Crossplane composes fully-managed services in Kubernetes to deploy GitLab into multiple clouds
Real-world application deployments from kubectl are now unlocked with enhanced support for composing external fully-managed services including Redis, PostgreSQL, and object storage.
GitLab deployed to multiple clouds from kubectl!
The Crossplane community has been hard at work on a major milestone towards building a Multicloud control plane, now adding enhanced support for composing fully-managed services as extensions to the Kubernetes API. Crossplane follows established Kubernetes patterns like persistent volume claims to support a clean separation of concerns between application and infrastructure owners, and provides a self-service model for managed services entirely within the Kubernetes API.
We’ve been working with GitLab to validate our approach and are proud to unveil the deployment of GitLab to multiple clouds entirely with kubectl using Crossplane, including the use of fully-managed services offered by the respective cloud providers. For production deployments GitLab recommends using external managed services for Redis, PostgreSQL, and object storage.
Crossplane supports declaring these managed services as resource claims in Kubernetes that dynamically bind to the appropriate cloud provider using resource classes configured by the cluster administrator to provide the managed services. This provides an excellent separation of concerns and makes applications more portable, while retaining flexibility for cluster administrators to tailor how they want these managed services to be provisioned in their environments.
Add Crossplane to any Kubernetes cluster
Crossplane is easily added to any existing Kubernetes cluster and cleanly layers on top of clusters provisioned by Anthos, EKS, AKS, GKE, and OpenShift.
Cluster administrators install Crossplane, set cloud credentials, and specify which managed services they want to make available for self-service provisioning within the cluster. Policies guide binding to specific managed service offerings and placement across regions and zones.
Application owners can consume and compose these managed services on-demand with established Kubernetes patterns they’re familiar with today, without having to know about infrastructure details or manage credentials.
Crossplane extends the Kubernetes API
Crossplane extends the Kubernetes API by adding resource claims and resource classes to support composability of managed service dependencies for Kubernetes applications, similar to persistent volume claims and storage classes.
Crossplane supports composability of both out-of-cluster public cloud managed services (GCP, AWS, Azure) and in-cluster managed services like those provided by Rook, a storage orchestrator for in-cluster cloud-native storage including Ceph, EdgeFS, and CockroachDB.
Deploy GitLab with external managed services
Here is the general flow for using Crossplane to deploy GitLab into your cloud of choice with fully-managed services for Redis, PostgreSQL, and storage buckets. Crossplane extensions allow you to provision managed service dependencies from your cloud provider all from within Kubernetes!
1. Cluster Administrator:
a) Install Crossplane on your Kubernetes cluster
b) Set cloud provider credentials
c) Provide managed services with resource classes
2. Application Owner:
a) Provision managed services with resource claims
b) Bind resource claims into the exported GitLab Helm chart
c) Deploy the GitLab application with Crossplane managed services
3. Done!
GitLab is now up and running in your cloud of choice, using fully-managed services for Redis, PostgreSQL, and storage buckets!
To follow along in your own environment please use the GitLab deployment guides and install Crossplane from the master channel!
Demo Highlights
Below are some highlights of what you'd see by following the full instructions for installing GitLab to GCP.
1. Cluster Administrator Steps:
Please use the GitLab deployment guides to follow along in your own environment and install Crossplane from the master channel.
1.a) Install Crossplane on your Kubernetes cluster from the master channel.
Normally you'd install Crossplane from the alpha channel, the most recent release of Crossplane that is considered ready for testing by the community.
