Crossplane
Universal control plane for managing infrastructure and cloud resources via Kubernetes APIs.
About
Crossplane extends Kubernetes with CRDs that let you provision and manage external infrastructure (cloud resources, SaaS APIs, IaC runners) using standard Kubernetes manifests. It is used in this cluster primarily to run OpenTofu workspaces via the upbound/provider-opentofu, enabling infrastructure-as-code pipelines that are GitOps-driven and managed by Flux.
AlternativeTo
Self Hosted
| Tool | Open Source | Full Features | Notes |
|---|---|---|---|
| ACK (AWS Controllers for Kubernetes) | Yes | Yes | AWS-specific; no multi-cloud |
| Config Connector | Yes | Yes | GCP-specific |
| Terraform / OpenTofu | Yes | Yes | Not Kubernetes-native; Crossplane can wrap it |
Installation
Architecture
HelmRelease crossplane in namespace crossplane-system, chart version 2.2.0 from https://charts.crossplane.io/stable. Deploys the Crossplane core controller and RBAC manager. No providers are installed by the Helm chart itself — providers are managed separately via crossplane-extras.
Security
No explicit securityContext set in the HelmRelease values. RBAC manager runs cluster-wide. Resource limits: 512Mi memory / 500m CPU for both crossplane and rbac-manager. The namespace has the label secrets.k8up: "true" for k8up backup inclusion.
Updates
Managed by Renovate. Chart version is semver-pinned (2.2.0).
Administration
Usage
The Crossplane control plane watches for Composite Resource and Managed Resource objects. Providers installed via crossplane-extras (e.g. provider-opentofu) extend it with additional resource types. Operators create Provider, Function, and composition resources to define and instantiate infrastructure. The go-templating and auto-ready functions support composition pipelines.
Metadata
- HelmRelease:
crossplane@2.2.0