Crossplane Integration
Monitor managed resource health, composite resource status, and provider reconciliation for Crossplane. Full observability for your control plane infrastructure pipelines.
How It Works
Enable Crossplane Prometheus Metrics
Crossplane core and each provider expose metrics at /metrics. TigerOps deploys ServiceMonitors for the crossplane pod and all installed provider pods, collecting reconciliation latency, sync time, and error rates.
Deploy TigerOps via Helm
Install the TigerOps Helm chart with Crossplane enrichment enabled. TigerOps reads Managed Resource, Composite Resource, and Claim CRDs to enrich raw metrics with resource name, type, and composition context.
Configure Resource Health Tracking
TigerOps continuously watches MR synced/ready conditions across all providers. Set up health dashboards per provider (AWS, GCP, Azure) and per Composition to identify which infrastructure pipelines are in a degraded state.
Set Drift & Reconciliation Alerts
Define alert thresholds for unsynced managed resources, stalled reconciliation loops, and provider pod restarts. TigerOps groups related MR failures by Composition to identify systematic pipeline failures.
What You Get Out of the Box
Managed Resource Health Dashboard
Track synced and ready condition status for every Managed Resource across all providers. Identify resources stuck in a Not Ready or Sync Failed state and link them to provider error logs for rapid diagnosis.
Composite Resource & Claim Status
Monitor XR and XRC ready/synced conditions, composite resource pipeline health, and claim binding latency. Alert when a Composition fails to produce a ready composite resource within the expected time.
Provider Reconciliation Latency
Track per-provider reconciliation queue depth, processing rate, and latency percentiles. Identify providers with growing reconciliation backlogs that indicate resource drift or cloud provider API throttling.
Provider Pod & Controller Health
Monitor provider pod restart counts, controller runtime reconciliation errors, webhook call latency, and leader election status. Alert when provider pods are crash-looping before managed resources begin to drift.
Resource Drift Detection
TigerOps tracks the time since each managed resource was last successfully synced. Resources that exceed the expected reconciliation period are flagged as potentially drifted, with trend graphs showing drift duration.
AI-Powered Infrastructure Pipeline Analysis
When multiple managed resources fail across a Composition, TigerOps AI identifies the shared root cause — provider API outage, quota exhaustion, or policy violation — and surfaces the affected Compositions in priority order.
TigerOps Helm Values for Crossplane
Configure provider health tracking, reconciliation alerts, and composite resource status monitoring.
# TigerOps Helm values for Crossplane integration
# helm repo add tigerops https://charts.atatus.net
# helm install tigerops tigerops/tigerops -f values.yaml
global:
apiKey: "${TIGEROPS_API_KEY}"
remoteWriteEndpoint: https://ingest.atatus.net/api/v1/write
crossplane:
enabled: true
namespace: crossplane-system
# Scrape Crossplane core controller metrics
core:
metricsPort: 8080
scrapeInterval: 15s
# Auto-discover and scrape all installed provider pods
providers:
autoDiscover: true
# Or explicitly list providers:
# list:
# - upbound-provider-aws
# - upbound-provider-gcp
# - crossplane-contrib-provider-helm
# CRD enrichment for MR, XR, Claim metrics
crdEnrichment:
enabled: true
trackCompositions: true
trackProviderConfigs: true
# Managed Resource health tracking
managedResources:
# Alert when MR is not ready beyond historical P95 provisioning time
stuckDetectionMultiplier: 2.0
# Alert on drift (unsynced longer than)
driftAlertMinutes: 15
# Composite resource pipeline health
compositeResources:
enabled: true
trackFunctions: true # Composition Functions (XFN)
alerts:
mrNotReadyCount: 1
reconciliationErrorRatePerMin: 5
providerRestarts: 2Common Questions
Which Crossplane providers does TigerOps support for managed resource monitoring?
TigerOps monitors any Crossplane provider that exposes standard controller-runtime Prometheus metrics. This includes provider-aws, provider-gcp, provider-azure, provider-kubernetes, provider-helm, and all community providers. Provider-specific metric enrichment is available for the major cloud providers.
How does TigerOps distinguish between a managed resource that is provisioning versus genuinely stuck?
TigerOps tracks the duration each managed resource has spent in a Not Ready state and compares it against the historical provisioning time for that resource type. Resources exceeding 2x the historical P95 provisioning time are flagged as potentially stuck and trigger a warning alert.
Can TigerOps monitor Crossplane Function (Composition Functions / XFN) pipelines?
Yes. TigerOps collects controller-runtime metrics from Composition Function runner pods and tracks function reconciliation latency, error rates, and gRPC call success rates between the Crossplane core and function containers in the pipeline.
How does TigerOps handle managed resources across multiple cloud accounts or projects?
Crossplane ProviderConfig objects define cloud account credentials. TigerOps enriches managed resource metrics with the ProviderConfig name, enabling per-account resource health dashboards and per-account quota monitoring across all Crossplane-managed infrastructure.
Does TigerOps integrate with Crossplane usage policies and deletion protection?
TigerOps monitors Usage resource conditions and alerts when a protected managed resource is in a deletion-blocked state unexpectedly. It also tracks EnvironmentConfig reference resolution failures that can block composite resource readiness.
Know the Health of Every Managed Resource Before Your Teams Do
Provider reconciliation health, drift detection, and composition pipeline status — AI-correlated and actionable from the moment something goes wrong.