Integration with Crossplane
Crossplane
To create a Yandex Compute Cloud VM using the Crossplane application installed in a Kubernetes cluster:
If you no longer need the resources you created, delete them.
Prepare your cloud
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
Install the
jq
JSON stream processor .
Create Managed Service for Kubernetes resources
-
Create a Kubernetes cluster and a group of nodes.
ManuallyTerraform-
If you do not have a network yet, create one.
-
If you do not have any subnets yet, create them in the availability zones where your Kubernetes cluster and node group will be created.
-
- Service account with the
k8s.clusters.agent
andvpc.publicAdmin
roles for the folder where the Kubernetes cluster is created. This service account will be used to create the resources required for the Kubernetes cluster. - Service account with the container-registry.images.puller role. Nodes will pull the required Docker images from the registry on behalf of this account.
Tip
You can use the same service account to manage your Kubernetes cluster and its node groups.
- Service account with the
-
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Kubernetes cluster and a node group in any suitable configuration. When creating them, specify the security groups prepared earlier.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the k8s-cluster.tf
cluster configuration file to the same working directory. The file describes:-
Kubernetes cluster.
-
Service account required to use the Managed Service for Kubernetes cluster and node group.
-
Security groups which contain rules required for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Specify the following in the configuration file:
- Folder ID.
- Kubernetes version for the Kubernetes cluster and node groups.
- Kubernetes cluster CIDR.
- Name of the Managed Service for Kubernetes cluster service account.
-
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
-
-
Install kubectl
and configure it to work with the created cluster. -
Set up a NAT gateway for the Kubernetes cluster node subnet.
Create resources using Crossplane
-
Create a Crossplane
providerconfig.yml
manifest:apiVersion: yandex-cloud.jet.crossplane.io/v1alpha1 kind: ProviderConfig metadata: name: yc-config spec: credentials: source: Secret secretRef: name: yc-creds namespace: <namespace_for_Crossplane> key: credentials
-
Create a template manifest
vm-instance-template.yml
with a description of the network, subnet, andcrossplane-vm
instance created using Crossplane:apiVersion: vpc.yandex-cloud.jet.crossplane.io/v1alpha1 kind: Network metadata: name: <NET_NAME> annotations: crossplane.io/external-name: <NET_ID> spec: deletionPolicy: Orphan forProvider: name: <NET_NAME> folderId: <FOLDER_ID> --- apiVersion: vpc.yandex-cloud.jet.crossplane.io/v1alpha1 kind: Subnet metadata: name: <SUBNET_NAME> annotations: crossplane.io/external-name: <SUBNET_ID> spec: deletionPolicy: Orphan forProvider: name: <SUBNET_NAME> networkIdRef: name: <NET_NAME> v4CidrBlocks: - <SUBNET_PREFIX> zone: <ZONE_ID> folderId: <FOLDER_ID> --- apiVersion: compute.yandex-cloud.jet.crossplane.io/v1alpha1 kind: Instance metadata: name: <VM_NAME> spec: forProvider: name: <VM_NAME> platformId: standard-v2 zone: <ZONE_ID> resources: - cores: 2 memory: 4 bootDisk: - initializeParams: # LEMP stack # yc compute image get --folder-id standard-images --name=lemp-v20220606 --format=json | jq -r .id - imageId: <IMAGE_ID> networkInterface: - subnetIdRef: name: <SUBNET_NAME> folderId: <FOLDER_ID>
Where:
ZONE_ID
: Availability zone.VM_NAME
: Name of the VM to be created using Crossplane tools.NET_NAME
: Name of the Kubernetes cluster cloud network.SUBNET_NAME
: Name of the Kubernetes cluster node subnet.SUBNET_ID
: Subnet ID.NET_ID
: Network ID.SUBNET_PREFIX
: Subnet CIDR.FOLDER_ID
: Folder ID.IMAGE_ID
: ID of the VM's boot image. You can fetch it with a list of images. This example uses the LEMP image.
-
Apply the
providerconfig.yml
manifest:kubectl apply -f providerconfig.yml
-
Apply the
vm-instance.yml
manifest:kubectl apply -f vm-instance.yml
-
Check the state of the created resources:
kubectl get network kubectl get subnet kubectl get instance
-
Make sure the created
crossplane-vm
instance is now in the folder:yc compute instance list
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
-
Delete the
crossplane-vm
instance:kubectl delete instance crossplane-vm
-
Delete the other resources:
ManuallyTerraform-
In the command line, go to the directory with the current Terraform configuration file with an infrastructure plan.
-
Delete the
k8s-cluster.tf
configuration file. -
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the resources described in the
k8s-cluster.tf
configuration file will be deleted. -
-