Deploy AWS Resources using Crossplane on Kubernetes
Deploy AWS resources on Kubernetes with Helm and Crossplane. Step-by-step guide to configure the AWS provider and create a S3 bucket.
Arthur Azrieli
September 16, 2024
12
min read
In this article we will be talking about Crossplane as an Infrastructure as Code (IaC) tool that is running on Kubernetes, why should we use it and how you configure AWS provider to start creating resources, we will be going through a full step by step example for you to be able to create your first resource with Crossplane
Who is this article for?
DevOps engineers interested in learning another IaC tool
Developers that want to take more Ops responsibility and provision their own infrastructure
Engineering managers that are looking to implement an IaC tool in their company/startup
Why am I writing this?
I had some discussions with engineers that had some trouble to get started with Crossplane, it may be a little less straightforward than a well established tool like Terraform, some documentation isn’t precise for different use cases and providers and even ChatGPT’s code doesn’t seem to work at times. And here I am saving the day to make your life easier by giving you a step by step guide where you install and configure everything and deploy your first AWS resource using Crossplane.
Why should you even use Crossplane then?
There are certain use cases where Crossplane provides very powerful capabilities being able to create both applications and cloud resources, those can be used for ephemeral environments for example or for having a SaaS company provide full environments that could be self created by a tenant. Those environments could be created by just applying a Kubernetes manifest which is much simpler than starting to run traditional IaC plan and apply commands.
creds file AWS credentials - should be filled with your own AWS credentials
crossplane-provider-conf file Uses the creds file to create a Crossplane ProviderConfig (separated into a different file because it takes time for this resource to be ready)
crossplane-provider-bootstrap file Creates the Crossplane AWS Provider, which enables creating AWS resources using Crossplane (and its dependencies): ServiceAccount, DeploymentRuntimeConfig, Provider, ClusterRole & ClusterRoleBindings
bucket-definitions & bucket-crd files The Kubernetes Crossplane manifests that create a CompositeResourceDefinition and a Composition resource, which together define how to create a S3 Bucket (like a Terraform Module would). Note: The Composition resource relies on the CompositeResourceDefinition.
bucket-example file The Kubernetes Crossplane manifest we’ll apply at the end to create a S3 bucket using Crossplane
Deploy Crossplane
1. Fill the creds file with your AWS access keys
Get your AWS IAM User (not an SSO user as it requires a token to work) access keys and fill them in the credentials file
NOTE: for production usage, please create a Crossplane IAM user and use its access keys, or preferably use something like IRSA
2. Deploy the Crossplane Helm Chart
Add the Helm repository from which the Crossplane Helm Charts will be fetched
kubectl get secret aws-credentials -n crossplane-system
You should see the aws-credentials secret:
5. Deploy the Crossplane AWS Provider
Creating a Crossplane AWS Provider requires creating a bunch of resources: ServiceAccount, DeploymentRuntimeConfig, Provider, ClusterRole & ClusterRoleBindings, and ProviderConfig
The reason for dividing it into 2 phases is that the creation of the ProviderConfig fails if we attempt to create it before the first set of Provider resources and dependencies is ready.
Create the Provider Kubernetes resources using the bootstrap YAML file:
By clicking "Ok, got it", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Privacy Policy for more information.