Crossplane logo
Crossplane logo
master v2.0-preview v1.19
Latest
v1.18 v1.17

Install Crossplane

On this page
This document is for an unreleased version of Crossplane.

This document applies to the Crossplane master branch and not to the latest release v1.19.

Crossplane installs into an existing Kubernetes cluster, creating the Crossplane pod, enabling the installation of Crossplane Provider resources.

Tip
If you don’t have a Kubernetes cluster create one locally with Kind.

Prerequisites

Install Crossplane

Install Crossplane using the Crossplane published Helm chart.

Add the Crossplane Helm repository

Add the Crossplane repository with the helm repo add command.

1helm repo add crossplane-stable https://charts.crossplane.io/stable

Update the local Helm chart cache with helm repo update.

1helm repo update

Install the Crossplane Helm chart

Install the Crossplane Helm chart with helm install.

Tip
View the changes Crossplane makes to your cluster with the helm install --dry-run --debug options. Helm shows what configurations it applies without making changes to the Kubernetes cluster.

Crossplane creates and installs into the crossplane-system namespace.

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace crossplane-stable/crossplane

View the installed Crossplane pods with kubectl get pods -n crossplane-system.

1kubectl get pods -n crossplane-system
2NAME                                       READY   STATUS    RESTARTS   AGE
3crossplane-6d67f8cd9d-g2gjw                1/1     Running   0          26m
4crossplane-rbac-manager-86d9b5cf9f-2vc4s   1/1     Running   0          26m
Tip

Install a specific version of Crossplane with the --version <version> option. For example, to install version 1.10.0:

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace crossplane-stable/crossplane \
4--version 1.10.0

Installed deployments

Crossplane creates two Kubernetes deployments in the crossplane-system namespace to deploy the Crossplane pods.

1kubectl get deployments -n crossplane-system
2NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
3crossplane                1/1     1            1           8m13s
4crossplane-rbac-manager   1/1     1            1           8m13s

Crossplane deployment

The Crossplane deployment starts with the crossplane-init container. The init container installs the Crossplane Custom Resource Definitions into the Kubernetes cluster.

After the init container finishes, the crossplane pod manages two Kubernetes controllers.

  • The Package Manager controller installs the provider, function and configuration packages.
  • The Composition controller installs and manages the Crossplane Composite Resource Definitions, Compositions and Claims.

Crossplane RBAC manager deployment

The crossplane-rbac-manager creates and manages Kubernetes ClusterRoles for installed Crossplane Provider and their Custom Resource Definitions.

The Crossplane RBAC Manager design document has more information on the installed ClusterRoles.

Installation options

Customize the Crossplane Helm chart

Crossplane supports customizations at install time by configuring the Helm chart.

Apply customizations with the command line or with a Helm values file.

