Get Started With Managed Resources

On this page

This document isn't for the latest version of Crossplane.

This document applies to Crossplane version v2.0-preview and not to the latest release v1.19.

Connect Crossplane to AWS to create and manage cloud resources from Kubernetes with provider-upjet-aws.

A managed resource is anything Crossplane creates and manages outside of the control plane.

This guide creates an AWS S3 bucket with Crossplane. The S3 bucket is a managed resource.

Prerequisites

This quickstart requires:

A Kubernetes cluster with at least 2 GB of RAM
The Crossplane v2 preview installed on the Kubernetes cluster
An AWS account with permissions to create an S3 storage bucket
AWS access keys

Install the AWS provider

Install the AWS S3 provider into the Kubernetes cluster with a Kubernetes configuration file.

1apiVersion: pkg.crossplane.io/v1
2kind: Provider
3metadata:
4  name: provider-aws-s3
5spec:
6  package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.22.0-crossplane-v2-preview.0

Save this to a file called provider.yaml, then apply it with:

1kubectl apply -f provider.yaml

The Crossplane Provider installs the Kubernetes Custom Resource Definitions (CRDs) representing AWS S3 services. These CRDs allow you to create AWS resources directly inside Kubernetes.

Verify the provider installed with kubectl get providers.

1kubectl get providers
2NAME                                     INSTALLED   HEALTHY   PACKAGE                                                                                     AGE
3crossplane-contrib-provider-family-aws   True        True      xpkg.crossplane.io/crossplane-contrib/provider-family-aws:v1.22.0-crossplane-v2-preview.0   27s
4provider-aws-s3                          True        True      xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.22.0-crossplane-v2-preview.0       31s

The S3 Provider installs a second Provider, the crossplane-contrib-provider-family-aws. The family provider manages authentication to AWS across all AWS family Providers.

You can view the new CRDs with kubectl get crds. Every CRD maps to a unique AWS service Crossplane can provision and manage.

Tip

See details about all the supported CRDs in the provider examples.

Create a Kubernetes secret for AWS

The provider requires credentials to create and manage AWS resources. Providers use a Kubernetes Secret to connect the credentials to the provider.

Generate a Kubernetes Secret from your AWS key-pair and then configure the Provider to use it.

Generate an AWS key-pair file

For basic user authentication, use an AWS Access keys key-pair file.

Tip

The AWS documentation provides information on how to generate AWS Access keys.

Create a text file containing the AWS account aws_access_key_id and aws_secret_access_key.

1[default]
2aws_access_key_id = 
3aws_secret_access_key =

Save this text file as aws-credentials.txt.

Note

The Authentication section of the AWS Provider documentation describes other authentication methods.

Create a Kubernetes secret with the AWS credentials

A Kubernetes generic secret has a name and contents. Use kubectl create secret to generate the secret object named aws-secret in the crossplane-system namespace.

Use the --from-file= argument to set the value to the contents of the aws-credentials.txt file.

1kubectl create secret \
2generic aws-secret \
3-n crossplane-system \
4--from-file=creds=./aws-credentials.txt

Create a ProviderConfig

A ProviderConfig customizes the settings of the AWS Provider:

 1apiVersion: aws.upbound.io/v1beta1
 2kind: ProviderConfig
 3metadata:
 4  name: default
 5spec:
 6  credentials:
 7    source: Secret
 8    secretRef:
 9      namespace: crossplane-system
10      name: aws-secret
11      key: creds

Save this to a file called providerconfig.yaml, then apply it with:

1kubectl apply -f providerconfig.yaml

This attaches the AWS credentials, saved as a Kubernetes secret, as a secretRef.

Create a managed resource

Note

AWS S3 bucket names must be globally unique. To generate a unique name the example uses a random hash. Any unique name is acceptable.

 1apiVersion: s3.aws.m.upbound.io/v1beta1
 2kind: Bucket
 3metadata:
 4  namespace: default
 5  generateName: crossplane-bucket-
 6spec:
 7  forProvider:
 8    region: us-east-2
 9  providerConfigRef:
10    name: default

Save this to a file called bucket.yaml, then apply it with:

1kubectl create -f bucket.yaml

The metadata.generateName gives a pattern that Kubernetes will use to create a unique name for the bucket in S3. The generated name will look like crossplane-bucket-<hash>.

Use kubectl -n default get buckets.s3.aws.m.upbound.io to verify Crossplane created the bucket.

Tip

Crossplane created the bucket when the values READY and SYNCED are True. This may take up to 5 minutes.

1kubectl -n default get buckets.s3.aws.m.upbound.io
2NAME                      SYNCED   READY   EXTERNAL-NAME             AGE
3crossplane-bucket-7tfcj   True     True    crossplane-bucket-7tfcj   3m4s

Delete the managed resource

When you are finished with your S3 bucket, use kubectl -n default delete buckets.s3.aws.m.upbound.io <bucketname> to remove the bucket.

1kubectl -n default delete buckets.s3.aws.m.upbound.io crossplane-bucket-7tfcj
2bucket.s3.aws.m.upbound.io "crossplane-bucket-7tfcj" deleted

Important

Make sure to delete the S3 bucket before uninstalling the provider or shutting down your control plane. If those are no longer running, they can’t clean up any managed resources and you would need to do so manually.

Composing managed resources

Crossplane allows you to compose any type of resource into custom APIs for your users, which includes managed resources. Enjoy the freedom that Crossplane gives you to compose the diverse set of resources your applications need for their unique environments, scenarios, and requirements.

Follow Get Started with Composition to learn more about how composition works.

Next steps

Join the Crossplane Slack and connect with Crossplane users and contributors.