Crossplane turns a Kubernetes cluster into a control plane for arbitrary external resources — AWS RDS databases, GCP buckets, Cloudflare zones, GitHub repos, Snowflake warehouses, and anything else with an API. You write Kubernetes manifests, Crossplane reconciles them against the target cloud, and the rest of your Kubernetes tooling (RBAC, GitOps with ArgoCD or Flux, audit logs, admission policies) applies to infrastructure for free.
The runtime is a set of controllers. Providers (provider-upjet-aws, provider-gcp, provider-azure, provider-terraform, hundreds of community providers) install CRDs for each managed service and reconcile them against the vendor API. On top of that, Crossplane’s Composition engine lets platform teams define a high-level CompositeResourceDefinition (XRD) — for example, XPostgresDatabase — and a Composition that fans it out into the underlying provider resources (a VPC, subnet, RDS instance, parameter group, DNS record, and Secret). Application teams then consume the simple Claim and never see the cloud-specific details. Modern Crossplane uses composition functions (WASM or gRPC) so you can write composition logic in KCL, Python, Go, or CUE instead of raw YAML patches.
Crossplane is the main Kubernetes-native alternative to Terraform/OpenTofu and Pulumi. The trade-off is continuous reconciliation and a Kubernetes-shaped UX versus Terraform’s plan/apply model and mature ecosystem. It graduated in the CNCF in 2025 and is the backbone of several commercial platform products, notably Upbound.