Managed Resources

This document is for an older version of Crossplane.

This document applies to Crossplane version v1.17 and not to the latest release v1.19.

A managed resource (MR) represents an external service in a Provider. When users create a new managed resource, the Provider reacts by creating an external resource inside the Provider’s environment. Every external service managed by Crossplane maps to a managed resource.

Note

Crossplane calls the object inside Kubernetes a managed resource and the external object inside the Provider an external resource.

Examples of managed resources include:

Amazon AWS EC2 Instance defined in provider-upjet-aws.
Google Cloud GKE Cluster defined in provider-upjet-gcp.
Microsoft Azure PostgreSQL Database defined in provider-upjet-azure.

Tip

You can create individual managed resources, but Crossplane recommends using Compositions and Claims to create managed resources.

Managed resource fields

The Provider defines the group, kind and version of a managed resource. The Provider also define the available settings of a managed resource.

Group, kind and version

Each managed resource is a unique API endpoint with their own group, kind and version.

For example provider-upjet-aws defines the Instance kind from the group ec2.aws.upbound.io

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Instance

deletionPolicy

A managed resource’s deletionPolicy tells the Provider what to do after deleting the managed resource. If the deletionPolicy is Delete the Provider deletes the external resource as well. If the deletionPolicy is orphan the Provider deletes the managed resource but doesn’t delete the external resource.

Options

deletionPolicy: Delete - Default - Delete the external resource when deleting the managed resource.
deletionPolicy: Orphan - Leave the external resource when deleting the managed resource.

Interaction with management policies

The management policy takes precedence over the deletionPolicy when:

The related management policy alpha feature is enabled.

The resource configures a management policy other than the default value.

See the table below for more details.

managementPolicies	deletionPolicy	result
“*” (default)	Delete (default)	Delete
“*” (default)	Orphan	Orphan
contains “Delete”	Delete (default)	Delete
contains “Delete”	Orphan	Delete
doesn’t contain “Delete”	Delete (default)	Orphan
doesn’t contain “Delete”	Orphan	Orphan

forProvider

The spec.forProvider of a managed resource maps to the parameters of the external resource.

For example, when creating an AWS EC2 instance, the Provider supports defining the AWS region and the VM size, called the instanceType.

Note

The Provider defines the settings and their valid values. Providers also define required and optional values in the forProvider definition.

Refer to the documentation of your specific Provider for details.

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Instance
3# Removed for brevity
4spec:
5  forProvider:
6    region: us-west-1
7    instanceType: t2.micro

Important

Crossplane considers the forProvider field of a managed resource the “source of truth” for external resources. Crossplane overrides any changes made to an external resource outside of Crossplane. If a user makes a change inside a Provider’s web console, Crossplane reverts that change back to what’s configured in the forProvider setting.

Referencing other resources

Some fields in a managed resource may depend on values from other managed resources. For example a VM may need the name of a virtual network to use.

Managed resources can reference other managed resources by external name, name reference or selector.

Matching by external name

When matching a resource by name Crossplane looks for the name of the external resource in the Provider.

For example, a AWS VPC object named my-test-vpc has the external name vpc-01353cfe93950a8ff.

1kubectl get vpc
2NAME            READY   SYNCED   EXTERNAL-NAME           AGE
3my-test-vpc     True    True     vpc-01353cfe93950a8ff   49m

To match the VPC by name, use the external name. For example, creating a Subnet managed resource attached to this VPC.

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Subnet
3spec:
4  forProvider:
5    # Removed for brevity
6    vpcId: vpc-01353cfe93950a8ff

Matching by name reference

To match a resource based on the name of the managed resource and not the external resource name inside the Provider, use a nameRef.

For example, a AWS VPC object named my-test-vpc has the external name vpc-01353cfe93950a8ff.

1kubectl get vpc
2NAME            READY   SYNCED   EXTERNAL-NAME           AGE
3my-test-vpc     True    True     vpc-01353cfe93950a8ff   49m

To match the VPC by name reference, use the managed resource name. For example, creating a Subnet managed resource attached to this VPC.

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Subnet
3spec:
4  forProvider:
5    # Removed for brevity
6    vpcIdRef: 
7      name: my-test-vpc

Matching by selector

Matching by selector is the most flexible matching method.

Use matchLabels to match the labels applied to a resource. For example, this Subnet resource only matches VPC resources with the label my-label: label-value.

