Featured image of post Crossplane: Manage your cloud like you manage Kubernetes
Cloud Infrastructure-as-Code Cloudnative Platform

Crossplane: Manage your cloud like you manage Kubernetes

Terraform may be your go-to solution for Infrastructure-as-Code, but there is more to explore. Let's dive into Crossplane!

Kubernetes has proven to be a very solid orchestrator for itself. So… why would you not orchestrate your complete infrastructure with Kubernetes? Crossplane provides a great way to do this, so you can manage your storage, databases, even other Kubernetes clusters and all other resources available outside your cluster (but within your (hybrid) cloud). Whenever you’re in a Kubernetes minded environment or not, Crossplane is a great alternative to tools like Terraform and worth evaluating on your IaC product selection.

# What is Crossplane?

Crossplane provides self-service to your developers without needing to become an infrastructure expert. For example, if you need an S3 bucket to store data, you simply create a yaml object within Kubernetes to do so, like you create a deployment or service. Here is an example manifest for it:

1
2
3
4
5
6
7
8
9

apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
  name: your-web-bucket-a3df9
spec:
  forProvider:
    region: eu-west-3
  providerConfigRef:
    name: default

Once deployed in your Kubernetes cluster, Crossplane will pick it up and create your S3 bucket in AWS. Isn’t that neat? Within a few seconds the bucket is available:

1
2
3
4
5
6

$ kubectl get buckets
NAME                    READY   SYNCED   EXTERNAL-NAME           AGE
your-web-bucket-a3df9   True    True     your-web-bucket-a3df9   95s

$ aws s3 ls
2024-05-31 07:48:26 your-web-bucket-a3df9

This is just a kind of hello world example. For more complex solutions you can create a composition, combining multiple resources. A developer can now request an instance of such a composition, like it would be a single object. You can introduce variables (patches) to these compositions or add logic by adding composition functions.

You can create packages of compositions, composition resource definitions, providers, functions, etc. This enables easy deployment and versioning. To help you with this, a CLI was recently introduced. This CLI allows you to create and update packages. You can also use the CLI for testing and troubleshooting.

At the time of writing, Crossplane is six years old now. It is a CNCF incubating project and recently applied for graduation, which means there should be enough proof of maturity and should be ready to be used in production environments.

# GitOps workflow

So Crossplane provides a Kubernetes way for doing Infrastructure-as-Code. But things get even more powerful when combining Crossplane with a GitOps agent, like Argo CD or Flux CD. Now you just create objects in your Git repository, get them reviewed and merge. Next the GitOps agent will pickup your changes and create/update/delete your resources, maybe along with your application deployment.

# Installation

Crossplane installs as a controller in your Kubernetes cluster, accompanied with a bunch of CRD’s (custom resource definitions). After installing the main controller using their helm chart, you need to add providers for your cloud platform. You also create a secret allowing Crossplane to access your cloud. Installing Crossplane is very easy and the documentation comes with some quick start guides for AWS, Azure and GCP.

Besides the popular public cloud providers, there are also providers available for VMware vCloud, Terraform/Ansible, GitHub/GitLab/Bitbucket, Keycloak, Argo CD, OpenStack, Ceph and many others. Check the Crossplane Marketplace for a full list.

# Crossplane at large

If you have a large environment, the best way to manage it is by creating a dedicated Kubernetes management cluster which only runs Crossplane (and probably Argo CD or Flux CD). Next tell Crossplane to deploy Kubernetes workload clusters (e.g. EKS, AKS, GCE), these clusters will host your applications.

crossplane at large

If you still want to provide self-service to your developers, there are multiple ways to do so, for example:

  • Install Crossplane in the workload clusters and apply RBAC roles to selectively permit developers to create resources outside the cluster.
  • Use RBAC on the management cluster to selectively allow developers to deploy their resources.
  • Introduce an IdP (like Backstage) to allow developers to deploy resources in their own clusters/namespaces.

If you want to have more control on what your developers are allowed to do, Crossplane provides management policies. Or you can add a policy agent to your cluster, like Kyverno.

# More information

Qstars IT can help you on selecting, designing, implementing and migrating your Infrastructure-as-Code. We can also provide talks/demo’s on this subject. Please contact us when interested.

© 2023 - 2024 Qstars Blog
Built with Hugo
Theme Stack designed by Jimmy