Automating Infrastructure with Crossplane

Crossplane Architecture

Four key components of Crossplane:

• Managed resources

• Providers

• Composite resources

• The Crossplane core

Managed Resources (MR)

• MR connects a CRD and respective custom controller to represent a single external infrastructure resource

• MRs are in 1-to-1 mapping with infrastructure resources

• Example, CloudSQLInstance is an MR representing Google Cloud SQL

• 

Crossplane Resource Model (XRM)

• Is an open standard used when developing an MR

• XRM is an opinionated extension of the Kubernetes Resource Model (KRM)

• The best practise is to compose a higher-level API above an MR to consume

• MR example

• Late Initialization: Reconciliation control loop of Crossplane controllers will fill default values assigned by the infrastructure API for the features not provided in the configuration YAML.

Providers

• Providers are a group of related MRs packaged together as bundle

• Each cloud vendor, other infrastructure services or software tools such as Helm have a provider package

• Format of these packages is nothing, but a container image

• Installing of a provider can be done either with a configuration YAMl or using a Helm package

• If requires a ProviderConfig configuration

ProviderConfig

• Helps in setting up the infrastructure vendor credentials

Provider View

Composite Resources

• Composing is a way to build our custom infrastructure APIs above one or more MR APIs

• These APIs are called Composite Resources (XRs)

• Composition and Composite Resource Definition(XRD) are the configurations that we use to compose a higher-level XR API.

• Composition is the configuration that provides a mapping between the new CRD schema and the existing MRs

• One the new XR resource is available, we can start provisioning the infrastructure recipes using a Resource Claim object

• The Claim API is something that gets created when we add a new XR API, provided we have asked for it in the XRD configuration

• The Claim and XR APIs are almost the same with minor differences

A composite resource

• The composing layer is for platform teams to build such abstraction

Product and platform team interaction

Crossplane core

All the pieces of Crossplane

• CRD stands for Custom Resource Definition, a way to extend the Kubernetes API to support new resource types.

• CRs are the resources defined with the CRD. CR stands for Custom Resource.

• XRM stands for Crossplane Resource Model, an extension of the Kubernetes Resource Model. It is a set of rules set by Crossplane on how to build an XR or MR.

• MRs are nothing but Managed Resources, a combination of a CRD and custom controllers in a one-to-one mapping with external infrastructure resources.

• XRD stands for Composite Resource Definition, a definition for building a custom infrastructure API above Crossplane.

• XR stands for Composite Resource, which represents a custom infrastructure API built with Crossplane.

Installing Crossplane

Installing and configuring providers

Prerequisites:

• GCP account

• Installing gcloud cli - https://cloud.google.com/sdk/docs/install

• Creating project in GCP by name crossplane

• gcloud init

• Enable the required services

Next, will have to create service account and extract the credentials required to set up the GCP Crossplane provider

• Get the project ID:

• Create Service Account and enable the required roles on the SA

• Extract service account file

• Create Kubernetes Secret using the Service Account

Installing a Provider

• Let's install the GCP Crossplane provider.

• We have 2 options

  • From Upbound's Marketplace

  • From crossplane-contrib

• Will install GCP Provider with container image version alpha

Configuring Provider

• Next step is to set up provider configuration for authentication using the ProviderConfig Crossplane API.

• Credentials can be different for each provider, depending on the construct for authentication by infrastructure vendor.

• GCP, uses Service Account, in Azure its Service Principle, IAM in AWS etc.

Multiple Provider configuration

• Multiple ProviderConfig can be configured against a provider.

• Which is like having multiple credentials or cloud accounts to access the cloud platform and choosing the appropriate credentials based on the given context

• When provisioning MR or XR, we specify providerConfigRef to determine which ProviderConfig to use

• If providerConfigRef is not provided in Mr or XR, Crossplane refers to the ProviderConfig named default

Multiple Provider Configuration

Cleanup

Tip: