In our last post we have seen about Crossplane and its benefits. In this article, lets check how to provision an azure resource using Crossplane.
What is Crossplane?
Crossplane is a tool created by Upbound which has been released in December of 2018. It has been accepted as an incubating project by the CNCF (Cloud Native Computing Foundation) in 2020.
Crossplane is developed as a Kubernetes add-on and extends any Kubernetes cluster with the flexibility to provision and manage cloud infrastructure, services, and applications. Crossplane uses Kubernetes-styled declarative and API-driven configuration and management of infrastructure, on-premises or within the cloud.
Crossplane can be considered as a Kubernetes add-on, which means that it makes use of custom resources to provide all of its functionality. There are 4 kinds of resources,
Let’s go over the steps to install Crossplane on an existing Kubernetes cluster and install and configure Crossplane to provision Azure resources.
Prerequisites:
- Any Kubernetes or you can create in azure if you like too How to create Azure Kubernetes Service using Terraform — FoxuTech
- Kubectl installed in the VM or machine you are going to manage the AKS.
- Have a kubeconfig file (default location is ~/.kube/config).
- Helm — to install Crossplane on the test cluster.
Install Crossplane
To install the Crossplane core components on the cluster using Helm, You can use separate namespace to install the Crossplane component, as below.
# kubectl creates namespace crossplane-system
# helm repo add crossplane-stable https://charts.crossplane.io/stable
# helm repo update
# helm install crossplane --namespace crossplane crossplane-stable/crossplaneVerify the installation is complete by running the following commands:
# helm list -n crossplane
# kubectl get all -n crossplaneCrossplane CLI:
You can use following commands to install Crossplane CLI.
# curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | shMove the crossplane kubectl extension to the bin
# mv kubectl-crossplane /usr/local/binverify that it is installed
# kubectl crossplane --help
Configure Azure provider
We have successfully installed the Crossplane and its CLI. Now, let’s see how we can create the resources on Azure cloud. For that we need to configure the Crossplane’s Azure provider on the cluster. Please note, before we starting configuration, we need a service principal in Azure, which will used by our Crossplane Azure provider uses to provision a resource.
Here are the commands you can use to add the create a service principle.
# az ad sp create-for-rbac --sdk-auth --role Owner --scopes="/subscriptions/fe6d0698-7b7e-4f04-8518-de46be4cf0b6" -n "crossplane-sp-rbac" > "creds.json"# if which jq > /dev/null 2>&1; then
AZURE_CLIENT_ID=$(jq -r ".clientId" < "./creds.json")
else
AZURE_CLIENT_ID=$(cat creds.json | grep clientId | cut -c 16-51)
fi# RW_ALL_APPS=1cda74f2-2616-4834-b122-5cb1b07f8a59
# RW_DIR_DATA=78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
# AAD_GRAPH_API=00000002-0000-0000-c000-000000000000# az ad app permission add --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --api-permissions ${RW_ALL_APPS}=Role ${RW_DIR_DATA}=Role
# az ad app permission grant --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --expires never > /dev/null
# az ad app permission admin-consent --id "${AZURE_CLIENT_ID}"
For more details, please refer Crossplane documentation .
Once the service principle has been created, you need to create Kubernetes secret for azure authentication.
# kubectl create secret generic azure-creds -n crossplane --from-file=creds=./creds.jsonInstall the Crossplane Azure provider, and supply the configuration that includes the secret that was created above for Azure authentication. Here it the file name az-provider.yaml.
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-azure
spec:
package: "crossplane/provider-azure:master"
---
apiVersion: azure.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: azure-creds
key: credsThe first manifest instructs Crossplane to download and make the Azure provider available. The second manifest creates the ProviderConfig for the Azure provider.
Apply the above manifest with kubectl:
# kubectl apply -f az-provider.yaml -n crossplaneOnce the manifest is applied, wait until the Azure provider installs and is in a healthy state.
# Kubectl get Provider -n crossplaneContinue Reading it on https://foxutech.com/how-to-provision-azure-resources-using-crossplane/