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Subnet
3spec:
4  forProvider:
5    # Removed for brevity
6    vpcIdSelector: 
7      matchLabels:
8        my-label: label-value

Matching by controller reference

Matching a controller reference ensures that the matching resource is part of the same composite resource.

Note

Learn more about composite resources in the Composite Resources section.

Matching only a controller reference simplifies the matching process without requiring labels or more information.

For example, creating an AWS InternetGateway requires a VPC.

The InternetGateway could match a label, but every VPC created by this Composition shares the same label.

Using matchControllerRef matches only the VPC created in the same composite resource that created the InternetGateway.

 1apiVersion: pt.fn.crossplane.io/v1beta1
 2kind: Resources
 3resources:
 4- base:
 5    apiVersion: ec2.aws.upbound.io/v1beta1
 6    kind: VPC
 7    name: my-vpc
 8    spec:
 9      forProvider:
10      # Removed for brevity
11- base:
12    apiVersion: ec2.aws.upbound.io/v1beta1
13    kind: InternetGateway
14    name: my-gateway
15    spec:
16      forProvider:
17        vpcIdSelector:
18          matchControllerRef: true

Resources can match both labels and a controller reference to match a specific resource in the larger composite resource.

For example, this Composition creates two VPC resources, but the InternetGateway must match only one.

Applying a label to the second VPC allows the InternetGateway to match the label type: internet and only match objects in the same composite resource with matchControllerRef.

 1apiVersion: pt.fn.crossplane.io/v1beta1
 2kind: Resources
 3resources:
 4- name: my-first-vpc
 5  base:
 6    apiVersion: ec2.aws.upbound.io/v1beta1
 7    kind: VPC
 8    metadata:
 9      labels:
10        type: backend
11    spec:
12      forProvider:
13      # Removed for brevity
14- name: my-second-vpc
15  base:
16    apiVersion: ec2.aws.upbound.io/v1beta1
17    kind: VPC
18    metadata:
19      labels:
20        type: internet
21    spec:
22      forProvider:
23      # Removed for brevity
24- name: my-gateway
25  base:
26    apiVersion: ec2.aws.upbound.io/v1beta1
27    kind: InternetGateway
28    spec:
29      forProvider:
30        vpcIdSelector:
31          matchControllerRef: true
32          matchLabels:
33            type: internet

Note

These examples use Function Patch and Transform. Learn more about functions and Compositions in the Compositions section.

Immutable fields

Some providers don’t support changing the fields of some managed resources after creation. For example, you can’t change the region of an Amazon AWS RDSInstance. These fields are immutable fields. Amazon requires you delete and recreate the resource.

Crossplane allows you to edit the immutable field of a managed resource, but doesn’t apply the change. Crossplane never deletes a resource based on a forProvider change.

Note

Crossplane behaves differently than other tools like Terraform. Terraform deletes and recreates a resource to change an immutable field. Crossplane only deletes an external resource if their corresponding managed resource object is deleted from Kubernetes and the deletionPolicy is Delete.

Late initialization

Crossplane treats the managed resource as the source of truth by default; it expects to have all values under spec.forProvider including the optional ones. If not provided, Crossplane populates the empty fields with the values assigned by the provider. For example, consider fields such as region and availabilityZone. You might specify only the region and let the cloud provider choose the availability zone. In this case, if the provider assigns an availability zone, Crossplane uses that value to populate the spec.forProvider.availabilityZone field.

Note

With managementPolicies, this behavior can be turned off by not including the LateInitialize policy in the managementPolicies list.

initProvider

Important

The managed resource initProvider option is a beta feature related to managementPolicies.

The initProvider defines settings Crossplane applies only when creating a new managed resource.
Crossplane ignores settings defined in the initProvider field that change after creation.

Note

Settings in forProvider are always enforced by Crossplane. Crossplane reverts any changes to a forProvider field in the external resource.

Settings in initProvider aren’t enforced by Crossplane. Crossplane ignores any changes to a initProvider field in the external resource.

Using initProvider is useful for setting initial values that a Provider may automatically change, like an auto scaling group.

For example, creating a NodeGroup with an initial desiredSize.
Crossplane doesn’t change the desiredSize setting back when an autoscaler scales the Node Group external resource.

Tip

Crossplane recommends configuring managementPolicies without LateInitialize to avoid conflicts with initProvider settings.

