Many companies have turned to Kubernetes managed services like EKS to help scale their Kubernetes footprint. These managed services are great for simplifying basic cluster operations like upgrades, auditing, and observability. However, Kubernetes managed services don't help customers deploy similarly configured clusters quickly or in a way that application teams can use on their own for rapid prototyping and development.

Upbound Cloud makes it easy to define your own custom API for different types of infrastructure and services. In this post, we’ll explore how to build a custom API for EKS, using our open source Crossplane project. Whenever a new resource is requested using this custom API, cluster setup and service installation happens automatically. Infrastructure operators can deliver APIs and consoles to application teams allowing them to provision infrastructure on their own, eliminating the need for constant manual set-up. Policies and configurations are defined by infrastructure operators and encapsulated inside of the custom API built with Crossplane.

Getting Started

For this tutorial, you’re going to need to create an Upbound Cloud account and download our example repository from GitHub.

This repository contains several Crossplane compositions which can be packaged up using the Crossplane CLI into what we call a configuration. The easiest way of thinking about configurations is that they are a “blueprint” for your cloud API.

Once you've cloned it from GitHub, go ahead and look at the directory structure to get an understanding of what's happening.

The cluster, database, and network directories each contain their own composition, and can all be thought of as separate API endpoints defined by this configuration. For this post, we'll focus on the cluster and network directories. In a way, this example Configuration can be thought of as giving you "EKS with batteries included".

EKS with Batteries Included

Deploying many EKS clusters can take a lot of time and energy without a standard configuration defined. Once running, monitoring and managing configuration can take just as much time as initial setup. By using this repository, your EKS configuration will be stored in one place and continuously reconciled in Upbound Cloud so clusters remain compliant after initial deployment.

Our EKS configuration makes use of two Crossplane providers. Crossplane providers extend the Kubernetes API by adding support for "managed resources", basically cluster-scoped Kubernetes custom resources that represent some infrastructure object. Our provider-aws adds CRDs for most managed services in AWS while provider-helm adds CRDs for Helm Releases.

With our example configuration, you can see our custom API for clusters is composed of two parts: EKS and services. Inside the EKS directory is Composition defining IAM roles, node groups, and the necessary network details.

These network details actually make use of the network composition which does all the hard work of spinning up VPCs, subnets, and gateways. Once a network object is created, cluster objects can be spun up and will automatically use those resources.

In the services directory, you'll see a composition which leverages provider-helm to install a Helm chart for Prometheus into each EKS cluster provisioned through the cluster API.

Uploading the Configuration to Upbound Cloud

Using the Crossplane CLI (available to download here), you can take this repository of Composition and package it up into a Configuration using the following command:

kubectl crossplane build configuration --name package.xpkg --ignore "examples/*,hack/*"

The file is your Crossplane Configuration package which can be uploaded to the Upbound Registry.

To do so, you'll first need to create an Upbound Cloud account, and then create a new Repository:

Once you've created your Repository, all you have to do is push the package to it with the following commands. Upbound Cloud uses Docker to push packages to our Registry, so you'll have to login to our Docker server before continuing.

docker login registry.upbound.io -u

Next, create a version tag environment variable:

VERSION_TAG=v0.0.1

Finally, push the package to the repository (make sure to fill in your actual organization and repository name):

kubectl crossplane push configuration registry.upbound.io/<USERNAME OR ORGANIZATION>/platform-ref-aws/:${VERSION_TAG} -f package.xpkg

Deploy your API with Upbound Cloud

Upbound Cloud integrates nicely with the Upbound Registry, so you can install the Configuration you just made into a Crossplane instance without setting up a cluster yourself.

Create a New Platform

First, you'll need to create a new Platform in Upbound Cloud. This is just a hosted Crossplane cluster we run and manage on your behalf.

Connect to Your Platform's Crossplane

UI install is coming soon, but today, CLI access to the hosted Crossplane cluster powering your Platform is required to install the Configuration from your Repository

To get started, we need to create a user token which will allow you to connect and authenticate to Upbound Cloud via:

Afterwards, go back to the Console, select your Platform, click "Connect via CLI" on the bottom left of the screen. Follow those instructions using your newly created Access Token:

Once connected, we'll need to install what? and your Configuration requires. Automatic dependency resolution is coming later this year.

kubectl crossplane install provider crossplane/provider-aws:v0.14.0
kubectl crossplane install provider crossplane/provider-helm:v0.3.6

Use your AWS account credentials to authenticate by downloading a AWS token locally into a file and using that to configure the provider:

AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf

kubectl create secret generic aws-creds -n crossplane-system --from-file=key=./creds.conf

kubectl apply -f examples/provider-default-aws.yaml

Then install your Configuration with the following command:

kubectl crossplane install configuration registry.upbound.io/platform-ref-aws:v0.0.1

After the Configuration installs, you should see each Composition show up under the Global Resources view.

In Conclusion

Harnessing the power of Crossplane to define your own cloud API has never been easier, thanks to Upbound Cloud. Using this API-centric approach that's rapidly being accepted by the cloud-native community, you can scale Kubernetes usage across your organization.

Upbound Cloud lets your operators define and manage the API, and your developers self-service the API to get the tools they need without becoming infrastructure experts.

Sign up for our Community Preview today, or reach out to learn more.

---

Powering every Upbound Cloud account is the popular open source CNCF Sandbox project, Crossplane. Crossplane is hosted on Github, and we have a thriving community on Slack and Twitter. Come join the fun!