Getty Images

Crossplane project could disrupt infrastructure as code

An emerging CNCF project extends Kubernetes orchestration to non-container resources, displacing infrastructure-as-code tools in some early-adopter environments.

A CNCF Kubernetes orchestration project that was promoted from sandbox to incubation last month will replace infrastructure-as-code tools and reinvent cloud resource management, if its creator gets his way.

Crossplane extends the Kubernetes control plane, originally created to manage container workloads, to manage resources such as virtual machines and cloud storage objects as well. This is typically the territory of infrastructure-as-code tools such as HashiCorp's Terraform and AWS CloudFormation, which are widely used to automate the provisioning of infrastructure that underpins Kubernetes clusters.

"Using a Kubernetes control plane and declarative API to manage infrastructure, and a set of controllers to reconcile and automate the lifecycle of these resources ... is a step up from infrastructure as code," said Bassam Tabbara, the creator of Crossplane and founder and CEO of its commercial backer, Upbound.

Crossplane can also orchestrate higher-level application components such as databases and message queues -- virtually anything that can be accessed via an API. Two of the big three public cloud vendors, AWS and Azure, have certified Crossplane providers for their cloud infrastructure and services, including identity and access management accounts. A Google Cloud Platform certification is in the works, Tabbara said.

Bassam Tabbara, Upbound Bassam Tabbara

"We think of Crossplane as the convergence project for all cloud services and cloud APIs," he said. "One universal API for cloud computing."

Crossplane and Upbound.io were created by Tabbara in late 2018. Crossplane was accepted by the Cloud Native Computing Foundation (CNCF) as a sandbox project in May 2020 and promoted to the intermediate incubation stage last month. To reach incubation, Crossplane had to demonstrate production use, among other criteria. It cited users including Accenture, Deutsche Bahn, Plotly, Ripcord and Zego.

Next, the project must continue to grow its user base and community of contributors to reach the CNCF graduation stage. Companies other than Upbound -- which include Alibaba, Red Hat and IBM, according to Tabbara -- account for half of the contributions to the project, but it will take more work to ensure the project's governance is split among more companies, too, he said.

While Red Hat is contributing to Crossplane, company officials declined to comment on whether there are any plans to integrate it with the OpenShift Kubernetes platform.

Crossplane turns heads at KubeCon

Crossplane first caught the attention of the CNCF community at the virtual KubeCon North America last November, but its promotion to incubation and growing use in production have more enterprise IT pros planning to test it in the coming months.

"I started perking up last year," said Matt Young, principal cloud architect at online insurance marketplace EverQuote in Cambridge, Mass., who said he's experimenting to see if Crossplane could replace Terraform in his DevOps environment. "Crossplane is a nice way to compose systems ... [and] expose a simple set of knobs and levers to development teams."

Crossplane's Compositions mechanism could mean the EverQuote platform team can let developers provision resources such as MySQL databases or S3 buckets alongside their applications without making them deal with nitty-gritty parameters such as instance type and memory size, Young said.

At CERN, a European particle physics research center based in Geneva, Switzerland, the transition from infrastructure-as-code tools such as Puppet to Crossplane has already begun.

All the workloads [are] moving to Kubernetes gradually, including the stuff that would traditionally not fit. This allows us to rely on ArgoCD or Flux for the whole stack.
Ricardo RochaComputing engineer, CERN

"All the workloads [are] moving to Kubernetes gradually, including the stuff that would traditionally not fit," said Ricardo Rocha, a computing engineer at CERN. "This allows us to rely on Argo CD or Flux for the whole stack."

Consultants from Accenture also used Crossplane as part of the foundation for a DevOps platform they built for German railway utility Deutsche Bahn last year.

Crossplane was attractive to the project's architect because it extends Kubernetes' reconciliation loop automation to all of the platform's resources. This reconciliation loop keeps resources consistent with a desired state and avoids drift, without micromanagement from IT operations.

"I'm pretty sold on Kubernetes as an extension framework for providing services [because of] this reconciliation loop," said Jan Willies, a platform architect at Accenture Berlin. "Kubernetes brings the real world to the state which we [told] it to do."

ArgoCD integration, overlap present obstacles

The Kubernetes reconciliation loop is also part of the basis for GitOps, an approach to Kubernetes deployment in which the desired state of a system is defined declaratively in code and the running system is continually updated to reflect that desired state.

A project associated with one of the two prominent CNCF GitOps tools, Intuit's Argo CD, also pushes this Kubernetes orchestration philosophy beyond container clusters with a utility called Argo CloudOps, which competes with Crossplane.

Meanwhile, Crossplane maintainers such as Accenture's Willies are still working out kinks in the tool's integration with Argo CD for GitOps users such as CERN's Rocha.

"I had an ugly hack to get this going, but some sort of integration with the GitOps tools to do this in a better way would be great," Rocha said.

Argo CloudOps and Crossplane take different stances on infrastructure as code tools -- Argo CloudOps invokes tools such as Terraform and CloudFormation via Kubernetes, while Crossplane replaces them.

"As Intuit makes acquisitions and expands, we will acquire new organizations with different approaches [and] we want them hyper-focused on solving customer problems, not refactoring their infrastructure automation that is working," said Brett Weaver, distinguished engineer at Intuit. "We have teams building on serverless who may not even run workloads on Kubernetes -- Argo CloudOps will allow us to support them without changing their focus."

Upbound's Tabbara countered that this makes Argo CloudOps subject to the same problems such as drift and cognitive load that users already have with existing infrastructure as code tools.

Still, for Tabbara's vision of a new universal cloud control plane to succeed, he and other Crossplane backers will need to convince the wider market to move away from tools that may be flawed but are familiar, while competitors such as Argo CloudOps continue to appear, according to analysts.

"I do think [Crossplane] can become influential, but this space might end up pretty fractured in the end," said Gary Chen, an analyst at IDC. "Right now for them, the immediate goal is to keep building the project and community. And they'll probably need some of the bigger vendors to commercialize it too."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on Containers and virtualization