 1apiVersion: eks.aws.upbound.io/v1beta1
 2kind: NodeGroup
 3metadata:
 4  name: sample-eks-ng
 5spec:
 6  managementPolicies: ["Observe", "Create", "Update", "Delete"]
 7  initProvider:
 8    scalingConfig:
 9      - desiredSize: 1
10  forProvider:
11    region: us-west-1
12    scalingConfig:
13      - maxSize: 4
14        minSize: 1

managementPolicies

Note

The managed resource managementPolicies option is a beta feature. Crossplane enables beta features by default.

The Provider determines support for management policies.
Refer to the Provider’s documentation to see if the Provider supports management policies.

Crossplane managementPolicies determine which actions Crossplane can take on a managed resource and its corresponding external resource.
Apply one or more managementPolicies to a managed resource to determine what permissions Crossplane has over the resource.

For example, give Crossplane permission to create and delete an external resource, but not make any changes, set the policies to ["Create", "Delete", "Observe"].

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Subnet
3spec:
4  managementPolicies: ["Create", "Delete", "Observe"]
5  forProvider:
6    # Removed for brevity

The default policy grants Crossplane full control over the resources.
Defining the managementPolicies field with an empty array pauses the resource.

Important

The Provider determines support for management policies.
Refer to the Provider’s documentation to see if the Provider supports management policies.

Crossplane supports the following policies:

Policy	Description
`*`	Default policy. Crossplane has full control over a resource.
`Create`	If the external resource doesn’t exist, Crossplane creates it based on the managed resource settings.
`Delete`	Crossplane can delete the external resource when deleting the managed resource.
`LateInitialize`	Crossplane initializes some external resource settings not defined in the `spec.forProvider` of the managed resource. See the late initialization section for more details.
`Observe`	Crossplane only observes the resource and doesn’t make any changes. Used for observe only resources.
`Update`	Crossplane changes the external resource when changing the managed resource.

The following is a list of common policy combinations:

Create	Delete	LateInitialize	Observe	Update	Description
✔️	✔️	✔️	✔️	✔️	Default policy. Crossplane has full control over the resource.
✔️	✔️	✔️	✔️		After creation any changes made to the managed resource aren’t passed to the external resource. Useful for immutable external resources.
✔️	✔️		✔️	✔️	Prevent Crossplane from managing any settings not defined in the managed resource. Useful for immutable fields in an external resource.
✔️	✔️		✔️		Crossplane doesn’t import any settings from the external resource and doesn’t push changes to the managed resource. Crossplane recreates the external resource if it’s deleted.
✔️		✔️	✔️	✔️	Crossplane doesn’t delete the external resource when deleting the managed resource.
✔️		✔️	✔️		Crossplane doesn’t delete the external resource when deleting the managed resource. Crossplane doesn’t apply changes to the external resource after creation.
✔️			✔️	✔️	Crossplane doesn’t delete the external resource when deleting the managed resource. Crossplane doesn’t import any settings from the external resource.
✔️			✔️		Crossplane creates the external resource but doesn’t apply any changes to the external resource or managed resource. Crossplane can’t delete the resource.
			✔️		Crossplane only observes a resource. Used for observe only resources.
					No policy set. An alternative method for pausing a resource.

providerConfigRef

The providerConfigRef on a managed resource tells the Provider which ProviderConfig to use when creating the managed resource.

Use a ProviderConfig to define the authentication method to use when communicating to the Provider.

Important

If providerConfigRef isn’t applied, Providers use the ProviderConfig named default.

For example, a managed resource references a ProviderConfig named user-keys.

This matches the name of a ProviderConfig.

1apiVersion: ec2.aws.upbound.io/v1beta1
2kind: Instance
3spec:
4  forProvider:
5    # Removed for brevity
6  providerConfigRef: user-keys

1apiVersion: aws.crossplane.io/v1beta1
2kind: ProviderConfig
3metadata:
4  name: user-keys
5# Removed for brevity

Tip

Each managed resource can reference different ProviderConfigs. This allows different managed resources to authenticate with different credentials to the same Provider.

providerRef

Crossplane deprecated the providerRef field in crossplane-runtime v0.10.0. Managed resources using providerRefmust use providerConfigRef.

writeConnectionSecretToRef

When a Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address.

Crossplane stores these details in a Kubernetes Secret object specified by the writeConnectionSecretToRef values.

For example, when creating an AWS RDS database instance with the Crossplane community AWS provider generates an endpoint, password, port and username data. The Provider saves these variables in the Kubernetes secret rds-secret, referenced by the writeConnectionSecretToRef field.

