Book Image

End-to-End Automation with Kubernetes and Crossplane

By : Arun Ramakani
Book Image

End-to-End Automation with Kubernetes and Crossplane

By: Arun Ramakani

Overview of this book

In the last few years, countless organizations have taken advantage of the disruptive application deployment operating model provided by Kubernetes. With Crossplane, the same benefits are coming to the world of infrastructure provisioning and management. The limitations of Infrastructure as Code with respect to drift management, role-based access control, team collaboration, and weak contract make people move towards a control-plane-based infrastructure automation, but setting it up requires a lot of know-how and effort. This book will cover a detailed journey to building a control-plane-based infrastructure automation platform with Kubernetes and Crossplane. The cloud-native landscape has an overwhelming list of configuration management tools that can make it difficult to analyze and choose. This book will guide cloud-native practitioners to select the right tools for Kubernetes configuration management that best suit the use case. You'll learn about configuration management with hands-on modules built on popular configuration management tools such as Helm, Kustomize, Argo, and KubeVela. The hands-on examples will be patterns that one can directly use in their work. By the end of this book, you'll be well-versed with building a modern infrastructure automation platform to unify application and infrastructure automation.
Table of Contents (16 chapters)
1
Part 1: The Kubernetes Disruption
4
Part 2: Building a Modern Infrastructure Platform
10
Part 3:Configuration Management Tools and Recipes

Secret propagation hands-on

Secret propagation is a critical Crossplane pattern, as all resources provisioned generally require credentials to access the resource. We covered the same topic in Chapter 4, as theory. Now, we will go through a hands-on journey using a real-world example. Before jumping into the example, let’s brush up on the concept quickly in a few points:

  • Define the list of secret keys in XRD using the ConnectionSecretKeys attribute.
  • Define the namespace and secret name under the respective resource using the WriteConnectionSecretToRef configuration.
  • Finally, populate the secret keys defined in the XRD using the ConnectionDetails configuration.

We will expand the hands-on example used for resource reference with nested XR to learn configurations for storing the secret. We created an S3 bucket, its policy, and an IAM user to access the bucket in that specific example. The example will not be fully finished until we extract the bucket details...