Community post by Somtochi Onyekwere
During GitOps Days 2022 Viktor Farcic, Developer Advocate at Upbound, presented Applying GitOps to Everything with Crossplane and Flux. In this session Viktor shows you how to leverage the extensibility of Crossplane and Flux to apply GitOps not only to applications running in Kubernetes, but to everything (infrastructure, services, applications running anywhere, etc).
In the first part of the talk, Viktor gives a quick overview of what GitOps is – continuously reconciling the desired state stored in Git to the actual state. He asks an important question: “Why only applications?” GitOps is mostly used to manage and deploy an application on the cluster. But it can be so much more than that.
Kubernetes resources mostly describe a state that you want. For example deployments describe the number of instances of a container you want. The deployment controller picks up the applied resources and now creates them. The actual state is the application running inside the containers.
But the state doesn’t need to be limited to just applications running in the cluster. The actual states could be things outside of Kubernetes, and Kubernetes just serves as an intermediary between the desired states and the actual state. It could be services, databases, Kubernetes clusters etc. Since Kubernetes is extensible, you can write operators and custom resources that create things outside Kubernetes. All you need are CRDs and Operators that act on these CRDs and create real resources. Flux synchronizes the custom resources and the controller picks it up and ensures that what is defined matches what was created. GitOps can really be applied to anything.
This is where Crossplane comes in. Crossplane is an Incubating project under the CNCF that lets you define your infrastructure as YAML. It allows you to provision and manage infrastructure using the Kubernetes API. Your infrastructure is managed declaratively: you state what you want and Crossplane creates it. Of course, it comes with the added benefits of Kubernetes’ continuous reconciliation loop. Your resources aren’t just created once but the controller continuously checks that it is what you have defined. Crossplane can bundle controllers + custom resources for different providers such as GCP, AWS, and Azure. It has a component called a composite resource definition which can be an abstraction for other managed resources that Crossplane will create for you. In Farcic’s demo, he has a ClusterClaim composite resource which is composed of other resources like a Kubernetes cluster, node group, roles and role binding. You only need to define the cluster claim and Crossplane will create all the managed resources under it. Additionally, with Crossplane you can create your own providers that create resources on an external service.
“Let me display how I can use Flux to manage absolutely everything”Viktor Farcic
Flux + Crossplane
With one push to git, Farcic is able to create an EKS cluster, complete with a VPC, internet gateways, roles, role policy attachments and additional Kubernetes manifests. He creates a ClusterClaim Composite Resource Definition and pushes it to git. Flux syncs the manifests from git into the clusters and Crossplane picks it up and creates all the needed resources. It also creates a secret containing the kubeconfig of the created EKS cluster. By referencing this secret in the `spec.Kubeconfig.SecretRef` field of a Flux Kustomization, he is able to deploy the application into the created cluster without having to connect to it. He defines the YAML for the application and pushes it to git. Flux picks it up and creates the application on the cluster.
By combining Flux’s GitOps power and Crossplane’s infrastructure provisioning power, you are able to create the perfect management cluster that creates other clusters and also deploys applications to them all by pushing manifests to git. He wasn’t bluffing about managing everything!
If you’d like to watch Viktor’s talk in its entirety it’s available here:
Check out the Crossplane website and documentation, or get started on GitHub. If you have questions, or need help join the Crossplane Slack channel. To learn more about Flux, visit fluxcd.io, checkout the Flux docs or GitHub, and feel free to reach out on the CNCF Slack #flux channel (get an invite here).
Did you miss the GitOps Days conference? No worries, you can watch all sessions on-demand at the GitOps Days 2022 Playlist.