Crossplane and Terraform
Today, I asked ChatGPT a few questions so I might understand whether it would be advantageous to use Crossplane with Terraform.
Here's the exchange...
Me
Please compare and contrast the use of Terraform and Crossplane when used to create and destroy managed public cloud resources.
ChatGPT
Terraform and Crossplane are both Infrastructure as Code (IAC) tools that can be used to create and destroy managed public cloud resources. However, they have some key differences in their design and use-cases.
Terraform is a tool developed by HashiCorp that allows users to define and provision infrastructure resources using HashiCorp Configuration Language (HCL). It supports a wide range of cloud providers, including AWS, Azure, and Google Cloud, as well as on-premises and other infrastructure. Terraform is focused on provisioning and managing resources on a specific cloud provider.
Crossplane, on the other hand, is an open-source control plane for multi-cloud infrastructure that allows users to define and provision infrastructure resources using Kubernetes Custom Resource Definitions (CRDs). It supports multiple cloud providers, but also provides an abstraction layer over them, allowing users to provision resources using a consistent API regardless of the underlying cloud provider.
In summary, Terraform is a cloud-agnostic tool that helps in provisioning and managing resources on a specific cloud provider, whereas Crossplane is an open-source control plane for multi-cloud infrastructure that provides a consistent API for provisioning resources across multiple cloud providers.
Me
Please contrast how Crossplane and Terraform manage state. What happens when Terraform state is lost? What happens to managed resources when the cluster Crossplane is deployed into is destroyed?
ChatGPT
Both Terraform and Crossplane manage the state of the infrastructure they are provisioning, but they do it in different ways.
Terraform uses a local or remote state file to store the current state of the infrastructure it is managing. This state file is used to ensure that the infrastructure is in the desired state after a Terraform apply command is executed. The state file can be stored locally or remotely, such as in a cloud object storage service like S3. If the state file is lost or becomes out of sync, Terraform can become unable to determine the correct state of the infrastructure, which can lead to unexpected changes or failures when applying Terraform configurations. To mitigate this issue, Terraform provides a number of state management features, such as state locking and state versioning, to help ensure the state file remains accurate.
Crossplane, on the other hand, stores the state of the infrastructure it is managing in the Kubernetes cluster where it is deployed. This state is stored in Kubernetes Custom Resource Definitions (CRDs) and can be managed using the Kubernetes API. If the Kubernetes cluster where Crossplane is deployed is destroyed, the state of the infrastructure managed by Crossplane will also be lost. However, Crossplane also has built-in recovery mechanisms to ensure that the state of the infrastructure is restored when the cluster is recreated.
In summary, Terraform uses a local or remote state file to manage the state of the infrastructure it provisions, whereas Crossplane stores the state of the infrastructure it provisions in the Kubernetes cluster where it is deployed. If the state file is lost, Terraform can become unable to determine the correct state of the infrastructure, whereas if the cluster Crossplane is deployed into is destroyed, the state of the infrastructure managed by Crossplane will also be lost, but it has built-in recovery mechanisms.
Me
Can Crossplane detect whether a resource has already been created without state? Likewise, can Terraform detect whether a resource has been created without state?
ChatGPT
Both Crossplane and Terraform can detect whether a resource has already been created without state, but they do it in different ways.
Crossplane can detect whether a resource has already been created without state by querying the Kubernetes API for the existence of the resource. Because Crossplane stores the state of the infrastructure it is managing in the Kubernetes cluster where it is deployed, it can use the Kubernetes API to check if the resource already exists. If the resource already exists, Crossplane can retrieve its current state and compare it to the desired state defined in the Crossplane resource definition.
Terraform can also detect whether a resource has already been created without state by querying the cloud provider's API for the existence of the resource. Terraform can also check if the resource already exists in the state file. If the resource already exists, Terraform can retrieve its current state and compare it to the desired state defined in the Terraform configuration file.
In summary, Crossplane can detect whether a resource has already been created without state by querying the Kubernetes API, whereas Terraform can detect whether a resource has already been created without state by querying the cloud provider's API and state file.
Me
Can you show me how to configure Terraform to update the state of an existing resource when that resource is not currently managed by Terraform?
