• It is recommended to have (cluster-admin) access to a K8s cluster

• A local one like kind, k3d, Docker Destop etc. is totally fine

• ☝️ If you just want to listen, that’s fine too ☝️

• ☝️ Just keep in mind we got some HandsOn stuff ☝️

• kubectl

• git

• helm

• Credentials for AWS, Digitalocean or Azure

• One is enough

• More than one is also fine

• ☝️ This ist also optional, as we repeat only stuff we did with our local Kubernetes resources ☝️ # Crossplane

The cloud native control plane framework

GitRepo https://github.com/erkules/crossplane-workshop

• I just started with Asciidoc

• Missed to create Slides

• Some topics are mentioned (too) often

• Please don’t hurt me

• Why are you here?

• What do you expect?

• The cloud native control plane framework

• Universal control plane

• We know control planes

• Hey we know Kubernetes .. so?!!!

• It is about getting/managing additional resources

• Even Crossplane ist much more then managing 'cloud' resources

• It is even something else

• But we know Crossplane for accessing 'cloud' resources

• Think about Crossplane like a control plane for everything

• Giving you some gluecode CRDs on top

• I’m still critical regarding Crossplane

• Hope it is fine to have a critical approach 🤔

# # Basics ./. Managed Resource

• It is all about managing Managed Resources

• Like in Kubernetes

• Not only cloud

• Everything with an API :)

• This is why we use API- and Cloud-Resources/CRDs alternately

• API resources

• Cloud resources

• Cloud [resource] CRD

• As our well known CRDs \o/

• So we manage them like i.e. Deployments

• Having i.e. a control loop

• Labels

• Spec

• Status …​

• Later we install Providers

• Getting Cloud/API specific CRDs

i.e.

• Kubernetes

• AWS

• Digitalocean

• Azure

• ArgoCD

• Helm

• …​

• Declaring API resources

• Reconciliation (looping) API resources

• Like we know

• So kubectl is still our friend <3

• So Crossplane (Providers) offers something like Terraform?!

• Jain 🇩🇪

• It is declarative (Kubernetes way)

• Crossplane offers something on top of the Cloud Resources (later)

• Pun: Crossplane switches to Terraform/Jit Providers /o\

The cloud native control plane framework

(With Kubernetes you know at least one control plane 😇) # More than offering CRDs for API-resources

• Managing AWS Resources without Crossplane → https://aws-controllers-k8s.github.io/community/

• A lot like this exsists

• Crossplane is more

• CRDs on top of the API/Cloud-CRDs

• So it leverages Kubernetes

• So Crossplane offers CRDs on top of (Cloud/API) CRDs

• This is the basic idea of Crossplane

• Hint: Kube-bind → https://github.com/kube-bind/ (replacing providers)

• Divide between Consumers and Infra

• Yes!!

• Infra packages the Api/Cloud CRDs [into Compositions]

• Infra masquerades them behind a CompositeResourceDefinition

• Dev consumes only the CompositeResourceDefinition

• The CompositeResourceDefinition hides the complexity \o/

• Maybe think about the Infra team as your cloud provider

• CompositeResourceDefinition (XRD)

• Composite Resource (XR)

• Claim (XRD)

• Composition

• Provider

• ProviderConfig

Composition

Spaghetti code

kind: compostition
version: apiextensions.crossplane.io/v1
metadata:
  name: jupp
  labels:
    crossplane.io/xrd: newworld.my.own.stuff
    provider:          aws
...
spec:
  compositeTypeRef:                       <<-- XRD reference
    apiextensions: my.own.stuff/v1
    kind:          newworld
  resources:                               the bundle of resources
  - name: databae
    base:
      kind:       RDSInstance
      apiVersion: database.aws.crossplane.io/v1beta1
      ...
  - name:
    base:
      kind:       ELB
      apiVersion: apiVersion: elasticloadbalancing.aws.crossplane.io/v1alpha1
      ...

CompositeResourceDefinition (XRD)

Spaghetti code

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name:  newworld.my.own.stuff
spec:
  group: my.own.stuff
  names:  newworld
    kind:
  claimNames:
    kind newworld:
  versions: <<-- Standard openAPVv3 Schema

Pure K8s?!

RBAC

• mypaint!!

