Install Crossplane on AWS with the Jet provider
3 min read | by Jordi Prats
To start creating resources on AWS we can choose the AWS native provider or go with the Jet provider that uses terraform's AWS provider under the hood to generate a Crossplane provider
If we take a look at the number of CRDs exposes the native AWS provider, we have 124 on the version 0.24.1.
For the AWS Jet provider we have two versions:
- The versions with just it's number, for example 0.4.0, are the light ones, with just the most heavily used CRDs. For the 0.4.0 version there are 81 CRDs. This versions was created because some K8s versions have difficulties with managing over 700 CRDs
- The full versions have the -preview suffix, for example 0.4.0-preview. This versions contains all the XRM-conformant managed resources, being 763 CRDs for the fore mentioned 0.4.0-preview
To use the AWS Jet provider we will also need an IAM role to associate with any of the namespace's ServiceAccounts:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::123456789876:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/1B45E2E0B2D55D1E1BC9FA13D02A31CD" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringLike": { "oidc.eks.eu-west-1.amazonaws.com/id/BC91B45B2E0D1F02AD55D1EA13DE231C:sub": "system:serviceaccount:crossplane-system:*" } } } ] } If we want to use the lightweight version we can configure it as follows:
apiVersion: pkg.crossplane.io/v1alpha1 kind: ControllerConfig metadata: name: jet-aws-config annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789876:role/crossplane spec: podSecurityContext: fsGroup: 2000 --- apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: jet-provider-aws spec: package: crossplane/provider-jet-aws:v0.4.0 controllerConfigRef: name: jet-aws-config --- apiVersion: aws.jet.crossplane.io/v1alpha1 kind: ProviderConfig metadata: name: jet-aws-provider spec: credentials: source: InjectedIdentity Once the provider Pods are ready we can now create the resources, for example an S3 Bucket. Please notice how the apiVersion if different depending on the provider we are using:
apiVersion: s3.aws.jet.crossplane.io/v1alpha2 kind: Bucket metadata: name: pet2cattle-xplane-test spec: providerConfigRef: name: jet-aws-provider forProvider: region: 'eu-west-1' Using kubectl describe we will be able to check for it's status. If there's some errors we might get terraform errors as well:
$ kubectl describe bucket.s3.aws.jet.crossplane.io/pet2cattle-xplane-test Name: pet2cattle-xplane-test Namespace: Labels: <none> Annotations: crossplane.io/external-create-pending: 2022-02-13T19:29:14Z crossplane.io/external-create-succeeded: 2022-02-13T19:29:21Z crossplane.io/external-name: pet2cattle-xplane-test terrajet.crossplane.io/provider-meta: null API Version: s3.aws.jet.crossplane.io/v1alpha2 Kind: Bucket Metadata: (...) Spec: Deletion Policy: Delete For Provider: Region: eu-west-1 Provider Config Ref: Name: jet-aws-provider Status: At Provider: Conditions: Last Transition Time: 2022-02-13T19:29:21Z Reason: Creating Status: False Type: Ready Last Transition Time: 2022-02-13T19:29:21Z Reason: ReconcileSuccess Status: True Type: Synced Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CreatedExternalResource 10s managed/s3.aws.jet.crossplane.io/v1alpha2, kind=bucket Successfully requested creation of external resource Using the AWS cli we can double check that the bucket have been successfully created:
$ aws s3 ls | grep xplane 2022-02-13 19:29:21 pet2cattle-xplane-test Posted on 02/03/2022