My previous three posts introduced Crossplane and two of its key components (XR and Composition). This post will primarily be video based to demonstrate those concepts. But first I’ll take a moment to cover XR Claims, as I left them out of the XR introduction to avoid potential confusion. If you missed the post on Composite Resources, you can find it here.
As we now know, XRs call on Compositions to get the Crossplane machine doing something new for us. We looked at how an XRD is converted to a CRD in our cluster. To recap that flow, we define a CompositeResourceDefinition and create it, Crossplane creates a K8s CRD from the XRD with the schema we defined. We then create an instance of that CRD which becomes our XR.
A K8s CRD can be defined as Cluster or Namespace scoped. We secure a K8s cluster to allow users only the privileges they require. Typically, this includes blocking access to Cluster scoped resources. This is the primary reason XR Claim exists. When we create an XR, the resulting CRD is cluster scoped. If we additionally configure a claimName, the XRD will create an additional CRD that is Namespace scoped.
In this way, users who have no Cluster level resource access can still create XRs. This is done by creating the Namespace scoped XR Claim, which in turn will result in the XR. This pattern is also useful for not exposing XRs that exist to only be called from other Compositions. That pattern is a bit more complex than the simple single XR/single Composition we’ve looked at so far, but is very useful. Finally, an XR Claim can be used in much the same manner of a K8s PersistentVolumeClaim. We can pre-provision Managed Resources to be claimed later. Ok, with that bit of housekeeping out of the way, let’s look at the concepts in action.