Streamline, Secure, Deliver: Upbound’s Guide to Level Up Your Crossplane Platform

Upbound recently hosted a webinar that showcased how Upbound is enhancing the Crossplane developer experience and outlined the work Upbound has done to create a secure software supply chain for its official providers. Whether you’re new to Crossplane or Upbound or an advanced user, this webinar session will teach you something new.

Part 1: Developer Experience With the Up CLI

Jared Watts, co-creator of Crossplane and founding engineer at Upbound, kicked off the session with a deep dive into how the up CLI simplifies the end-to-end control plane development experience. This section featured:

• How to quickly get started designing the API instead of handwriting schemas 
• Easier ways to begin developing with Crossplane
• How to ditch writing logic into YAML compositions and leverage Python, Go, and KCL functions instead
• How to test Crossplane development on real control planes

Jared takes us on a journey to explain how Crossplane development is typically accomplished and how leveraging the up CLI tooling enhances that experience. He starts by designing the API with the desired abstraction and utilizes up xrd generate to scaffold the schema and XRD automatically. Jared then writes composition logic using functions and Python, applying the up function generate, tests his work locally with up composition render, and follows up by testing on a real control plane with up project run. Lastly, he discussed how up project build and up project push take care of compiling, packaging, and publishing your control plane.

Part 2:  Software Supply Chain Security for Crossplane Providers

Ana Margarita Medina, Staff Developer Advocate, and Jason Tang, Technical Lead Manager, discussed:

• The importance of software supply chain security 
• What Upbound is doing to ensure the secure publication of Crossplane Official Providers
• How to secure the supply chain for any Crossplane package

Just like manufacturing, software delivery has dependencies, which is why every official provider includes a verifiable attestation that cryptographically links the image to a detailed Software Bill of Materials (SBOM) for auditability and vulnerability management. Crossplane users should be aware of what is in their providers and who built them. For package authors, Jason demonstrated a step-by-step workflow for securing the supply chain for any Crossplane package with tools such as Syft, Grype, and Sigstore.

Watch our webinar to level up your Crossplane platform, sign up for a free account to try out our developer tooling, and make use of Upbound’s official providers. We look forward to seeing you at the next webinar, and thank you for being part of the Upbound community.