Helm + Crossplane on Azure
A decision-driven guide for provisioning Azure infrastructure using Helm charts that render Crossplane Managed Resources from the provider-family-azure ecosystem.
This is not a generic tutorial. It captures one coherent model — with the reasoning, trade-offs, and real CRDs — so you can build on it or deliberately deviate from it.
What This Covers
| Section | What You Learn |
|---|---|
| Crossplane Concepts | How MRs, Compositions, XRDs, and Claims actually work — with diagrams |
| The Decision | Why we chose Helm + direct MRs over Compositions, and when to change that |
| Getting Started | Install Crossplane, providers, credentials, and deploy your first chart |
| Chart Reference | Every template in azure-base/ explained with the real provider CRD fields |
| Environment Strategy | How values-dev.yaml vs values-prod.yaml works, what changes between environments |
| When to Abstract | The exact checklist and steps for graduating from direct MRs to Compositions |
The One-Sentence Philosophy
Helm renders real Azure Managed Resources. Crossplane reconciles them. No Compositions until you've proven you need them.
Azure Resources Provisioned
The sample azure-base chart creates a complete landing zone:
Providers Used
| Sub-Provider | Version | API Group | Resources |
|---|---|---|---|
provider-family-azure | v2.3.0 | azure.upbound.io | ResourceGroup |
provider-azure-network | v2.3.0 | network.azure.upbound.io | VirtualNetwork, Subnet, SecurityGroup, SubnetNetworkSecurityGroupAssociation |
provider-azure-storage | v2.3.0 | storage.azure.upbound.io | Account, Container |
provider-azure-keyvault | v2.3.0 | keyvault.azure.upbound.io | Vault |
All from the Upbound Marketplace.
Quick Start
bash
# 1. Install Crossplane
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm install crossplane crossplane-stable/crossplane \
--namespace crossplane-system --create-namespace --wait
# 2. Install Azure providers
kubectl apply -f setup/providers.yaml
# 3. Configure credentials
kubectl apply -f setup/provider-config.yaml
# 4. Deploy dev environment
helm install azure-base-dev ./charts/azure-base \
-f ./charts/azure-base/values-dev.yaml
# 5. Watch resources provision
kubectl get managed -w