ChatGPT
Yes, you can configure Terraform to update the state of an existing resource when that resource is not currently managed by Terraform. This can be done using the terraform import
command.
Here is an example of how to use the terraform import
command to update the state for an existing AWS S3 bucket:
# First, determine the resource type and the unique identifier for the resource you want to import
aws s3 ls # This command will show all the buckets in your AWS account
# Let's say you want to import an existing bucket named "my-bucket"
# Next, use the terraform import command to import the existing resource into Terraform's state
terraform import aws_s3_bucket.my_bucket my-bucket
The above command imports the existing S3 bucket named "my-bucket" into Terraform's state. This will allow Terraform to know about the existence of the resource and treat it as a managed resource going forward.
It is important to note that running the import command will not change the state of the resource, it just makes Terraform aware of the resource, so you will need to run terraform plan
and terraform apply
after running the import command to make sure that the resource state matches with the state defined in the Terraform configuration file.
Also, You may need to check if the provider you are using is already defined in your Terraform configuration file. If not, you need to define it before running the import command.
Me
Is it more advantageous to use Crossplane versus Terraform for the reason that Crossplane will continuously reconcile and prevent configuration drift?
ChatGPT
Crossplane and Terraform have different advantages and use cases.
Crossplane is designed to provide a unified interface for provisioning and managing multiple cloud providers and on-premises resources. It uses Kubernetes Custom Resource Definitions (CRDs) to define the desired state of the infrastructure and automatically reconciles the state of the infrastructure with the desired state defined in the CRDs. This allows for continuous monitoring and correction of any drift that may occur between the actual state of the infrastructure and the desired state. This makes Crossplane particularly useful for organizations that are looking to provision and manage resources across multiple clouds and on-premises environments using a consistent set of APIs and abstractions.
On the other hand, Terraform is a tool specifically designed for provisioning and managing infrastructure. It uses a configuration language called HashiCorp Configuration Language (HCL) to define the desired state of the infrastructure. Terraform can provision resources in multiple cloud providers and on-premises environments as well, but it doesn't have built-in mechanisms to continuously reconcile and prevent configuration drift like Crossplane. However, it can detect drift between the current state and the desired state and generates a plan that shows what changes are needed to bring the infrastructure in the desired state.
In summary, Crossplane provides continuous monitoring and correction of any drift that may occur between the actual state of the infrastructure and the desired state, making it particularly useful for organizations looking to provision and manage resources across multiple clouds and on-premises environments using a consistent set of APIs and abstractions. Terraform is a powerful tool for provisioning and managing infrastructure in multiple cloud providers and on-premises environments, but it does not have built-in mechanisms for continuous drift reconciliation like Crossplane.
Me
Are you able to articulate the benefits of using Crossplane with its Terraform provider?
ChatGPT
Using Crossplane with its Terraform provider can provide several benefits:
1. Consistent API for provisioning and managing resources: Crossplane provides a consistent API for provisioning and managing resources across multiple cloud providers and on-premises environments, regardless of whether the resources are managed using Terraform or other provisioning tools.
2. Automated drift detection and correction: By using Crossplane's built-in mechanisms for continuous monitoring and correction of any drift that may occur between the actual state of the infrastructure and the desired state, you can ensure that your resources are always in the desired state, even if they were initially provisioned using Terraform.
3. Centralized management: With Crossplane, you can centrally manage and provision resources across multiple cloud providers and on-premises environments, which can help to simplify the management and organization of your infrastructure.
4. Multi-cloud resource provisioning: Crossplane's Terraform provider allows you to provision resources across multiple clouds in a consistent way, meaning that you can use the same Terraform configuration to provision resources in AWS, Azure, GCP, and other cloud providers.
5. Reusability: With Crossplane, you can reuse the same Terraform modules and providers that you use for provisioning resources in the public cloud, in your on-premises environments as well.
6. Compliance and Governance: Crossplane can enforce compliance and governance policies by automating the detection of drift and correcting it, across all the resources provisioned by Terraform.
In summary, using Crossplane with its Terraform provider can help organizations to have a consistent, centralized and automated way to provision, manage and monitor resources in multiple cloud providers and on-premises environments, with the added benefits of compliance and governance enforcement.
Subscribe to my newsletter
Read articles from Chris Phillipson directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by