ParameterDescriptionDefault
affinityAdd affinities to the Crossplane pod deployment.{}
argsAdd custom arguments to the Crossplane pod.[]
configuration.packagesA list of Configuration packages to install.[]
customAnnotationsAdd custom annotations to the Crossplane pod deployment.{}
customLabelsAdd custom labels to the Crossplane pod deployment.{}
deploymentStrategyThe deployment strategy for the Crossplane and RBAC Manager pods."RollingUpdate"
dnsPolicySpecify the dnsPolicy to be used by the Crossplane pod.""
extraEnvVarsCrossplaneAdd custom environmental variables to the Crossplane pod deployment. Replaces any . in a variable name with _. For example, SAMPLE.KEY=value1 becomes SAMPLE_KEY=value1.{}
extraEnvVarsRBACManagerAdd custom environmental variables to the RBAC Manager pod deployment. Replaces any . in a variable name with _. For example, SAMPLE.KEY=value1 becomes SAMPLE_KEY=value1.{}
extraObjectsTo add arbitrary Kubernetes Objects during a Helm Install[]
extraVolumeMountsCrossplaneAdd custom volumeMounts to the Crossplane pod.{}
extraVolumesCrossplaneAdd custom volumes to the Crossplane pod.{}
function.packagesA list of Function packages to install[]
functionCache.mediumSet to Memory to hold the function cache in a RAM backed file system. Useful for Crossplane development.""
functionCache.pvcThe name of a PersistentVolumeClaim to use as the function cache. Disables the default function cache emptyDir Volume.""
functionCache.sizeLimitThe size limit for the function cache. If medium is Memory the sizeLimit can’t exceed Node memory."512Mi"
hostNetworkEnable hostNetwork for the Crossplane deployment. Caution: enabling hostNetwork grants the Crossplane Pod access to the host network namespace. Consider setting dnsPolicy to ClusterFirstWithHostNet.false
image.pullPolicyThe image pull policy used for Crossplane and RBAC Manager pods."IfNotPresent"
image.repositoryRepository for the Crossplane pod image."xpkg.crossplane.io/crossplane/crossplane"
image.tagThe Crossplane image tag. Defaults to the value of appVersion in Chart.yaml.""
imagePullSecretsThe imagePullSecret names to add to the Crossplane ServiceAccount.[]
leaderElectionEnable leader election for the Crossplane pod.true
metrics.enabledEnable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.false
metrics.portThe port the metrics server listens on.""
nodeSelectorAdd nodeSelectors to the Crossplane pod deployment.{}
packageCache.configMapThe name of a ConfigMap to use as the package cache. Disables the default package cache emptyDir Volume.""
packageCache.mediumSet to Memory to hold the package cache in a RAM backed file system. Useful for Crossplane development.""
packageCache.pvcThe name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache emptyDir Volume.""
packageCache.sizeLimitThe size limit for the package cache. If medium is Memory the sizeLimit can’t exceed Node memory."20Mi"
podSecurityContextCrossplaneAdd a custom securityContext to the Crossplane pod.{}
podSecurityContextRBACManagerAdd a custom securityContext to the RBAC Manager pod.{}
priorityClassNameThe PriorityClass name to apply to the Crossplane and RBAC Manager pods.""
provider.packagesA list of Provider packages to install.[]
rbacManager.affinityAdd affinities to the RBAC Manager pod deployment.{}
rbacManager.argsAdd custom arguments to the RBAC Manager pod.[]
rbacManager.deployDeploy the RBAC Manager pod and its required roles.true
rbacManager.leaderElectionEnable leader election for the RBAC Manager pod.true
rbacManager.nodeSelectorAdd nodeSelectors to the RBAC Manager pod deployment.{}
rbacManager.replicasThe number of RBAC Manager pod replicas to deploy.1
rbacManager.revisionHistoryLimitThe number of RBAC Manager ReplicaSets to retain.nil
rbacManager.skipAggregatedClusterRolesDon’t install aggregated Crossplane ClusterRoles.false
rbacManager.tolerationsAdd tolerations to the RBAC Manager pod deployment.[]
rbacManager.topologySpreadConstraintsAdd topologySpreadConstraints to the RBAC Manager pod deployment.[]
readiness.portThe port the readyz server listens on.""
registryCaBundleConfig.keyThe ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.""
registryCaBundleConfig.nameThe ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.""
replicasThe number of Crossplane pod replicas to deploy.1
resourcesCrossplane.limits.cpuCPU resource limits for the Crossplane pod."500m"
resourcesCrossplane.limits.memoryMemory resource limits for the Crossplane pod."1024Mi"
resourcesCrossplane.requests.cpuCPU resource requests for the Crossplane pod."100m"
resourcesCrossplane.requests.memoryMemory resource requests for the Crossplane pod."256Mi"
resourcesRBACManager.limits.cpuCPU resource limits for the RBAC Manager pod."100m"
resourcesRBACManager.limits.memoryMemory resource limits for the RBAC Manager pod."512Mi"
resourcesRBACManager.requests.cpuCPU resource requests for the RBAC Manager pod."100m"
resourcesRBACManager.requests.memoryMemory resource requests for the RBAC Manager pod."256Mi"
revisionHistoryLimitThe number of Crossplane ReplicaSets to retain.nil
runtimeClassNameThe runtimeClassName name to apply to the Crossplane and RBAC Manager pods.""
securityContextCrossplane.allowPrivilegeEscalationEnable allowPrivilegeEscalation for the Crossplane pod.false
securityContextCrossplane.readOnlyRootFilesystemSet the Crossplane pod root file system as read-only.true
securityContextCrossplane.runAsGroupThe group ID used by the Crossplane pod.65532
securityContextCrossplane.runAsUserThe user ID used by the Crossplane pod.65532
securityContextRBACManager.allowPrivilegeEscalationEnable allowPrivilegeEscalation for the RBAC Manager pod.false
securityContextRBACManager.readOnlyRootFilesystemSet the RBAC Manager pod root file system as read-only.true
securityContextRBACManager.runAsGroupThe group ID used by the RBAC Manager pod.65532
securityContextRBACManager.runAsUserThe user ID used by the RBAC Manager pod.65532
service.customAnnotationsConfigure annotations on the service object. Only enabled when webhooks.enabled = true{}
serviceAccount.createSpecifies whether Crossplane ServiceAccount should be createdtrue
serviceAccount.customAnnotationsAdd custom annotations to the Crossplane ServiceAccount.{}
serviceAccount.nameProvide the name of an already created Crossplane ServiceAccount. Required when serviceAccount.create is false""
tolerationsAdd tolerations to the Crossplane pod deployment.[]
topologySpreadConstraintsAdd topologySpreadConstraints to the Crossplane pod deployment.[]
webhooks.enabledEnable webhooks for Crossplane and installed Provider packages.true
webhooks.portThe port the webhook server listens on.""

