Crossplane and GitOps – Let’s Get to the Good Stuff

~ NateReid

THIS POST IS PARTIALLY OUT OF DATE BASED ON ENHANCEMENTS WITHIN THE PROJECTS. SEE THIS POST FORĀ  UPDATED GUIDANCE.

This is a video-centric post. I figure it will take longer for you to read (and me to write) about this topic than can be conveyed via a video.

It requires some prerequisite knowledge. First, you need to be fairly comfortable with Crossplane concepts. If you are not yet, my previous five posts provide the necessary understanding. Second, you’ll need to understand Git and GitOps.

GitOps is the practice of defining your infrastructure and application as code (text really) and managing it in a git repo. Any creation or modification of your infrastructure and/or applications is committed to a git repo. That in-turn triggers a service that is capable of implementing those directives.

GitOps marries the world of service/application/infrastructure management with Git versioning, logging, and approval. GitOps is applied via a Kubernetes pattern. Infrastructure and application definitions are implemented in a Kubernetes cluster, or implemented from a Kubernetes cluster resource. Crossplane really shines in this scenario because it is a Kubernetes native construct that creates things beyond containers.

If you don’t fully grasp all of these concepts, you’ll likely still get a sense of the benefit I’m presenting. There are a number of Git repo and GitOps platforms. For this example I’m using GitHub and Argo CD, in conjunction with Crossplane.

There is a bit of opinion in the approach I’m taking with Crossplane and Argo CD in this case. I explain the implications of Crossplane’s namespace scoped CompositeResourceClaims when used with a GitOps platform. Today, there isn’t a good way to fit the XRC pattern into a GitOps implementation due to a nuance of Kubernetes that prevents a namespace scoped resource from being the owner of a cluster scoped resource. We are actively working on possible solutions. In the meantime, using XR and applying a combination of K8s RBAC, Policy, and GitOps platform RBAC is the best viable solution.

Ok, enough prefacing, let’s get to the good stuff!

Note: In the recording, I encountered an unexpected behavior where an update in the application Git repository didn’t appear to be recognized immediately by Argo CD. After reviewing the video, I believe it was synchronizing and was just a UI glitch.

Useful links:
Crossplane install quick start
Argo CD install quick start
Repo used on this demo