This reference platform Configuration for Kubernetes and Data Services is a starting point to
build, run, and operate your own internal cloud platform and offer a self-service console and API to
your internal teams.
It provides platform APIs to provision fully configured GKE clusters, with secure networking, and stateful cloud services (Cloud SQL) designed to securely connect to the nodes in each GKE cluster -- all composed using cloud service primitives from the Crossplane GCP Provider. App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace.
There are two ways to run Universal Crossplane:
- Hosted on Upbound Cloud
- Self-hosted on any Kubernetes cluster.
To provision the GCP Reference platform, you can pick the option that is best for you.
We'll go through each option in the next sections.
Hosted Control planes are run on Upbound's cloud infrastructure and provide a restricted
Kubernetes API endpoint that can be accessed via kubectl or CI/CD systems.
- Sign up for Upbound Cloud.
- When you first create an Upbound Account, you can create an Organization
- Create a
Control Planein Upbound Cloud (e.g. dev, staging, or prod). - Connect
kubectlto yourControl Planeinstance.- Click on your Control Plane
- Select the Connect Using CLI
- Paste the commands to configure your local
kubectlcontext - Test your connectivity by running
kubectl -n upbound-system get pods
The other option is installing UXP into a Kubernetes cluster you manage using up, which
is the official CLI for interacting with Upbound Cloud and Universal Crossplane (UXP).
There are multiple ways to install up, including Homebrew and Linux packages.
curl -sL https://cli.upbound.io | shEnsure that your kubectl context is pointing to the correct cluster:
kubectl config current-contextInstall UXP into the upbound-system namespace:
up uxp installValidate the install using the following command:
kubectl -n upbound-system get allNow that your kubectl context is configured to connect to a UXP Control Plane, we can install this reference platform as a Crossplane package.
curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh
cp kubectl-crossplane /usr/local/binPLATFORM_VERSION=v0.0.5
PLATFORM_CONFIG=registry.upbound.io/upbound/platform-ref-gcp:${PLATFORM_VERSION}
kubectl crossplane install configuration ${PLATFORM_CONFIG}
kubectl get pkgSet up your GCP account keyfile by following the instructions on: https://crossplane.io/docs/v1.0/getting-started/install-configure.html#select-provider
Ensure that the following roles are added to your service account:
roles/compute.networkAdminroles/container.adminroles/iam.serviceAccountUser
Then create the secret using the given creds.json file:
kubectl -n upbound-system create secret generic gcp-creds --from-file=key=./creds.jsonCreate the ProviderConfig, ensuring to set the projectID to your specific GCP project:
kubectl apply -f examples/provider-default-gcp.yaml- Create a Team
team1. - Invite app team members and grant access to
Control PlanesandRepositories.
- Join your Upbound Cloud
Organization - Verify access to your team
Control Planesand Registries
- Provision a
Networkresource (claim forCompositeNetwork) provided by the platformConfiguration:
kubectl -n upbound-system apply -f examples/network.yaml- View status / details of the managed resources created for your claim:
kubectl get managed- Check status of your claim:
kubectl -n upbound-system get network- Provision a
Clusterresource (claim forCompositeCluster) provided by the platformConfiguration:
kubectl -n upbound-system apply -f examples/cluster.yaml- View status / details of the managed resources created for your claim:
kubectl get managed- Check status of your claim:
kubectl -n upbound-system get cluster- Go to
Control Planesfor your organization. - Click on your Control Plane.
- Click on
platform-ref-gcpunder Configurations section on the left. - Check the composite resources and navigate between resource instances that were created for the claims we just created.
- Delete
Networkclaim:
kubectl -n upbound-system delete -f examples/network.yaml- Delete
Clusterclaim:
kubectl -n upbound-system delete -f examples/cluster.yaml- Verify all underlying resources have been cleanly deleted:
kubectl get managedkubectl delete configurations.pkg.crossplane.io platform-ref-gcp
kubectl delete providers.pkg.crossplane.io provider-gcp
kubectl delete providers.pkg.crossplane.io provider-helmCluster- provision a fully configured Kubernetes cluster- definition.yaml
- composition.yaml includes (transitively):
GKEClusterNodePoolHelmReleasesfor Prometheus and other cluster services.
Network- fabric for aClusterto securely connect the control plane, pods, and services- definition.yaml
- composition.yaml includes:
NetworkSubnetwork
Create a Repository called platform-ref-gcp in your Upbound Cloud Organization.
Set these to match your settings:
UPBOUND_ORG=acme
UPBOUND_ACCOUNT_EMAIL=me@acme.io
REPO=platform-ref-gcp
VERSION_TAG=v0.0.5
REGISTRY=registry.upbound.io
PLATFORM_CONFIG=${REGISTRY:+$REGISTRY/}${UPBOUND_ORG}/${REPO}:${VERSION_TAG}Clone the GitHub repo.
git clone https://github.com/upbound/platform-ref-gcp.git
cd platform-ref-gcpLogin to your container registry.
docker login ${REGISTRY} -u ${UPBOUND_ACCOUNT_EMAIL}Build package.
up xpkg build --name package.xpkg --ignore ".github/*,.github/*/*,examples/*,hack/*"Push package to registry.
up xpkg push ${PLATFORM_CONFIG} -f package.xpkgInstall package into an Upbound Control Plane instance.
kubectl crossplane install configuration ${PLATFORM_CONFIG}The cloud service primitives that can be used in a Composition today are
listed in the Crossplane provider docs:
To learn more see Configuration Packages.
If you're interested in building your own reference platform for your company, we'd love to hear from you and chat. You can setup some time with us at info@upbound.io.
For Crossplane questions, drop by slack.crossplane.io, and say hi!