|
| 1 | +--- |
| 2 | +title: Disabling Unused Managed Resources |
| 3 | +weight: 85 |
| 4 | +state: alpha |
| 5 | +alphaVersion: 2.0 |
| 6 | +description: Reduce CRD overhead by disabling unused managed resources |
| 7 | +--- |
| 8 | + |
| 9 | +{{<hint "important">}} |
| 10 | +This guide uses [managed resource definitions]({{<ref "../managed-resources/managed-resource-definitions">}}) and [managed resource activation policies]({{<ref "../managed-resources/managed-resource-activation-policies">}}), which are enabled by default in Crossplane v2.0+. To disable this behavior, set `--enable-custom-to-managed-resource-conversion=false` when installing Crossplane. |
| 11 | +{{</hint>}} |
| 12 | + |
| 13 | +Large Crossplane providers can install 100+ managed resource CRDs, consuming significant cluster resources even when you only need a few resource types. This guide shows how to use [ManagedResourceDefinitions]({{<ref "../managed-resources/managed-resource-definitions">}}) and [ManagedResourceActivationPolicies]({{<ref "../managed-resources/managed-resource-activation-policies">}}) to install only the provider resources you actually need. |
| 14 | + |
| 15 | +## Before you begin |
| 16 | + |
| 17 | +This guide requires: |
| 18 | + |
| 19 | +- Crossplane v2.0+ installed in your cluster |
| 20 | +- A provider with `safe-start` capability (we'll use `provider-aws-ec2:v2.0.0`) |
| 21 | +- Basic familiarity with Kubernetes and Crossplane concepts |
| 22 | + |
| 23 | +{{<hint "important">}} |
| 24 | +ManagedResourceDefinitions and ManagedResourceActivationPolicies are alpha features in Crossplane v2.0+. |
| 25 | +{{</hint>}} |
| 26 | + |
| 27 | +## The problem: Resource overhead |
| 28 | + |
| 29 | +Installing a large cloud provider in Crossplane creates hundreds of CRDs: |
| 30 | + |
| 31 | +```shell |
| 32 | +# Before selective activation - provider-aws-ec2 installs ~200 CRDs |
| 33 | +kubectl get crds | grep aws.crossplane.io | wc -l |
| 34 | +# Output: 200 |
| 35 | + |
| 36 | +# Each CRD consumes ~3 MiB of API server memory |
| 37 | +# 200 CRDs × 3 MiB = 600 MiB of memory usage |
| 38 | +``` |
| 39 | + |
| 40 | +Most users only need a small subset of these resources. Selective activation lets you install just what you need. |
| 41 | + |
| 42 | +## Step 1: Disable automatic activation |
| 43 | + |
| 44 | +By default, the Crossplane Helm chart creates an activation policy that enables all provider resources. To use selective activation, disable this default behavior. |
| 45 | + |
| 46 | +### Option A: Helm installation |
| 47 | + |
| 48 | +```shell |
| 49 | +helm install crossplane crossplane-stable/crossplane \ |
| 50 | + --namespace crossplane-system \ |
| 51 | + --create-namespace \ |
| 52 | + --set provider.defaultActivations={} |
| 53 | +``` |
| 54 | + |
| 55 | +### Option B: Existing installation |
| 56 | + |
| 57 | +Delete the default activation policy: |
| 58 | + |
| 59 | +```shell |
| 60 | +kubectl delete managedresourceactivationpolicy default |
| 61 | +``` |
| 62 | + |
| 63 | +## Step 2: Install your provider |
| 64 | + |
| 65 | +Install your provider as normal. Crossplane will automatically convert the provider's CRDs to ManagedResourceDefinitions: |
| 66 | + |
| 67 | +```yaml |
| 68 | +apiVersion: pkg.crossplane.io/v1 |
| 69 | +kind: Provider |
| 70 | +metadata: |
| 71 | + name: provider-aws-ec2 |
| 72 | +spec: |
| 73 | + package: xpkg.crossplane.io/provider-aws-ec2:v2.0.0 |
| 74 | +``` |
| 75 | +
|
| 76 | +Save this as `provider.yaml` and apply it: |
| 77 | + |
| 78 | +```shell |
| 79 | +kubectl apply -f provider.yaml |
| 80 | +
|
| 81 | +# Wait for provider to be ready |
| 82 | +kubectl wait --for condition=Healthy provider/provider-aws-ec2 --timeout=5m |
| 83 | +``` |
| 84 | + |
| 85 | +## Step 3: Verify MRDs are created |
| 86 | + |
| 87 | +After the provider installs, check that ManagedResourceDefinitions were created in inactive state: |
