Simplifying GCP Management with Crossplane: A Beginner’s Guide

October 24, 2024

Tobias Kässer

Read time: 7 mins

Share:

When it comes to managing cloud infrastructure, getting started on the right foot is key to prevent headaches in the future. Google Cloud Platform (GCP) offers powerful services, but navigating the complexities of infrastructure management can be challenging—especially if you’re aiming for scalability and flexibility across multiple clouds.

Upbound’s GCP Platform Reference, powered by Crossplane, is a blueprint to get started on building a flexible platform. This platform provides APIs to provision fully configured GKE clusters, with secure networking, and stateful cloud services (Cloud SQL for PostgreSQL) designed to securely connect to the nodes in each GKE cluster — all composed using cloud service primitives from the Official Upbound GCP Provider. App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace.

This post both explores and extends the GCP Platform Reference. Whether you're looking to extend your infrastructure across clouds or simply streamline GCP management, this reference is a straightforward way to get started. Once you’re started, you’ll see how to leverage the power of Crossplane to automate provisioning, manage infrastructure as code, and unlock the full potential of a multi-cloud strategy.

P.S. We have another post that tackles the AWS Platform Reference in case you are looking to build with that as well. 

Overview

The reference platform outlines a specialized API for generating an GKE cluster (XCluster) that incorporates XRs from the specified configurations:

Learn more about Composite Resources in the Crossplane Docs.

Quickstart

Pre-Requisites

Before we can install the reference platform we want to install the up CLI. This is a utility that makes following this quickstart guide easier. Everything described here can also be done in a declarative approach which we highly recommend for any production type use-case.

To install up run this install script:

1

See up docs for more install options.

To intstall crossplane CLI follow https://docs.crossplane.io/latest/cli/#installing-the-cli.

For installing the platform we need a running Crossplane control plane. We are using Universal Crossplane (UXP). Ensure that your kubectl context is pointing to the correct Kubernetes cluster or for example create a kind cluster:

1

Finally install UXP into the upbound-system namespace:

1

We will need Usages alpha feature for the correct deployment and eventual de-provisioning of this reference platform.

You can validate the install by inspecting all installed components:

1

Install the GCP Reference Platform

Now you can install this reference platform. It's packaged as a Crossplane configuration package so there is a single command to install it:

1

Validate the install by inspecting the provider and configuration packages:

1

After all Configurations are ready, you can check the status of associated Providers that were pulled as dependencies.

1

Check the marketplace for the latest version of this platform.

Configure the GCP provider

Before we can use the reference platform we need to configure it with GCP credentials.

Create a JSON gcp.json key file containing the GCP account credentials. GCP provides documentation on how to create a key file.

Example gcp.json key should look similar to the structure below:

1

Create a K8s secret with the GCP creds:

1

Ensure that the following roles are added to your service account:

  • roles/compute.networkAdmin
  • roles/container.admin
  • roles/iam.serviceAccountUser
  • roles/iam.securityAdmin
  • roles/iam.serviceAccountAdmin
  • roles/iam.serviceAccountKeyAdmin
  • roles/cloudsql.admin

It is convenient to assign roles with gcloud CLI, e.g.

1

Configure the GCP Provider to use the secret:

1

See provider-gcp docs for more detailed configuration options.

Using the GCP reference platform

Congratulations. You have just installed your first Crossplane powered platform!

Application developers can now use the platform to request resources which than will provisioned in GCP. This would usually done by bundling a claim as part of the application code. In our example here we simply create the claims directly:

Create a custom defined cluster:

1

Create a custom defined database:

1

NOTE: The database abstraction relies on the cluster claim to be ready - it uses the same network to have connectivity with the GKE cluster.

Now deploy the sample application:

1

NOTE: application has a strong dependency on mariadb type of the database

You can verify status by inspecting the claims, composites and managed resources:

1

To get nice representation of the Claim deployment status you can use Crossplane beta trace command:

1

If you see an error about the compute.globalAddresses.list permission for the project, try running the following gcloud command:

1

This recommendation is an excerpt from the official GCP documentation

To delete the provisioned resources, you would simply delete the claims again:

1

To uninstall the provider & platform configuration:

1

Customize for your Organization

So far we have used the existing reference platform but haven't made any changes. Lets change this and customize the platform by ensuring that GKE Cluster is deployed to Frankfurt (eu-central-1) and that clusters are limitted to 10 nodes.

For the following examples we are using my-org and my-platform:

1

Pre-Requisites

First you need to create a free Upbound account to push your custom platform. Afterwards you can log in:

1

Make the changes

To make your changes clone this repository:

1

Build and push your platform

To share your new platform you need to build and distribute this package.

To build the package use the up xpkg build command:

1

Afterwards you can push it to the marketplace. It will be not automatically listed but the OCI repository will be publicly accessible.

1

Using your custom platform

Now to use your custom platform, you can pull the Configuration package from your repository:

1

For alternative declarative installation approach see the example Configuration manifest. Please update to your org, platform and tag before applying.

Congratulations. You have just build and installed your first custom Crossplane powered platform!

Best Practices for Managing GCP Infrastructure with Crossplane

To ensure you’re getting the most out of Upbound’s GCP Platform Reference, here are some best practices to follow when managing Google Cloud infrastructure with Crossplane:

Start with Modular Configurations 

The GCP Platform Reference breaks down infrastructure into manageable pieces—such as GKE clusters, Cloud SQL databases, and VPCs. This modular approach provides a solid starting point for customizing your own infrastructure, allowing you to extend and modify configurations to fit your specific needs. It’s much like how Crossplane is built: a package based approach to platform building to future-proof your infrastructure.

Treat the Reference as a Blueprint, Not the Final Product

The reference platform is a template for GCP resource management. You should adapt it to your use case, adding specific features and services as your platform evolves. It's built to be flexible, but you'll need to extend it with customizations that match your organizational requirements.

Iterate and Customize

Use Crossplane’s Compositions to customize your GCP infrastructure. The reference provides baseline configurations, but your needs will likely require adjustments over time. Iterating on this starting point allows you to fine-tune your platform and integrate other GCP services.

Leverage GitOps for Continuous Refinement

As you refine your configurations, use GitOps workflows to ensure changes are versioned, tested, and automatically applied. This allows you to continuously improve your infrastructure without losing the stability provided by the starting template.

Secure and Scale as You Go

The GCP Platform Reference provides a basic framework for securing your cloud resources. As your platform grows, implement GCP security best practices like IAM policies, and build out networking and security layers. It’s a starting point for scaling and securing your platform as you develop it. 

Conclusion: Unlock the Full Potential of GCP with Crossplane and Upbound

Upbound’s GCP Platform Reference is a great starting point for managing your GCP infrastructure. This reference isn’t the final solution, but rather a blueprint to guide you as you shape your cloud strategy. It’s designed to give you a solid foundation, encapsulating best practices, and helping you take those first steps toward building a scalable, multi-cloud-ready platform.

However, if you want to build a robust and future-proofed platform that can enable self-service, you’re going to need to layer on a stronger solution. That’s where Upbound comes in.

At Upbound, we believe in empowering teams to build their own cloud management platforms. It’s a holistic solution that provides both platform teams and their respective developers with a streamlined way to offload the minute daily operations to reach a point of constant innovation. To see exactly how, learn more here. You can even try it for yourself for free here.

Subscribe to the Upbound Newsletter