DEV Community

Cover image for From Terraform to Crossplane: How to Understand Crossplane if you already know Terraform?
Saul Fernandez
Saul Fernandez

Posted on

From Terraform to Crossplane: How to Understand Crossplane if you already know Terraform?

#crossplane #terraform #kubernetes #gitops

If you work in DevOps, Terraform is likely your favorite hammer. It’s reliable, solid, and has built your whole infrastructure (I hope so, at least). But suddenly, you start hearing about Crossplane, and you see diagrams with a thousand Kubernetes cubes, names like XRD and Compositions, and your brain just goes click: "Wait, why are there so many pieces just to do the same thing?".

If you feel this way, don’t worry. It’s not that Crossplane is unnecessarily complex; it’s that we’ve shifted from writing infrastructure "scripts" to creating an "Operating System" for our cloud.

Let’s break it down with the ultimate analogy so you never get lost again.

The Automated Coffee Shop Analogy

Imagine you want to automate a coffee shop.

  • In Terraform: You write a step-by-step recipe, execute it, and the kitchen serves a coffee. If someone drinks the coffee or drops the cup, the recipe does nothing until you go back to the kitchen and hit the "Execute" button again.
  • In Crossplane: You hire a Barista (the Controller) who never stops watching the table. If the coffee disappears, he replaces it instantly without you saying a word. The Barista always ensures that reality matches the menu.

The "Dictionary" for Terraform Survivors

This is where most people get lost. Let’s translate Crossplane concepts into what you already know from Terraform:

Terraform Element Crossplane Element What is it really?
Provider Plugin (google) Provider The Brain. The binary that knows how to talk to the Google, AWS, or Azure API. This is the expert "Bartista" that knows the secrets of the coffee shop.
N/A (Manual Installation) CRD (Dictionary) The Base. What teaches Kubernetes what a "CloudRun" or a "Bucket" is. This is the menu of the coffee shop.
Resource (google_storage_bucket) Managed Resource (MR) The LEGO Piece. The smallest, rawest resource that exists in the cloud. This is the coffee cup.
Variables (variables.tf) XRD (Definition) The Contract. The 4 fields you allow the developer to fill in. This is the form to order the coffee.
Module (main.tf) Composition The Blueprint. The recipe that says: "If I'm asked for X, I'll manufacture Y and Z." This is the recipe to make the coffee.
Module Call Claim The Order. The ticket left by the developer saying: "I want my coffee." This is the order to make the coffee.

WHAT actually installs the "atomic" resource?

This is the million-dollar question. How does that Bucket appear out of thin air?

  1. The Foundation (Provider): This is what we install first. When you install the GCP Provider, the cluster "learns" languages. Before, it only spoke "Kubernetes"; now, it speaks "Google Cloud." It installs the CRDs (the base dictionary).
  2. The Blueprint (Composition): You, as a platform expert, write a Composition. This is your standard. Here, you decide that all Buckets in your company must be private and located in europe-west3.
  3. The Order (Claim): A developer creates a 5-line YAML (the Claim).
  4. The Magic: The Provider sees the Claim, checks your Composition, and says: "Okay! I'm going to create the atomic resource (Managed Resource) in Google Cloud right now, based on the Composition."

How does it improve upon my beloved Terraform?

If Terraform already works, why change? This is where Crossplane shines:

1. Goodbye to "Drift" (Deviation)

In Terraform, if someone manually deletes a resource in the AWS console, your infrastructure stays broken until the next plan/apply.
In Crossplane, the Provider is watching. If you delete the resource, Crossplane recreates it in less than 60 seconds automatically. Real auto-healing.

2. Developer Self-Service

Instead of devs asking you for changes in complex Terraform repos, you give them an interface (XRD). The dev only enters: image: my-app:v1. They don’t see (and don’t need to see) the 200 lines of network, security, and IAM configuration you’ve hidden inside the Composition.

3. A Single Language: YAML

You no longer need to manage states (tfstate) in remote buckets with complex locks. The state of your infrastructure is the Kubernetes cluster itself. If Kubernetes is alive, your infrastructure is under control.

The Elephant in the Room: Where is my "Terraform Plan", I F*****g Want to See What is Going to Happen Before It Happens!

Let’s be honest: moving to Crossplane can be terrifying. In Terraform, the plan is your safety net. You see exactly what will happen before it happens. In Crossplane, you apply a YAML, and the controller starts working. If you accidentally delete a K8s object that represents a Database... poof, your production data could vanish.

This "fire and forget" nature is what keeps many DevOps away of Crossplane.

How to Sleep at Night (Solving the State Fear)

Fortunately, there are ways to build a safety net as strong (or stronger) than Terraform’s:

  1. The "Orphan" Policy (Technological): Every Managed Resource in Crossplane has a field called deletionPolicy. By setting it to Orphan instead of Delete, you are telling Crossplane: "If someone deletes this object in Kubernetes, DO NOT touch the resource in the Cloud". This is mandatory for Databases and stateful resources.
  2. ArgoCD as your "Plan" (Methodological): If you use GitOps (and you should), ArgoCD provides a visual Diff. Before syncing, you can see exactly what fields will change. It’s your new, visual, and much more readable terraform plan.
  3. Deletion Protection (Cloud Native): Just like in Terraform, you should enable deletionProtection: true on critical resources (SQL, GCS Buckets) at the Provider level. Even if Crossplane tries to delete it, the Cloud Provider will reject the request.
  4. Finalizers (Kubernetes Native): Kubernetes won't delete an object until its "Finalizers" are cleared. This gives you a window to catch accidental deletions before they reach the Cloud API.

Final Thoughts

Don’t throw Terraform in the trash; it’s still great for static foundations (like creating the Kubernetes cluster itself). But for everything that lives and breathes (databases, queues, cloud apps), Crossplane is the next level of evolution.

You go from being a "script writer" to a Platform Architect offering a catalog of living services to your company.

What do you think of using Crossplane? Do you dare to take the leap to the Control Plane or do you use it already?

Top comments (0)