| 88 | + |
| 89 | +```shell |
| 90 | +# List ManagedResourceDefinitions |
| 91 | +kubectl get managedresourcedefinitions |
| 92 | +
|
| 93 | +# Check their states (should be "Inactive") |
| 94 | +kubectl get mrds -o jsonpath='{.items[*].spec.state}' | tr ' ' '\n' | sort | uniq -c |
| 95 | +# 200 Inactive |
| 96 | +``` |
| 97 | + |
| 98 | +Notice that no CRDs were created yet: |
| 99 | + |
| 100 | +```shell |
| 101 | +kubectl get crds | grep ec2.aws.crossplane.io |
| 102 | +# No output - CRDs don't exist until MRDs are activated |
| 103 | +``` |
| 104 | + |
| 105 | +## Step 4: Create an activation policy |
| 106 | + |
| 107 | +Create a ManagedResourceActivationPolicy to selectively activate only the resources you need: |
| 108 | + |
| 109 | +```yaml |
| 110 | +apiVersion: apiextensions.crossplane.io/v1alpha1 |
| 111 | +kind: ManagedResourceActivationPolicy |
| 112 | +metadata: |
| 113 | + name: my-app-resources |
| 114 | +spec: |
| 115 | + activate: |
| 116 | + - instances.ec2.aws.crossplane.io # EC2 instances for compute |
| 117 | + - securitygroups.ec2.aws.crossplane.io # Security groups for networking |
| 118 | + - vpcs.ec2.aws.crossplane.io # VPCs for isolation |
| 119 | +``` |
| 120 | + |
| 121 | +Save this as `activation-policy.yaml` and apply it: |
| 122 | + |
| 123 | +```shell |
| 124 | +kubectl apply -f activation-policy.yaml |
| 125 | +``` |
| 126 | + |
| 127 | +## Step 5: Verify selective activation |
| 128 | + |
| 129 | +Check that only the specified resources were activated: |
| 130 | + |
| 131 | +```shell |
| 132 | +# Check MRD states - only some should be Active now |
| 133 | +kubectl get mrds -o jsonpath='{range .items[*]}{.metadata.name}: {.spec.state}{"\n"}{end}' | grep Active |
| 134 | +# instances.ec2.aws.crossplane.io: Active |
| 135 | +# securitygroups.ec2.aws.crossplane.io: Active |
| 136 | +# vpcs.ec2.aws.crossplane.io: Active |
| 137 | +
|
| 138 | +# Verify corresponding CRDs were created |
| 139 | +kubectl get crds | grep ec2.aws.crossplane.io |
| 140 | +# instances.ec2.aws.crossplane.io |
| 141 | +# securitygroups.ec2.aws.crossplane.io |
| 142 | +# vpcs.ec2.aws.crossplane.io |
| 143 | +
|
| 144 | +# Count CRDs from EC2 provider - should match activated MRDs |
| 145 | +kubectl get crds | grep ec2.aws.crossplane.io | wc -l |
| 146 | +# 3 (only the activated resources) |
| 147 | +``` |
| 148 | + |
| 149 | +## Step 6: Measure the impact |
| 150 | + |
| 151 | +Check the significant reduction in resource overhead: |
| 152 | + |
| 153 | +```shell |
| 154 | +# Count CRDs from EC2 provider - should be much lower than 200 |
| 155 | +kubectl get crds | grep aws.crossplane.io | wc -l |
| 156 | +# 3 CRDs (99% reduction from 200) |
| 157 | +
|
| 158 | +# Calculate memory savings |
| 159 | +echo "197 CRDs saved × 3 MiB = 591 MiB saved (99% reduction)" |
| 160 | +
|
| 161 | +# Verify inactive MRDs still exist but consume minimal resources |
| 162 | +kubectl get mrds -o jsonpath='{.items[?(@.spec.state=="Inactive")]..metadata.name}' | wc -w |
| 163 | +# 197 inactive MRDs (~20 MiB total overhead vs 600 MiB for active CRDs) |
| 164 | +
|
| 165 | +# Check total MRDs (active + inactive) |
| 166 | +kubectl get mrds | wc -l |
| 167 | +# 200 total MRDs (3 active, 197 inactive) |
| 168 | +``` |
| 169 | + |
| 170 | +The selective activation provides massive resource savings while maintaining full functionality for the resources you actually use. |
| 171 | + |
| 172 | +## Next steps |
| 173 | + |
| 174 | +- Learn more about [ManagedResourceDefinitions]({{<ref "../managed-resources/managed-resource-definitions">}}) for detailed concepts and troubleshooting |
| 175 | +- Explore [ManagedResourceActivationPolicies]({{<ref "../managed-resources/managed-resource-activation-policies">}}) for advanced activation strategies and best practices |
| 176 | +- Check the [API reference]({{<ref "../api">}}) for complete schema documentation |
0 commit comments