Crossplane in Platform Engineering

Ismail KABOUBI
Edixos
Published in
5 min readSep 11, 2023

Introduction

In today’s tech world, managing resources across different cloud platforms can be a real challenge. That’s where Platform Engineering comes in, helping to streamline and simplify these tasks. But even with the rise of tools and technologies, there’s always room for improvement. Enter Crossplane. It’s a tool that’s been making waves in the cloud-native scene, and for good reason.

In simple terms, Crossplane lets us use Kubernetes, a tool many of us are already familiar with, to manage not just containers but also resources on other platforms like AWS, Azure, or GCP. This article will dive into how Crossplane fits into Platform Engineering and how it can make our tech lives a bit easier.

What is Platform Engineering ?

Platform Engineering is like the backstage crew of the tech world. While it might not always be in the spotlight, it plays a crucial role in ensuring everything runs smoothly. At its core, Platform Engineering involves creating and managing shared tools, systems, and processes that other software teams use to build, deploy, and run their applications. Think of it as building the foundation and tools for other developers to construct their projects. By providing a stable and efficient platform, it allows software teams to focus on what they do best: creating great applications without getting bogged down by the underlying infrastructure and tools.

What is Crossplane?

Crossplane is an innovative open-source tool that revolutionizes the way we manage resources. While it’s often associated with cloud providers like AWS, Azure, and GCP, Crossplane’s capabilities extend beyond that. It allows users to manage any external API using Kubernetes, a platform many developers are already familiar with. This means that whether you’re dealing with cloud infrastructure, databases, or even third-party services, Crossplane offers a unified, Kubernetes-native declarative configuration for provisioning and management. By bridging the gap between Kubernetes and external APIs, Crossplane ensures a consistent, scalable, and straightforward resource management experience.

The Platform Overview

In the vast realm of cloud-native development, Crossplane emerges as a beacon, simplifying the intricate process of resource management. Let’s delve deep into how Crossplane, combined with the power of Kubernetes, offers a streamlined experience for developers

🔐 User Authentication & Role-Based Access

  • Developer Portal: Imagine a developer, eager to kickstart their project. Their first step? Logging into a Developer Portal.
  • Identity Provider: This isn’t just any login. The portal leverages an Identity Provider, ensuring that the developer’s credentials are authenticated securely.
  • RBAC in Action: Once inside, the developer’s role determines their playground. Using Role-Based Access Control (RBAC), they’re granted permissions to specific resources, ensuring both flexibility and security.

🧩 The Magic of Crossplane Configuration

  • XRD (Crossplane Resource Definition): Crossplane’s heart beats with XRDs. These define custom resources, encapsulated within Crossplane’s configuration, ready to be utilized.
  • Compositions: Think of Compositions as the bridge. They map the XRD to managed resources in the provider, detailing how each XRD should be reconciled.

🖥 Empowering Developers with CLI

Beyond the portal, developers wield the power of a CLI tool. This direct line to the Kubernetes platform, which houses the XRDs, enables them to request the creation of external resources, making their workflow smoother.

🌉 Seamless Communication Protocols

  • RESTful Routes: The Developer Portal and the Kubernetes platform converse fluently using REST, typically channeled through the api-server’s public endpoint.
  • Fortifying Security: Given the sensitivity of data, an additional protective layer might overlay the api-server, ensuring that security isn’t compromised.

🏗 Crossplane: The Architect of the Platform

Crossplane lays down the foundational bricks, offering providers, configurations, XRDs, compositions, and more. It’s the backbone, ensuring everything stands tall and functions seamlessly.

🔄 The Reconciliation Advantage

One of Kubernetes’ gems is its reconciliation logic. What does this mean for resources birthed by Crossplane? They’re constantly reconciled against any configuration drifts, ensuring consistency and reliability.

🔗 API Gateways & OpenAPI Specification

Every resource in the API-Server boasts its OpenAPI specification. This paves the way for API Gateways to stand guard between the developer portal, CLI, and the Kubernetes API Server, streamlining communication.

🌍 Crossplane’s Diverse Provider Ecosystem

Crossplane isn’t limited. It boasts a plethora of official and community providers, catering to cloud platforms and any tool with a RESTful API. And if something’s missing? The crossplane-runtime can be harnessed to craft custom providers, ensuring that no tool, whether mainstream or niche, is left behind.

🛡 ️Integrating OPA Gatekeeper with Crossplane for Enhanced Resource Control

When it comes to ensuring that resources are created following best practices and organizational policies, OPA (Open Policy Agent) Gatekeeper stands out as a formidable ally. By integrating OPA Gatekeeper with Crossplane, organizations can enforce granular policies over the creation and configuration of resources. Imagine setting rules that dictate the regions in which certain resources can be deployed, or ensuring specific tagging standards are met for billing purposes. Gatekeeper evaluates every request against these policies, and only when they align does the resource creation proceed. This combination of Crossplane’s resource management capabilities with OPA Gatekeeper’s policy enforcement ensures that infrastructure is not only provisioned efficiently but also securely and in line with organizational standards. It’s a match made in cloud-native heaven, ensuring resources are compliant from the moment of their inception.

🛠️Enhancing the Self-Service Approach for Developers

In the modern cloud-native landscape, empowering developers is key. By integrating Crossplane with OPA Gatekeeper and other CloudNative Tools, organizations can enhance the self-service approach, granting developers greater autonomy over the resources they create. This doesn’t mean a free-for-all; it’s autonomy within the boundaries set by organizational policies.

Developers can swiftly provision the tools and infrastructure they need, without waiting for lengthy approvals. Yet, every action aligns with the organization’s standards, ensuring compliance and security. This balance between freedom and control not only boosts productivity but also instills a sense of responsibility in developers, knowing that while they have the power to create, they’re also accountable for their actions.

Conclusion

Crossplane, combined with tools like OPA Gatekeeper, is reshaping the way we approach cloud-native resource management. It offers a harmonious blend of flexibility for developers and adherence to organisational standards, ensuring efficient and compliant operations.

While we’ve touched upon the surface of its capabilities in this article, the depth and breadth of Crossplane’s potential warrant a more detailed exploration. Stay tuned for a dedicated series where we’ll dive deeper into each facet, unraveling the intricacies and showcasing the true power of Crossplane in the modern development ecosystem.

--

--