crossplane resources and readme

marcel-dempers · marcel-dempers · commit e89da26fa4be · 2025-05-20T16:32:56.000+10:00
diff --git a/kubernetes/crossplane/README.md b/kubernetes/crossplane/README.md
@@ -43,6 +43,125 @@ kubectl get pods -n crossplane-system
 kubectl get deployments -n crossplane-system
 ```
 
+Once the pods are all running, we can see the `api-versions` 
+
+```
+kubectl api-versions  | grep crossplane
+```
+
+We can also see the new k8s objects that are installed with 
+
+```
+kubectl api-resources | grep crossplane
+```
+
 ## Providers 
 
-[Providers](https://docs.crossplane.io/latest/concepts/providers/)
+[Providers](https://docs.crossplane.io/latest/concepts/providers/) allow us to setup external providers that helps provision infrastructure for external services. </br>
+
+For example, our crossplane cluster may have providers for deploying Azure, AWS, GCP or any other external infrastructure </br>
+
+Furthermore, there is marketplace that hosts many providers, configurations and extensions for Crossplane called [Upbound](https://marketplace.upbound.io/providers)
+
+
+Install a Provider for a cloud provider Azure:
+
+```
+kubectl apply -f kubernetes/crossplane/provider-azure.yaml
+```
+
+Check our provider:
+
+```
+kubectl get provider
+kubectl describe provider provider-family-azure
+```
+
+## Provider Configuration
+
+Once we have a provider setup, we can configure it using a `ProviderConfig` in Kubernetes </br>
+An impotrant configuration is to tell the Crossplane Provider how to authenticate with its external service. </br>
+
+For example, when using an Azure Provider, you need an Azure Service Principal, and for AWS you may need a service account with AWS account id and key. </br>
+Each provider will have their own supported authentication methods. </br>
+
+### Create Provider credentials 
+
+```
+SUBSCRIPTION_ID=<subscription-id>
+RESOURCE_GROUP=marcel-test
+
+az account set -s $SUBSCRIPTION_ID
+az group create -n $RESOURCE_GROUP -l australiaeast
+az ad sp create-for-rbac --sdk-auth  \
+-n marcel-test \
+--role Contributor \
+--scopes "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP" > azure-credentials.json
+```
+
+### Create Prpovider Kubernetes Secret 
+
+```
+kubectl create secret \
+generic azure-secret \
+-n crossplane-system \
+--from-file=creds=./azure-credentials.json
+```
+
+### Deploy the Provider Configuration
+
+```
+kubectl apply -f kubernetes/crossplane/providerconfig-azure.yaml
+```
+
+### Create Provider Resources 
+
+```
+kubectl apply -f kubernetes/crossplane/resources/azure/resource-vnet.yaml
+
+error: resource mapping not found for name: "marcel-test-vnet" namespace: "" from "kubernetes/crossplane/resources/azure/resource-vnet.yaml": no matches for kind "VirtualNetwork" in version "network.azure.upbound.io/v1beta1"
+ensure CRDs are installed first
+
+```
+We see there is no CRD for Azure VNETs, that is because every type of resource in Azure is modularized into a separate provider, so we will need the networking provider first </br>
+
+Install the Azure Network Provider:
+
+```
+kubectl apply -f kubernetes/crossplane/provider-azure-network.yaml
+```
+
+Retry the resource creation:
+
+```
+kubectl apply -f kubernetes/crossplane/resources/azure/resource-vnet.yaml
+kubectl get virtualnetwork
+```
+
+### Deploy a Virtual Network Subnet 
+
+```
+kubectl apply -f kubernetes/crossplane/resources/azure/resource-subnet.yaml
+kubectl get subnet
+```
+
+### Deploy a Virtual Network Card 
+
+```
+kubectl apply -f kubernetes/crossplane/resources/azure/resource-networkcard.yaml
+kubectl get networkinterface
+```
+
+### Deploy a Virtual Machine 
+
+Firstly need to add the compoute provider for Azure
