How to Deploy AWS Resources Using Crossplane

Overview

Crossplane has existed for the past few years. Still, the DevOps community's interest in it has started slowly shifting, and organizations that value GitOps methodology are trying to include it in their IAC implementation.

Now, more people are trying to shift left in the DevOps world to abstract stuff for their developers and move with the platform engineering front. Crossplane provides a unique way of writing AWS resources in the form of k8 config files and managing them along with other deployment structures.

The feature of XRD that crossplane provides has been one of the most wanted things that a platform engineer wants to create a resource and deploy the app on the same resource using the same config file.

You can also follow some examples by AWS on how to use customer resource definition with crossplane

This will be an intro to how to get started with crossplane, but next, I will post another article on “whether crossplane is for you or not?“

Using Crossplane with AWS

1. The first step is to first have a k8 cluster where you can apply crossplane resources. I will be using Kind, but you can use minikube or even managed clusters like EKS.

   Doc for installing kind on your machine -: kind

2. Other things you will need are

   • Helm version v3.2.0 or later

   • an AWS account with permission to create an S3 storage bucket

   • AWS access keys

3. After have installed Kind launch a new cluster from it using

    kind create cluster --name crossplane
   

4. Install the Crossplane Helm chart-:

    helm repo add \
    crossplane-stable https://charts.crossplane.io/stable
    helm repo update
   

    helm install crossplane crossplane-stable/crossplane --namespace crossplane-system \
    --create-namespace
   

5. Now for AWS, we first install a sample S3 provider

    cat <<EOF | kubectl apply -f -
    apiVersion: pkg.crossplane.io/v1
    kind: Provider
    metadata:
      name: provider-aws-s3
    spec:
      package: xpkg.upbound.io/upbound/provider-aws-s3:v1.17.0
    EOF
   

6. Now that our provider is installed, we need to make a secret with our aws access-keys for crossplane to create resources in our account.

   Add your access key and secret in a file in this format with file name as aws-credentials.txt

    [default]
    aws_access_key_id = 
    aws_secret_access_key =
   

   Now create a secret with this command

    kubectl create secret \
    generic aws-secret \
    -n crossplane-system \
    --from-file=creds=./aws-credentials.txt
   

7. Check if the secret is deployed successfully.

    kubectl describe secret aws-secret -n crossplane-system
   

8. Now we want to setup a provider which can tell crossplane to use this secret to create resources in our account.

    cat <<EOF | kubectl apply -f -
    apiVersion: aws.upbound.io/v1beta1
    kind: ProviderConfig
    metadata:
      name: default
    spec:
      credentials:
        source: Secret
        secretRef:
          namespace: crossplane-system
          name: aws-secret
          key: creds
    EOF
   

9. Now, that our secret is made, we can finally create resources; to keep it simple, I’ll create a simple S3 bucket.

    cat <<EOF | kubectl create -f -
    apiVersion: s3.aws.upbound.io/v1beta1
    kind: Bucket
    metadata:
      generateName: crossplane-bucket-
      name: crossplane bucket
    spec:
      forProvider:
        region: us-east-2
      providerConfigRef:
        name: default
    EOF
   

10. Now run this command to see if bucket resource is completely synced.

    $ kubectl get buckets
    NAME                      READY   SYNCED   EXTERNAL-NAME             AGE
    crossplane-bucket-hhdzh   True    True     crossplane-bucket-hhdzh   5s
    

    Your READY and SYNC should be true if the bucket is created successfully.

11. Voila, You have successfully made your first resource on AWS using crossplane.

Clean Up

To delete the S3 bucket we have made use the following command

kubectl delete bucket <bucket name>

: replace the bucket name with your bucket name.

Conclusion

You can create other resources as well, as well as your custom XRD, compositions, and claims in crossplane to utilize the full strength of this tool. People have their own use cases for using crossplane, but in my view, crossplane still has to grow and refine itself a lot, and it can be used in complement to your current IAC, whether it be Pulumi or Terraform.

You can follow the crossplane docs @ https://docs.crossplane.io/

And you can also make other resources following the aws family provider made by upbound {Crossplane’s parent company} @ upbound/provider-family-aws@v1.18.1 | Upbound Marketplace