as a universal interface for cloud resources that extends Kubernetes’ declarative model to external infrastructure.

Crossplane allows you to:

• Manage cloud resources using Kubernetes manifests
• Create reusable infrastructure templates
• Implement GitOps workflows for infrastructure
• Maintain consistent APIs across different cloud providers
• Automate infrastructure provisioning and management

Crossplane is particularly valuable for organizations that need to manage infrastructure across multiple cloud providers or want to provide self-service infrastructure to development teams through familiar Kubernetes APIs.

Core Concepts

Managed Resource (MR)

A managed resource represents an external service in a Provider. Crossplane calls the object inside Kubernetes a managed resource and the external object inside the Provider an external resource.

Examples:

• Amazon AWS EC2 Instance
• Google Cloud GKE Cluster
• Microsoft Azure PostgreSQL Database

Key Point: Ingress object in Kubernetes is a Custom Resource, while an EC2 instance in Kubernetes is a Managed Resource.

AWS Providers

Providers in Crossplane are like installing a Kubernetes operator for each cloud resource type. They define the Custom Resource Definitions (CRDs) that let you manage external resources as Kubernetes objects.

For AWS, there are several provider options:

1. Upbound Providers Marketplace : Official providers
2. AWS Family Providers: Official providers for specific AWS services (recommended).
3. Upjet: Code to generate Crossplane Providers from any Terraform Provider.
4. Community Upjet AWS Provider: Crossplane providers generated by Upjet code.
5. Community AWS Provider: Crossplane providers generated by AWS Go code generator.

AWS Authentication Methods

AWS provider supports several authentication methods for Crossplane providers:

1. Upbound auth (OIDC): Only supported in control planes running on Upbound Cloud Spaces
2. Static Credentials: Use AWS access keys (recommended for local development or demos).
3. WebIdentity: Use OIDC-based authentication.
4. Service Account (IRSA): Use IAM Roles for Service Accounts, typically in EKS.

For detailed instructions on each method, refer to the AWS Provider Authentication Guide.

Note: In this demo, since I’m running on k3s, I will use static credentials.

Connection Details

Connection details automatically store sensitive information from managed resources into Kubernetes secrets. This allows applications to access credentials, endpoints, and other connection data securely.

Common connection details include:

• Database connection strings
• API endpoints and credentials
• Access keys and secret keys
• Resource ARNs and IDs
• Network endpoints and ports

Example: S3 bucket connection details at the bottom of s3.yaml file.

How Connection Details Work

When you create a managed resource with connection details configured, Crossplane automatically:

1. Extracts specified fields from the resource’s status
2. Creates a Kubernetes secret with the extracted values
3. Makes the secret available for other resources or applications to consume

Benefits of Connection Details

• Security: Sensitive data is stored in Kubernetes secrets
• Automation: No manual credential management
• Integration: Easy to connect resources and applications
• Audit Trail: All access is logged through Kubernetes
• RBAC: Leverage Kubernetes RBAC for access control

Komoplane

Once you have Kubernetes running and Crossplane installed, you can use a web UI called Komoplane to visualize your Crossplane resources.

Komoplane helps you see all Crossplane objects in your cluster in a simple web interface. It is useful for understanding what resources exist and how they are connected.

To use Komoplane from your local machine (Linux):

1. Download the latest Komoplane binary for your operating system from the releases page.

2. Extract the downloaded file (if compressed) and make the binary executable:

   chmod +x komoplane
   

3. Set your Kubernetes context to the desired cluster:

   kubectl config use-context your-cluster
   

4. Run Komoplane:

   ./komoplane
   

5. Access the UI: Open http://localhost:8090 in your browser

Resources

• Crossplane Concepts Documentation
• Installation Guide
• Crossplane Providers Concepts
• Provider Marketplace
• Providers Documentation
• AWS Provider Documentation
• AWS Authentication Guide
• Managed Resources Documentation
• Crossplane GitHub Repository