Skip to content

Latest commit

 

History

History
310 lines (241 loc) · 9.62 KB

README.md

File metadata and controls

310 lines (241 loc) · 9.62 KB

Crossplane Demo

Regenerate Certs (Optional)

./registry/certs/generateCerts.sh

Create k3d Cluster

sudo k3d cluster create crossplane-demo \
--volume "$(pwd)/registry/registries.yaml:/etc/rancher/k3s/registries.yaml" \
--volume "$(pwd)/registry/certs/self-signed-ca.crt:/etc/ssl/certs/self-signed-ca.crt" \
-p "80:80@loadbalancer" \
-p "443:443@loadbalancer" \
-p "7233:7233@loadbalancer"

sudo k3d kubeconfig merge crossplane-demo --kubeconfig-switch-context -o ~/.kube/config

USERNAME=$(whoami) && sudo chown ${USERNAME}:${USERNAME} ~/.kube/config 

DNS

Many Linux distributions ships with NSS-myhostname, which resolves *.localhost

If not install nss-myhostname

sudo apt install libnss-myhostname

If not possbile you have to add /etc/hots entries pointing to 127.0.0.1 manually

Selfhosted Registry

We can not utilize K3d's build-in registry (--create-registry), because we need SSL. Furthermore we can also not use build-in image upload mechanism (k3d image import), because crossplane needs an OCI compatible registry to pull from.

Start selfhosted registry

sudo docker-compose up -d [--build]

Connect Cluster to selfhosted registry

sudo docker network connect k3d-crossplane-demo registry.k3d.localhost

Get Ip of Registry

sudo docker inspect registry.k3d.localhost | jq -r '.[0].NetworkSettings.Networks."k3d-crossplane-demo".IPAddress'

Modify coredns configmap in data.NodeHosts

kubectl edit cm -n kube-system coredns

by adding entry:

<IpOfRegistry> registry.k3d.localhost

restart codedns pod

export POD=$(kubectl get pods --no-headers -o custom-columns=':metadata.name' -n kube-system | grep coredns | cat); kubectl delete pod -n kube-system  $POD

Crossplane

https://docs.crossplane.io/latest/software/install/

Install via Helm

helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane \
--namespace crossplane-system \
--create-namespace crossplane-stable/crossplane \
--set registryCaBundleConfig.name=ca-bundle-config,registryCaBundleConfig.key=ca-bundle

Create configmap to trust private registry with selfsigned cert

kubectl -n crossplane-system create cm ca-bundle-config \
--from-file=ca-bundle=./registry/certs/self-signed-ca.crt

Crossplane UI

Install via Helm

helm repo add komodorio https://helm-charts.komodor.io 
helm repo update  
helm install komoplane komodorio/komoplane \
--set "ingress.enabled=true,ingress.hosts[0].host=komoplane.k8s.localhost,ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=ImplementationSpecific"

Crossplane UI URL: http://komoplane.k8s.localhost/

Testing with Grafana

Install Grafana via Helm

https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md

helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
helm install my-release grafana/grafana --set "adminUser=admin,adminPassword=password,ingress.enabled=true,ingress.hosts[0]=grafana.k8s.localhost"

Install Crossplane Grafana Provider

Grafana Provider was generated by upjet.

Therefore Provider configuration (Kind:ProviderConfig.spec.credentials) can be inferred by: https://registry.terraform.io/providers/grafana/grafana/latest/docs#schema

kubectl apply -f ./k8s/crossplane/grafana

Check

Grafana URL: http://grafana.k8s.localhost/

Testing with Temporal

Install Temporal via Helm

git clone https://github.com/temporalio/helm-charts
cd helm-charts

helm dependencies update

helm install --set "server.replicaCount=1,cassandra.config.cluster_size=1,prometheus.enabled=false,grafana.enabled=false,elasticsearch.enabled=false,web.ingress.enabled=true,web.ingress.hosts[0]=temporal.k8s.localhost,server.frontend.service.type=LoadBalancer" temporaltest . --timeout 15m

Build Crossplane Temporal Provider

git clone https://github.com/denniskniep/provider-temporal.git
make build

copy output from /provider-temporal/_output/xpkg/linux_amd64/*.xpkg to /crossplane-demo/registry/files/temporal/

rm -r registry/files/temporal; \
mkdir registry/files/temporal; \
cp ../provider-temporal/_output/version registry/files/temporal/; \
cat ../provider-temporal/_output/version | xargs -i cp ../provider-temporal/_output/xpkg/linux_amd64/provider-temporal-{}.xpkg registry/files/temporal/

Push *.xpkg file

Build container with crossplane cli

sudo docker build -t "crossplane-cli:latest" -f ./registry/Dockerfile.crossplane-cli ./registry

Start container with crossplane cli + trusted self signed cert and push files to OCI registry (The file was built with make build in source repo)

sudo docker run --rm -it --net=host -v $(pwd)/registry/files:/files crossplane-cli:latest bash -c 'cd /files/temporal; ls *.xpkg | xargs -i crossplane xpkg push -f /files/temporal/{} registry.k3d.localhost:5000/provider-temporal:{}'