1apiVersion: database.aws.crossplane.io/v1beta1
2kind: RDSInstance
3metadata:
4  name: my-rds-instance
5spec:
6  forProvider:
7  # Removed for brevity
8  writeConnectionSecretToRef:
9    name: rds-secret

Viewing the Secret object shows the saved fields.

1kubectl describe secret rds-secret
2Name:         rds-secret
3# Removed for brevity
4Data
5====
6port:      4 bytes
7username:  10 bytes
8endpoint:  54 bytes
9password:  27 bytes

Important

The Provider determines the data written to the Secret object. Refer to the specific Provider documentation for the generated Secret data.

publishConnectionDetailsTo

The publishConnectionDetailsTo field expands on writeConnectionSecretToRef supporting storing managed resource information as a Kubernetes Secret object or in an external secrets store like HashiCorp Vault.

Using publishConnectionDetailsTo requires enabling Crossplane External Secrets Stores (ESS). Enable ESS inside a Provider with a DeploymentRuntimeConfig and in Crossplane with the --enable-external-secret-stores argument.

Note

Not all Providers support publishConnectionDetailsTo. Check your Provider documentation for details.

Publish secrets to Kubernetes

To publish the data generated by a managed resource as a Kubernetes Secret object provide a publishConnectionDetailsTo.name

1apiVersion: rds.aws.upbound.io/v1beta1
2kind: Instance
3spec:
4  forProvider:
5  # Removed for brevity
6  publishConnectionDetailsTo:
7    name: rds-kubernetes-secret

Crossplane can apply labels and annotations to the Kubernetes secret as well using publishConnectionDetailsTo.metadata.

 1apiVersion: rds.aws.upbound.io/v1beta1
 2kind: Instance
 3spec:
 4  forProvider:
 5  # Removed for brevity
 6  publishConnectionDetailsTo:
 7    name: rds-kubernetes-secret
 8    metadata:
 9      labels:
10        label-tag: label-value
11      annotations:
12        annotation-tag: annotation-value

Publish secrets to an external secrets store

Publishing secrets data to an external secret store like HashiCorp Vault relies on a publishConnectionDetailsTo.configRef.

The configRef.name references a StoreConfig object.

1apiVersion: rds.aws.upbound.io/v1beta1
2kind: Instance
3spec:
4  forProvider:
5  # Removed for brevity
6  publishConnectionDetailsTo:
7    name: rds-kubernetes-secret
8    configRef: 
9      name: my-vault-storeconfig

1apiVersion: secrets.crossplane.io/v1alpha1
2kind: StoreConfig
3metadata:
4  name: my-vault-storeconfig
5# Removed for brevity

Tip

Read the Vault as an External Secrets Store guide for details on using StoreConfig objects.

Annotations

Crossplane applies a standard set of Kubernetes annotations to managed resources.

Annotation	Definition
`crossplane.io/external-name`	The name of the managed resource inside the Provider.
`crossplane.io/external-create-pending`	The timestamp of when Crossplane began creating the managed resource.
`crossplane.io/external-create-succeeded`	The timestamp of when the Provider successfully created the managed resource.
`crossplane.io/external-create-failed`	The timestamp of when the Provider failed to create the managed resource.
`crossplane.io/paused`	Indicates Crossplane isn’t reconciling this resource. Read the Pause Annotation for more details.
`crossplane.io/composition-resource-name`	For managed resource created by a Composition, this is the Composition’s `resources.name` value.

Naming external resources

By default Providers give external resources the same name as the Kubernetes object.

For example, a managed resource named my-rds-instance has the name my-rds-instance as an external resource inside the Provider’s environment.

1apiVersion: database.aws.crossplane.io/v1beta1
2kind: RDSInstance
3metadata:
4  name: my-rds-instance

1kubectl get rdsinstance
2NAME                 READY   SYNCED   EXTERNAL-NAME        AGE
3my-rds-instance      True    True     my-rds-instance      11m

Managed resource created with a crossplane.io/external-name annotation already provided use the annotation value as the external resource name.

For example, the Provider creates managed resource named my-rds-instance but uses the name my-custom-name for the external resource inside AWS.

1apiVersion: database.aws.crossplane.io/v1beta1
2kind: RDSInstance
3metadata:
4  name: my-rds-instance  
5  annotations: 
6    crossplane.io/external-name: my-custom-name

1kubectl get rdsinstance
2NAME                 READY   SYNCED   EXTERNAL-NAME        AGE
3my-rds-instance      True    True     my-custom-name       11m

Creation annotations

When an external system like AWS generates nondeterministic resource names it’s possible for a provider to create a resource but not record that it did. When this happens the provider can’t manage the resource.

