We’re at the cusp of a special moment in Cloud Computing. Cloud services that cover the spectrum of “-as-a-service” – ranging from the foundational “infrastructure-as-a-service” and building on up to “5G networks-as-a-service” and beyond – have cropped up and promised customers faster time-to-market and lower overhead to operate their businesses on the global stage. Now, more than ever, organizations have a wealth of options to choose from.

But with these options comes inevitable sprawl and the challenges associated with stitching services from many vendors together. While it might feel easier to go all-in on one cloud vendor, customers risk closing themselves off from innovation happening across the rest of the industry. And even within the scope of a single cloud vendor – many of which offer ten’s of their own services – sprawl still must be contended with.

Crossplane is a technology that will unlock a “Golden Age” for organizations: it is a framework for building control planes; it gives organizations the tools and knowledge required to create solutions that can consolidate teams onto a single platform (bye bye sprawl) while enabling them to stitch across whichever cloud services are desired. However, Crossplane is not a silver bullet and there is work involved. After all, the Golden Ages of antiquity did not just “happen” upon them. It took work to achieve that prosperity, and more importantly it was the discovery of certain learnings that set them down the path towards prosperity.

Building in the Cloud

The Cloud is massive and growing: In addition to large public cloud providers such as AWS, Azure, and GCP, other providers such as Cloudflare, Snowflake, Okta, Datadog, DigitalOcean, and more offer cloud services that help organizations accomplish their business goals.

The goal of the Cloud is to allow an organization to focus on building what matters most for their business. Whether that means offloading management of underlying hardware (because they’re running in virtual machines), or managing the underlying virtual machines (because their solution is built atop of “serverless” containers), organizations should move up the stack and focus on building the unique value that makes their business tick.

However, the promises of the Cloud carry challenges in complexity as usage scales upward. Organizations may find:

• Teams build “their own way of doing things”. The more teams in an organization, the more “bespoke” platforms crop up, which impedes knowledge sharing from one team to the next and limits engineers’ lateral mobility within an organization.
• It’s hard to know whether their infrastructure is really up and running or whether it’s actually on fire. How can they be certain their infrastructure hasn’t drifted from their desired state?
• There may be a temptation to burn it all down and start over – building a platform from scratch again, until the cycle repeats itself down the road.
  

To be a bit tongue in cheek, whereas organizations were promised the rich benefits of The Cloud, they may find it takes an overwhelming amount of work to keep their bet on the Cloud from descending into the state depicted below:

You need a control plane

Control planes are a key ingredient to combatting what is described above. You need something that will:

• Configure
• Control
• Monitor
• Reconcile changes
• Be resilient
• Offers a stable interface
  

A control plane-based architecture gives you a declarative approach to defining and managing resources, continuous reconciliation of resources to eliminate configuration drift, and a pattern for achieving self-service.

The requirements list above may sound familiar because the industry recently similarly solved these challenges for container orchestration by consolidating around Kubernetes. But set aside containers for a moment. Kubernetes fundamentally offers some capabilities that make it ripe for being a control plane in general: it offers a declarative model, is self healing, offers role-based access control, has a strong ecosystem, is extensible, and offers capabilities around secrets & config management.

Crossplane is the open-source framework for building control planes, built on the foundations of Kubernetes and extending it to allow for orchestration of anything. Upbound built Crossplane and contributed back to the CNCF for this purpose: to help organizations build their platforms like the cloud vendors build theirs—with control planes. It encapsulates policies, permissions, and other guardrails behind a user-defined API line that enables users to self-service without needing to become an infrastructure expert, all while eliminating configuration drift.

Getting started with Crossplane

Crossplane extends a Kubernetes cluster, so it must be installed into one; it can be a local cluster (like kind) or pick your favorite managed K8s offering. Once you have Crossplane installed, Crossplane Providers are the first building blocks you will come across; they are bundles for a cloud service and they are the glue that allows your Crossplane control plane to talk to its associated cloud service’s API. To find what providers are available in the community today, go to the Upbound Marketplace, which is the discovery hub for Crossplane.

Suppose a user wanted their control plane to have the ability to provision a pre-configured EC2 instance along with a composite monitor in Datadog for that EC2 instance. To do this, their control plane needs to talk to AWS and Datadog, so it needs the respective Crossplane providers installed into their control plane.

If one were to peek under the covers of a Crossplane provider, they will find pairs of Kubernetes controllers and Crossplane “Managed Resources”--think of these as Crossplane representations of resources in an external system:

Going back to the AWS EC2 instance + Datadog monitor scenario above, the last key piece is that Crossplane would allow this user to expose this ability as its own API–callable, repeatable, stable, and well-defined. A single API call that:

1. abstracts away the inner-working to go set up an appropriate EC2 instance (setting its size, storage backing, whether it has an enclave, etc) and Datadog monitor (trigger window, monitor thresholds, etc)
2. Stitches together these two services running in different cloud environments
   

This powerful capability of Crossplane is called Compositions, and it’s what is going to really unlock the Cloud Golden Age. Compositions are your custom API. Compositions sit on top of those Managed Resources and “compose” them into higher-level abstractions. Not only are Compositions functionally powerful, they naturally enforce a great software development practice of “separation of concerns”. That is, “Platform teams” can be responsible for the API (its definition and implementation) and consumer/app teams can self-service consume the API without needing to understand its inner workings.

In this model with Crossplane, organizations can get started building their own internal cloud platforms on top of the growing public cloud. This is Kubernetes, after all, so standardizing on Crossplane means organizations can converge on a single platform that is flexible enough to meet the varied needs of the teams that compose their organization.

Note: If these topics interest you & you would like to help build upon them, we are hiring for various roles regarding Kubernetes and more.

Welcome to the Golden Age (Thanks Crossplane!)

Exciting times are ahead for the Crossplane community. If you are wondering where to get started, check out Upbound’s quickstart documentation. These quickstarts use Upbound’s Universal Crossplane (UXP), an open-source, downstream distro of Crossplane that is commercially supported by Upbound, and is focused on Crossplane Official Providers, also open-source and fully supported by Upbound:

• AWS quickstart
• Azure quickstart
• GCP quickstart
  

If you want to spend more time learning about Crossplane, I have explained the rise to the Golden Age even further in my webinar, “Kubernetes Powered Control Planes With Universal Crossplane”. It’s a great watch if you are looking to learn more about everything you’ve read today. You can also visit the Crossplane slack community.

If you are interested in leveraging the power of control planes and interested to learn more about what Upbound is doing in this space, try out Upbound for yourself. Enable SRE teams with a more efficient workflow and the building blocks of platform engineering by setting up your first cloud platform powered by Upbound’s managed control planes.  Sign up for your 30 day free trial here!

Cheers,

Craig D Wilhite