HACKER Q&A
📣 raffraffraff

Have you switched from Terraform to Crossplane?


I've seen how nasty a Terraform codebase can get at scale if you don't write good data-driven code. Module sprawl, state sprawl, drift. Even though I have found a nice data-driven approach that gets around many of it's problems, the Terraform DSL still has a few surprising "oofs" that get in my way (I'm talking specifically about features that don't work with `for_each`, like passing provider configs to modules, or lack of resource level dependency detection which throws dependency cycle errors where there are no cycles). Worse, some of these core terraform issues don't seem to get much attention, and the project maintainers have occasionally hinted that they don't have many development resources. All that said, I like Terraform. I'm just being honest about the gnarly side of using it at scale.

I like the idea of Crossplane (a reconciliation loop that keeps state correct, handling dependencies through retries). It's not gitops, but could be if you add ArgoCD or FluxCD. But doesn't Terraform + Atlantis give you somewhat the same. Why switch?

I have no idea what problems I will encounter at the same scale that I've been using Terraform. The demos and examples I've seen are simple day one problems that only show is benefits.

So: Have you gone all-in on Crossplane, built lots of configurations and composite resources etc? If so, what are it's real world issues?

  👤 aynawn Accepted Answer ✓
I've evaluated crossplane and one of the biggest drawbacks is not being able to properly diff your expected changes with your actual state. Basically there is no way to run a plan of your change. It's essentially a diff in a github pr, then you merge, sync with argocd, and hope your crossplane apply won't fail.

I prefer the terraform method where you are declarative, run plan and then apply. Ive worked with env0, terrafo cloud, spacelift, and atlantis. Ive worked with crossplane and argocd. So far my favorite has been to use terraform with a cicd solution.

Crossplane is too bleeding edge and will need some time for maturity. I do see crossplane or something similar once the edges have been fully polished.

👤 distcs
Glad to see I am not the only one who feels this way. The DSL is poorly designed to say the least. I don't understand why a whole new badly designed language has to be invented for tasks like this when the same thing could have been achieved using established languages that can also support declarative style programming.

But switching to anything else is going to be hard at this point because so much of the infra is already written with that poor DSL.

Nobody would approve spending the person-hours to be spent on migrating a working but complex infrastructure to a new codebase at this point.