Tip

Crossplane calls resources that a provider creates but doesn’t manage leaked resources.

Providers set three creation annotations to avoid and detect leaked resources:

crossplane.io/external-create-pending - The last time the provider was about to create the resource.
crossplane.io/external-create-succeeded - The last time the provider successfully created the resource.
crossplane.io/external-create-failed - The last time the provider failed to create the resource.

Use kubectl get to view the annotations on a managed resource. For example, an AWS VPC resource:

1$ kubectl get -o yaml vpc my-vpc
2apiVersion: ec2.aws.upbound.io/v1beta1
3kind: VPC
4metadata:
5  name: my-vpc
6  annotations:
7    crossplane.io/external-name: vpc-1234567890abcdef0
8    crossplane.io/external-create-pending: "2023-12-18T21:48:06Z"
9    crossplane.io/external-create-succeeded: "2023-12-18T21:48:40Z"

A provider uses the crossplane.io/external-name annotation to lookup a managed resource in an external system.

The provider looks up the resource in the external system to determine if it exists, and if it matches the managed resource’s desired state. If the provider can’t find the resource, it creates it.

Some external systems don’t let a provider specify a resource’s name when the provider creates it. Instead the external system generates an nondeterministic name and returns it to the provider.

When the external system generates the resource’s name, the provider attempts to save it to the managed resource’s crossplane.io/external-name annotation. If it doesn’t, it leaks the resource.

A provider can’t guarantee that it can save the annotation. The provider could restart or lose network connectivity between creating the resource and saving the annotation.

A provider can detect that it might have leaked a resource. If the provider thinks it might have leaked a resource, it stops reconciling it until you tell the provider it’s safe to proceed.

Important

Anytime an external system generates a resource’s name there is a risk the provider could leak the resource.

The safest thing for a provider to do when it detects that it might have leaked a resource is to stop and wait for human intervention.

This ensures the provider doesn’t create duplicates of the leaked resource. Duplicate resources can be costly and dangerous.

When a provider thinks it might have leaked a resource it creates a cannot determine creation result event associated with the managed resource. Use kubectl describe to see the event.

1kubectl describe queue my-sqs-queue
2
3# Removed for brevity
4
5Events:
6  Type     Reason                           Age                 From                                 Message
7  ----     ------                           ----                ----                                 -------
8  Warning  CannotInitializeManagedResource  29m (x19 over 19h)  managed/queue.sqs.aws.crossplane.io  cannot determine creation result - remove the crossplane.io/external-create-pending annotation if it is safe to proceed

Providers use the creation annotations to detect that they might have leaked a resource.

Each time a provider reconciles a managed resource it checks the resource’s creation annotations. If the provider sees a create pending time that’s more recent than the most recent create succeeded or create failed time, it knows that it might have leaked a resource.

Note

Providers don’t remove the creation annotations. They use the timestamps to determine which is most recent. It’s normal for a managed resource to have several creation annotations.

The provider knows it might have leaked a resource because it updates all the resource’s annotations at the same time. If the provider couldn’t update the creation annotations after it created the resource, it also couldn’t update the crossplane.io/external-name annotation.

Tip

If a resource has a cannot determine creation result error, inspect the external system.

Use the timestamp from the crossplane.io/external-create-pending annotation to determine when the provider might have leaked a resource. Look for resources created around this time.

If you find a leaked resource, and it’s safe to do so, delete it from the external system.

Remove the crossplane.io/external-create-pending annotation from the managed resource after you’re sure no leaked resource exists. This tells the provider to resume reconciliation of and recreate the managed resource.

Providers also use the creation annotations to avoid leaking resources.

When a provider writes the crossplane.io/external-create-pending annotation it knows it’s reconciling the latest version of the managed resource. The write would fail if the provider was reconciling an old version of the managed resource.

If the provider reconciled an old version with an outdated crossplane.io/external-name annotation it could mistakenly determine that the resource didn’t exist. The provider would create a new resource, and leak the existing one.

Some external systems have a delay between when a provider creates a resource and when the system reports that it exists. The provider uses the most recent create succeeded time to account for this delay.

If the provider didn’t account for the delay, it could mistakenly determine that the resource didn’t exist. The provider would create a new resource, and leak the existing one.

Paused

Manually applying the crossplane.io/paused annotation causes the Provider to stop reconciling the managed resource.

