How to Provision Azure Resources using Crossplane

0_58dO-gz-jQtlmPMx.png

In our last post we have seen about Crossplane and its benefits. In this article, lets check how to provision an azure resource using Crossplane.

What is Crossplane?

Crossplane is a tool created by Upbound which has been released in December of 2018. It has been accepted as an incubating project by the CNCF (Cloud Native Computing Foundation) in 2020.

Crossplane is developed as a Kubernetes add-on and extends any Kubernetes cluster with the flexibility to provision and manage cloud infrastructure, services, and applications. Crossplane uses Kubernetes-styled declarative and API-driven configuration and management of infrastructure, on-premises or within the cloud.

Crossplane can be considered as a Kubernetes add-on, which means that it makes use of custom resources to provide all of its functionality. There are 4 kinds of resources,

Let’s go over the steps to install Crossplane on an existing Kubernetes cluster and install and configure Crossplane to provision Azure resources.

Prerequisites:

Install Crossplane

To install the Crossplane core components on the cluster using Helm, You can use separate namespace to install the Crossplane component, as below.

                # kubectl creates namespace crossplane-system
# helm repo add crossplane-stable https://charts.crossplane.io/stable
# helm repo update
# helm install crossplane --namespace crossplane crossplane-stable/crossplane
            

Verify the installation is complete by running the following commands:

                # helm list -n crossplane 
# kubectl get all -n crossplane
            

Crossplane CLI:

You can use following commands to install Crossplane CLI.

                # curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh
Move the crossplane kubectl extension to the bin
# mv kubectl-crossplane /usr/local/bin
verify that it is installed
# kubectl crossplane --help
            

Configure Azure provider

We have successfully installed the Crossplane and its CLI. Now, let’s see how we can create the resources on Azure cloud. For that we need to configure the Crossplane’s Azure provider on the cluster. Please note, before we starting configuration, we need a service principal in Azure, which will used by our Crossplane Azure provider uses to provision a resource.

Here are the commands you can use to add the create a service principle.

                # az ad sp create-for-rbac --sdk-auth --role Owner --scopes="/subscriptions/fe6d0698-7b7e-4f04-8518-de46be4cf0b6" -n "crossplane-sp-rbac" > "creds.json"
# if which jq > /dev/null 2>&1; then
  AZURE_CLIENT_ID=$(jq -r ".clientId" < "./creds.json")
else
  AZURE_CLIENT_ID=$(cat creds.json | grep clientId | cut -c 16-51)
fi
# RW_ALL_APPS=1cda74f2-2616-4834-b122-5cb1b07f8a59
# RW_DIR_DATA=78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
# AAD_GRAPH_API=00000002-0000-0000-c000-000000000000
# az ad app permission add --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --api-permissions ${RW_ALL_APPS}=Role ${RW_DIR_DATA}=Role
# az ad app permission grant --id "${AZURE_CLIENT_ID}" --api ${AAD_GRAPH_API} --expires never > /dev/null
# az ad app permission admin-consent --id "${AZURE_CLIENT_ID}"
            

For more details, please refer Crossplane documentation .

Once the service principle has been created, you need to create Kubernetes secret for azure authentication.

                # kubectl create secret generic azure-creds -n crossplane --from-file=creds=./creds.json
            

Install the Crossplane Azure provider, and supply the configuration that includes the secret that was created above for Azure authentication. Here it the file name az-provider.yaml.

                apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
 name: provider-azure
spec:
 package: "crossplane/provider-azure:master"
---
apiVersion: azure.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
 name: default
spec:
 credentials:
   source: Secret
   secretRef:
     namespace: crossplane-system
     name: azure-creds
     key: creds
            

The first manifest instructs Crossplane to download and make the Azure provider available. The second manifest creates the ProviderConfig for the Azure provider.

Apply the above manifest with kubectl:

                # kubectl apply -f az-provider.yaml -n crossplane
            

Once the manifest is applied, wait until the Azure provider installs and is in a healthy state.

                # Kubectl get Provider -n crossplane
            

Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies and get more readers

Join other developers and claim your FAUN account now!

Avatar

We are Foxutech

@foxutech
#devops #docker #github #rundeck #nagios #linux #containers #kubernetes #terraform #ansible #saltstack #security #automation #microservices #gitops #argocd #crossplane #prometheus
Stats
36

Influence

1k

Total Hits

11

Posts