My first steps with Crossplane: Crossplane 101

In the first days of that, we have manually formed servers – each of the precious snowflakes, to be preserved and documented with love. But the size of the infrastructure has grown, and this approach cannot expand. The chef and dolls felt the idea of ​​infrastructure-cod: engineers will determine the condition of the device (machine) in text files, stored in GIT-and thus the name. The global node will read these files to create a record. After that, a local agent on each device examines the required situation at regular intervals and reconciles the current situation with the record.

The first generation of infrastructure-Kirz has managed the condition of the existing machines, but assume that the device was already present. I created the deportation to the cloud another problem: How can you create the device in the first place? Another IAC tool appeared in the shape of Terraform Hashicorp. TerraForm came in full descriptive language, which she calls the Terraform Language.

However, it does not provide a central record, and it needs to run an order to reconcile the required situation with the current situation. Terraform was a great success. When hashicorp moved away from an open source license, the community baptized and blinded it. Moreover, IBM recently acquired Hashicorp.

Terraform is not without a problem, though. Some feel that the descriptive composition language is specific. Pulumi offers infrastructure description in two existing programming languages, For exampleBethon, Java Skript, and Kotlene. Instead of repeating ten training lines with only one parameter, you can write jobs and rings.

The other issue was the absence of a central record and the automatic erosion. In the current technological scene, what is the tool that offers such features? Kubernetes! It makes sense to use kubernetes to address the border of Terraform; This is the Crossplane approach by upbound.

I am working on kubernetes these days. I recently wrote a series on how to design a complete test pipeline targeting Google Kubernetes. The second part mentions the creation of the Google Kubernetes engine in the context of GitHub. In this post, I want to evaluate Crossplane by creating such an example.

It seems strange to create a new collection of kubernetes, one needs the kubernetes group. I admit that my use issue is a bit strange, but I think if I can achieve this edge condition, I can achieve more nominal cases.

Crossplane 101

CROSSPLANE is similar to a engine, using the Kubernetes record and interests of resource management. Resources include almost anything: cloud resources, GitHub projects, institutions, or Terraform (!), Or software chimneys, such as Kafka and Keycloak, etc. Beam. Packages of two types:

• Settings Packs: The configuration package determines high -level abstraction on kubernetes objects. Perhaps you have noticed that publishing an application in Kubernetes follows the same style: Determine a Deployment (Or any other relevant object) and Service. In most cases, you prefer to provide one Application Migration for developers. CROSSPLANE allows you to create objects to create and deliver abstraction in configuration packages.

• Service providers: The provider is integrated with a third party system, whether it is the cloud provider or any other system. For example, Crossplane offers Google Cloud. Crossplane offers three categories of supplies:

  • Responsible, developer, supported by ascension

  • Partner, developed by a third party

  • Society, which society generally developed

  Service providers are offered to the main service providers, while the community has created a minor coupon, For exampleScaleway or OVH.

The first steps with Crossplane

The first step is to install Crossplane itself. I can use a simple Helm scheme with virtual composition. Follow the advice to install it in its designated space, crossplane-system.

helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane --create-namespace --namespace crossplane-system crossplane-stable/crossplane

You should see two pods working in crossplane-system Name space:

NAME                                       READY   STATUS    RESTARTS     AGE
crossplane-6f88554645-b2xng                1/1     Running   1 (1h ago)   1h
crossplane-rbac-manager-75bc66d6b7-8p2fh   1/1     Running   1 (1h ago)   1h

We are now ready to start real work. We target the Google Cloud platform, and therefore, we need to install the GCP provider. The market offers many available service providers. The first challenge is to determine the location that contains the abstraction we want to create. Because we want to create a file ClusterWe need a GCP-Container provider.

The block is the API Clusters chart. It creates the Google Kubernetes (GKE) engine collection.

– Curtain resources

We create Provider The object that indicates the supplier package:

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-gcp                                             #1
spec:
  package: xpkg.upbound.io/upbound/provider-gcp-container:v1     #2

1. Service providers at the group level.
2. Upbound requires a paid subscription for specific versions. Because I do not have a version, I can only use a major version, with all stability problems that come with it.

We can list the providers providers:

kubectl get providers

The result should look like the following:

NAME                          INSTALLED   HEALTHY   PACKAGE                                               AGE
provider-gcp                  True        True      xpkg.upbound.io/upbound/provider-gcp-container:v1     28m
upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v1.12.1   28m

At this stage, we can manage GKE counterparts with crossplane.

Google offers several ways to ratify. Here, I will use the direct JSON accreditation data associated with the service account. Get Json from Google’s cloud control unit, then import it in kubernetes:

kubectl create secret generic gcp-creds -n crossplane-system --from-file=creds=./gcp-credentials.json

In the CROSSPLANE model, a Provider The general object is related to one provider. On the other hand, a ProviderConfig Project related document, including its credentials.

apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: gcp-provider
spec:
  projectID: xplane-demo                                         #1
  credentials:
    source: Secret
    secretRef:                                                   #2
      namespace: crossplane-system
      name: gcp-creds
      key: credentials.json

1. The project ID that we want to manage resources.
2. Referring to the previously created secret contains the required accreditation data.

The last step consists of the creation of the group. I tried to set the same configuration as in the command line in the original post, but I must admit that I could not set every one option.

apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
  name: minimal-cluster
spec:
  forProvider:
    initialNodeCount: 1                                          #1
    location: europe-west9                                       #1
    nodeLocations: [ "europe-west9-a" ]                          #1
    network: projects/xplane-demo/global/networks/default        #1
    subnetwork: projects/xplane-demo/regions/europe-west9/subnetworks/default #1
    ipAllocationPolicy:
      - clusterIpv4CidrBlock: "/17"                              #1
    resourceLabels:
      provisioner: crossplane                                    #2
  providerConfigRef:
    name: gcp-provider                                           #3
  writeConnectionSecretToRef:                                    #4
    namespace: default
    name: kubeconfig

1. The same parameters as in the command line
2. Set the stickers to document who is the resource manager. Depending on your context, you can add more, For exampleand environment
3. name ProviderConfig We created above
4. He writes kubeconfig To call the GKE that was created

You can follow the creation of the GKE collection both on the Google cloud control unit kubectl.

kubectl get cluster

We can see here that the group is not yet ready:

NAME              SYNCED   READY   EXTERNAL-NAME     AGE
minimal-cluster   True     False   minimal-cluster   2m46s

We can use kubeconfig Secret That cross -made plane created with Cluster To contact the last. First, let’s get rid of Secret Value to file:

kubectl get secret kubeconfig -o jsonpath="{.data.kubeconfig}" | base64 --decode > kube.config

At this stage, we can use it to send requests to the facility recently Cluster:

kubectl --kubeconfig ./kube.config get pods

To delete an example GKE, it is sufficient to delete the locality Cluster. Kubernetes and Crossplane will take care of sending DELETE Request to Google Cloud.

kubectl delete cluster.container.gcp.upbound.io minimal-cluster

It is simultaneous: You will not get the return of the claim until the GKE is removed.

In this post, Crossplane was used to create a simple GKE collection. Using the record kubernetes and success behavior is a genius. Of course, CROSSPLANE is as good as the number of integration operations it provides. Currently, it can already manage all the main glazing tools, as well as two smaller.

To go further:

It was originally published in Java Al -Mahawia on May 4, 2025