Command line customization

Apply custom settings at the command line with helm install crossplane --set <setting>=<value>.

For example, to change the image pull policy:

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace \
4crossplane-stable/crossplane \
5--set image.pullPolicy=Always

Helm supports comma-separated arguments.

For example, to change the image pull policy and number of replicas:

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace \
4crossplane-stable/crossplane \
5--set image.pullPolicy=Always,replicas=2

Helm values file

Apply custom settings in a Helm values file with helm install crossplane -f <filename>.

A YAML file defines the customized settings.

For example, to change the image pull policy and number of replicas:

Create a YAML with the customized settings.

1replicas: 2
2
3image:
4  pullPolicy: Always

Apply the file with helm install:

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace \
4crossplane-stable/crossplane \
5-f settings.yaml

Feature flags

Crossplane introduces new features behind feature flags. By default alpha features are off. Crossplane enables beta features by default. To enable a feature flag, set the args value in the Helm chart. Available feature flags can be directly found by running crossplane core start --help, or by looking at the table below.

StatusFlagDescription
Beta--enable-composition-webhook-schema-validationEnable Composition validation using schemas.
Beta--enable-deployment-runtime-configsEnable support for DeploymentRuntimeConfigs.
Beta--enable-usagesEnable support for Usages.
Beta--enable-ssa-claimsEnable support for using server-side apply to sync claims with XRs.
Beta--enable-realtime-compositionsEnable support for real time compositions.
Alpha--enable-external-secret-storesEnable support for External Secret Stores.
Alpha--enable-dependency-version-upgradesEnable automatic version upgrades of dependencies when updating packages.
Alpha--enable-dependency-version-downgradesEnable automatic version downgrades of dependencies when updating packages.
Alpha--enable-signature-verificationEnable support for package signature verification via ImageConfig API.
Alpha--enable-function-response-cacheEnable support for caching composition function responses.

Set these flags either in the values.yaml file or at install time using the --set flag, for example: --set args='{"--enable-composition-functions","--enable-composition-webhook-schema-validation"}'.

Change the default package registry

Beginning with Crossplane version 1.20.0 Crossplane uses the crossplane-contrib GitHub Container Registry at xpkg.crossplane.io by default for downloading and installing packages.

Change the default registry location during the Crossplane install with --set args='{"--registry=index.docker.io"}'.

Install pre-release Crossplane versions

Install a pre-release versions of Crossplane from the master Crossplane Helm channel.

Versions in the master channel are under active development and may be unstable.

Warning
Don’t use Crossplane master releases in production. Only use stable channel. Only use master for testing and development.

Add the Crossplane master Helm repository

Add the Crossplane repository with the helm repo add command.

1helm repo add crossplane-master https://charts.crossplane.io/master/

Update the local Helm chart cache with helm repo update.

1helm repo update

Install the Crossplane master Helm chart

Install the Crossplane master Helm chart with helm install.

Tip
View the changes Crossplane makes to your cluster with the helm install --dry-run --debug options. Helm shows what configurations it applies without making changes to the Kubernetes cluster.

Crossplane creates and installs into the crossplane-system namespace.

1helm install crossplane \
2--namespace crossplane-system \
3--create-namespace crossplane-master/crossplane \
4--devel

Crossplane distributions

Third-party vendors may maintain their own Crossplane distributions. Vendor supported distribution may have features or tooling that isn’t in the Community Crossplane distribution.

The CNCF certified third-party distributions as “conformant” with the Community Crossplane distribution.