We’re pleased to announce that Upbound Universal Crossplane (UXP) is now available to deploy directly from the Amazon Elastic Kubernetes Service (EKS) console. This integration makes Upbound’s enterprise-grade distribution of Crossplane an effortless one-command installation for customers who want to run control planes on Amazon EKS. This gives users the ability to provision AWS services such as IAM, S3, RDS, ElastiCache and even EKS itself.

Starting today, customers will have the option to select UXP to be deployed into their EKS cluster at any time after the cluster is running. In this blog, we will explain how to enable UXP from the EKS console, deploy a sample Crossplane Configuration that offers an API for provisioning a simple app as either an EKS or Lambda deployment (including the management and provisioning of required services for IAM, RDS, and S3), and make a call to the newly minted control plane to invoke the API.

How it works

Users have the ability to install UXP into an EKS cluster.This can be done at any point after the cluster is up.

You can find general details for the capability over at AWS’s announcement. Whenever Upbound publishes a new version of UXP, users can easily discover when an update is available from the AWS console. Updates are started by simply choosing the newer version and clicking ‘Update’.

Users can discover Upbound Universal Crossplane (UXP) in the AWS Marketplace.

Demonstration: adding and using an API on your control plane

To get started down this path yourself, try out this simple use case: use UXP to automate common repetitive tasks like provisioning IAM roles, managing AWS S3 storage buckets, and provisioning data management services like RDS.

Start by creating a new EKS cluster and adding UXP as an add-on.

Once the cluster is up and UXP has been installed, you need to install a Configuration so that your control plane can advertise an API (to provision services, infrastructure, etc). Platform-ref-aws is a publicly available Configuration that can be installed onto your new control plane and will allow it to offer these APIs.

# Remember, you need to update your kubeconfig to point at the cluster you installed UXP onto
aws eks update-kubeconfig --region region-code --name my-cluster

# pass manifest for the Configuration from stdin
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: platform-ref-aws
spec:
  package: xpkg.upbound.io/upbound/platform-ref-aws:v0.5.0
EOF

After the Configuration has been installed to your control plane, you must configure it to access AWS.

# Create a creds.conf file with the aws cli:
AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf

# Create a K8s secret with the AWS creds:
kubectl create secret generic aws-creds -n upbound-system --from-file=credentials=./creds.conf

# Configure the AWS Provider to use the secret:
cat <<EOF | kubectl apply -f -
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Secret
    secretRef:
      name: aws-creds
      namespace: upbound-system
      key: credentials
EOF

Now you are ready to tell your control plane to provision infrastructure through its API. As with all things Kubernetes, It’s as simple as declaring .yaml config and applying it to your control plane. Use one of the APIs to create a storage bucket:

bucket=$(echo "upbound-bucket-"$(head -n 4096 /dev/urandom | openssl sha1 | tail -c 10))
cat <<EOF | kubectl apply -f -
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
  name: $bucket
spec:
  forProvider:
    region: us-east-1
  providerConfigRef:
    name: default
EOF

You can check for the resource to become ready with this command and also observe the resource get created from the AWS console:

kubectl get Buckets

You can do the same thing for the other AWS services by submitting the sample claims found in the repo (like this claim for a PostgreSQL instance). Aside from declaratively managing external services & resources, a big advantage of Crossplane is a feature called “Compositions”, which allows users to create API abstractions that are “composed” of several resources wired together. The Configuration installed above defines a few compositions like this EKS cluster claim, which provisions not only the EKS cluster, but networking and other services, too.

The last thing we’ll demonstrate is a composition that defines a simple Application definition. When this API gets called, it creates a simple application which has been defined as a deployment of the Ghost blogging platform.

# Create the cluster first
kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-aws/main/examples/cluster-claim.yaml

# Create the database next
kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-aws/main/examples/postgres-claim.yaml

# Finally, create the app deployment
kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-aws/main/examples/ghost-claim.yaml

Once everything has been deployed, navigate to the load balancer’s endpoint and you’ll be greeted with:

This demo is available at this repo on GitHub.

Making it easier to create Platforms

Upbound’s mission is to enable users to build their own opinionated platforms for orchestrating infrastructure and applications across any cloud service or environment. With Crossplane, users have a framework to create easily consumable abstractions for developers. Upbound Universal Crossplane (UXP) is Upbound’s official downstream distribution of Crossplane. UXP is a lightweight fork of the Crossplane project which Upbound supports for our customers who get 18 month LTS and is a release channel that allows Upbound to fast-track features/bug fixes ahead of the upstream Crossplane project.

We’re excited about this partnership with the Amazon EKS team because it makes it that much easier for users to get started using control planes to build their own internal cloud platforms. Get started today–head over to the AWS console and create your EKS cluster, one-click install UXP into your cluster, then head on over to the Upbound marketplace to explore Crossplane providers and begin building your own platform APIs. If you’d like to try out what we demonstrated in this blog post, head over to the GitHub repo for instructions.

Upbound offers professional services and production support for UXP and Crossplane providers. Contact us to learn more about commercial support for your organization.

Available now

UXP is discoverable from the EKS management console today. If you are interested in leveraging the power of control planes but not excited about needing to manage the underlying Kubernetes clusters, try out Upbound for yourself. Enable SRE teams with a more efficient workflow and the building blocks of platform engineering by setting up your first cloud platform powered by Upbound’s managed control planes.  Sign up for your 30 day free trial here!

—

Craig D Wilhite