How to Provision Azure Resources using Crossplane

FoxuTech
3 min readSep 7, 2022

--

In our last post we have seen about Crossplane and its benefits. In this article, lets check how to provision an azure resource using Crossplane.

What is Crossplane?

Crossplane is a tool created by Upbound which has been released in December of 2018. It has been accepted as an incubating project by the CNCF (Cloud Native Computing Foundation) in 2020.

Crossplane is developed as a Kubernetes add-on and extends any Kubernetes cluster with the flexibility to provision and manage cloud infrastructure, services, and applications. Crossplane uses Kubernetes-styled declarative and API-driven configuration and management of infrastructure, on-premises or within the cloud.

Crossplane can be considered as a Kubernetes add-on, which means that it makes use of custom resources to provide all of its functionality. There are 4 kinds of resources,

Let’s go over the steps to install Crossplane on an existing Kubernetes cluster and install and configure Crossplane to provision Azure resources.

Prerequisites:

Install Crossplane

To install the Crossplane core components on the cluster using Helm, You can use separate namespace to install the Crossplane component, as below.

# kubectl creates namespace crossplane-system
# helm repo add crossplane-stable https://charts.crossplane.io/stable
# helm repo update
# helm install crossplane --namespace crossplane crossplane-stable/crossplane

Verify the installation is complete by running the following commands:

# helm list -n crossplane 
# kubectl get all -n crossplane

Crossplane CLI:

You can use following commands to install Crossplane CLI.

# curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | shMove the crossplane kubectl extension to the bin
# mv kubectl-crossplane /usr/local/bin
verify that it is installed
# kubectl crossplane --help

Configure Azure provider

We have successfully installed the Crossplane and its CLI. Now, let’s see how we can create the resources on Azure cloud. For that we need to configure the Crossplane’s Azure provider on the cluster. Please note, before we starting configuration, we need a service principal in Azure, which will used by our Crossplane Azure provider uses to provision a resource.

Here are the commands you can use to add the create a service principle.

# az ad sp create-for-rbac --sdk-auth --role Owner --scopes="/subscriptions/fe6d0698-7b7e-4f04-8518-de46be4cf0b6" -n "crossplane-sp-rbac" > "creds.json"# if which jq > /dev/null 2>&1; then
AZURE_CLIENT_ID=$(jq -r ".clientId" < "./creds.json")
else
AZURE_CLIENT_ID=$(cat creds.json | grep clientId | cut -c 16-51)
fi
# RW_ALL_APPS=1cda74f2-2616-4834-b122-5cb1b07f8a59
# RW_DIR_DATA=78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
# AAD_GRAPH_API=00000002-0000-0000-c000-000000000000
# az ad app permission add --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --api-permissions ${RW_ALL_APPS}=Role ${RW_DIR_DATA}=Role
# az ad app permission grant --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --expires never > /dev/null
# az ad app permission admin-consent --id "${AZURE_CLIENT_ID}"

For more details, please refer Crossplane documentation .

Once the service principle has been created, you need to create Kubernetes secret for azure authentication.

# kubectl create secret generic azure-creds -n crossplane --from-file=creds=./creds.json

Install the Crossplane Azure provider, and supply the configuration that includes the secret that was created above for Azure authentication. Here it the file name az-provider.yaml.

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-azure
spec:
package: "crossplane/provider-azure:master"
---
apiVersion: azure.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: azure-creds
key: creds

The first manifest instructs Crossplane to download and make the Azure provider available. The second manifest creates the ProviderConfig for the Azure provider.

Apply the above manifest with kubectl:

# kubectl apply -f az-provider.yaml -n crossplane

Once the manifest is applied, wait until the Azure provider installs and is in a healthy state.

# Kubectl get Provider -n crossplane

Continue Reading it on https://foxutech.com/how-to-provision-azure-resources-using-crossplane/

--

--

FoxuTech
FoxuTech

Written by FoxuTech

Discuss about #Linux, #DevOps, #Docker, #kubernetes, #HowTo’s, #cloud & IT technologies like #argocd #crossplane #azure https://foxutech.com/

Responses (1)