Using Crossplane in GitOps: Bootstrap

Why Crossplane?

  • Since Crossplane is designed to assemble infrastructure from multiple vendors, it makes it a lot easier to practice GitOps for application deployment across different vendors, typically public cloud vendors such as Amazon AWS, Google Cloud, Azure, IBM Cloud, etc. in a consistent manner.
  • With the help of its powerful composition engine, Crossplane allows people to compose different modules from infrastructure, service, to application as needed in a declarative way, where we can check these declarative descriptions into git for GitOps tools to pick up easily.
  • Crossplane allows people to extend its capabilities using Provider that can interact with different backends. There is a large amount of providers available in community and it is still actively evolving. By using variant providers, we can turn many different backends into something that are Kubernetes friendly, so that the desired state can be described using Kubernetes custom resource, then check into git and driven by GitOps tools.

Bootstrap: Deploy Crossplane

---
apiVersion: v1
kind: Namespace
metadata:
name: crossplane-system
spec:
finalizers:
- kubernetes
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: crossplane-app
namespace: argocd
spec:
destination:
namespace: crossplane-system
server: https://kubernetes.default.svc
project: default
source:
repoURL: https://charts.crossplane.io/stable
chart: crossplane
targetRevision: 1.4.1
syncPolicy:
automated:
prune: true
selfHeal: true
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: capabilities-shim
spec:
ignoreCrossplaneConstraints: false
package: quay.io/moyingbj/capabilities-shim:v0.0.1
packagePullPolicy: IfNotPresent
revisionActivationPolicy: Automatic
revisionHistoryLimit: 0
skipDependencyResolution: false

Setup ProviderConfig

apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: provider-config-dev
spec:
credentials:
source: Secret
secretRef:
namespace: dev
name: cluster-config
key: kubeconfig
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sealed-secrets-controller
namespace: argocd
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: default
source:
repoURL: https://bitnami-labs.github.io/sealed-secrets
targetRevision: 1.16.1
chart: sealed-secrets
helm:
values: |-
# https://github.com/argoproj/argo-cd/issues/5991
commandArgs:
- "--update-status"
syncPolicy:
automated:
prune: true
selfHeal: true
kubectl create secret generic cluster-config --from-literal=kubeconfig="`cat path/to/your/kubeconfig`" --dry-run -o yaml > cluster-config.yamlkubeseal -n dev --controller-namespace argocd < cluster-config.yaml > cluster-config.json

--

--

--

Life is coding and writing! I am a software engineer who have been in IT field for 10+ years. I would love to write beautiful code and story for people.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Choose the Right SaaS Management Tool?

Saas Management Tools

Database Migrations

NPK GUILD CONTEST CAMPAIGN

Journey into the machine: Signals

Google Summer of Code

Overview of Caching, Distributed Cache, Caching Patterns & Techniques

How I anti the user who have multiple accounts to fraud, spam, cheating trial subscription.

How mazes took over my life — Part 2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MorningSpace

MorningSpace

Life is coding and writing! I am a software engineer who have been in IT field for 10+ years. I would love to write beautiful code and story for people.

More from Medium

Argo CD Basics— CNCF Roadmap

Demystifying GitOps - Intro

Argo CD Deals With Our First Zero-Day CVE

Helm 3.8.0 — OCI Registry Support