Crossplane — The Cloud Native Control Plane Framework

Introduction

Crossplane turns Kubernetes into a universal control plane. Instead of running Terraform on a schedule, you install a provider package for AWS, GCP, Azure, Kubernetes, GitHub, Grafana, or dozens of SaaS products and then create infrastructure using normal Kubernetes resources. A controller continuously reconciles actual cloud state with the declared spec — just like workloads.

What Crossplane Does

• Extends the Kubernetes API with Managed Resources representing external cloud objects.
• Composes higher-level APIs (e.g. XPostgres) from many Managed Resources via CompositeResourceDefinitions.
• Reconciles infrastructure continuously — drift is corrected, not just detected.
• Ships an official package manager (Provider, Function, Configuration) with signed OCI artifacts.
• Works hand-in-hand with Argo CD or Flux for full GitOps infra delivery.

Architecture Overview

Crossplane runs as a core controller plus one controller per installed Provider. Managed Resources are CRDs generated from each Provider''s API surface (e.g. RDSInstance.rds.aws.crossplane.io). A Composition maps a Composite Resource Claim to one or more Managed Resources via patches and transforms. Composition Functions (v1.14+) let you write composition logic in Go, KCL, or WASM instead of YAML patches.

Self-Hosting & Configuration

• Install with the Helm chart; no external database is required — state lives in Kubernetes.
• Store cloud credentials as Kubernetes Secrets referenced by ProviderConfig objects.
• Use multiple ProviderConfigs for multi-account or multi-region layouts.
• Package your platform APIs as Configuration OCI images and push to any OCI registry.
• Observe controllers via Prometheus — reconciliation time, error count, and drift events are first-class metrics.

Key Features

• Treats infrastructure as Kubernetes resources — the same RBAC, admission, and audit trail as Pods.
• 100+ official and community providers: AWS, GCP, Azure, Alibaba, IBM, Equinix, Kafka, Vault, Datadog, …
• Composition Functions with Go / KCL / Starlark / WASM for flexible platform APIs.
• Vendor-neutral — swap out a provider without rewriting user-facing Claims.
• CNCF Incubating, strong commercial backing by Upbound and community maintainers.

Comparison with Similar Tools

• Terraform — imperative plans + state files; Crossplane is continuous, native Kubernetes reconciliation.
• Pulumi — general-purpose IaC in real languages; Crossplane focuses on K8s-native self-service platforms.
• AWS Controllers for Kubernetes (ACK) — AWS-only; Crossplane covers many clouds and adds Composition.
• Config Connector — Google-specific; Crossplane generalizes the pattern across providers.
• ArgoCD Application Sets + Terraform — still works, but lacks live drift correction and composite APIs.

FAQ

Q: Does Crossplane replace Terraform? A: It can, and also complements it — many teams keep Terraform for day-zero infra and use Crossplane for app-team self-service.

Q: Where is the state stored? A: In Kubernetes — Managed Resource .status fields hold external identifiers; no separate state file.

Q: Can I import existing cloud resources? A: Yes — set metadata.annotations.crossplane.io/external-name to the resource ID and Crossplane will adopt it.

Q: How do I write a custom composition? A: Author a CompositeResourceDefinition plus a Composition, or use a Composition Function for code-driven logic.

Sources

• https://github.com/crossplane/crossplane
• https://docs.crossplane.io