+
+```
+kubectl apply -f kubernetes/crossplane/provider-azure-compute.yaml
+```
+
+Deploy a Virtual Machine:
+
+```
+kubectl apply -f kubernetes/crossplane/resources/azure/resource-virtualmachine.yaml
+```
diff --git a/kubernetes/crossplane/provider-azure-compute.yaml b/kubernetes/crossplane/provider-azure-compute.yaml
@@ -0,0 +1,6 @@
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-azure-compute
+spec:
+  package: xpkg.upbound.io/upbound/provider-azure-compute:v1.12.0
diff --git a/kubernetes/crossplane/provider-azure-network.yaml b/kubernetes/crossplane/provider-azure-network.yaml
@@ -0,0 +1,6 @@
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-azure-network
+spec:
+  package: xpkg.upbound.io/upbound/provider-azure-network:v1.12.0
diff --git a/kubernetes/crossplane/provider-azure.yaml b/kubernetes/crossplane/provider-azure.yaml
@@ -1,6 +1,6 @@
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: provider-azure-network
+  name: provider-family-azure
 spec:
-  package: xpkg.crossplane.io/crossplane-contrib/provider-azure-network:v1.11.2
+  package: xpkg.upbound.io/upbound/provider-family-azure:v1.12.0
diff --git a/kubernetes/crossplane/providerconfig-azure.yaml b/kubernetes/crossplane/providerconfig-azure.yaml
@@ -0,0 +1,11 @@
+apiVersion: azure.upbound.io/v1beta1
+metadata:
+  name: default
+kind: ProviderConfig
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: azure-secret
+      key: creds
diff --git a/kubernetes/crossplane/resources/azure/resource-networkcard.yaml b/kubernetes/crossplane/resources/azure/resource-networkcard.yaml
@@ -0,0 +1,16 @@
+apiVersion: network.azure.upbound.io/v1beta1
+kind: NetworkInterface
+metadata:
+  labels:
+    app: marcel-test
+  name: marcel-test
+spec:
+  forProvider:
+    resourceGroupName: marcel-test
+    ipConfiguration:
+    - name: internal
+      privateIpAddressAllocation: Dynamic
+      subnetIdSelector:
+        matchLabels:
+          app: marcel-test
+    location: "AustraliaEast"
diff --git a/kubernetes/crossplane/resources/azure/resource-subnet.yaml b/kubernetes/crossplane/resources/azure/resource-subnet.yaml
@@ -0,0 +1,14 @@
+apiVersion: network.azure.upbound.io/v1beta2
+kind: Subnet
+metadata:
+  labels:
+    app: marcel-test
+  name: marcel-test
+spec:
+  forProvider:
+    resourceGroupName: marcel-test
+    addressPrefixes:
+    - 10.0.2.0/24
+    virtualNetworkNameSelector:
+      matchLabels:
+        app: marcel-test
diff --git a/kubernetes/crossplane/resources/azure/resource-virtualmachine.yaml b/kubernetes/crossplane/resources/azure/resource-virtualmachine.yaml
@@ -0,0 +1,26 @@
+apiVersion: compute.azure.upbound.io/v1beta2
+kind: LinuxVirtualMachine
+metadata:
+  labels:
+    app: marcel-test
+  name: marcel-test
+spec:
+  forProvider:
+    resourceGroupName: marcel-test
+    adminSshKey:
+    - publicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN
+        you@me.com
+      username: adminuser
+    adminUsername: adminuser
+    location: "AustraliaEast"
+    networkInterfaceIdsRefs:
+    - name: marcel-test
+    osDisk:
+      caching: ReadWrite
+      storageAccountType: Standard_LRS
+    size: Standard_F2
+    sourceImageReference:
+      offer: UbuntuServer
+      publisher: Canonical
+      sku: 16.04-LTS
+      version: latest
diff --git a/kubernetes/crossplane/resources/azure/resource-vnet.yaml b/kubernetes/crossplane/resources/azure/resource-vnet.yaml
@@ -0,0 +1,12 @@
+apiVersion: network.azure.upbound.io/v1beta1
+kind: VirtualNetwork
+metadata:
+  name: marcel-test-vnet
+  labels:
+    app: marcel-test
+spec:
+  forProvider:
+    addressSpace:
+      - 10.0.0.0/16
+    location: "AustraliaEast"
+    resourceGroupName: marcel-test
