Crossplane in Production: Scaling Cloud Infrastructure for an Insurance Giant

July 18, 2024

Read time: 4 mins

Yury Tsarev

Share:

Navigating the complexities of enterprise cloud infrastructure is a huge challenge, specifically for organizations with diverse services and teams. Crossplane, in conjunction with the Upbound platform, offers a transformative solution to streamline these operations. In our recent webinar, "Crossplane in the Trenches: Orchestrating Complexity in Enterprise Cloud Landscapes”, we delved into a compelling case study demonstrating how a large insurance provider successfully harnessed Crossplane to manage their intricate cloud environment.

This blog aims to address advanced Crossplane users looking to run in production, or presently running in production, by focusing on the real-world application and success of Crossplane in this enterprise scenario.

Introduction: Solving Enterprise Cloud Challenges with Crossplane

I’ve had the privilege of working with multiple companies across various industries, witnessing the evolution of infrastructure management firsthand. From shell scripting to infrastructure as code, and now to control plane-based architectures with Crossplane, it’s been quite a journey. A couple of years ago, I joined Upbound to lead the control plane adoption across the industry, and I’ve been passionate about it ever since.

In one of our recent projects, I had the opportunity to work closely with Jan from Cloudprizm. Together, we helped one of the world’s largest insurance companies transition to Crossplane. This case study showcases how we tackled the complexities of their cloud infrastructure and successfully leveraged Crossplane to enhance efficiency, observability, and self-service capabilities.

Case Study: Crossplane at Scale in an Insurance Giant

Our case study revolves around an insurance provider grappling with complex infrastructure management. The goal was to migrate to Crossplane to enhance efficiency, observability, and self-service capabilities. Here’s a detailed look at the steps and strategies employed.

Initial Setup and Migration

Initially, teams at the insurance company managed their infrastructure using a mix of infrastructure as code pipelines, which proved cumbersome and lacked the flexibility needed for modern cloud operations.

The transition began with creating custom Crossplane providers that expose Kubernetes CRDs to wrap existing cloud and enterprise APIs, providing a more standardized and manageable interface. This step allowed for a smoother migration path and set the foundation for further integration.

Leveraging Crossplane’s Full Potential

Over time, the teams adopted official Upbound providers, fully leveraging Crossplane’s capabilities to manage resources seamlessly. This included provisioning Azure subscriptions, virtual networks, peering, and setting up necessary IAM roles.

Advanced Tooling and Strategies

Crossplane, along with the Upbound, enabled the creation of a custom platform API. This API abstracted the complexity of underlying resources, allowing developers to focus on application logic. Azure multi-account management was abstracted away by automatically creating ProviderConfigs using Crossplane Compositions. It enabled flexible subscription access without direct credentials exposure to the platform consumers. 

Another requirement was to use strong enterprise conventions for the resource naming that is constructed from different data sources depending on the multiple composed resource state. Using bidirectional patching to share data between multiple composed resources helped to provide a reliable solution and demonstrate the feasibility of API data flow even in case of a constrained and declarative Patch and Transform engine. 

The reconciliation loop inherent in Kubernetes ensured continuous alignment between the desired and actual state of resources, mitigating configuration drift and enhancing reliability.

Dynamic Resource Management

One of the project’s challenges was managing dynamic resource creation, such as subnets based on user-provided CIDRs. This was addressed using Crossplane Composition Functions, which allowed the use of loops and conditionals. With functions like function-go-templating and function-kcl we can express the advanced composition logic. 

Controlled injection of provider-terraform covered the gap in resource API coverage. For example, we utilized data source capability to dynamically import external resources similar to the importer example. This approach provided a robust and flexible infrastructure management solution.

The team used a multi-tiered strategy to dynamically create resources, combining standard patch and transform mechanisms with advanced templating techniques.

Testing and Continuous Integration

The team explored Upbound’s testing framework, uptest, to ensure the reliability of their infrastructure code. This framework automated end-to-end testing of Crossplane Configurations, providing high confidence in the deployed solutions. The uptest framework demo is covered in detail at Crossplane Testing Patterns talk from Level Up event.

Conclusion: Crossplane and Upbound – Your Enterprise Cloud Solution

This case study underscores the transformative power of Crossplane and Upbound in managing complex enterprise cloud infrastructures. By abstracting the intricacies of resource management and providing powerful tooling for customization and observability, Crossplane enables teams to deliver value more effectively.

Upbound builds upon this to layer in features not otherwise available in OSS Crossplane alone, including enterprise security via SSO and RBAC, disaster recovery, reduced day 2 operations burden, scalability, and more. Starting with Upbound provides an easier and more reliable experience overall.

For advanced Crossplane users, the success of this insurance provider showcases the potential of adopting Crossplane and Upbound for your enterprise needs. The combination of robust infrastructure management, dynamic resource creation, and seamless integration makes this solution unparalleled in its ability to handle enterprise-scale challenges.

Experience the Power of Crossplane and Upbound

If you want to see the demo in action with Jan and I, view the webinar where we shared all of the details here. The multi-cloud landing zone abstraction example that is featured in the demo can be found at this repository here.

Upbound has a treasure trove of added benefits over the open source project to qualify it to power infrastructure at large corporations. To see how, start your 30 day trial with Upbound today

Subscribe to the Upbound Newsletter