Shipa Blog

Latest updates on our products, plus helpful articles relating to Kubernetes, container security, microservices and more

Crossplane and Shipa 101 – Your First Crossplane Abstraction

Kubernetes is viewed as one of the great equalizers between development and operations teams. Simply write a manifest and the declarative power of Kubernetes is off to fulfill your desired state. Kubernetes is certainly pluggable and has the ability to be extended / opinions being swapped internally. As any IT organization can tell you, even with Kubernetes there is a lot of integration work, and several parts of the stack such as IaC have been left outside of Kubernetes. 

A control plane provides management and orchestration across environments. For operations teams, this could be a central spot to manage and administer integrations and configurations. Crossplane aims to be a Kubernetes-based control plane for your organization. Simply put, allowing a Kubernetes approach for integration and abstraction of different tools. Author a Crossplane abstraction of the tool of your choice and Crossplane can execute and manage the abstraction through Kubernetes commands and objects. 

Similar to the Terraform approach, Shipa and Crossplane can be integrated [abstracted] together. Crossplane can create all of the necessary objects that are needed for Shipa Cloud to be wired into additional Kubernetes clusters. Even if this is your first time using one or both of these platforms, this example is geared towards you. 

Getting Started with Crossplane  

Crossplane does require a Kubernetes cluster to get started. An easy way to create a cluster is with k3d to leverage as the Crossplane installation. If you do not have k3d, you can use Homebrew to install k3d

k3d cluster create crossplanehost -i rancher/k3s:v1.21.5-k3s2-amd64
--port 8080:80@loadbalancer \
--port 8443:443@loadbalancer \
Crossplane K3d Create

The next step will be to install Crossplane which can be done via Helm. 

#Crossplane Helm
kubectl create namespace crossplane-system
helm repo add crossplane-stable
helm repo update
helm install crossplane --namespace crossplane-system crossplane-stable/crossplane
Crossplane Helm Install

Once installed can validate Crossplane is up and running.

kubectl get all -n crossplane-system
Validate Crossplane install

With Crossplane, you will be leveraging kubectl a good bit, so make sure if you need to create additional clusters, etc, can switch between the kubeconfig’s. Now you are ready for the Shipa pieces.

Wiring Crossplane to Shipa

The first item that will be needed is a Shipa or Shipa Cloud Account. Then will be wiring in three Kubernetes objects to wire Shipa to Crossplane. Assuming you are using the free tier of Shipa Cloud, wiring the Shipa CLI to Shipa Cloud will allow you to have access to the authentication token needed. 

curl -s | bash
shipa target add shipa-cloud --set-current
shipa login
shipa version
Shipa CLI Install

Next grab your Authentication Token via the Shipa CLI and save it for wiring into a Crossplane Manifest. 

shipa token show
Shipa Token Show

There will be three Kubernetes objects that will need to be installed into Crossplane; crossplane-provider-shipa.yaml, crossplane-secret.yaml, and crossplane-shipa-config.yaml.

The YAML’s are available in the Shipa Crossplane Provider Documentation. Each will need to be applied. 


Crossplane Shipa Provider

crossplane-secret.yaml [wire in your token]:

Crossplane Secret


Crossplane Shipa Config

Apply all three manifests. 

kubectl apply -f crossplane-provider-shipa.yaml
kubectl apply -f crossplane-secret.yaml
kubectl apply -f crossplane-shipa-config.yaml
Apply base Shipa Crossplane Objects

Now you are ready to create Shipa resources with Crossplane and deploy an application.

Shipa Required Resouces with Crossplane 

Shipa will require three objects to be created to deploy an application. A Shipa Framework, Cluster, and Application. Crossplane then can execute on the three Shipa objects and your application will be deployed. Potentially for an example, you could deploy Crossplane and Shipa into the same Kubernetes cluster, but making this slightly more operational is having the Crossplane installation and a cluster under Shipa’s control being separate. 


