Upbound now everywhere: A fully automated Crossplane experience for platform engineers

April 30, 2024

Read time: 5 mins

Craig D Wilhite

Share:

Announcing Upbound is now available everywhere: New hybrid capabilities deliver unparalleled scalability and fully automated Crossplane to platform engineers

Enterprises are adopting Crossplane to power the next generation of infrastructure and resource provisioning. Their platform teams are creating cloud resources from tailored abstractions, resource configurations tuned for compliance to the enterprise, resource abstractions that are multi-cloud, and more. At Upbound, we understand the challenges users take on when building platforms. Especially when based on a Crossplane control plane architecture.

Upbound allows customers to offload lifecycle management, scaling and other operational toil involved with running one or more Crossplane control planes. Last year, we launched Upbound SaaS and later that year followed up with the launch of the Spaces feature to enable customers to deploy the same engine which powers Upbound SaaS. Today, we’re announcing the newest release of Upbound: it now offers a unified managed Crossplane experience available for customers anywhere–whether Upbound’s multi-tenant SaaS or single-tenant on customers’ own infrastructure.

Customers can now deploy Connected Spaces, which allows them to use the global Upbound Console and management interfaces to manage and operate single-tenant deployments of Upbound running inside their own network and infrastructure.

Complementing this, we’re announcing Cloud Spaces in Upbound, expanding customers’ multi-tenant deployment choices. Previously, Upbound appeared as one gigantic Space, hosted and managed by Upbound from our cloud environment in Google Cloud Platform (GCP). Now, users can choose a Cloud Space to host their managed control planes. Upbound SaaS offers two Cloud Spaces, AWS us-east-1 and GCP us-central-1, with Azure us-east1 coming later this quarter.

Customers have the freedom to deploy managed control planes in Cloud Spaces, their own Connected Spaces, or both. Wherever they choose, the product experience is the same.

Finally, we're also announcing several new experiences in Upbound to make it easier to secure, manage, and operate Crossplane at scale: integrated secrets management, backup and restore, integrated observability, and more.

Console: Your window into Crossplane

We hear from Crossplane users about how hard it is to get a view into a Crossplane control plane. Debugging Crossplane compositions from only a command-line interface can be challenging, getting a view of all the resource types installed on a control plane, or visualizing relationships between related managed resources. With the latest release of Upbound, customers can use the same Console and CLI management interfaces to debug managed control planes, regardless of whether it’s running in a Cloud Space or Connected Space.

The Upbound Console provides both tabular and node-based views to traverse live Crossplane compositions, inspect events and conditions, follow resource references from one resource to the next, and more.

Single and multi-Crossplane experiences out of the box

Upbound today offers several new features that make Crossplane operators’ jobs easier: integrated shared secrets, integrated backup and restore, auto-upgrade controls, and more. Also in preview today is a new observability pipeline for managed control planes.

Control plane groups and group-level experiences

Upbound now supports control plane groups as a mechanism for logically grouping a set of control planes and their related objects. This lets users assign IAM permissions at the group-level, such as granting access for platform users to only interact with the control planes of a given group. This lets you restrict teams in a business unit to only have access to a specific managed control plane or group of control planes.

To go along with groups we’ve introduced built-in capabilities that we see users frequently needing to configure alongside their control planes: secrets and disaster recovery. We’re introducing new APIs that operate at the group-level (multi-control plane) and individual control plane level:

  • Upbound’s built-in Shared Secrets functionality is based upon External Secrets Operator and enables you to synchronize external secrets from a central keystore directly into your control planes. It supports keystores such as AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, and more. There is no need to install third-party components; it’s available out-of-the-box.
  • The new Shared Backups functionality allows users to configure automatic backup schedules for one or more control planes in a group. Users can restore control planes to an earlier state from these backups. 

Automatic upgrades and release channels

Every control plane in Upbound now exposes optional controls for users to configure how Crossplane gets automatically upgraded. This feature makes it easier for customers to ensure their control planes stay up-to-date with the latest security patches and features. Users have the flexibility to offload upgrades entirely to Upbound by opting into designated release channels (Rapid, Stable, or Patch) OR by choosing to pin a control plane’s Crossplane version to a specific supported release (release channel: None). 

Enterprise security and Upbound IAM

Available today from the Upbound Console, organizations can enable and configure Single Sign-On (SSO) and Directory Sync to enforce access within their organization on Upbound. Organizations can use Upbound IAM to configure access control for managed control planes running everywhere.

Integrated observability pipeline

Available in preview for customers who’ve deployed Connected Spaces and coming soon to customers running in Cloud Spaces, Upbound features an integrated observability pipeline. This feature is built on the OpenTelemetry project and helps customers collect and export logs, metrics, and traces for everything running in Upbound.

The pipeline aggregates all telemetry coming from individual managed control planes. Customers can configure it to export what’s collected to their preferred 3rd party observability solution, such as Datadog, New Relic, or others.
 

Migrate to Upbound and get started today

If you’re interested in trying out Upbound but you’ve already deployed Crossplane on your own, it’s easy to switch. Upbound’s new migration tooling, available in the up CLI under the up migrate subcommand, handles the heavy lifting of exporting the state of a control plane into an archive so you can import it into a managed control plane. This lets you easily migrate into managed control planes without needing to redeploy all your cloud resources.

Learn more about all that’s new in Upbound by registering for our next webinar Crossplane at Scale, Made Easy with Upbound on May 22 or by registering for the event Level Up with Crossplane, presented by Upbound on May 7.

Or, if you’re new to Crossplane, there’s no easier place to get started than with Upbound. Sign up for a demo with our team to see its full potential. For pricing and other commercial information, contact Upbound sales.

Subscribe to the Upbound Newsletter