Thank you! I'll refresh the Crossplane tutorial soon since there are some updates, such as pod identities, which will make it much easier to use Crossplane.
First of all thanks for yet another great video - looking forward to learn a lot from it. Looking at the possibilities I get goosebumps. Being able to not only associate a service account with iam roles but to also create the trust relationships, create a s3 bucket, setup rds credentials store them in secrets manager and reference them with external secrets operator all managed in argocd. Brings us close to a internal developer platform. All what is left is a easy to use UI
Hi Anton , Thanks for such lovely video , Really good one mate. I follow all of your EKS Videos for the Provisioning the EKS Cluster Looking forward for your video on crossplane composition for the same , please keep making such videos on youtube
So, to create a Kubernetes cluster you need an another cluster 😀 By the way, what the benefits do to use Crossplane to compare with Terraform/Terragrunt or AWS CDK?
Yes, it's a chicken and egg problem. Moreover, I wouldn't place all my environments in a single Kubernetes cluster; meaning, for production, I would use different host Kubernetes clusters, each with different levels of access. The biggest benefit is the reconciliation loop of Kubernetes. Compared to Terraform, Crossplane will detect any drift if someone manually updates the infrastructure and will reapply it to match your YAML.
You are great! I recommend your channel to everyone 😊 great videos! Does crossplane support all same resources and their settings that are available in Terraform AWS provider? What about other providers? Or it supports only a small set?
Thank you Юрий! Well, my understanding that Crossplane AWS provider is based on the official Terraform provider, so I think there is a small lag between new feature in AWS -> implementation in AWS terraform provider -> Adoption in Crossplane provider as a custom resource
Thank you. If you are referring to a host, it functions the same as Minikube. However, if you are asking about managing bare metal clusters or VMware, you need to search for the specific provider here: marketplace.upbound.io/providers or build one.
Thanks you! The best practise never use admin anywhere😊 Always follow the least privilege principle. For production create multiple IAM roles with different access such as read/write/destroy and use them in different parts of pipeline or grant them to different users. Only few selected users should be able to "write" and "destroy". Ideally everything must be under git control and Terraform runs only on PRs or merges. Take a look on Atlantis.
1. Detects the drift and corrects it. 2. Simpler and easier to use, especially for those without experience with Terraform. 3. Avoids team disputes over what to include in a Terraform module and how to structure the code.
It looks cool at first, but I see several hardcoded IDs retrieved manually from the AWS console: - account ID - OIDC fingerprint I'm wondering how could those be fetched dynamically. Another thing i don't get right now: In terraform i can factorize common code in modules; Achieving the same with those plain yaml manifests would require the usage of some kind of templating system: Helm, kustomize. Correct?
1. As I mentioned in the video, not everything can be automated with Crossplane yet; some steps are manual, and if you need 1-click deployment, Terraform is the better choice. 2. Crossplane has a notion of Compositions that allow you to combine multiple Managed Resources such as VPC & Subnets into one, which is somewhat similar to a Terraform module. 3. You can also use Helm and Kustomize to combine multiple resources and share values.
excellent explanation sir, just a question regarding to cluster access, is it possible to set-up access config , I mean something like this: authenticationMode: [API, API_AND_CONFIG_MAP] . I have make a lot of test and I think is not possile , but , I am not sure. Thanks Anton
You added providerConfigRef (name: default) only one time for the s3 bucket and didn't do it for other resources. Is it because you created "ProviderConfig" with "default" name and it will be used automatically, or there is another reason?
Yes, it defaults to "default". "If providerConfigRef isn’t applied, Providers use the ProviderConfig named default." Here is a link - docs.crossplane.io/latest/concepts/managed-resources/#providerconfigref
Not yet, they use different mechanism for cross reference - github.com/crossplane/crossplane/blob/master/design/one-pager-cross-resource-referencing.md
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
You put so much effort to teach us
Hats off to your hardwork.
Thank you, Prashant!❤
The best TH-cam channel for these kinds of topics!!!
❤️
I was waiting for this video
working on another one: compositions, import existing infra and some other more advanced features
Thrilled to watch tutorials on cutting-edge technologies! Your content is invaluable. Keep up the amazing work!@@AntonPutra
@@mhmdbahja Thank you! Appreciate it!
@AntonPutra, thank you very much for this content. I have searched for a detailed video on the usage of crossplane on youtube, You actually nailed it.
Thank you, Taiwo Lawal. I think nowadays most people would like to provision Kubernetes and use all the features and integrations that it provides.
Once again, great work! I am not a DevOps, but your videos are sufficient enough for me to get up to speed with the work I need to do.
Thank you! I'll refresh the Crossplane tutorial soon since there are some updates, such as pod identities, which will make it much easier to use Crossplane.
First of all thanks for yet another great video - looking forward to learn a lot from it.
Looking at the possibilities I get goosebumps. Being able to not only associate a service account with iam roles but to also create the trust relationships, create a s3 bucket, setup rds credentials store them in secrets manager and reference them with external secrets operator all managed in argocd.
Brings us close to a internal developer platform. All what is left is a easy to use UI
Thanks Thomas!
Hi Anton ,
Thanks for such lovely video , Really good one mate.
I follow all of your EKS Videos for the Provisioning the EKS Cluster
Looking forward for your video on crossplane composition for the same , please keep making such videos on youtube
sure, will do updated video soon with eks pod identeties
Thank you! Can you continue the crossplane video series? Like Composition, convert the existing code you used to the Helm chart.
Excellent tutorial . Thank you teacher , Guru 🙏🏻
THank you, Mohit!❤
Really great tutorial about Crossplane. Your explanation is really easy and also great to follow. That makes fun to learn.