Pausing a resource is useful when modifying Providers or preventing race-conditions when editing Kubernetes objects.

Apply a crossplane.io/paused: "true" annotation to a managed resource to pause reconciliation.

Note

Only the value "true" pauses reconciliation.

 1apiVersion: ec2.aws.upbound.io/v1beta1
 2kind: Instance
 3metadata:
 4  name: my-rds-instance
 5  annotations:
 6    crossplane.io/paused: "true"
 7spec:
 8  forProvider:
 9    region: us-west-1
10    instanceType: t2.micro

Remove the annotation to resume reconciliation.

Important

Kubernetes and Crossplane can’t delete resources with a paused annotation, even with kubectl delete.

Read Crossplane discussion #4839 for more details.

Finalizers

Crossplane applies a Finalizer on managed resources to control their deletion.

Note

Kubernetes can’t delete objects with Finalizers.

When Crossplane deletes a managed resource the Provider begins deleting the external resource, but the managed resource remains until the external resource is fully deleted.

When the external resource is fully deleted Crossplane removes the Finalizer and deletes the managed resource object.

Conditions

Crossplane has a standard set of Conditions for a managed resource. View the Conditions of a managed resource with kubectl describe <managed_resource>

Note

Providers may define their own custom Conditions.

Available

Reason: Available indicates the Provider created the managed resource and it’s ready for use.

1Conditions:
2  Type:                  Ready
3  Status:                True
4  Reason:                Available

Creating

Reason: Creating indicates the Provider is attempting to create the managed resource.

1Conditions:
2  Type:                  Ready
3  Status:                False
4  Reason:                Creating

Deleting

Reason: Deleting indicates the Provider is attempting to delete the managed resource.

1Conditions:
2  Type:                  Ready
3  Status:                False
4  Reason:                Deleting

ReconcilePaused

Reason: ReconcilePaused indicates the managed resource has a Pause annotation

1Conditions:
2  Type:                  Synced
3  Status:                False
4  Reason:                ReconcilePaused

ReconcileError

Reason: ReconcileError indicates Crossplane encountered an error while reconciling the managed resource. The Message: value of the Condition helps identify the Crossplane error.

1Conditions:
2  Type:                  Synced
3  Status:                False
4  Reason:                ReconcileError

ReconcileSuccess

Reason: ReconcileSuccess indicates the Provider created and is monitoring the managed resource.

1Conditions:
2  Type:                  Synced
3  Status:                True
4  Reason:                ReconcileSuccess

Unavailable

Reason: Unavailable indicates Crossplane expects the managed resource to be available, but the Provider reports the resource is unhealthy.

1Conditions:
2  Type:                  Ready
3  Status:                False
4  Reason:                Unavailable

Unknown

Reason: Unknown indicates the Provider has an unexpected error with the managed resource. The conditions.message provides more information on what went wrong.

1Conditions:
2  Type:                  Unknown
3  Status:                False
4  Reason:                Unknown

Upjet Provider conditions

Upjet, the open source tool to generate Crossplane Providers, also has a set of standard Conditions.

AsyncOperation

Some resources may take more than a minute to create. Upjet based providers can complete their Kubernetes command before creating the managed resource by using an asynchronous operation.

Finished

The Reason: Finished indicates the asynchronous operation completed successfully.

1Conditions:
2  Type:                  AsyncOperation
3  Status:                True
4  Reason:                Finished

Ongoing

Reason: Ongoing indicates the managed resource operation is still in progress.

1Conditions:
2  Type:                  AsyncOperation
3  Status:                True
4  Reason:                Ongoing

LastAsyncOperation

The Upjet Type: LastAsyncOperation captures the previous asynchronous operation status as either Success or a failure Reason.

ApplyFailure

Reason: ApplyFailure indicates the Provider failed to apply a setting to the managed resource. The conditions.message provides more information on what went wrong.

1Conditions:
2  Type:                  LastAsyncOperation
3  Status:                False
4  Reason:                ApplyFailure

DestroyFailure

Reason: DestroyFailure indicates the Provider failed to delete the managed resource. The conditions.message provides more information on what went wrong.

1Conditions:
2  Type:                  LastAsyncOperation
3  Status:                False
4  Reason:                DestroyFailure

Success

Reason: Success indicates the Provider successfully created the managed resource asynchronously.

1Conditions:
2  Type:                  LastAsyncOperation
3  Status:                True
4  Reason:                Success