Spaces

Upbound Spaces are hosting environments for Upbound’s managed Crossplane control planes. A single Upbound Space is capable of hosting more than 50 fully isolated instances of Crossplane.

Upbound Spaces can be self-hosted and self-managed entirely in your own environment or Upbound-managed in Upbound’s SaaS environment. To self-host a Space, users install the Space software in a Kubernetes cluster. Popular managed Kubernetes services including Amazon EKS, Google GKE, and Microsoft AKS are fully supported.

Spaces and Upbound

When self-hosted, an Upbound Space is a fully operational slice of the Upbound platform in your own environment. Whether that’s a hyper scale cloud provider or on-prem, self-hosted Spaces supplements Upbound’s SaaS service by enabling a new deployment option. Now you can have control planes that run in your preferred hosting environment and Upbound’s own SaaS.

Managed control planes can run anywhere, thanks to Spaces

Spaces use cases

Spaces lets you focus on building resource abstractions with Crossplane rather than worrying about the underlying machinery which power them. Spaces simplifies creating, monitoring, and managing your Crossplane infrastructure. Today, users deploy Spaces for a wide array of use cases across several industries, such as financial services, automotive, or healthcare.

System requirements

To self-host a Space, you must deploy the software into a Kubernetes cluster. Upbound validates the Spaces software runs on AWS EKS, Google Cloud GKE, and Microsoft AKS. For dev/test scenarios, you can run a Space on a local Kubernetes cluster such as kind.

Minimum requirements

The minimum host Kubernetes cluster configuration Upbound recommends is a 2 worker node setup. By default, Upbound recommends one node for operating the Spaces management pods, leaving the remaining worker nodes to host your control planes.

The minimum recommended node pool VM configuration for each cloud provider is:

Cloud ProviderVM configurationCoresMemory
AWSm5.large28
AzureStandard_D2_v328
GCPe2-standard-228

As mentioned in the preceding section, Upbound recommends designating a node to run the Spaces management pods. How large you size your node pool depends on these factors:

  • The number of control planes you plan to run in the Space.
  • The number of managed resources you plan each control plane to reconcile.
  • The Crossplane providers you plan to install in each control plane.

Read the deployment guide for comprehensive guidance for rightsizing your Space clusters.

Upbound requirements

You must have an Upbound account. Spaces is a feature only available for paying customers in the Business Critical tier of Upbound.

Spaces management

Create a Space

To install an Upbound Space into a cluster, it’s recommended you dedicate an entire Kubernetes cluster for the Space. You can use up space init to install an Upbound Space. Below is an example:

up space init "v1.2.1"
Tip
For a full guide to get started with Spaces, read one of the quickstart guides:

You can also install the helm chart for Spaces directly. In order for a Spaces install to succeed, you must install some prerequisites first and configure them. This includes:

  • UXP
  • provider-helm and provider-kubernetes
  • cert-manager

Furthermore, the Spaces chart requires a pull secret, which Upbound must provide to you.

helm -n upbound-system upgrade --install spaces \
  oci://us-west1-docker.pkg.dev/orchestration-build/upbound-environments/spaces \
  --version "v1.0.1" \
  --set "ingress.host=your-host.com" \
  --set "clusterType=eks" \
  --set "account=your-upbound-account" \
  --wait

For a complete tutorial of the helm install, read one of the quickstarts which covers the step-by-step process.

Upgrade a Space

To upgrade a Space from one version to the next, use up space upgrade. Spaces supports upgrading from version ver x.N.* to version ver x.N+1.*.

up space upgrade "v1.2.1"

Downgrade a Space

To rollback a Space from one version to the previous, use up space upgrade. Spaces supports downgrading from version ver x.N.* to version ver x.N-1.*.

up space upgrade --rollback

Uninstall a Space

To uninstall a Space from a Kubernetes cluster, use up space destroy. A destroy operation uninstalls core components and orphans control planes and their associated resources.

up space destroy

Control plane management

You can manage control planes in a Space via the up CLI or the Spaces-local Kubernetes API. When you install a Space, it defines new a API type, kind: Controlplane, that you can use to create and manage control planes in the Space.

Create a managed control plane

To create a managed control plane in a Space using up, run the following:

up ctp create ctp1

You can also declare a new managed control plane like the example below and apply it to your Spaces cluster:

apiVersion: spaces.upbound.io/v1beta1
kind: ControlPlane
metadata:
  name: ctp1
spec:
  writeConnectionSecretToRef:
    name: kubeconfig-ctp1
    namespace: default

This manifest:

  • Creates a new managed control plane in the space called ctp1.
  • Publishes the kubeconfig to connect to the control plane to a secret in the Spaces cluster, called kubeconfig-ctp1

Connect to a managed control plane

To connect to a managed control plane in a Space using up, run the following:

up ctp connect new-control-plane

The command changes your kubeconfig’s current context to the managed control plane you specify. If you want to change your kubeconfig back to a previous context, run:

up ctp disconnect

If you configured your managed control plane to publish connection details, you can also access it this way. Once the control plane is ready, use the secret (containing connection details) to connect to the API server of your managed control plane.

kubectl get secret <control-plane-connection-secret-name> -n default -o jsonpath='{.data.kubeconfig}' | base64 -d > /tmp/<ctp-name>.yaml

Reference the kubeconfig whenever you want to interact directly with the API server of the control plane (vs the Space’s API server):

kubectl get providers --kubeconfig=/tmp/<ctp-name>.yaml

Configure a managed control plane

Spaces offers a built-in feature that allows you to connect a control plane to a Git source. This experience is like when a managed control plane runs in Upbound’s SaaS environment. Upbound recommends using the built-in Git integration to drive configuration of your control planes in a Space.

Learn more in the Spaces Git integration documentation.

List managed control planes

To list all managed control planes in a Space using up, run the following:

up ctp list

Or you can use Kubernetes-style semantics to list the control plane:

kubectl get controlplanes

Delete a managed control plane

To delete a managed control plane in a Space using up, run the following:

up ctp delete ctp1

Or you can use Kubernetes-style semantics to delete the control plane:

kubectl delete controlplane ctp1

Next steps

Get started with Spaces in your own environment by visiting the quickstart: