Crossplane, A Unified Approach to Automation

The end-to-end control plane for infrastructure, services, and application DevOps

The abstraction leaking

There is a leak in cognitive load abstraction by the platform team, as using Terraform modules/libraries by the product team means learning Terraform fundamentals at least. Terraform plan and apply action demands a high cognitive load going through all the changes to infrastructure. It's not ideal for protect team to perform this action. Additionally, templates erode with time exposing new parameters every day to meet different needs of different products. At some point, we will expose every parameter the cloud provider has to offer. This will create a leak in cognitive load abstraction by increasing the complexity to consume the library. Alternative methods like template forking are costly and error-prone to maintain.

Collaborative mode of interaction

Modules/libraries will demand a collaborative mode of interaction between teams, especially when we have to upgrade the library or provide a security patch or deprecate a component. The collaborative model of interaction will create a lot of friction in delivery velocity.

The access control and governance

Exposing the terraform modules to the product team will create authorization and security challenges. For example, a product team that requires a database provisioning access does not need to have access to the dependent network components. But the product team running the libraries had to configure the library with full access required by all dependent components. Governance of centralized policy and security controls will be very challenging with leaked authorization and de-centralized infrastructure management.

Synchronous provisioning

The resources are provisioned in a sequence with Terraform and other similar template-based tools. If infrastructure A depends on infrastructure B, we must define the order of execution. If one of the executions fails the whole automation fails. The monolithic representation of infrastructure and services is a key concern. Scenarios like shared infrastructure between multiple teams (CI/CD components) and private infrastructure ownership (network layer) will require us to model the infrastructure management with different team constructs. Modeling team boundaries requires an artificial effort with synchronous monolithic state files.

The multi-cloud challenge

Any organizations of a significant size run their workloads in more than one cloud provider. Embedding policies into the automation templates of every cloud provider requires a significant effort. Keeping these policies in sync across the automation scripts involves friction and is error-prone.

  1. An API model for infrastructure and services provisioning would run the implementation remotely solving the abstraction leaking.
  2. APIs can be modeled for any team construct easily with a precise authorization model.
  3. APIs are the best construct for self-service collaboration between teams.
  4. APIs provide a better construct for scenarios like security patching, version management, depreciation, policy encoding, etc.
  5. Building these APIs with Kubernetes will additionally provides drift management and will enable us to model different team boundaries with asynchronous provisioning.


Crossplane, a modern API plane-based infrastructure automation platform built on Kubernetes, matches all the attributes required for the next evolution of infrastructure engineering. It solves all the problems that we discussed by taking advantage of the Kubernetes operating model. Crosplane uses CRDs (Custom Resource Definition) a Kubernetes extension point to extend Kubernetes for the next big use case.

  1. Challenges in current infrastructure and services automation tools
  2. How Crossplane can solve these challenges and bring new capabilities to the table.
  3. Deep dive into all Crossplane concepts with hands-on examples
  4. Architecture patterns to adopt Crossplane and Kubernetes in a best possible way
  5. Ways to unify infrastructure, services, and application DevOps
  6. Engineering practices required to manage the Crossplane platform team in an organization efficiently



#ContinuousDevOps #Kubernetes #Microservices #CloudNativeApps #DevOps #Agile

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arun Ramakani

#ContinuousDevOps #Kubernetes #Microservices #CloudNativeApps #DevOps #Agile