• Claim of

• Composite Resorce Definition (XDR)

• Generates an Composite Resource (XR)

• Configured by the Composition

• The XR manages the Managed Resources (MR)

• Works with multiple Providers (XR(D) 1:n Compostions)

Using something like (in your Claim XR)

• Using

• This is an idea I asked Crossplane to put into there docs :)

• Compare it to Operators

• So there is an Operator and a CustomResourceDefinition

Crossplane

• Has a opinionated CRD ⇒ XRD

• Instead of Operator we’ve got Compositions

• They just configure a specific Controller (kinda)

• Patches (passing configuration from XRD → XR)

• The Infra Team creates/manages the XRDs

• The Devs consume the XRDs

• Reconciliation Loop all the time

• All as Code

• GitOps (aka everything is i Git)

• Shifting Left (to the Devs)

• Giving Complexity to the Ops aka Infra

We just use Helm to install the framework:

• Get all Crossplane related Resources

• Yes Crossplane creates Categories

• "Now" you know what all is

• Get all managed resources

• Should be empty

• Check other Categories

:)

• Our Crossplane has no resources to access

• For these wie need to access our backends

• Using a Provider

• Extends Crossplane with new Managed Resource Types

• CRDs for Cloud Resources

• Talks with the Cloud-Api

• Needs credentials (ProviderConfig)

• Installs a Pod

• [List of Providers](https://github.com/crossplane-contrib)

• [List of Providers](https://github.com/upbound) ☝️ Terraform ☝️

• [List of Providers](https://marketplace.upbound.io/providers) ☝️ Terraform ☝️

• While Provider install the ProviderControlPlane

• ProviderConfig configures the ProviderControlPlane

• Most likely providing Credentials ☝️ # Kubernetes Provider

• Manage Kubernetes Ressources using Crossplane

• It doesn’t need to be Cloud

• [Repo](https://github.com/crossplane-contrib/provider-kubernetes)

• Using Provider CRDs

• Create multi-bundle Compositions

• Create XRD

• The Kubernetes Providers has some special features

• We will ignore this for the sake to focus on Crossplane core features.

So we miss

But why a Kubernetes Provider?

Again create/install a Provider

• Provide cluster-admin privileges to the ServiceAccount

• (We could also provide a kubeconfig (remote accessing a K8s))

Provide cluster-admin privileges

So that’s all

• This is straight forward

• We putting a K8s-Object into our Crossplane-Object

• That’s it

Let’s delete the Pod

Let’s run on window/pane with

then:

We have something like

• ReplicaSet

• ArgoCD/Flux

• \o/

• This is no deep dive into the Kubernetes provider

• It just - also - works without having a cloud provider access

• Simplifies the Workshop

• To get the idea

• We could use complex Objects

• But for what?

• But there is another Problem

• Managing komplex K8s-resources inside an Object

• ⇒ Run your own templating system

#

• Check provider-kubernetes/twopods-composition.yaml

• Of course our XRD is still missing

• Apply it

Check and apply

kubectl api-resources --api-group=acme.example.org kubectl apply -f provider-kubernetes/twopods-xrd.yaml kubectl api-resources --api-group=acme.example.org ---

• Claims are namespaced resources

• Check and apply

## Anfangs ganz einfach. Wir exposen nur die Replicas und version mit HPA, Service i.e.

##

Ein XRD-XR machen mit einem small/medium/large mapping (Patches) bei dem sich die replicas und resources ändern

Managing Helm Releases

• Use the Provider CRDs

• Create XRD

• Create Composition

We need to install the Provider

Check the new Pod

We need to tell the Pod/Provider which Credentials to use

Lets empower the ServiceAccount the helm-provider runs with:

• This example uses directly the release object

• Nothing from the Crossplane "overhead" is used

Get all Resorces managed by Crossplane

SYNCED tells us about the connection to the API

• We got a helm release

Deleting the Helm Release should trigger the Controller

Check it out :)

• We start with a simple example

• Using the release CRD

• We would be to utilise all the values.yaml

As a Consumer

• I want to use Kafka

• In a simple way

As an Infra/Ops

• I want to provide a Kafka API/CRD

• Hiding complexity

• Reducing 'attack' vectors

• Create an XRD kafka.example.org

• Having only replicas configurable

• Create the matching XR

• Have fun

• Lets start with the Consumer side

• kafka.acme.example.org

• Lets use anzahl to define the number of replicas

kubectl apply -f provider-helm/xrd.yaml kubectl get xrd ---

Let’s have a look into the file

kubectl apply -f provider-helm/composition.yaml kubectl get compostions ---

Let’s have a look into the file

• How ist the Compostion connected to the XRD *

• We worked with Managed Resources

• But that’s not the way!

This ist the Way:

• Compostions

• XRDs

Why?

• Use the Provider CRDs

• Create XRD

• Create Composition

• We could use other/additional ProviderConfig

• Deploying to remote Cluster

• 🐘 in the room …​ GitOps

• Have/Create an Accesstoken

• Web -→ API → Generate New Token

• doctl CLI is used. Feel free to use Web

• FYI: The quality of the Providers differ a lot :/

Still not configured

• Create a K8s Cluster

• As Managed Ressource

• Take some time

Check Progress:

and/or

Web

and/or

Remember:

So:

#

Create a Bucket Explain syncing: Aka syncing with the remote api Check for Sync status Delete the Bucker via aws cli Check the K8sobject Terrible example :)