A Framework in Shipa is configuring Shipa’s policy engine e.g a logical grouping of rules applied to an application. We can create a basic Crossplane Shipa Framework manifest and then apply the manifest. Here is a GitHub Gist of the minimum Framework object. 

Crossplane Shipa Framework

Then apply the Framework manifest.

kubectl apply -f crossplane-shipa-framework.yaml
Apply Shipa Crossplane Framework

You can validate in the Shipa Cloud UI that the Framework has been created. 

Shipa Cloud -> Frameworks

Shipa Framework UI

With the Framework out of the way, now it is time to bind a Kubernetes cluster to Shipa.


Wiring a Kubernetes cluster to Shipa is straightforward. You will need three items to wire a Kubernetes cluster to Shipa; the Kubernetes API endpoint, admin token, and a certificate. 

The first item would be to switch to your target Kubernetes cluster and install the service account. 

kubectl config get-contexts
kubectl config use-context Some-Shipa-Deployment-Cluster
kubectl apply -f shipa-admin-service-account.yaml
Apply Shipa Admin Account

The next items will be getting the Kubernetes API endpoint and the token then the CA Cert and then will wire up in a Crossplane Shipa manifest to represent the Cluster. 

To get the Kubernetes API endpoint:

kubectl cluster-info | grep 'Kubernetes' | awk '/http/ {print $NF}'
Get Kubernetes API Endpoint

To get the admin token:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}')
Get Kubernetes Admin Token

To get the CA Certificate:

kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{\.crt}' | base64 --decode
Get Kubernetes CA Cert

With these items out of the way, you can now wire up the Crossplane Shipa Cluster manifest. As a resource, will name the Framework that was created in the previous step [cp-dev]. Here is a GitHub Gist of the minimum Cluster object. 

Crossplane Shipa Cluster Object

Apply the manifest back in the Crossplane cluster and validate in the UI the Shipa Cluster is wired. 

kubectl config get-contexts
kubectl config use-context Crossplane-Cluster
kubectl apply -f crossplane-shipa-cluster.yaml
Apply Shipa Cluster Object

Shipa Cloud -> Clusters

Shipa Cluster UI

Now you are ready to deploy an application with Shipa.

Your First Shipa Deployment with Crossplane

Rounding out the example would be to deploy an application with Shipa. To accomplish this in Crossplane will require two objects, the Shipa Application itself and a deployment object to kick off the deployment. 


Can leverage Crossplane to create an Application object. For example, we will be deploying WordPress. Here is a GitHub Gist of the minimum Application. If using Shipa Cloud, you can wire the Team to the default Team that is created when you sign up [shipa-team] and wire to the Framework that was created in the example [cp-dev]. Here is a GitHub Gist of a minimum Application object 

Crossplane Shipa Application Object

Apply the manifest in Crossplane and validate in the UI it has been created. 

kubectl apply -f crossplane-shipa-application.yaml

Crossplane Create Shipa Application

Shipa Cloud -> Applications

Shipa Application UI

Lastly, you are now ready to deploy WordPress. 

Deployment Object

Currently with the Crossplane integration will require a deployment object. Can wire in the name of the Application created [wordpress] and the image [] to deploy. Here is a GitHub Gist of a minimum Deployment object. 

Shipa Crossplane Deployment Object

Apply the manifest and validate in the UI the application has been deployed. 

kubectl apply -f crossplane-shipa-deployment.yaml

Crossplane Shipa Deployment

Shipa Cloud -> Applications -> wordpress -> Application Map

Shipa WordPress Application Map

Lastly, you can click on the Endpoint and validate that WordPress is up and running.

Crossplane WordPress Endpoint


Crossplane WordPress

Congratulations on running through the example!

Crossplane and Shipa, Better Together

Crossplane is representing a Kubernetes-centric approach in how resources outside of Kubernetes are managed and integrated. Combining the developer experience and engineering efficiency of Shipa with a new paradigm of a Kubernetes control plane with Crossplane, there is a lot of the art of the possible. We have an upcoming webinar showing off the two technologies, so make sure to catch the webinar live or on-demand.