crossplane-extras

Crossplane providers and functions extending the core control plane.

About

crossplane-extras is a local kustomize overlay that installs Crossplane Provider, Function, and DeploymentRuntimeConfig resources on top of the base Crossplane installation. It wires in the OpenTofu provider and the composition helper functions used by infrastructure compositions in this cluster.

Installation

Architecture

Raw kustomize manifests (no HelmRelease). Deployed into namespace crossplane-system alongside the Crossplane core. Installs:

upbound/provider-opentofu:v1.1.0 — runs OpenTofu workspaces as Managed Resources
crossplane-contrib/function-go-templating:v0.11.3 — Go-template-based composition functions
crossplane-contrib/function-auto-ready:v0.6.0 — marks composed resources ready automatically
crossplane-contrib/function-extra-resources:v0.3.0 — fetches extra k8s resources in compositions
DeploymentRuntimeConfig: opentofu-hardening — applies hardened securityContext to the OpenTofu provider pod

Security

The opentofu-hardening DeploymentRuntimeConfig enforces: runAsNonRoot: true, runAsUser/Group: 2000, allowPrivilegeEscalation: false, capabilities: drop: ALL, readOnlyRootFilesystem: true, seccompProfile: RuntimeDefault. Writable volumes (/tofu, /tmp, /tofu/plugin-cache) are provided via emptyDir mounts.

Updates

Managed by Renovate. Package versions are semver-pinned in the manifest.

Administration

Usage

The OpenTofu provider reconciles Workspace managed resources, running tofu plan/apply inside the cluster. Composition functions (go-templating, extra-resources, auto-ready) are referenced in Composition pipelines to build complex infrastructure abstractions. Operators write XR (Composite Resource) manifests; Crossplane calls these functions to render the final managed resources.

About​

Installation​

Architecture​

Security​

Updates​

Administration​

Usage​