Skip to content

lesson-02

Forward

Thank you for taking the time to start reading this educational material.

I hope this hands-on, interactive lesson can reduce the startup cost in your journey to learning CrossPlane.

The Web Terminal

If you want to take advantage of the interactive, hands-on nature of these labs, you'll need to either already have a web terminal connection available or fire one up yourself.

Instructions for that can be found here.

Lesson 02

In the previous lesson we:

  • Initialized a local Kubernetes cluster using kind
  • Installed CrossPlane on the cluster using helm
  • Connected the installation to an AWS account

This lesson will cover the following exercises:

  • Install an EKS cluster using Crossplane, which entails:
    • Creating Kubernetes API Documents for:
      • VPC
      • IAM Roles
      • Security Groups
      • Subnet
      • VPC Internet Gateway
      • VPC NAT Gateway
      • Route Table
      • Cluster
      • EKS Node Group

Clone the lesson materials

This lesson calls several Kubernetes API Documents to create the EKS cluster.

These can be found in my lessons repo on Github: https://github.com/berttejeda/bert.lessons.git

Let's perform a sparse clone to gather the lesson materials before we start:

mkdir bert.lessons
cd bert.lessons
git init
git remote add -f origin https://github.com/berttejeda/bert.lessons.git
git config core.sparseCheckout true
echo 'crossplane/lesson-02/eks' >> .git/info/sparse-checkout
git pull origin main
cd crossplane/lesson-02/eks
clear

Set Your Kubernetes Context

  1. Let's set our KUBECONFIG environmental variable as before: export KUBECONFIG=$(ls ~/.kube/*.yaml | tr '\n' ':')
  2. Switch to the Kubernetes context from the previous lesson: kubectl config use-context kind-crossplane-demo

Exercise 1 - Create the AWS Resources for our EKS cluster

  1. Create the VPC and verify its state: kubectl apply -f vpc/vpc.yaml
  2. Verify the state of the VPC resource: kubectl get vpc
  3. Create the security groups for the EKS cluster and Node Groups: kubectl apply -f security/securitygroup.yaml
  4. Verify that these resources are Synced and Ready: kubectl get securitygroup
  5. Create the subnet resources: kubectl apply -f networking/subnet.yaml
  6. Verify Synced and Ready: kubectl get subnet
  7. Create the Elastic IP resources: kubectl apply -f networking/elasticip.yaml
  8. Verify Synced and Ready: kubectl get address
  9. Create the Internet and Nat gateway resources: kubectl apply -f networking/gateway.yaml
  10. Verify that these resources are Synced and Ready:
    • kubectl get internetgateway
    • kubectl get natgateway
  11. Create the IaM role and attach appropriate policies for our EKS cluster: kubectl apply -f security/iam.yaml
  12. Verify Synced and Ready: kubectl get role
  13. Create the eks control plane: kubectl apply -f cluster/control-plane.yaml
  14. Verify Synced and Ready: kubectl get cluster.eks.aws.crossplane.io/cp-demo-k8s-cluster
  15. Create the EKS worker node group: kubectl apply -f cluster/workers.yaml
  16. Verify Synced and Ready: kubectl get nodegroup

At this point, the EKS cluster should in a Creating state.

It can take up to 20 minutes or so for the cluster to be created.

That we utilized a Kubernetes-native approach to provisioning the above infrastructure is immensely powerful.

If you're a dev, you don't need to learn a new technology stack to gain insight and understanding on how to provision the compute resources you need to deploy your workloads.

Closing Notes

Here's a github gist for doing the above in Terraform: https://gist.github.com/zparnold/dba28e5022e8c029919e0be3c38c64cc

Although the underlying actions are identical, the implementation is not as self-service oriented as with CrossPlane.

Here's why in a nutshell:

  • CrossPlane leverages Kubernetes, which ships with RBAC
  • Kubernetes has a rich ecosystem of custom resources, integrations, tooling, etc
    which all play nice with CrossPlane, because it's a Kubernetes add-on after all

The only downside I see so far is that it's not as widely known as tools like Terraform, and so there are not as many examples on the internet hive mind as one would like.

Still, I am increasingly seeing documentation available from AWS official sources, so I believe it's only a matter of time before CrossPlane really takes off.