lesson-02
Forward¶
Thank you for taking the time to start reading this educational material.
I hope this hands-on, interactive lesson can reduce the startup cost in your journey to learning CrossPlane.
The Web Terminal¶
If you want to take advantage of the interactive, hands-on nature of these labs, you'll need to either already have a web terminal connection available or fire one up yourself.
Instructions for that can be found here.
Lesson 02¶
In the previous lesson we:
- Initialized a local Kubernetes cluster using kind
- Installed CrossPlane on the cluster using helm
- Connected the installation to an AWS account
This lesson will cover the following exercises:
- Install an EKS cluster using Crossplane, which entails:
- Creating Kubernetes API Documents for:
- VPC
- IAM Roles
- Security Groups
- Subnet
- VPC Internet Gateway
- VPC NAT Gateway
- Route Table
- Cluster
- EKS Node Group
- Creating Kubernetes API Documents for:
Clone the lesson materials¶
This lesson calls several Kubernetes API Documents to create the EKS cluster.
These can be found in my lessons repo on Github: https://github.com/berttejeda/bert.lessons.git
Let's perform a sparse clone to gather the lesson materials before we start:
mkdir bert.lessons cd bert.lessons git init git remote add -f origin https://github.com/berttejeda/bert.lessons.git git config core.sparseCheckout true echo 'crossplane/lesson-02/eks' >> .git/info/sparse-checkout git pull origin main cd crossplane/lesson-02/eks clear
Set Your Kubernetes Context¶
- Let's set our KUBECONFIG environmental variable as before:
export KUBECONFIG=$(ls ~/.kube/*.yaml | tr '\n' ':')
- Switch to the Kubernetes context from the previous lesson:
kubectl config use-context kind-crossplane-demo
Exercise 1 - Create the AWS Resources for our EKS cluster¶
- Create the VPC and verify its state:
kubectl apply -f vpc/vpc.yaml
- Verify the state of the VPC resource:
kubectl get vpc
- Create the security groups for the EKS cluster and Node Groups:
kubectl apply -f security/securitygroup.yaml
- Verify that these resources are Synced and Ready:
kubectl get securitygroup
- Create the subnet resources:
kubectl apply -f networking/subnet.yaml
- Verify Synced and Ready:
kubectl get subnet
- Create the Elastic IP resources:
kubectl apply -f networking/elasticip.yaml
- Verify Synced and Ready:
kubectl get address
- Create the Internet and Nat gateway resources:
kubectl apply -f networking/gateway.yaml
- Verify that these resources are Synced and Ready:
kubectl get internetgateway
kubectl get natgateway
- Create the IaM role and attach appropriate policies for our EKS cluster:
kubectl apply -f security/iam.yaml
- Verify Synced and Ready:
kubectl get role
- Create the eks control plane:
kubectl apply -f cluster/control-plane.yaml
- Verify Synced and Ready:
kubectl get cluster.eks.aws.crossplane.io/cp-demo-k8s-cluster
- Create the EKS worker node group:
kubectl apply -f cluster/workers.yaml
- Verify Synced and Ready:
kubectl get nodegroup
At this point, the EKS cluster should in a Creating state.
It can take up to 20 minutes or so for the cluster to be created.
That we utilized a Kubernetes-native approach to provisioning the above infrastructure is immensely powerful.
If you're a dev, you don't need to learn a new technology stack to gain insight and understanding on how to provision the compute resources you need to deploy your workloads.
Closing Notes¶
Here's a github gist for doing the above in Terraform: https://gist.github.com/zparnold/dba28e5022e8c029919e0be3c38c64cc
Although the underlying actions are identical, the implementation is not as self-service oriented as with CrossPlane.
Here's why in a nutshell:
- CrossPlane leverages Kubernetes, which ships with RBAC
- Kubernetes has a rich ecosystem of custom resources, integrations, tooling, etc
which all play nice with CrossPlane, because it's a Kubernetes add-on after all
The only downside I see so far is that it's not as widely known as tools like Terraform, and so there are not as many examples on the internet hive mind as one would like.
Still, I am increasingly seeing documentation available from AWS official sources, so I believe it's only a matter of time before CrossPlane really takes off.