crossplane
/
docs
mirror of https://github.com/crossplane/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/content/v1.13/getting-started/provider-gcp.md

8.1 KiB
Raw Permalink Blame History

title weight
GCP Quickstart 140

Connect Crossplane to GCP to create and manage cloud resources from Kubernetes with the Upbound GCP Provider.

This guide is in two parts:

  • Part 1 walks through installing Crossplane, configuring the provider to authenticate to GCP and creating a Managed Resource in GCP directly from your Kubernetes cluster. This shows Crossplane can communicate with GCP.
  • [Part 2]({{< ref "provider-gcp-part-2" >}}) shows how to build and access a custom API with Crossplane.

Prerequisites

This quickstart requires:

  • a Kubernetes cluster with at least 2 GB of RAM
  • permissions to create pods and secrets in the Kubernetes cluster
  • Helm version v3.2.0 or later
  • a GCP account with permissions to create a storage bucket
  • GCP account keys
  • GCP Project ID

{{}}

Install the GCP provider

Install the provider into the Kubernetes cluster with a Kubernetes configuration file.

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-gcp-storage
spec:
  package: xpkg.upbound.io/upbound/provider-gcp-storage:v0.35.0
EOF

The Crossplane {{< hover label="provider" line="3" >}}Provider{{}} installs the Kubernetes Custom Resource Definitions (CRDs) representing GCP storage services. These CRDs allow you to create GCP resources directly inside Kubernetes.

Verify the provider installed with kubectl get providers.

kubectl get providers
NAME                          INSTALLED   HEALTHY   PACKAGE                                                AGE
provider-gcp-storage          True        True      xpkg.upbound.io/upbound/provider-gcp-storage:v0.35.0   14m
upbound-provider-family-gcp   True        True      xpkg.upbound.io/upbound/provider-family-gcp:v0.35.0    14m

The Storage Provider installs a second Provider, the {{}}upbound-provider-family-gcp{{}} provider.
The family provider manages authentication to GCP across all GCP family Providers.

You can view the new CRDs with kubectl get crds.
Every CRD maps to a unique GCP service Crossplane can provision and manage.

{{< hint "tip" >}} See details about all the supported CRDs in the Upbound Marketplace. {{< /hint >}}

Create a Kubernetes secret for GCP

The provider requires credentials to create and manage GCP resources. Providers use a Kubernetes Secret to connect the credentials to the provider.

First generate a Kubernetes Secret from a Google Cloud service account JSON file and then configure the Provider to use it.

Generate a GCP service account JSON file

For basic user authentication, use a Google Cloud service account JSON file.

{{< hint "tip" >}} The GCP documentation provides information on how to generate a service account JSON file. {{< /hint >}}

Save this JSON file as gcp-credentials.json

Create a Kubernetes secret with the GCP credentials

A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}gcp-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.
Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}} argument to set the value to the contents of the {{< hover label="kube-create-secret" line="4">}}gcp-credentials.json{{< /hover >}} file.

kubectl create secret \
generic gcp-secret \
-n crossplane-system \
--from-file=creds=./gcp-credentials.json

View the secret with kubectl describe secret

{{< hint "note" >}} The file size may be a different depending on the contents. {{< /hint >}}

kubectl describe secret gcp-secret -n crossplane-system
Name:         gcp-secret
Namespace:    crossplane-system
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
creds:  2330 bytes

Create a ProviderConfig

A ProviderConfig customizes the settings of the GCP Provider.

Include your {{< hover label="providerconfig" line="7" >}}GCP project ID{{< /hover >}} in the ProviderConfig settings.

{{< hint "tip" >}} Find your GCP project ID from the project_id field of the gcp-credentials.json file. {{< /hint >}}

Apply the {{< hover label="providerconfig" line="2">}}ProviderConfig{{</ hover >}} with the command:

{{< editCode >}}

cat <<EOF | kubectl apply -f -
apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  projectID: $@<PROJECT_ID>$@
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: gcp-secret
      key: creds
EOF

{{< /editCode >}}

This attaches the GCP credentials, saved as a Kubernetes secret, as a {{< hover label="providerconfig" line="10">}}secretRef{{</ hover>}}.

The {{< hover label="providerconfig" line="12">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the GCP credentials in the {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.namespace{{< /hover >}}.

Create a managed resource

A managed resource is anything Crossplane creates and manages outside of the Kubernetes cluster. This example creates a GCP storage bucket with Crossplane.
The storage bucket is a managed resource.

{{< hint "note" >}} To generate a unique name use {{}}generateName{{}} instead of name. {{< /hint >}}

Create the Bucket with the following command:

cat <<EOF | kubectl create -f -
apiVersion: storage.gcp.upbound.io/v1beta1
kind: Bucket
metadata:
  generateName: crossplane-bucket-
  labels:
    docs.crossplane.io/example: provider-gcp
spec:
  forProvider:
    location: US
  providerConfigRef:
    name: default
EOF

The {{< hover label="xr" line="2">}}apiVersion{{< /hover >}} and {{< hover label="xr" line="3">}}kind{{}} are from the provider's CRDs.

The {{< hover label="xr" line="10">}}spec.forProvider.location{{< /hover >}} tells GCP which GCP region to use when deploying resources.
For a {{}}bucket{{}} the region can be any GCP multi-region location

Use kubectl get bucket to verify Crossplane created the bucket.

{{< hint type="tip" >}} Crossplane created the bucket when the values READY and SYNCED are True.
This may take up to 5 minutes.
{{< /hint >}}

kubectl get bucket
NAME                      READY   SYNCED   EXTERNAL-NAME             AGE
crossplane-bucket-8b7gw   True    True     crossplane-bucket-8b7gw   2m2s

Delete the managed resource

Before shutting down your Kubernetes cluster, delete the GCP bucket just created.

Use kubectl delete bucket to remove the bucket.

{{<hint "tip" >}} Use the --selector flag to delete by label instead of by name. {{}}

kubectl delete bucket --selector docs.crossplane.io/example=provider-gcp
bucket.storage.gcp.upbound.io "crossplane-bucket-8b7gw" deleted

Next steps

  • [Continue to part 2]({{< ref "provider-gcp-part-2">}}) to create a Crossplane Composite Resource and Claim.
  • Explore GCP resources that can Crossplane can configure in the Provider CRD reference.
  • Join the Crossplane Slack and connect with Crossplane users and contributors.