helm repo add crossplane-alpha https://charts.crossplane.io/alpha
helm install --name crossplane --namespace crossplane-system crossplane-alpha/crossplane
1.b) Set cloud provider credentials
Inject the GCP service account credentials and project_id into provider.yaml:
cat gcp-credentials.json | base64
sed 's/BASE64ENCODED_GCP_PROVIDER_CREDS/<your_creds>/g' provider.yaml > provider.yaml
sed 's/PROJECT_ID/<your_project_id>/g' provider.yaml > provider.yaml
kubectl create -f cluster/examples/gitlab/gcp/provider.yaml
1.c) Provide managed services with resource classes
For example: bucket.yaml (resource class)
# ResourceClass that defines the blueprint for how a GCP bucket
# should be dynamically provisioned
apiVersion: core.crossplane.io/v1alpha1
kind: ResourceClass
metadata:
name: standard-gcp-bucket
namespace: crossplane-system
annotations:
resource: bucket.storage.crossplane.io/v1alpha1
parameters:
bucketPolicyOnly: "true"
labels: "app:gitlab-demo"
location: US
serviceAccountSecretRef: demo-gcs-creds
storageClass: MULTI_REGIONAL
provisioner: bucket.storage.gcp.crossplane.io/v1alpha1
providerRef:
name: demo-gcp
reclaimPolicy: Delete
kubectl create -f cluster/examples/gitlab/gcp/resource-classes/bucket.yaml
2. Application Owner Steps:
Please use the GitLab deployment guides to follow along in your own environment.
2.a) Provision managed services with resource claims
For example: buckets/packages.yaml (resource claim)
# Example GCP Bucket resource claim using the gcp-bucket resource class
apiVersion: storage.crossplane.io/v1alpha1
kind: Bucket
metadata:
name: gitlab-packages
namespace: default
spec:
classReference:
name: standard-gcp-bucket
namespace: crossplane-system
name: gitlab-demo-packages-%s
kubectl create -f cluster/examples/gitlab/gcp/resource-claims/buckets/packages.yaml
To see the resource claims bound by the Crossplane service provider:
kubectl get -f cluster/examples/gitlab/gcp/resource-claims/buckets/
The GCP console shows the buckets provisioned by the Crossplane service provider:
2.b) Bind resource claims into the exported GitLab Helm chart
helm repo add gitlab https://charts.gitlab.io/
helm repo update
helm fetch gitlab/gitlab --version v1.7.1
helm template gitlab-1.7.1.tgz --name gitlab-demo --namespace gitlab \
-f cluster/examples/gitlab/gcp/values-buckets.yaml \
-f cluster/examples/gitlab/gcp/values-redis.yaml \
-f cluster/examples/gitlab/gcp/values-psql.yaml \
--set global.hosts.domain=your.domain \
--set global.hosts.hostSuffix=demo \
--set certmanager-issuer.email=email@account.io > gitlab-gcp.yaml
For now, resource claim usage values are injected into gitlab-gcp.yaml, but there is current and ongoing effort to create an alternative experience to deploy the GitLab Crossplane application, which alleviates integration difficulties between the Crossplane platform and the GitLab Helm chart deployment. We are also exploring other options to more seamlessly and generically integrate Helm with Crossplane.
2.c) Deploy the GitLab application with Crossplane managed services
kubectl create -f gitlab-gcp.yaml
This creates the GitLab application using the standard GitLab Helm chart with the Crossplane managed services injected into gitlab-gcp.yaml.
The Crossplane service provider also creates secrets with endpoints for each of the managed services:
3. Done!
Congrats, you did it! GitLab is now up and running in your cloud of choice!
Crossplane in action at KubeCon Europe 2019
We’d love to have you join us to learn more about the project. Come visit with the team at our booth SE23 at Kubecon Barcelona on May 21st-23rd, where we’ll be doing live demos showing how Crossplane can be used to extend Kubernetes, simplifying cloud application development and management.
We'd love to connect with you in Barcelona!
The Crossplane maintainers will be speaking throughout the conferences including:
KubeCon | CloudNativeCon
- Ilya Chekrygin: Keep the Space Shuttle Flying, Writing Robust Operators (replay video)
- Jared Watts: Data Without Borders - Using Rook Storage Orchestration at a Global Scale (replay video)
- Jared Watts & Bassam Tabbara: Rook Deep Dive (replay video)
Cloud Native Storage Day
- Bassam Tabbara: Running apps on Kubernetes in a Multicloud/Multicluster environment
- Jared Watts: Introduction to Container Storage
- Jared Watts: Lightning Talk, with StorageOS & Reduxio
We’re excited to meet you while we’re at KubeCon - please reach out if you’re interested in learning more about Crossplane, Rook or working with us.
We’d love to see you join the community and get involved!
- Slack: Join our slack channel
- Forums: crossplane-dev
- Twitter: @crossplane_io
- Email: info@crossplane.io
Also please join our bi-weekly Community Meeting!