Crossplane

Shopify operates across AWS and GCP serving over 2 million merchants. Their platform engineering team needed to standardize infrastructure provisioning across 14 product teams deploying 200+ microservices, with Black Friday traffic requiring rapid scaling within minutes.

Stripe's platform team supports 800+ engineers across 60 product teams. Ticket-based infrastructure provisioning through a central ops team created a bottleneck averaging 4.2 days per request, blocking feature development and frustrating developers who wanted to move at startup speed despite enterprise scale.

Volkswagen's connected vehicle platform processes telemetry from 15 million vehicles across AWS, Azure, and on-premises OpenStack clusters. Regulatory requirements in the EU, China, and North America demand data residency compliance, requiring infrastructure in 8 regions with consistent security policies applied uniformly.

Airbnb's data platform team manages 1,200+ database instances across PostgreSQL, MySQL, and DynamoDB. Inconsistent database configurations caused 3 major outages in one quarter, each resulting in degraded search and booking functionality affecting millions of users during peak travel season.

Lyft's infrastructure serves 20+ million rides per week across 600+ microservices. Their infrastructure team needed to enable continuous delivery of both application code and infrastructure changes through a unified GitOps workflow, while maintaining strict audit trails required by SOC 2 Type II compliance.

Capital One's cloud platform serves 65 million banking customers and must comply with OCC, FFIEC, and PCI-DSS regulations. Their cloud governance team needed to ensure that all infrastructure across 300+ AWS accounts met regulatory requirements automatically, without creating friction that would slow down their 3,000+ engineers.

Crossplane Compositions serve as the abstraction boundary between platform teams and application teams. When Compositions expose too many parameters through the XRD schema, they effectively recreate the complexity of the underlying cloud provider APIs, defeating the purpose of abstraction. Application developers should not need to understand VPC CIDR ranges, IAM policy documents, or storage IOPS calculations to provision a database. Conversely, when Compositions expose too few parameters, teams work around the platform by requesting custom compositions or bypassing Crossplane entirely. The right abstraction level is critical because it determines whether your internal developer platform accelerates teams or becomes a bottleneck. A well-designed Composition encodes organizational standards as defaults while exposing only the parameters that genuinely vary between use cases, such as database engine version, instance size tier, and environment. This approach ensures compliance by construction while maintaining developer autonomy for the decisions that actually matter to their service.

Crossplane providers require credentials to interact with cloud provider APIs, and these credentials are among the most privileged secrets in your infrastructure. A compromised Crossplane provider credential grants the attacker the ability to create, modify, or destroy any cloud resource that the provider is authorized to manage. Many organizations make the mistake of using long-lived static credentials such as AWS IAM access keys or GCP service account JSON keys stored as Kubernetes secrets. These static credentials pose several risks: they do not expire automatically, they are difficult to rotate without downtime, they are stored in etcd which may not be encrypted at rest in all clusters, and they create a single point of compromise that could affect all managed infrastructure. In regulated industries, auditors specifically look for static credential usage as a finding. The blast radius of a credential leak is enormous because Crossplane providers typically have broad permissions to manage multiple resource types. Using short-lived tokens obtained through identity federation reduces risk by ensuring credentials expire within minutes, are never stored persistently, and can be revoked centrally through the identity provider.

As your Crossplane platform grows, managing Compositions, XRDs, and associated resources as raw YAML files applied directly to the cluster becomes unmaintainable. Without versioning and packaging, there is no way to test Composition changes before applying them to production, no way to roll back a broken Composition to a known-good version, and no way to distribute Compositions consistently across multiple Crossplane control planes. Teams often make ad-hoc changes to Compositions in production clusters to fix urgent issues, creating drift between what is in Git and what is actually running. When multiple clusters consume the same Compositions, there is no mechanism to ensure they are all running the same version or to roll out updates in a controlled manner. Configuration packages solve these problems by treating Compositions as versioned, immutable artifacts that can be tested in isolation, published to an OCI registry, and installed with explicit version pinning. This approach brings the same rigor to infrastructure platform releases that container images brought to application releases: every version is immutable, traceable to a Git commit, and deployable across environments with confidence.

Crossplane operates through Kubernetes reconciliation loops that continuously compare desired state with actual cloud state and take corrective actions. Without proper observability into these reconciliation loops, platform teams fly blind when issues arise. A composition that fails to reconcile might silently leave infrastructure in a partially provisioned state, where some managed resources were created but others failed due to rate limiting, permission errors, or API throttling. Developers see their Claim stuck in a non-ready state but have no visibility into which specific managed resource failed or why. Debugging requires manually tracing through the Crossplane resource hierarchy using kubectl describe on each composite resource and its children, which is tedious and error-prone. Rate limiting from cloud providers is a particularly insidious issue because it causes intermittent failures that are difficult to reproduce and diagnose. Without metrics on reconciliation frequency, duration, and error rates, platform teams cannot proactively detect degradation or capacity plan for their Crossplane control plane. In production environments managing thousands of resources, an unobserved Crossplane installation can silently accumulate failed reconciliations that represent real infrastructure drift, undermining the very guarantee that Crossplane is supposed to provide.

Crossplane's patch-and-transform pipeline is powerful for straightforward resource compositions, but it quickly becomes unmanageable when implementing complex provisioning logic. Real-world scenarios often require conditional resource creation (e.g., only provision a read replica if the tier is 'high-performance'), dynamic resource counts (e.g., create N worker nodes based on a scaling parameter), mathematical calculations (e.g., compute subnet CIDR ranges from a base VPC CIDR), and lookups against external systems (e.g., fetch the latest approved AMI ID from a registry). Attempting to express this logic through deeply nested patches with multiple transforms, string concatenation, and conditional readiness checks results in Compositions that are hundreds of lines long, nearly impossible to test in isolation, and fragile to modify. A single misplaced patch index can silently break the entire Composition without any compile-time feedback. When bugs occur in complex patch chains, debugging requires mentally simulating the patch evaluation order, which is error-prone and time-consuming. Composition functions solve this by allowing you to write provisioning logic in general-purpose programming languages like Go or Python, with proper control flow, error handling, type safety, and unit testability.

Most organizations adopting Crossplane already have extensive existing cloud infrastructure provisioned through consoles, CLI tools, Terraform, or other IaC tools. Attempting to migrate to Crossplane by reprovisioning all existing resources is impractical and risky because it requires downtime, risks data loss for stateful resources like databases, and demands extensive coordination across teams. Without a migration strategy, organizations end up running Crossplane only for new resources while maintaining their legacy tooling for existing ones, doubling operational complexity and preventing full realization of Crossplane's benefits like drift detection and continuous reconciliation. Resource import allows Crossplane to adopt management of existing cloud resources by reconciling a managed resource definition with an already-existing cloud resource identified by its external name or ID. This is the critical capability that makes Crossplane adoption feasible in enterprises with established cloud footprints. A well-executed import strategy allows teams to gradually migrate existing infrastructure under Crossplane management without any changes to the running resources, enabling a phased adoption that reduces risk and builds confidence incrementally.