Any chance of Part 2 or 3?
very good video!
thanks!
I checked your GitHub but didn’t find this lesson 176. Do you mind making it public after removing your AWS secrets ?
Thank you!
My pleasure! I'll update this lesson soon to incorporate pod identities and refresh the rest of it with new API versions.
Thank you so much for your lovely efforts, do you have any basic tutorial about cross plane use cases how to use and when to use?
You can use it to manage your cloud and not only infrastructure; essentially, anything you can do with Terraform, you can do with Crossplane.
@@AntonPutra so we can provision the entire infrastructure, manage the kubernetes objects using corssplane as well?
@@viswaviswa8616 You can manage Kubernetes objects with helm Crossplane provider but I would recommend to use ArgoCD or Flux for that purpose
Thank you so much! It helped a lot!
welcome!
So, to create a Kubernetes cluster you need an another cluster 😀 By the way, what the benefits do to use Crossplane to compare with Terraform/Terragrunt or AWS CDK?
Yes, it's a chicken and egg problem. Moreover, I wouldn't place all my environments in a single Kubernetes cluster; meaning, for production, I would use different host Kubernetes clusters, each with different levels of access. The biggest benefit is the reconciliation loop of Kubernetes. Compared to Terraform, Crossplane will detect any drift if someone manually updates the infrastructure and will reapply it to match your YAML.
You are great! I recommend your channel to everyone 😊 great videos!
Does crossplane support all same resources and their settings that are available in Terraform AWS provider? What about other providers? Or it supports only a small set?
Thank you Юрий! Well, my understanding that Crossplane AWS provider is based on the official Terraform provider, so I think there is a small lag between new feature in AWS -> implementation in AWS terraform provider -> Adoption in Crossplane provider as a custom resource
@AntonPutra
How to use Crossplane with K8S on Bare metal?
Thank you so much for your efforts.
Thank you. If you are referring to a host, it functions the same as Minikube. However, if you are asking about managing bare metal clusters or VMware, you need to search for the specific provider here: marketplace.upbound.io/providers or build one.
Excellent video.
I have a question, how do you create those animated diagrams?
Thanks! Adobe suite
Hi Anton Putra, nice video! TY!
I have a question:What would be a best practice for using AWS Admin credentials in production? Use IAM Role?
Thanks you! The best practise never use admin anywhere😊
Always follow the least privilege principle. For production create multiple IAM roles with different access such as read/write/destroy and use them in different parts of pipeline or grant them to different users. Only few selected users should be able to "write" and "destroy". Ideally everything must be under git control and Terraform runs only on PRs or merges. Take a look on Atlantis.
I forgot that it's about Crossplane but you get a point lol
In which use cases or scenarios do you think Crossplane offers significant advantages over Terraform?
1. Detects the drift and corrects it.
2. Simpler and easier to use, especially for those without experience with Terraform.
3. Avoids team disputes over what to include in a Terraform module and how to structure the code.
@@AntonPutraregarding p.3, would not the team dispute what to include in crossplane now? 😅
@@ЮрийВласов-д4ю Well, crossplane compositions are much simpler then Tf modules. In the future I guess😊
It looks cool at first, but I see several hardcoded IDs retrieved manually from the AWS console:
- account ID
- OIDC fingerprint
I'm wondering how could those be fetched dynamically.
Another thing i don't get right now: In terraform i can factorize common code in modules; Achieving the same with those plain yaml manifests would require the usage of some kind of templating system: Helm, kustomize. Correct?
1. As I mentioned in the video, not everything can be automated with Crossplane yet; some steps are manual, and if you need 1-click deployment, Terraform is the better choice.
2. Crossplane has a notion of Compositions that allow you to combine multiple Managed Resources such as VPC & Subnets into one, which is somewhat similar to a Terraform module.
3. You can also use Helm and Kustomize to combine multiple resources and share values.
@@AntonPutra thx for the hints!
excellent explanation sir, just a question regarding to cluster access, is it possible to set-up access config , I mean something like this: authenticationMode: [API, API_AND_CONFIG_MAP] .
I have make a lot of test and I think is not possile , but , I am not sure. Thanks Anton
it's been a while
@@AntonPutra yeap, right , no issues , I gonna continue looking for it, thank you Anton
@@AntonPutra spec:
forProvider:
accessConfig:
- authenticationMode: API_AND_CONFIG_MAP
bootstrapClusterCreatorAdminPermissions: true
I found it
You added providerConfigRef (name: default) only one time for the s3 bucket and didn't do it for other resources. Is it because you created "ProviderConfig" with "default" name and it will be used automatically, or there is another reason?
Yes, it defaults to "default".
"If providerConfigRef isn’t applied, Providers use the ProviderConfig named default."
Here is a link - docs.crossplane.io/latest/concepts/managed-resources/#providerconfigref
Which video shows how to update the aws-auth config map to allow more users to access the cluster. i can't find one on your channel.
Sure, this one - th-cam.com/video/aIpHYYcR7oU/w-d-xo.html
Audio bug at 29:45...here you just define x2
thanks, probably missed it
@@AntonPutra 💪keep on rocking!
@@Daveooooooooooo0 will do :)
Is it possible here to do something that we could do with terraform outputs? Like get output fin another resource and use it in the current one?
Not yet, they use different mechanism for cross reference - github.com/crossplane/crossplane/blob/master/design/one-pager-cross-resource-referencing.md
How to Provision postgresql database using crossplane
where? k8s or on vm?
@@AntonPutra eks
I have repeated the same steps with provider version 0.40 but I'm unable to create a cluster. It's shows the sync status as false.
try to get logs from crossplane components/provider, you may get more info. They to "kubectl describe ..." as well