Infrastructure as Code 2.0: Meet Crossplane, the Kubernetes Game-Changer
Oladapo Babalola
Understanding Crossplane: Control Planes, Providers, and Managed Resources
I want to tell you about this cool tool called Crossplane that I really like. It was created by the folks at Upbound, a company that’s all about making life easier for people working with cloud tech. Crossplane is an open-source project that helps you build something called a "control plane" for cloud systems without having to write a ton of complicated code.
Now, you might be wondering, “What’s a control plane?” To get that, let’s talk about distributed systems first. Imagine a big concert, you know, the kind with thousands of people.
Behind the scenes, there’s a control room where engineers manage the giant screens and sound systems. You don’t see them, but they’re calling the shots. Then, out in front, you’ve got camera crews running around, following directions to get the best shots for the audience. In tech terms, the control room is like the "control plane" and it’s in charge of everything while the camera crews are the "data plane," doing the heavy lifting, moving from one end to the other looking for the best shots to be captured
In the cloud world, AWS exemplifies this concept. When you use AWS, its control planes manage things like virtual machines, networking, databases, etc. (the data planes) that you use to build your projects.
So, what does Crossplane do? It lets you create your own control plane if you’re using Kubernetes. Think of it as a way to customize how you control cloud resources, with a backend that organizes everything and a frontend that gives you an easy way to interact with it all built on Kubernetes. You just write some simple instructions (in YAML format) and use familiar Kubernetes commands to make it happen. Pretty neat, right?
There are two key terms to know when starting with Crossplane: Providers and Managed Resources.
Providers
A provider is like a plugin that connects Crossplane to an external system (such as AWS, Azure, or GCP) and allows it to manage resources. For example, there’s an AWS provider that lets you create things like an S3 storage bucket.
For example, to install the AWS S3 provider using Crossplane, you could apply the following YAML after installing Crossplane itself (which I’ll cover next time).
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-aws-s3
spec:
package: xpkg.upbound.io/upbound/provider-aws-s3:<version>
You can explore available providers on the Upbound Marketplace: Upbound Marketplace
Managed Resources
Managed Resources are the actual cloud resources that Crossplane manages. These could be AWS EC2 instances, Azure databases, Kubernetes objects, or even GitHub repositories. Once you’ve got a provider installed, it brings along definitions for these resources, and you can set them up with a bit of YAML. For example, you could define an S3 bucket policy to control who gets access to your files as shown below:
apiVersion: s3.aws.upbound.io/v1beta1
kind: BucketPolicy
metadata:
name: example
spec:
forProvider:
bucketSelector:
matchLabels:
testing.upbound.io/example-name: s3
policy: >
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "OladapoBucketPolicy",
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": [ "arn:aws:s3:::movies", "arn:aws:s3:::movies/*"]
}
]
}
region: us-west-1
What’s Next?
In the next post, I’ll walk through:
Installing Upbound Universal Crossplane (UXP).
Setting up Providers.
How Crossplane detects and fixes drift automatically.
Crossplane isn’t just another tool; it’s a new way to think about infrastructure. And the best part? It’s all just Kubernetes under the hood.
Subscribe to my newsletter
Read articles from Oladapo Babalola directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Oladapo Babalola
Oladapo Babalola
With over 8 years of hands-on expertise in crafting and optimizing scalable infrastructure solutions, I thrive on transforming operational landscapes. My journey in the realm of DevOps has been marked by a relentless pursuit of efficiency, reliability, and cost-effectiveness, all achieved through the power of automation and industry best practices. Key Expertise: ✅ Operating Systems: Proficient in both Windows and Linux/Unix environments, with a knack for shell scripting to streamline operations. ✅ CI/CD Mastery: Skilled in leveraging a plethora of CI/CD tools including Jenkins, TeamCity, Octopus Deploy, GitHub Actions and Argo CD to orchestrate seamless software delivery pipelines. ✅ Cloud Proficiency: Well-versed in cloud platforms such as AWS, Azure, and Google Kubernetes Engine, harnessing their capabilities to architect resilient and scalable solutions. ✅ Containerization Prowess: Deep understanding and hands-on experience with Docker, Kubernetes, AKS, ECS, and EKS for efficient container orchestration. ✅ Tools of the Trade: Adept in a wide array of build tools, automation frameworks, and infrastructure-as-code solutions including Ant, Maven, Gradle, Ansible, Helm, and Terraform. ✅ Programming Skills: Proficient in Python for scripting and automation tasks, ensuring seamless integration across the ecosystem. ✅ Monitoring & Observability: Skilled in implementing and configuring monitoring tools such as Datadog, Jaeger, Azure Monitor, and CloudWatch for real-time insights and actionable intelligence. ✅ Source Control Management: Well-versed in Git, Github, and Bitbucket, ensuring version control and collaboration are seamless throughout the development lifecycle. ✅ Additional Skills: Extensive experience in Elasticsearch, Secret Management, Service Mesh, Agile methodologies, as well as various AWS and Azure services including Fargate, Lambda, EC2, RDS, Redis, Kafka, Vault, Istio, Nginx, Kiali, ELB/ALB.