-
-
Save vfarcic/f0d35ef2260208b15ddd390007fdd552 to your computer and use it in GitHub Desktop.
| # Source: https://gist.github.com/f0d35ef2260208b15ddd390007fdd552 | |
| ###################################################################### | |
| # Production-Ready Kubernetes Clusters Using Crossplane Compositions # | |
| # https://youtu.be/uMC2QQfMctg # | |
| ###################################################################### | |
| # Referenced videos: | |
| # - Crossplane - GitOps-based Infrastructure as Code through Kubernetes API: https://youtu.be/n8KjVmuHm7A | |
| # - How To Shift Left Infrastructure Management Using Crossplane Composites: https://youtu.be/AtbS1u2j7po | |
| ################# | |
| # Setup Cluster # | |
| ################# | |
| # Watch https://youtu.be/BII6ZY2Rnlc if you are not familiar with GitHub CLI | |
| gh repo fork vfarcic/devops-toolkit-crossplane \ | |
| --clone | |
| cd devops-toolkit-crossplane | |
| # Using Rancher Desktop for the demo, but it can be any other Kubernetes cluster with Ingress | |
| # If not using Rancher Desktop, replace `127.0.0.1` with the base host accessible through NGINX Ingress | |
| export INGRESS_HOST=127.0.0.1 | |
| kubectl create namespace crossplane-system | |
| kubectl create namespace a-team | |
| ############# | |
| # Setup AWS # | |
| ############# | |
| # Replace `[...]` with your access key ID` | |
| export AWS_ACCESS_KEY_ID=[...] | |
| # Replace `[...]` with your secret access key | |
| export AWS_SECRET_ACCESS_KEY=[...] | |
| echo "[default] | |
| aws_access_key_id = $AWS_ACCESS_KEY_ID | |
| aws_secret_access_key = $AWS_SECRET_ACCESS_KEY | |
| " >aws-creds.conf | |
| kubectl --namespace crossplane-system \ | |
| create secret generic aws-creds \ | |
| --from-file creds=./aws-creds.conf | |
| #################### | |
| # Setup Crossplane # | |
| #################### | |
| helm repo add crossplane-stable \ | |
| https://charts.crossplane.io/stable | |
| helm repo update | |
| helm upgrade --install crossplane crossplane-stable/crossplane \ | |
| --namespace crossplane-system --create-namespace --wait | |
| kubectl apply \ | |
| --filename crossplane-config/provider-kubernetes.yaml | |
| kubectl apply \ | |
| --filename crossplane-config/provider-helm.yaml | |
| kubectl apply \ | |
| --filename crossplane-config/config-k8s.yaml | |
| kubectl get pkgrev | |
| # Wait until all packages are healthy | |
| kubectl apply \ | |
| --filename crossplane-config/provider-config-aws-official.yaml | |
| ############################# | |
| # Production-Ready Clusters # | |
| ############################# | |
| cat examples/k8s/aws-eks-official.yaml | |
| kubectl --namespace a-team apply \ | |
| --filename examples/k8s/aws-eks-official.yaml | |
| kubectl --namespace a-team get clusterclaims | |
| kubectl get managed,releases,objects | |
| cat packages/k8s/definition.yaml | |
| cat packages/k8s/eks-official.yaml | |
| kubectl get managed,releases,objects | |
| kubectl --namespace a-team \ | |
| get secret a-team-eks-cluster \ | |
| --output jsonpath="{.data.kubeconfig}" \ | |
| | base64 -d >kubeconfig.yaml | |
| cat kubeconfig.yaml | |
| export KUBECONFIG=$PWD/kubeconfig.yaml | |
| kubectl get namespaces | |
| cat examples/k8s/aws-eks.yaml | |
| ########### | |
| # Destroy # | |
| ########### | |
| unset KUBECONFIG | |
| kubectl --namespace a-team delete \ | |
| --filename examples/k8s/aws-eks-official.yaml | |
| kubectl get managed | |
| # Repeat the previous command until all the managed resources | |
| # are removed (ignore `object` and `release` resources`) | |
| # Destroy or reset the management cluster | |
| # Destroy the GitOps repo |
I'm not sure how to do it. I remember that, in the past, I was generating EKS Kube config that does not require aws CLI but I don't remember anymore how I did it and since I moved to Crossplane, I've been using it to generate other clusters so I haven't faced that issue in a long while.
Unfortunately, I don't have time to try it out myself today and then I'll be traveling for 4-5 weeks and probably won't be in front of a computer (except for work). If Google-ing does not work, try creating a small EKS cluster with Crossplane. That will result in a Secret with Kube config. You might be able to reconstruct it from there.
I followed the instructions and clusterclaims is: Synced: true but Ready: false
seeing this:
Warning SelectComposition 47s (x10 over 4m48s) defined/compositeresourcedefinition.apiextensions.crossplane.io cannot select Composition: no compatible Compositions found
Nothing is being deployed, as i would expect, like vpc, subnets, etc and then cluster
@jecausey I made quite a few changes (improvements) in that repo since I created this Gist and one of those broke the demo. I just updated the Gist. It should work now.
@vfarcic Thank you!!! Totally working now!
@vfarcic I also tried to create a sa and a kubernetes.io/service-account-token, but this also didnt work 😢
I cannot create client certificate as well, cos EKS currently does not support Kubelet client auth
Not sure what else to try 😞