Crossplane + AWS Overview for Managing Infrastructure as Code (IaC) with Kubernetes
Javier Sepúlveda
Posted on July 26, 2024
Crossplane is an open source platform for managing Infrastructure as Code (IaC) using the Kubernetes API. It allows you to define and manage infrastructure resources (such as databases, networks, storage, etc.) declaratively.
Crossplane is mainly based on Custom Resource Definitions (CRD) or custom controllers that allow us to deploy resources in the cloud provider. Crossplane has other important components such as:
- Providers
- Managed Resources
- Composite Resources
Providers
Providers are the way to authenticate, make API calls and provide MR drivers with the cloud provider, in this case, AWS. Currently, there are two providers available for use with Crossplane:
provider-aws has less crds, and this provider has more crds provider-upjet-aws
The RDS Provider installs a second Provider, the upbound-provider-family-aws.
The family provider manages authentication to AWS across all AWS family Providers.
It is also necessary to create a ControllerConfig, mainly used for credentials (in the case of EKS, a service account):
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
name: runtime-config
spec:
serviceAccountTemplate:
metadata:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789111:role/crossplane-role-controller
This is an example Provider for deploy RDS
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-aws-rds
spec:
package: xpkg.upbound.io/upbound/provider-aws-rds:v1.9.1
runtimeConfigRef:
name: runtime-config
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: provider-config
spec:
credentials:
source: IRSA
- Create a DeploymentRuntimeConfig to associate the IAM role ARN.
- Apply the DeploymentRuntimeConfig to the Provider.
- Instruct the ProviderConfig to use IRSA credentials.
When your provider is installed, you can see the new CRDS
Managed Resources (MR).
A managed resource (MR) connects a CRD to a controller that deploys the resource. For example, an RDS instance in AWS is an MR, represented in a YAML file that defines an RDS instance.
apiVersion: rds.aws.upbound.io/v1beta2
kind: Instance
metadata:
annotations:
meta.upbound.io/example-id: rds/v1beta1/instance
uptest.upbound.io/timeout: "3600"
labels:
testing.upbound.io/example-name: example-dbinstance
name: example-dbinstance
spec:
forProvider:
allocatedStorage: 20
autoGeneratePassword: true
autoMinorVersionUpgrade: true
backupRetentionPeriod: 14
backupWindow: 09:46-10:16
dbName: example
engine: postgres
engineVersion: "16.1"
instanceClass: db.t3.micro
maintenanceWindow: Mon:00:00-Mon:03:00
passwordSecretRef:
key: password
name: example-dbinstance
namespace: crossplane-system
publiclyAccessible: false
region: us-east-1
skipFinalSnapshot: true
storageEncrypted: true
storageType: gp2
username: adminuser
providerConfigRef:
name: providerconfig
Crossplane has the ability to revert any changes to the resource that are not contemplated in the YAML file, using this file as the only source of truth.
In this point you can create a resource, in this case an RDS instance with default values.
Composite resources (XR)
Composite resources allow complex resources to be created and managed. This abstracts the complexity of creating multiple resources and encapsulates the logic and configuration of various infrastructure resources.
There are two types: composite resources (XR) and composite resource claims (XRC), which facilitate infrastructure management in a declarative and reusable manner.
XRs are used in the CompositeResourceDefinition type and their main purpose is to combine related managed resources into a single stack and build reusable infrastructure template APIs.
The following are the critical components in an XR:
Composite Resource Definition (XRD)
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: compositerdsinstances.database.example.org
spec:
group: database.example.org
names:
kind: CompositeRDSInstance
plural: compositerdsinstances
claimNames:
kind: RDSInstance
plural: rdsinstances
versions:
- name: v1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
storageGB:
type: integer
version:
type: string
Composition
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: compositerdsinstances.aws.database.example.org
spec:
compositeTypeRef:
apiVersion: database.example.org/v1alpha1
kind: CompositeRDSInstance
resources:
- base:
apiVersion: rds.aws.crossplane.io/v1beta1
kind: DBInstance
spec:
forProvider:
dbInstanceClass: db.t3.micro
allocatedStorage: 20
engine: postgres
engineVersion: "13"
masterUsername: admin
patches:
- fromFieldPath: "spec.parameters.storageGB"
toFieldPath: "spec.forProvider.allocatedStorage"
- fromFieldPath: "spec.parameters.version"
toFieldPath: "spec.forProvider.engineVersion"
• Claim (XRCs)
XRCs allow users to request XR instances easily and consistently.
apiVersion: database.example.org/v1alpha1
kind: RDSInstance
metadata:
name: my-rds-claim
spec:
parameters:
storageGB: 20
version: "13"
Conclusion: This is a short overview of important resources used in crossplane to start a deployment of new resources of a manner declarative, in the next post we make a demo deploy resources in the console.
Thanks for reading this post, let me know if you have any question or comment.
Posted on July 26, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.