How to Manage AWS Valkey Clusters with Crossplane and GitOps

Posted on August 30, 2025 by


How to Manage AWS Valkey Clusters with Crossplane and GitOps

Managing AWS Valkey clusters (the open Redis fork) can be done declaratively with Crossplane, bringing the benefits of GitOps to DBAs and platform engineers. This guide walks through importing an existing Valkey cluster into Crossplane, configuring it with Kustomize, and deploying with Argo CD.

Step 1 — Import Existing Valkey Clusters into Crossplane

To bring an already-existing Valkey ElastiCache cluster under Crossplane management, you’ll need to use the crossplane.io/external-name annotation. This ensures Crossplane matches the resource in AWS before switching from observe to manage.

apiVersion: elasticache.aws.upbound.io/v1beta2
kind: ReplicationGroup
metadata:
  name: example-authz
  annotations:
    crossplane.io/external-name: "example-authz"
spec:
  forProvider:
    region: us-east-1
    engine: valkey
    engineVersion: "8.0"
    ...

Step 2 — Manage Valkey Clusters with Kustomize and Argo CD

We use Kustomize to organize Valkey cluster manifests, and Argo CD AppSets to automate deployments across EKS clusters:

kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
resources:
  - replicationgroup.yaml

Step 3 — Configure Crossplane Provider for AWS

The ProviderConfig sets up Crossplane with the correct AWS IAM role (via IRSA). This role is scoped with permissions for ElastiCache only:

apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: org-l3-provider
spec:
  assumeRoleChain:
    - roleARN: arn:aws:iam::123456789012:role/crossplane-deployer
  credentials:
    source: IRSA

Step 4 — Install Crossplane ElastiCache Provider

Finally, install the AWS ElastiCache provider to manage Valkey resources:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-aws-elasticache-upbound
spec:
  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-elasticache:v1.23.0
  revisionActivationPolicy: Automatic

Benefits of Using Crossplane for Valkey

  • GitOps for DBAs: Manage Valkey clusters declaratively in Git.
  • Compliance & Security: Start in observe mode, then enforce policies.
  • Cost Efficiency: Run Valkey on ARM for reduced cost.

By using Crossplane to manage AWS Valkey clusters, DBAs gain consistency, compliance, and a GitOps workflow that reduces manual management overhead.

Next up: Using Kyverno to enforce compliance across all Valkey clusters, including engine versions, encryption, tagging, and maintenance windows.

Posted in Amazon Web Services, Code Solutions, kubernetes | No Comments »
Tagged: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *