Skip to main content
Version: v2.0.4

Crossplane Troubleshooting

The Enterprise product uses Crossplane to orchestrate cloud infrastructure. If you wish to familiarize yourself with Crossplane in general, the official documentation is a great starting point.

The scenarios described require familiarity with Crossplane architecture and operations. The information here acts as a reference point for technical support. If you are a customer and are unsure about how to resolve a Crossplane-related problem, please reach out to us.

Scenario: Crossplane stops reconciling with a "cannot determine creation result" error

Symptoms

  • A managed cloud resource, such as an SQS queue or SNS topic, fails during creation. Crossplane stops reconciling its state.

  • The resource has a crossplane.io/external-create-pending annotation set.

  • Kubernetes records events of CannotInitializeManagedResource type with a "cannot determine creation result - remove the crossplane.io/external-create-pending annotation if it is safe to proceed" message.

Tip: To check your cluster for CannotInitializeManagedResource events, run the following command:

kubectl get events -A \
  --field-selector type=Warning,reason=CannotInitializeManagedResource \
  --sort-by=.lastTimestamp

Cause

The failure happens only during provisioning of cloud resources. In the context of the Enterprise product, this happens during periodic updates and fresh installations.

This behavior occurs during transient control plane failures (Kubernetes API server failures) or Crossplane provider restarts and reschedules during bulk provisioning. The mechanism is intentional and aims to prevent unwanted outcomes, such as duplicate or untracked cloud resources.

Remediation

The CannotInitializeManagedResource events are an explicit call for human intervention. Crossplane pauses the reconciliation loops and asks for a human to step in. To resolve the problem, look at the marked cloud resource and check whether it exists in the cloud provider. If the resource exists, and looks to be correctly configured, remove the crossplane.io/external-create-pending annotation. Once the annotation is removed, Crossplane will resume reconciliation.

If the resource doesn't exist, clean up any untracked resources that may have been partially created or orphaned during the provisioning attempt, and then safely remove the crossplane.io/external-create-pending annotation. Crossplane will retry provisioning the resource from scratch.

When to Contact Support

Crossplane's reconciliation logic can be hard to understand and requires nuanced actions.

If you are new to Crossplane or unsure about any of the steps above, stop and reach out to AlphaSense Technical Support before proceeding.

Our support team can help you verify the resource state in your cloud account and guide you through a safe cleanup.