Kubernetes is viewed as one of the great equalizers between development and operations teams. Simply write a manifest and the declarative power of Kubernetes is off to fulfill your desired state. Kubernetes is certainly pluggable and has the ability to be extended / opinions being swapped internally. As any IT organization can tell you, even with Kubernetes there is a lot of integration work, and several parts of the stack such as IaC have been left outside of Kubernetes.
A control plane provides management and orchestration across environments. For operations teams, this could be a central spot to manage and administer integrations and configurations. Crossplane aims to be a Kubernetes-based control plane for your organization. Simply put, allowing a Kubernetes approach for integration and abstraction of different tools. Author a Crossplane abstraction of the tool of your choice and Crossplane can execute and manage the abstraction through Kubernetes commands and objects.
Similar to the Terraform approach, Shipa and Crossplane can be integrated [abstracted] together. Crossplane can create all of the necessary objects that are needed for Shipa Cloud to be wired into additional Kubernetes clusters. Even if this is your first time using one or both of these platforms, this example is geared towards you.
Getting Started with Crossplane
Crossplane does require a Kubernetes cluster to get started. An easy way to create a cluster is with k3d to leverage as the Crossplane installation. If you do not have k3d, you can use Homebrew to install k3d.
k3d cluster create crossplanehost -i rancher/k3s:v1.21.5-k3s2-amd64 --port 8080:80@loadbalancer --port 8443:443@loadbalancer --api-port 127.0.0.1:6443
The next step will be to install Crossplane which can be done via Helm.
#Crossplane Helm kubectl create namespace crossplane-system helm repo add crossplane-stable https://charts.crossplane.io/stable helm repo update helm install crossplane --namespace crossplane-system crossplane-stable/crossplane
Once installed can validate Crossplane is up and running.
kubectl get all -n crossplane-system
With Crossplane, you will be leveraging kubectl a good bit, so make sure if you need to create additional clusters, etc, can switch between the kubeconfig’s. Now you are ready for the Shipa pieces.
Wiring Crossplane to Shipa
The first item that will be needed is a Shipa or Shipa Cloud Account. Then will be wiring in three Kubernetes objects to wire Shipa to Crossplane. Assuming you are using the free tier of Shipa Cloud, wiring the Shipa CLI to Shipa Cloud will allow you to have access to the authentication token needed.
curl -s https://storage.googleapis.com/shipa-client/install.sh | bash shipa target add shipa-cloud target.shipa.cloud --set-current shipa login shipa version
Next grab your Authentication Token via the Shipa CLI and save it for wiring into a Crossplane Manifest.
shipa token show
There will be three Kubernetes objects that will need to be installed into Crossplane; crossplane-provider-shipa.yaml, crossplane-secret.yaml, and crossplane-shipa-config.yaml.
The YAML’s are available in the Shipa Crossplane Provider Documentation. Each will need to be applied.
crossplane-provider-shipa.yaml:
crossplane-secret.yaml [wire in your token]:
crossplane-shipa-config.yaml:
Apply all three manifests.
kubectl apply -f crossplane-provider-shipa.yaml kubectl apply -f crossplane-secret.yaml kubectl apply -f crossplane-shipa-config.yaml
Now you are ready to create Shipa resources with Crossplane and deploy an application.
Shipa Required Resouces with Crossplane
Shipa will require three objects to be created to deploy an application. A Shipa Framework, Cluster, and Application. Crossplane then can execute on the three Shipa objects and your application will be deployed. Potentially for an example, you could deploy Crossplane and Shipa into the same Kubernetes cluster, but making this slightly more operational is having the Crossplane installation and a cluster under Shipa’s control being separate.
Framework
A Framework in Shipa is configuring Shipa’s policy engine e.g a logical grouping of rules applied to an application. We can create a basic Crossplane Shipa Framework manifest and then apply the manifest. Here is a GitHub Gist of the minimum Framework object.
Then apply the Framework manifest.
kubectl apply -f crossplane-shipa-framework.yaml
You can validate in the Shipa Cloud UI that the Framework has been created.
Shipa Cloud -> Frameworks
With the Framework out of the way, now it is time to bind a Kubernetes cluster to Shipa.
Cluster
Wiring a Kubernetes cluster to Shipa is straightforward. You will need three items to wire a Kubernetes cluster to Shipa; the Kubernetes API endpoint, admin token, and a certificate.
The first item would be to switch to your target Kubernetes cluster and install the service account.
kubectl config get-contexts kubectl config use-context Some-Shipa-Deployment-Cluster kubectl apply -f shipa-admin-service-account.yaml
The next items will be getting the Kubernetes API endpoint and the token then the CA Cert and then will wire up in a Crossplane Shipa manifest to represent the Cluster.
To get the Kubernetes API endpoint:
kubectl cluster-info | grep 'Kubernetes' | awk '/http/ {print $NF}'
To get the admin token:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}')
To get the CA Certificate:
kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{.data.ca.crt}' | base64 --decode
With these items out of the way, you can now wire up the Crossplane Shipa Cluster manifest. As a resource, will name the Framework that was created in the previous step [cp-dev]. Here is a GitHub Gist of the minimum Cluster object.
Apply the manifest back in the Crossplane cluster and validate in the UI the Shipa Cluster is wired.
kubectl config get-contexts kubectl config use-context Crossplane-Cluster kubectl apply -f crossplane-shipa-cluster.yaml
Shipa Cloud -> Clusters
Now you are ready to deploy an application with Shipa.
Your First Shipa Deployment with Crossplane
Rounding out the example would be to deploy an application with Shipa. To accomplish this in Crossplane will require two objects, the Shipa Application itself and a deployment object to kick off the deployment.
Application
Can leverage Crossplane to create an Application object. For example, we will be deploying WordPress. Here is a GitHub Gist of the minimum Application. If using Shipa Cloud, you can wire the Team to the default Team that is created when you sign up [shipa-team] and wire to the Framework that was created in the example [cp-dev]. Here is a GitHub Gist of a minimum Application object
Apply the manifest in Crossplane and validate in the UI it has been created.
kubectl apply -f crossplane-shipa-application.yaml
Shipa Cloud -> Applications
Lastly, you are now ready to deploy WordPress.
Deployment Object
Currently with the Crossplane integration will require a deployment object. Can wire in the name of the Application created [wordpress] and the image [docker.io/wordpress] to deploy. Here is a GitHub Gist of a minimum Deployment object.
Apply the manifest and validate in the UI the application has been deployed.
kubectl apply -f crossplane-shipa-deployment.yaml
Shipa Cloud -> Applications -> wordpress -> Application Map
Lastly, you can click on the Endpoint and validate that WordPress is up and running.
WordPress
Congratulations on running through the example!
Crossplane and Shipa, Better Together
Crossplane is representing a Kubernetes-centric approach in how resources outside of Kubernetes are managed and integrated. Combining the developer experience and engineering efficiency of Shipa with a new paradigm of a Kubernetes control plane with Crossplane, there is a lot of the art of the possible. We have an upcoming webinar showing off the two technologies, so make sure to catch the webinar live or on-demand.