Update temporal-provider k8s manifest

export PROVIDER_VERSION=provider-temporal-$(cat registry/files/temporal/version).xpkg; envsubst < k8s/crossplane/temporal/01-temporal-provider.template > k8s/crossplane/temporal/01-temporal-provider.yaml

Install Crossplane Temporal Provider

kubectl apply -f ./k8s/crossplane/temporal

Check

Temporal URL: http://temporal.k8s.localhost/namespaces

Query namespaces with CLI

temporal operator namespace list --address temporal.k8s.localhost:7233

Testing with SpringCloudDataFlow

Install SpringCloudDataFlow via Helm

helm install my-release oci://registry-1.docker.io/bitnamicharts/spring-cloud-dataflow \
--set "server.ingress.enabled=true,server.ingress.hostname=dataflow.k8s.localhost,mariadb.auth.rootPassword=SFioe7qrpD,rabbitmq.auth.password=gBxF0iFMJkX9QKL5,rabbitmq.auth.erlangCookie=VsNZEwFWPas5A9Un1EEUgqiDZ2goHVw2"

Build Crossplane SpringCloudDataFlow Provider

git clone https://github.com/denniskniep/provider-spring-cloud-dataflow.git
make build

copy output from /provider-spring-cloud-dataflow/_output/xpkg/linux_amd64/*.xpkg to /crossplane-demo/registry/files/dataflow

rm -r registry/files/dataflow; \
mkdir registry/files/dataflow; \
cp ../provider-spring-cloud-dataflow/_output/version registry/files/dataflow/; \
cat ../provider-spring-cloud-dataflow/_output/version | xargs -i cp ../provider-spring-cloud-dataflow/_output/xpkg/linux_amd64/provider-springclouddataflow-{}.xpkg registry/files/dataflow/

Push *.xpkg file

Build container with crossplane cli

sudo docker build -t "crossplane-cli:latest" -f ./registry/Dockerfile.crossplane-cli ./registry

Start container with crossplane cli + trusted self signed cert and push files to OCI registry (The file was built with make build in source repo)

sudo docker run --rm -it --net=host -v $(pwd)/registry/files:/files crossplane-cli:latest bash -c 'cd /files/dataflow; ls *.xpkg | xargs -i crossplane xpkg push -f /files/dataflow/{} registry.k3d.localhost:5000/provider-springclouddataflow:{}'

Update dataflow-provider k8s manifest

export PROVIDER_VERSION=provider-springclouddataflow-$(cat registry/files/dataflow/version).xpkg; envsubst < k8s/crossplane/dataflow/01-dataflow-provider.template > k8s/crossplane/dataflow/01-dataflow-provider.yaml

Install Crossplane DataFlow Provider

kubectl apply -f ./k8s/crossplane/dataflow

Check

Dataflow URL: http://dataflow.k8s.localhost/dashboard

Testing with Keycloak

Install Keycloak via Helm

helm repo add codecentric https://codecentric.github.io/helm-charts

cat << EOF > values.yaml
command:
  - "/opt/keycloak/bin/kc.sh"
  - "start"
  - "--http-enabled=true"
  - "--http-port=8080"
  - "--hostname-strict=false"
  - "--hostname-strict-https=false"
extraEnv: |
  - name: KEYCLOAK_ADMIN
    value: admin
  - name: KEYCLOAK_ADMIN_PASSWORD
    value: admin
  - name: JAVA_OPTS_APPEND
    value: >-
      -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
ingress:
  enabled: true
  rules:
    - host: keycloak.k8s.localhost
      paths:
      - path: "/"
        pathType: "Prefix"
  tls:
    - hosts:
        - keycloak.k8s.localhost
EOF

helm install keycloak codecentric/keycloakx --values ./values.yaml

Build Keycloak Provider

git clone https://github.com/denniskniep/provider-keycloak
make build

copy output from /provider-keycloak/_output/xpkg/linux_amd64/*.xpkg to /crossplane-demo/registry/files/keycloak

rm -r registry/files/keycloak; \
mkdir registry/files/keycloak; \
cp ../provider-keycloak/_output/version registry/files/keycloak/; \
cat ../provider-keycloak/_output/version | xargs -i cp ../provider-keycloak/_output/xpkg/linux_amd64/provider-keycloak-{}.xpkg registry/files/keycloak/

Push *.xpkg file

Build container with crossplane cli

sudo docker build -t "crossplane-cli:latest" -f ./registry/Dockerfile.crossplane-cli ./registry

Start container with crossplane cli + trusted self signed cert and push files to OCI registry (The file was built with make build in source repo)

sudo docker run --rm -it --net=host -v $(pwd)/registry/files:/files crossplane-cli:latest bash -c 'cd /files/keycloak; ls *.xpkg | xargs -i crossplane xpkg push -f /files/keycloak/{} registry.k3d.localhost:5000/provider-keycloak:{}'

Update keycloak-provider k8s manifest

export PROVIDER_VERSION=provider-keycloak-$(cat registry/files/keycloak/version).xpkg; envsubst < k8s/crossplane/keycloak/01-keycloak-provider.template > k8s/crossplane/keycloak/01-keycloak-provider.yaml

Install Keycloak Provider

kubectl apply -f ./k8s/crossplane/keycloak

Check

keycloak URL: http://keycloak.k8s.localhost/auth