

Crossplane(跨平面,意思是可以跨越多个 公有云平台) 是一个开源的 Kubernetes 插件,它允许平台团队组装来自多个供应商的基础设施,并向应用程序团队公开更高级别的自助服务 api,而不需要编写任何代码。

Crossplane 扩展您的 Kubernetes 集群,为您提供任何基础设施或托管服务的 crd。将这些细粒度资源组合成更高级别的抽象,这些抽象可以使用您喜欢的工具,也可以和已经集成到集群中的现有流程进行版本管理、管理、部署和使用。



一个composition组织一个或多个自定义资源,以响应由 ApplicationDefinition 或 InfrastructureDefinition 定义的自定义资源的创建或修改:

  • 可以定义怎样组合应用和基础设施

  • 可以定义多个资源,包括组合资源

  • 可以定义应用资源间的依赖关系

kind: Composition
  name: private-mysql-server
    connectivity: private
  # This composition declares that its input values will be read 'from' a
  # resource of the specified kind, which must be defined by an
  # InfrastructureDefinition. The field name denotes the relationship with the
  # 'fromFieldPath' notation below.
    kind: MySQLInstance
  # This composition declares that its input values will be written 'to' the
  # below resources. The field name denotes the relationship with the
  # 'toFieldPath' notation below.
  - base:
      kind: ResourceGroup
        location: West US
          name: example
        reclaimPolicy: Delete
    - fromFieldPath: "spec.region"
      toFieldPath: "spec.forProvider.location"
      - type: map
          us-west: "West US"
          us-east: "East US"
  - base:
      kind: MySQLServer
          administratorLogin: myadmin
            matchComposite: true
          location: West US
          sslEnforcement: Disabled
          version: "5.6"
            tier: Basic
            capacity: 1
            family: Gen5
            storageMB: 20480
          namespace: crossplane-system
          name: example
        reclaimPolicy: Delete
    - fromFieldPath: "metadata.uid"
      toFieldPath: ""
    - fromFieldPath: "spec.engineVersion"
      toFieldPath: "spec.forProvider.version"
    - fromFieldPath: "spec.storageGB"
      toFieldPath: "spec.forProvider.storageMB"
      - type: math
          multiply: 1024
    - fromFieldPath: "spec.region"
      toFieldPath: "spec.forProvider.location"
      - type: map
          us-west: "West US"
          us-east: "East US"
    # Specifies the (potentially sensitive) connection details that this 'to'
    # resource should expose to the 'from' resource. Names are unique across all
    # 'to' resources within this composition. Ignored by application resources.
    - name: username
      fromConnectionSecretKey: username
    - name: password
      fromConnectionSecretKey: password
    - name: endpoint
      fromConnectionSecretKey: endpoint
  - base:
      kind: MySQLServerVirtualNetworkRule
          matchComposite: true
          matchComposite: true
            name: sample-subnet
        reclaimPolicy: Delete
          name: azure-provider



kind: InfrastructureDefinition
  # InfrastructureDefinition names are subject to the constraints of Kubernetes
  # CustomResourceDefinition names. They must be of the form <plural>.<group>.
  # Any composition that intends to satisfy an infrastructure resource must
  # expose each of the named connection details exactly once in any of its
  # connectionDetails objects. The connection secret published by the defined
  # infrastructure resource will include only these connection details.
  - username
  - password
  - endpoint
  # Defines the structural schema and GroupVersionKind of this infrastructure.
  # Only a single API version of the application may exist. Additional fields
  # will be injected to support composition machinery.
    version: v1alpha1
      kind: MySQLInstance
      listKind: MySQLInstanceList
      plural: mysqlinstances
      singular: mysqlinstance
            type: string
            type: string
            type: int
        type: object
  # An optional service account that will be used to reconcile MySQLInstance
  # resources. This allows the use of RBAC to restrict which resources a
  # MySQLInstance may be composed of. The specified service account must have
  # full access to MySQLInstance resources, and 'get' access to Component
  # resources.
  # If the service account is omitted Crossplane will use its pod service
  # account to manage MySQLInstance resources. This implies that anyone with
  # sufficient RBAC permissions to create a Composition and to create a
  # MySQLInstance will be able to compose their MySQLInstance of any
  # infrastructure resource that Crossplane is able to create.
    namespace: crossplane-system
  # An optional default composition that will be set automatically for any
  # MySQLInstance custom resources that omit both their compositeSelector and
  # their compositeRef.
    name: cheap-rds
  # An optional forced composition that will be set automatically for any
  # MySQLInstance custom resource, overriding their compositeSelector and their
  # compositeRef. If defaultComposition and forceComposition are both set, the
  # forced composition wins.


