🎉 The Crossplane Community Day EU '21 playlist is LIVE — watch all the sessions on demand



Providers extend Crossplane to enable infrastructure resource provisioning. In order to provision a resource, a Custom Resource Definition (CRD) needs to be registered in your Kubernetes cluster and its controller should be watching the Custom Resources those CRDs define. Provider packages contain many Custom Resource Definitions and their controllers.

Here is the list of prominent providers:

AWS Provider

GCP Provider

Azure Provider

Rook Provider

Alibaba Cloud Provider

Installing Providers

The core Crossplane controller can install provider controllers and CRDs for you through its own provider packaging mechanism, which is triggered by the application of a Provider resource. For example, in order to request installation of the provider-aws package, apply the following resource to the cluster where Crossplane is running:

apiVersion: pkg.crossplane.io/v1
kind: Provider
  name: provider-aws
  package: "crossplane/provider-aws:master"

The field spec.package is where you refer to the container image of the provider. Crossplane Package Manager will unpack that container, register CRDs and set up necessary RBAC rules and then start the controllers.

There are a few other ways to to trigger the installation of provider packages:

You can uninstall a provider by deleting the Provider resource you’ve created.

Configuring Providers

In order to authenticate with the external provider API, the provider controllers need to have access to credentials. It could be an IAM User for AWS, a Service Account for GCP or a Service Principal for Azure. Every provider has a type called ProviderConfig that has information about how to authenticate to the provider API. An example ProviderConfig resource for AWS looks like the following:

apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
  name: aws-provider
    source: Secret
      namespace: crossplane-system
      name: aws-creds
      key: key

You can see that there is a reference to a key in a specific Secret. The value of that key should contain the credentials that the controller will use. The documentation of each provider should give you an idea of how that credentials blob should look like. See Getting Started guide for more details.

The following is an example usage of AWS ProviderConfig, referenced by a RDSInstance:

apiVersion: database.aws.crossplane.io/v1beta1
kind: RDSInstance
  name: prod-sql
    name: prod-acc

The AWS provider controller will use that provider for this instance of RDSInstance. Since every resource has its own reference to a ProviderConfig, you can have multiple ProviderConfig resources in your cluster referenced by different resources. When no providerConfigRef is specified, the RDSInstance will attempt to use a ProviderConfig named default.