Are Providers with Namespaced Resource Support Compatible with Crossplane v1?

Target Audience:

Users evaluating whether to install a provider that includes namespaced managed resource support and/or the SafeStart capability on a Crossplane v1.x control plane.

Summary

Yes. Providers that include namespaced managed resource support can be installed and used on Crossplane v1.x control planes.

Cluster-scoped managed resources continue to function as they did in previous provider generations. However, certain features that are specific to Crossplane v2 (such as namespaced managed resources, Managed Resource Activation Policy, and SafeStart) are not usable on v1. Additionally, the provider package will install extra CRDs that may not be used in a v1 environment. Further details and trade-offs are outlined below.

Background

Recent versions of Upbound / Crossplane providers introduce namespaced managed resource support (.m.upbound.io) without removing existing cluster-scoped resource support (.upbound.io).

This support has been introduced in different versions depending on the provider. For example:

• provider-upjet-gcp

• provider-upjet-aws

• provider-upjet-azure
  introduced this capability in their v2.x major versions.

Regardless of versioning, such providers typically include two API variants for each resource:

• <service>.<provider>.upbound.io — cluster-scoped (legacy API)

• <service>.<provider>.m.upbound.io — namespaced (introduced for Crossplane v2)

What Works on Crossplane v1.x

• Installation: Providers with namespaced support can be successfully installed on Crossplane v1.x control planes.

• Cluster-scoped managed resources: All cluster-scoped managed resources (*.<provider>.upbound.io) continue to reconcile as expected.
  Existing manifests, Compositions, and ProviderConfigs continue to work without modification.

• New resources: Newly introduced resources can still be used via their cluster-scoped variants.

What Does NOT Work on Crossplane v1.x

When running such providers on Crossplane v1.x, the following Crossplane v2-specific features are not available:

Practical Implications

1. CRD footprint increases
   Since both cluster-scoped and namespaced CRDs are installed, the total number of CRDs is roughly doubled compared to older provider versions.

   • For small providers, this is usually negligible

   • For large environments (e.g., AWS/GCP/Azure with multiple provider families), this may impact API server and etcd performance

2. No selective CRD activation
   Crossplane v2 introduces MRAP to mitigate CRD bloat by allowing selective activation of resources. This capability does not exist in v1.

3. Namespaced CRDs are inactive
   While installed, namespaced CRDs have no functional effect in a v1 control plane.
   They are generally harmless unless you have strict CRD count limits.

Important Notes When Upgrading from v1.x Providers

Provider release notes typically include the following section:

Backward Compatibility Notes and breaking changes
This provider can be installed in Crossplane v1.x environments:

• Both cluster-scoped and namespace-scoped CRDs will be installed; namespace-scoped CRDs cannot be composed in v1.x

• SafeStart will be disabled

• When upgrading from v1.x providers, review all breaking resource API changes noted above

In other words:

• The package itself is compatible with Crossplane v1.x

• However, individual resources may include breaking API changes

Before upgrading, always:

• Review release notes carefully

• Check for resource-level breaking changes

• Update your Compositions and managed resource manifests accordingly

• If possible, simulate an upgrade in a test environment

Related Resources

• Crossplane v2 — What’s New

• Upgrade to Crossplane v2

• Disabling unused managed resources (MRAP)

• Migrate Crossplane v1 Configurations to v2 — Upbound Docs