The Kubernetes-Native Shift: Why Crossplane Is Challenging Terraform's IaC Throne in 2026
In the infrastructure-as-code landscape, Terraform has reigned supreme since HashiCorp launched it in 2014. But a quiet revolution is underway inside Kubernetes clusters that threatens to reshape how we provision cloud infrastructure. Crossplane, originally built by Pulumi and now a CNCF project, has grown from an experimental side project into a mainstream enterprise tool — with 67% of organizations planning significant investment in it during 2026.
Crossplane represents a fundamental shift in philosophy: instead of using Kubernetes as just a deployment target, it turns the cluster itself into an infrastructure management plane. The question every DevOps team is asking now is whether to keep managing infrastructure with Terraform, adopt Crossplane, or run both.
The Core Idea: Kubernetes as Your Infrastructure Controller
Terraform follows an imperative model — you declare the desired state in HCL files, and the tool reaches out to cloud provider APIs to reconcile that state. It's a pull-based workflow with no inherent connection to your cluster.
Crossplane flips this. It runs inside your Kubernetes cluster and uses the same API-driven reconciliation loop that manages pods and services. You declare infrastructure resources using Custom Resource Definitions (CRDs), and Crossplane controllers reconcile those against cloud provider APIs in real time.
The implications are significant:
- Unified declarative model — Application and infrastructure manifests live in the same API server, using the same tooling, RBAC, and GitOps pipelines.
- Live state visibility — Infrastructure resources are queryable via
kubectl get, visible in the cluster's desired-state model, and subject to the same audit trails as workloads. - Composable infrastructure — Compositions bundle infrastructure provisioning into reusable abstractions, similar to how Helm charts abstract application deployment.
- Multicluster orchestration — A single management cluster provisions resources across dozens of target clusters and cloud accounts through the Claim pattern.
Architecture Comparison: Terraform vs. Crossplane
Understanding the architectural differences helps explain why teams are making the switch:
| Dimension | Terraform | Crossplane |
|---|---|---|
| Runtime location | Standalone binary / CI runner | Inside Kubernetes cluster |
| State management | Remote state file (S3, GCS, Terraform Cloud) | Kubernetes API server (etcd) |
| Language | HCL + optional Go/Terraform CDK | YAML CRDs + Go providers |
| Reconciliation model | Push-based apply/destroy cycles | Continuous controller reconciliation |
| Multi-cloud abstraction | Providers per cloud vendor | Compositions and Composite Resources (XR) |
| Self-service pattern | Terraform Cloud workspaces or Atlantis | Claims + Composition abstractions |
| Drift detection | Periodic plan runs in CI/CD | Continuous reconciliation by controllers |
The most transformative difference is the reconciliation model. Terraform operates on a push cycle — you run terraform apply, it calculates drift, and updates state. Crossplane controllers watch for changes to CRD objects and continuously reconcile toward declared desired state. Infrastructure drift gets corrected automatically, in real time, without manual intervention.
The Composition Pattern: A Game-Changer for Platform Teams
Crossplane's most powerful feature for platform engineering teams is the Composition pattern. Think of it as an infrastructure abstraction layer that lets you bundle multiple cloud resources into a single, self-contained definition.
For example, a Database composition might encapsulate a managed PostgreSQL instance, a VPC subnet, security groups, backup policies, and monitoring alerts — all provisioned with a single YAML object. Platform teams define these compositions once, and application developers consume them through Claims, which are namespaced references that enforce policies and limit blast radius.
This is where Crossplane directly competes with Terraform's module system, but with a critical advantage: claims live inside the Kubernetes API. RBAC controls who can create claims, namespace isolation limits blast radius, and the platform team retains full visibility into what's been provisioned without needing separate tooling.
When to Stick With Terraform
Crossplane isn't universally better. Terraform remains the right choice in several scenarios:
- Pre-cluster provisioning — You need to provision the Kubernetes cluster itself, along with networking and IAM. Crossplane can't manage infrastructure it hasn't been deployed to.
- Mature Terraform codebases — If you have thousands of well-tested Terraform modules with extensive CI/CD pipelines, the migration cost is substantial.
- Simple, linear provisioning — For straightforward cloud resource creation without complex dependency chains, Terraform's simplicity wins on developer experience.
- Team skill sets — HCL has a gentler learning curve than understanding Kubernetes CRDs, operators, and the controller reconciliation loop.
The Pragmatic Hybrid Approach: Where Most Teams Land
In practice, most enterprise teams in 2026 run Terraform and Crossplane side by side, each handling what it does best. The common pattern looks like this:
- Terraform bootstraps the cluster — It provisions EKS/AKS/GKE, networking (VPC/VNet), IAM roles, and the Crossplane installation itself.
- Crossplane manages everything else — Once the cluster is up, all application-facing infrastructure (databases, message queues, caches, storage buckets) is managed through Crossplane compositions.
- GitOps ties it together — Argo CD or Flux syncs both Terraform manifests and Crossplane CRDs from version control, creating a unified delivery pipeline.
This hybrid approach gives you the best of both worlds: Terraform's proven ecosystem for infrastructure bootstrapping and Crossplane's real-time reconciliation and self-service capabilities for application infrastructure.
Getting Started With Crossplane in 2026
If you're evaluating Crossplane for your organization, start with a small proof of concept:
# Install Crossplane into a managed Kubernetes cluster
kubectl apply -f https://raw.githubusercontent.com/crossplane/crossplane/master/install.yaml
# Install the AWS provider
kubectl apply -f https://raw.githubusercontent.com/crossplane/provider-aws/main/package/crds/
# Create a simple composition for a managed PostgreSQL instance
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: postgresql-db
spec:
compositeTypeRef:
apiVersion: example.com/v1alpha1
kind: XDatabase
resources:
- base:
apiVersion: database.aws.upbound.io/v1beta1
kind: PostgreSQLEngineVersion
patches:
- fromFieldPath: spec.parameters.engineVersion
toFieldPath: spec.forProvider.engineVersionStart small — pick one infrastructure dependency (a database, a cache layer) and build a composition around it. Measure the time savings compared to your current Terraform workflow before expanding.
The Verdict
Crossplane won't kill Terraform in 2026, but it's fundamentally changing how teams manage infrastructure by bringing cloud resources into the Kubernetes API surface. For platform engineering teams building self-service internal developer platforms, Crossplane's composition and claim patterns are unmatched. The question is no longer whether Crossplane is viable — it's whether you can afford to ignore a tool already adopted by a majority of enterprises planning infrastructure modernization.
Comments