Managing AWS Valkey clusters (the open Redis fork) can be done declaratively with Crossplane, bringing the benefits of GitOps to DBAs and platform engineers. This guide walks through importing an existing Valkey cluster into Crossplane, configuring it with Kustomize, and deploying with Argo CD.
Step 1 — Import Existing Valkey Clusters into Crossplane
To bring an already-existing Valkey ElastiCache cluster under Crossplane management, you’ll need to use the crossplane.io/external-name
annotation. This ensures Crossplane matches the resource in AWS before switching from observe to manage.
apiVersion: elasticache.aws.upbound.io/v1beta2 kind: ReplicationGroup metadata: name: example-authz annotations: crossplane.io/external-name: "example-authz" spec: forProvider: region: us-east-1 engine: valkey engineVersion: "8.0" ...
Step 2 — Manage Valkey Clusters with Kustomize and Argo CD
We use Kustomize to organize Valkey cluster manifests, and Argo CD AppSets to automate deployments across EKS clusters:
kind: Kustomization apiVersion: kustomize.config.k8s.io/v1beta1 resources: - replicationgroup.yaml
Step 3 — Configure Crossplane Provider for AWS
The ProviderConfig
sets up Crossplane with the correct AWS IAM role (via IRSA). This role is scoped with permissions for ElastiCache only:
apiVersion: aws.upbound.io/v1beta1 kind: ProviderConfig metadata: name: org-l3-provider spec: assumeRoleChain: - roleARN: arn:aws:iam::123456789012:role/crossplane-deployer credentials: source: IRSA
Step 4 — Install Crossplane ElastiCache Provider
Finally, install the AWS ElastiCache provider to manage Valkey resources:
apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: provider-aws-elasticache-upbound spec: package: xpkg.crossplane.io/crossplane-contrib/provider-aws-elasticache:v1.23.0 revisionActivationPolicy: Automatic
Benefits of Using Crossplane for Valkey
- GitOps for DBAs: Manage Valkey clusters declaratively in Git.
- Compliance & Security: Start in observe mode, then enforce policies.
- Cost Efficiency: Run Valkey on ARM for reduced cost.
By using Crossplane to manage AWS Valkey clusters, DBAs gain consistency, compliance, and a GitOps workflow that reduces manual management overhead.
Next up: Using Kyverno to enforce compliance across all Valkey clusters, including engine versions, encryption, tagging, and maintenance windows.