Install Crossplane on AWS with the Jet provider
3 min read | by Jordi Prats
To start creating resources on AWS we can choose the AWS native provider or go with the Jet provider that uses terraform's AWS provider under the hood to generate a Crossplane provider
If we take a look at the number of CRDs exposes the native AWS provider, we have 124 on the version 0.24.1.
For the AWS Jet provider we have two versions:
- The versions with just it's number, for example 0.4.0, are the light ones, with just the most heavily used CRDs. For the 0.4.0 version there are 81 CRDs. This versions was created because some K8s versions have difficulties with managing over 700 CRDs
- The full versions have the -preview suffix, for example 0.4.0-preview. This versions contains all the XRM-conformant managed resources, being 763 CRDs for the fore mentioned 0.4.0-preview
To use the AWS Jet provider we will also need an IAM role to associate with any of the namespace's ServiceAccounts:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::123456789876:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/1B45E2E0B2D55D1E1BC9FA13D02A31CD"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
"oidc.eks.eu-west-1.amazonaws.com/id/BC91B45B2E0D1F02AD55D1EA13DE231C:sub": "system:serviceaccount:crossplane-system:*"
}
}
}
]
}
If we want to use the lightweight version we can configure it as follows:
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: jet-aws-config
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789876:role/crossplane
spec:
podSecurityContext:
fsGroup: 2000
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: jet-provider-aws
spec:
package: crossplane/provider-jet-aws:v0.4.0
controllerConfigRef:
name: jet-aws-config
---
apiVersion: aws.jet.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: jet-aws-provider
spec:
credentials:
source: InjectedIdentity
Once the provider Pods are ready we can now create the resources, for example an S3 Bucket. Please notice how the apiVersion if different depending on the provider we are using:
apiVersion: s3.aws.jet.crossplane.io/v1alpha2
kind: Bucket
metadata:
name: pet2cattle-xplane-test
spec:
providerConfigRef:
name: jet-aws-provider
forProvider:
region: 'eu-west-1'
Using kubectl describe we will be able to check for it's status. If there's some errors we might get terraform errors as well:
$ kubectl describe bucket.s3.aws.jet.crossplane.io/pet2cattle-xplane-test
Name: pet2cattle-xplane-test
Namespace:
Labels: <none>
Annotations: crossplane.io/external-create-pending: 2022-02-13T19:29:14Z
crossplane.io/external-create-succeeded: 2022-02-13T19:29:21Z
crossplane.io/external-name: pet2cattle-xplane-test
terrajet.crossplane.io/provider-meta: null
API Version: s3.aws.jet.crossplane.io/v1alpha2
Kind: Bucket
Metadata:
(...)
Spec:
Deletion Policy: Delete
For Provider:
Region: eu-west-1
Provider Config Ref:
Name: jet-aws-provider
Status:
At Provider:
Conditions:
Last Transition Time: 2022-02-13T19:29:21Z
Reason: Creating
Status: False
Type: Ready
Last Transition Time: 2022-02-13T19:29:21Z
Reason: ReconcileSuccess
Status: True
Type: Synced
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreatedExternalResource 10s managed/s3.aws.jet.crossplane.io/v1alpha2, kind=bucket Successfully requested creation of external resource
Using the AWS cli we can double check that the bucket have been successfully created:
$ aws s3 ls | grep xplane
2022-02-13 19:29:21 pet2cattle-xplane-test
Posted on 02/03/2022