Skip to main content

Blogs

Flexible expansion of Kubernetes: Create your own resources with CRDs

Why standard Kubernetes is not always enough

Kubernetes is the leading platform for orchestrating containers. However, native resources such as pods, services and deployments do not cover all the requirements of complex IT infrastructures.

What if companies have special workflows or compliance requirements that cannot be directly mapped with the existing Kubernetes resources? Custom Resource Definitions (CRDs) offer the solution: they make it possible to expand Kubernetes with customised resources - without having to adapt the Kubernetes core.

 

What are Custom Resource Definitions (CRDs)?

CRDs make it possible to define your own Kubernetes resources that behave like native Kubernetes objects. These can then be managed with the usual Kubernetes tools (kubectl, API, Helm).

Important features of CRDs

Flexibility: companies can define individual resources for specific requirements
Integration: Custom resources are managed like standard resources in Kubernetes.
Automation: In combination with custom controllers, complex processes can be automated.

Example: An EasterEgg CRD

A simple YAML example of a custom resource definition (CRD):

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: eastereggs.kubeops.net
spec:
  group: kubeops.net
  versions:
    - name: v1
      served: true
      storage: true
  scope: Namespaced
  names:
    plural: eastereggs
    singular: easteregg
    kind: EasterEgg
    shortNames:
      - ee

As soon as this CRD is registered, Kubernetes users can create their own EasterEgg resources:

apiVersion: kubeops.net/v1
kind: EasterEgg
metadata:
  name: example-easteregg
spec:
  message: "Hello, this is an Easter Egg!"

This principle can be applied to applications of any complexity - from individual security policies to the automated management of workloads.

 

What are CRDs used for?

CRDs open up numerous use cases, especially in regulated and safety-critical environments.

1. Automation with Kubernetes Operators

CRDs form the basis for operators that manage complex applications in Kubernetes. Examples:

  • Automated management of databases (PostgreSQL Operator)
  • Lifecycle management for machine learning models
  • Control of backup and recovery processes

 

2. Security and compliance enhancements

Companies can extend Kubernetes with CRDs so that it automatically enforces security and compliance requirements. Examples:

  • Defining network and access controls as Kubernetes resources
  • Automated security policies for sensitive applications
  • Auditing mechanisms to fulfil NIS2 or ISO 27001 requirements


3. Mapping industry and business logic

CRDs are particularly valuable for companies with specialised requirements:

  • Financial sector: ‘Transaction’ as a customised Kubernetes resource
  • Healthcare: ‘PatientRecord’ for medical data management
  • Industry: ‘DeviceConfiguration’ for IoT systems

 

Best practices for CRDs

The following best practices should be followed to ensure that CRDs are used securely and efficiently:

✔ Validation with OpenAPI schema

  • Check the data structure to avoid incorrect entries.
  • Prevents inconsistent or incomplete configurations.

✔ Versioning & backwards compatibility

  • CRDs should support multiple versions (v1, v2 etc.).
  • Older versions should only be phased out after a transition period.

✔ RBAC & security guidelines

  • Role separation: Who is authorised to create, change or delete CRDs?
  • Limit visibility via namespaces.

✔ Monitoring & logging

  • Proactive monitoring of custom resources for error analysis and optimisation.
  • Logs & metrics for performance checks.

✔ Subresources for better API interaction

  • /status: Separates status information from configuration data.
  • /scale: Enables the scaling of custom resources via Kubernetes mechanisms.

 

Conclusion: Extending Kubernetes individually - without vendor lock-in

Custom Resource Definitions offer companies the opportunity to adapt Kubernetes to specific requirements without having to rely on external tools. CRDs are an important tool for mapping automation, security and compliance directly in Kubernetes, especially for regulated industries and security-critical environments such as KRITIS, public authorities and financial services.

 

Read our latest Blogpost

Recognising and solving challenges in multi-cloud management

Multi-cloud with Kubernetes: Stay flexible without failing due to complexity. Find out how you can combine security, cost control and efficiency!
read now