ApplicationDefinition 定义了一种代表应用程序的新型自定义资源

kind: ApplicationDefinition
  # ApplicationDefinition names are subject to the constraints of Kubernetes
  # CustomResourceDefinition names. They must be of the form <plural>.<group>.
  # Defines the structural schema and GroupVersionKind of this application. Only
  # a single API version of the application may exist. Additional fields will be
  # injected to support composition machinery.
    version: v1alpha1
      kind: Wordpress
      listKind: WordpressList
      plural: wordpresses
      singular: wordpress
            type: string
            type: int
            type: string
        type: object
  # An optional service account that will be used to reconcile Wordpress
  # resources. This allows the use of RBAC to restrict which resources a
  # Wordpress application may be composed of. The specified service account must
  # have full access to Wordpress resources, and 'get' access to Component
  # resources.
  # If the service account is omitted Crossplane will use its pod service
  # account to manage Wordpress resources. This implies that anyone with
  # sufficient RBAC permissions to create a Composition and to create a
  # Wordpress resource in a particular namespace will be able to compose their
  # Wordpress of any resource Crossplane is able to create. Crossplane will
  # refuse to create resources at the cluster scope or outside of the namespace
  # in which the Wordpress was created.
    namespace: crossplane-system
  # An optional default composition that will be set automatically for any
  # Wordpress custom resources that omit both their compositeSelector and their
  # compositeRef.
    name: local-wordpress
  # An optional forced composition that will be set automatically for any
  # Wordpress custom resource, overriding their compositeSelector and their
  # compositeRef. If defaultComposition and forceComposition are both set, the
  # forced composition wins.


kind: Wordpress
  namespace: default
  name: coolblog
  # The schema for the following three fields is defined by the above
  # ApplicationDefinition.
  administratorLogin: admin
  storageSize: 2
  storageType: SSD
  # The below schema is automatically injected into the CustomResourceDefinition
  # that is created by the ApplicationDefinition that defines the Wordpress
  # resource.
  # Multiple compositions may potentially satisfy a particular kind of
  # application. Each application instance may influence which composition is
  # used via label selectors. This could be used, for example, to determine
  # whether a Wordpress application renders to a KubernetesApplication or to a
  # plain old Kubernetes Deployment.
      compute: kubernetes
      database: mysql
  # The Wordpress author may explicitly select which composition should be used
  # by setting the compositionRef. In the majority of cases the author will
  # ignore this field and it will be set by a controller, similar to the
  # contemporary classRef field.
  - name: wordpress-kubernetes-mysql
  # Each application maintains an array of the resources they compose.
  # Composed resources are always in the same namespace as the application
  # resource. Any namespaced resource may be composed; composed resources
  # model their relationship with the application resource via their
  # controller reference. The application must maintain this array because
  # there is currently no user friendly, performant way to discover which
  # resources (of arbitrary kinds) are controlled by a particular resource per
  - apiVersion:
    kind: MySQLInstanceRequirement
    name: coolblog-3jmdf
  - apiVersion:
    kind: KubernetesApplication
    name: coolblog-3mdm2


基础设施资源提供者,它是一组k8s 的CRD和controllers的组合,用于一对一的定义各个provider 提供的资源。官方提供的provider 有:

  • AWS provider

  • GCP provider

  • Azure

  • Alibaba

  • ......
    provider 主要有两种资源组成,Provider 和 ProviderConfig



基于此,推出了Terrajet 的项目,该项目将让提供商开发人员生成 CRD 并使用封装 Terraform CLI 操作的通用运行时。这样我们就可以在几分钟内添加对资源的支持。文章来源地址


