docs/provider-gcp.md at 270352b2c6a83a8545bc3dec3d1424db36fe5c5b

9.3 KiB

Raw Blame History

title	weight
GCP Quickstart	140

Connect Crossplane to Google GCP to create and manage cloud resources from Kubernetes with the Upbound GCP Provider.

This guide walks you through the steps required to get started with the Upbound GCP Provider. This includes installing Crossplane, configuring the provider to authenticate to GCP and creating a Managed Resource in GCP directly from your Kubernetes cluster.

Prerequisites
Install the GCP provider
Create a Kubernetes secret for GCP
- Generate a GCP service account JSON file
- Create a Kubernetes secret with the GCP credentials
Create a ProviderConfig
Create a managed resource
Delete the managed resource
Next steps

Prerequisites

This quickstart requires:

a Kubernetes cluster with at least 3 GB of RAM
permissions to create pods and secrets in the Kubernetes cluster
Helm version v3.2.0 or later
a GCP account with permissions to create a storage bucket
GCP account keys
GCP Project ID

{{< hint type="tip" >}} If you don't have a Kubernetes cluster create one locally with minikube or kind. {{< /hint >}}

{{< hint type="note" >}} All commands use the current kubeconfig context and configuration. {{< /hint >}}

Install the GCP provider

Install the provider into the Kubernetes cluster with a Kubernetes configuration file.

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: upbound-provider-gcp
spec:
  package: xpkg.upbound.io/upbound/provider-gcp:v0.26.0
EOF

The {{< hover label="provider" line="3">}}kind: Provider{{< /hover >}} uses the Crossplane Provider Custom Resource Definition to connect your Kubernetes cluster to your cloud provider.

Verify the provider installed with kubectl get providers.

{{< hint type="note" >}} It may take up to five minutes for the provider to list HEALTHY as True. {{< /hint >}}

kubectl get providers
NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
upbound-provider-gcp   True        False     xpkg.upbound.io/upbound/provider-gcp:v0.26.0   8s

A provider installs their own Kubernetes Custom Resource Definitions (CRDs). These CRDs allow you to create GCP resources directly inside Kubernetes.

You can view the new CRDs with kubectl get crds. Every CRD maps to a unique GCP service Crossplane can provision and manage.

{{< hint type="tip" >}} All the supported CRDs are also available in the Upbound Marketplace. {{< /hint >}}

Create a Kubernetes secret for GCP

The provider requires credentials to create and manage GCP resources. Providers use a Kubernetes Secret to connect the credentials to the provider.

First generate a Kubernetes Secret from a Google Cloud service account JSON file and then configure the Provider to use it.

{{< hint type="note" >}} Other authentication methods exist and are beyond the scope of this guide. The Provider documentation contains information on alternative authentication methods. {{< /hint >}}

Generate a GCP service account JSON file

For basic user authentication, use a Google Cloud service account JSON file.

{{< hint type="tip" >}} The GCP documentation provides information on how to generate a service account JSON file. {{< /hint >}}

Save this JSON file as gcp-credentials.json

{{< hint type="note" >}} The Configuration section of the Provider documentation describes other authentication methods. {{< /hint >}}

Create a Kubernetes secret with the GCP credentials

A Kubernetes generic secret has a name and contents. Use {{< hover label="kube-create-secret" line="1">}}kubectl create secret{{< /hover >}} to generate the secret object named {{< hover label="kube-create-secret" line="2">}}gcp-secret{{< /hover >}} in the {{< hover label="kube-create-secret" line="3">}}crossplane-system{{</ hover >}} namespace.
Use the {{< hover label="kube-create-secret" line="4">}}--from-file={{}} argument to set the value to the contents of the {{< hover label="kube-create-secret" line="4">}}gcp-credentials.json{{< /hover >}} file.

kubectl create secret \
generic gcp-secret \
-n crossplane-system \
--from-file=creds=./gcp-credentials.json

View the secret with kubectl describe secret

{{< hint type="note" >}} The size may be larger if there are extra blank spaces in your text file. {{< /hint >}}

kubectl describe secret gcp-secret -n crossplane-system
Name:         gcp-secret
Namespace:    crossplane-system
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
creds:  2330 bytes

Create a ProviderConfig

A ProviderConfig customizes the settings of the GCP Provider.

Apply the {{< hover label="providerconfig" line="2">}}ProviderConfig{{</ hover >}}. Include your {{< hover label="providerconfig" line="7" >}}GCP project ID{{< /hover >}}.

{{< hint type="warning" >}} Add your GCP project ID into the output below. {{< /hint >}}

cat <<EOF | kubectl apply -f -
apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  projectID: <PROJECT_ID>
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: gcp-secret
      key: creds
EOF

This attaches the GCP credentials, saved as a Kubernetes secret, as a {{< hover label="providerconfig" line="9">}}secretRef{{</ hover>}}.

The {{< hover label="providerconfig" line="12">}}spec.credentials.secretRef.name{{< /hover >}} value is the name of the Kubernetes secret containing the GCP credentials in the {{< hover label="providerconfig" line="11">}}spec.credentials.secretRef.namespace{{< /hover >}}.

Create a managed resource

A managed resource is anything Crossplane creates and manages outside of the Kubernetes cluster. This creates a GCP storage bucket with Crossplane. The storage bucket is a managed resource.

{{< hint type="note" >}} To generate a unique name the example uses generateName instead of name. Manifests that use generateName must use kubectl create, not apply. {{< /hint >}}

cat <<EOF | kubectl create -f -
apiVersion: storage.gcp.upbound.io/v1beta1
kind: Bucket
metadata:
  generateName: crossplane-bucket-
  labels:
    docs.crossplane.io/example: provider-gcp
spec:
  forProvider:
    location: US
    storageClass: MULTI_REGIONAL
  providerConfigRef:
    name: default
  deletionPolicy: Delete
EOF

Notice the {{< hover label="xr" line="2">}}apiVersion{{< /hover >}} and {{< hover label="xr" line="3">}}kind{{}} are from the Provider's CRDs.

{{< hover label="xr" line="11" >}}spec.storageClass{{< /hover >}} defines the GCP storage bucket is single-region, dual-region or multi-region.

{{< hover label="xr" line="10">}}spec.forProvider.location{{< /hover >}} is a GCP location based on the {{< hover label="xr" line="11" >}}storageClass{{< /hover >}}.

Use kubectl get buckets to verify Crossplane created the bucket.

{{< hint type="tip" >}} Crossplane created the bucket when the values READY and SYNCED are True.
This may take up to 5 minutes.
{{< /hint >}}

kubectl get bucket
NAME                      READY   SYNCED   EXTERNAL-NAME             AGE
crossplane-bucket-lrxrf   True    True     crossplane-bucket-lrxrf   3m3s

Optionally, log into the GCP Console and see the storage bucket inside GCP.

Delete the managed resource

Before shutting down your Kubernetes cluster, delete the S3 bucket just created.

Use kubectl delete bucket to remove the bucket.

{{<hint "tip" >}} Use the --label flag to delete by label instead of by name. {{}}

kubectl delete bucket --label docs.crossplane.io/example: provider-gcp
bucket.storage.gcp.upbound.io "crossplane-bucket-lrxrf" deleted

Look in the GCP Console to confirm Crossplane deleted the bucket from GCP.

Next steps

Explore GCP resources that can Crossplane can configure in the Provider CRD reference.
Join the Crossplane Slack and connect with Crossplane users and contributors.

9.3 KiB Raw Blame History