Deploy AWS Resources using Crossplane on Kubernetes

In this article we will be talking about Crossplane as an Infrastructure as Code (IaC) tool that is running on Kubernetes, why should we use it and how you configure AWS provider to start creating resources, we will be going through a full step by step example for you to be able to create your first resource with Crossplane

Who is this article for?

• DevOps engineers interested in learning another IaC tool
• Developers that want to take more Ops responsibility and provision their own infrastructure
• Engineering managers that are looking to implement an IaC tool in their company/startup

Why am I writing this?

I had some discussions with engineers that had some trouble to get started with Crossplane, it may be a little less straightforward than a well established tool like Terraform, some documentation isn’t precise for different use cases and providers and even ChatGPT’s code doesn’t seem to work at times. And here I am saving the day to make your life easier by giving you a step by step guide where you install and configure everything and deploy your first AWS resource using Crossplane.

Why should you even use Crossplane then?

There are certain use cases where Crossplane provides very powerful capabilities being able to create both applications and cloud resources, those can be used for ephemeral environments for example or for having a SaaS company provide full environments that could be self created by a tenant. Those environments could be created by just applying a Kubernetes manifest which is much simpler than starting to run traditional IaC plan and apply commands.

How this article works

• We prepared a repository with resources to deploy everything needed.
• We explain on each resource what it does.
• We walk you through how to deploy Crossplane.
• We deploy a S3 Bucket to make sure everything works.

Prerequisites

1. Clone the repository and step into it

git clone https://github.com/MeteorOps/crossplane-aws-provider-bootstrap.git cd crossplane-aws-provider-bootstrap

2. Make sure you have the required CLIs:

1. Install the AWS CLI & Authenticate it with your AWS Account
2. Install the Kubectl CLI
3. Install the Helm CLI
4. An existing Kubernetes cluster (we’ll be using kind)

Optional: Start a local kind cluster

brew install kind

kind create cluster

open /Applications/Docker.app

kubectl cluster-info --context kind-kind

Repository Overview

Link to the Github Repository: https://github.com/MeteorOps/crossplane-aws-provider-bootstrap.git

1. creds file‍ AWS credentials - should be filled with your own AWS credentials
2. crossplane-provider-conf file ‍Uses the creds file to create a Crossplane ProviderConfig (separated into a different file because it takes time for this resource to be ready)
3. crossplane-provider-bootstrap file ‍Creates the Crossplane AWS Provider, which enables creating AWS resources using Crossplane (and its dependencies):ServiceAccount, DeploymentRuntimeConfig, Provider, ClusterRole & ClusterRoleBindings
4. bucket-definitions & bucket-crd files ‍The Kubernetes Crossplane manifests that create a CompositeResourceDefinition and a Composition resource, which together define how to create a S3 Bucket (like a Terraform Module would). Note: The ‘Composition’ resource relies on the ‘CompositeResourceDefinition’.
5. bucket-example file ‍The Kubernetes Crossplane manifest we’ll apply at the end to create a S3 bucket using Crossplane

Deploy Crossplane

1. Fill the creds file with your AWS access keys
Get your AWS IAM User (not an SSO user as it requires a token to work) access keys and fill them in the credentials file

• NOTE: for production usage, please create a Crossplane IAM user and use its access keys, or preferably use something like IRSA

2. Deploy the Crossplane Helm Chart
Add the Helm repository from which the Crossplane Helm Charts will be fetched

helm repo add crossplane-stable https://charts.crossplane.io/stable

Deploy Crossplane on your Kubernetes cluster in a new namespace named crossplane-system

helm install crossplane crossplane-stable/crossplane --namespace crossplane-system --create-namespace

3. Examine your Crossplane Deployment
‍

• Run the following command to get Crossplane's pods:

  kubectl get pods -n crossplane-system

Then, you should see 2 pods: crossplane & crossplane-rbac-manager

4. Provide Crossplane AWS access by creating a Kubernetes Secret
Insert your AWS credentials to the creds file and run the following from the same folder:

kubectl create secret generic aws-credentials -n crossplane-system --from-file=creds=./creds

Make sure the secret was created as expected:

• Run the following command:

  kubectl get secret aws-credentials -n crossplane-system

You should see the aws-credentials secret:

5. Deploy the Crossplane AWS Provider
‍Creating a Crossplane AWS Provider requires creating a bunch of resources: ServiceAccount, DeploymentRuntimeConfig, Provider, ClusterRole & ClusterRoleBindings, and ProviderConfig
We divided the resources creation into 2 phases:

1 - crossplane-provider-bootstrap.yaml:
ServiceAccount, DeploymentRuntimeConfig, Provider, ClusterRole & ClusterRoleBindings

2- crossplane-provider-conf.yaml:
ProviderConfig

The reason for dividing it into 2 phases is that the creation of the ProviderConfig fails if we attempt to create it before the first set of Provider resources and dependencies is ready

Create the Provider Kubernetes resources using the bootstrap YAML file:

• Run the following command:

  kubectl apply -f crossplane-provider-bootstrap.yaml

Validate the creation readiness of the Provider & wait for it to be ready:

• Run the following command to see the AWS Provider resource:

  kubectl get provider

You should see something like this:

It might take 1-2 minutes to become Healthy.

Create the ProviderConfig resource & Validate its creation:

• Run the following command:

  kubectl apply -f crossplane-provider-conf.yaml && kubectl get providerconfig

Create a S3 Bucket using Crossplane

Create the CompositeResourceDefinition to define a S3 Bucket:

• Run the following command:

  kubectl apply -f bucket-definitions.yaml

Create the Composition to define a S3 Bucket:

• Run the following command:

  kubectl apply -f bucket-crd.yaml

Create the S3 Bucket Crossplane resource in Kubernetes:

kubectl apply -f bucket-example.yaml

When we installed the AWS Provider, it was installed with some Crossplane CRDs of the AWS Provider.
One of those CRDs is ‘bucket’.

Now we can check if the bucket was created by running kubectl get bucket against our Kubernetes cluster

Check if the S3 Bucket was created in AWS:

• ‍List you AWS S3 buckets and search for the newly created one:

  aws s3 ls

Teardown & Cleanup

We’ll start by deleting the S3 Bucket Crossplane resource in Kubernetes, which will end up deleting the resource in AWS.
Eventually, if we used kind to spin up a local Kubernetes cluster, we’ll terminate the cluster to keep our workstation nice and clean.

Delete the S3 Bucket resource:

kubectl delete -f bucket-example.yaml

If used kind delete the cluster:

kind delete cluster

Useful Debugging Commands

kubectl get provider


kubectl logs -n crossplane-system deploy/crossplane -c crossplane


kubectl logs -n crossplane-system -l pkg.crossplane.io/provider=provider-aws