We are excited to share a major update on the OCI Crossplane Provider, that enables Kubernetes-native provisioning of any Oracle Cloud Infrastructure (OCI) resource using Crossplane and our forward-looking plans for this solution.

What is Crossplane?

Crossplane is an open source, Cloud Native Computing Foundation (CNCF) project built on the foundation of Kubernetes to orchestrate anything. It uses providers and managed resources to represent infrastructure as Kubernetes resources. Teams can model resources like databases, buckets, networks, etc. as native objects in the cluster. Platform teams can then build higher-level abstractions on top of those building blocks using familiar Kubernetes APIs and patterns instead of juggling separate tools and workflows. This approach makes infrastructure delivery more consistent, reduces operational drift, and supports self-service with the Kubernetes tools teams already know. Platform teams are increasingly favoring this model leading to broader Crossplane adoption and its move from a CNCF maturity level of Incubating to Graduated.

What’s New in the Crossplane Provider for OCI?

In support of the very powerful Kubernetes-native Infrastructure as Code (IaC) model, OCI has made significant improvements to its Crossplane Provider. Specifically, over the past year some of the significant features added are

  • From Monolithic to Modular: The original provider was a single, large package that made it impossible to install only required service providers. The new architecture splits OCI services into a “provider family”, matching the modern standards set by the broader Crossplane community.
  • Production-Ready Security: While the early versions focused on basic connectivity, the latest update adds support for Instance Principal and Workload Identity. This allows for better authentication management and more granular access control to OCI resources directly from the cluster.
  • Expanded OCI Resource Coverage: The initial release focused on core services like Compute and Object Storage. Recent updates add support for 100+ OCI services including advanced data services like OCI Data Safe and Data Flow, reflecting OCI’s push toward a more comprehensive AI and data-driven platform.
  • Pre-built images: The Crossplane Provider for OCI project provides pre-packaged images for different modules. This enables users to quickly deploy them without the need to build each package themselves.

With these updates the Crossplane Provider for OCI enables a single pane of glass experience, where your entire application environment, from OCI networking and storage to the pods running in a cluster, is visible and manageable via the familiar Kubernetes API.

Using the Crossplane Provider for OCI

The Crossplane Provider for OCI requires a running Kubernetes cluster and certain basic software and tools to be available in your Kubernetes environment, e.g. Git, Helm, Kubectl etc. The full list is documented here.

With your environment in-place you can deploy Crossplane using the following steps

helm repo add crossplane-stable https://charts.crossplane.io/stable
helm install crossplane --namespace crossplane-system crossplane-stable/crossplane

Create the following Kubernetes specification file and apply it using kubectl apply -f filename

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: oracle-provider-family-oci
  spec:
    package: ghcr.io/oracle/provider-family-oci:v0.0.2
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-oci-objectstorage
  spec:
    package: ghcr.io/oracle/provider-oci-objectstorage:v0.0.2

Verify the install with kubectl get providers. The output should look like

NAME INSTALLED HEALTHY PACKAGE AGE
oracle-provider-oci-family True True ghcr.io/oracle/provider-family-oci:v0.0.2 3m3s
provider-oci-objectstorage True True ghcr.io/oracle/provider-oci-objectstorage:v0.0.2 3m2s

You can configure credentials for the provider using OCI API Keys, Instance Principal, or Workload Identity. Below is an example using API keys.

kubectl create secret generic oci-creds \
--namespace=crossplane-system \
--from-literal=credentials='{
"tenancy_ocid": "REPLACE_WITH_YOUR_TENANCY_OCID",
"user_ocid": "REPLACE_WITH_YOUR_USER_OCID",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIE...REPLACE_WITH_YOUR_KEY_CONTENT...AB\n-----END RSA PRIVATE KEY-----\n",
"fingerprint": "REPLACE_WITH_YOUR_FINGERPRINT",
"region": "REPLACE_WITH_YOUR_REGION",
"auth": "ApiKey"
}'

Create and apply the OCI resource specification using kubectl apply -f filename Below is an example specification for creating an OCI Object Storage Bucket.

apiVersion: objectstorage.oci.crossplane.io/v1alpha1
kind: Bucket
metadata:
  name: my-oci-bucket
  spec:
    forProvider:
      compartmentId: <YOUR_COMPARTMENT_OCID>
      name: "crossplane-managed-bucket"
      namespace: <YOUR_TENANCY_NAMESPACE>
    providerConfigRef:
      name: default

Crossplane will manage this object storage bucket by continuously monitoring the underlying resource and reconciling it with the specification. The OCI resource can be fully managed by applying changes to the specification. Platform teams can leverage continuous delivery tools like ArgoCD, to implement workflows where changes pushed to the specification file in Git are automatically applied in their Kubernetes clusters. This way Git can be the source of truth for infrastructure control extending workflows developers are familiar with for applications to infrastructure management.

Looking Ahead

We will continue enabling the Kubernetes community to easily adopt OCI services by staying aligned with modern cloud infrastructure management solutions like Crossplane. Crossplane v2 has some exciting new capabilities e.g. ManagementPolicies, Operations etc. that we plan to integrate into the Crossplane Provider for OCI.

Give it a try using our quick start guide, share your feedback on the github project and stay updated on the latest changes by subscribing to the releases.

Resources