This repository contains a reference AWS Platform Configuration for use as a starting point in Upbound Cloud to build, run and operate your own internal cloud platform and offer a self-service console and API to your internal teams. It provides platform APIs to provision fully configured EKS clusters, with secure networking, and stateful cloud services (RDS) designed to securely connect to the nodes in each EKS cluster -- all composed using cloud service primitives from the Crossplane AWS Provider. App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace.
- Upbound Cloud
- Build Your Own Internal Cloud Platform
- Quick Start
- Platform Ops/SRE: Run your own internal cloud platform
- Customize for your Organization
- What's Next
- Learn More
- Local Dev Guide
What if you could eliminate infrastructure bottlenecks, security pitfalls, and
deliver apps faster by providing your teams with self-service APIs that
encapsulate your best practices and security policies, so they can quickly
provision the infrastructure they need using a custom cloud console, kubectl
,
or deployment pipelines and GitOps workflows -- all without writing code?
Upbound Cloud enables you to do just that, powered by the open source Crossplane project.
Consistent self-service APIs can be provided across dev, staging, and production environments, making it easy for app teams to get the infrastructure they need using vetted infrastructure configurations that meet the standards of your organization.
App teams can provision the infrastructure they need with a single YAML file
alongside Deployments
and Services
using existing tools and workflows
including tools like kubectl
and Flux to consume your platform's self-service
APIs.
The Platform Configuration
defines the self-service APIs and
classes-of-service for each API:
CompositeResourceDefinitions
(XRDs) define the platform's self-service APIs - e.g.CompositePostgreSQLInstance
.Compositions
offer the classes-of-service supported for each self-service API - e.g.Standard
,Performance
,Replicated
.
Crossplane Providers
include the cloud service primitives (AWS, Azure, GCP,
Alibaba) used in a Composition
.
Learn more about Composition
in the Crossplane
Docs.
- Sign up for Upbound Cloud.
- Create an
Organization
for your teams.
- Create a
Platform
in Upbound Cloud (e.g. dev, staging, or prod). - Connect
kubectl
to yourPlatform
instance.
Note: the Platform instance should have Crossplane v1.0 or higher as this
Configuration
relies on package auto-dependency resolution for the
dependencies listed in crossplane.yaml.
curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh
cp kubectl-crossplane /usr/local/bin
PLATFORM_CONFIG=registry.upbound.io/upbound/platform-ref-aws:v0.1.0
kubectl crossplane install configuration ${PLATFORM_CONFIG}
kubectl get pkg
Create ProviderConfig
and Secret
AWS_PROFILE=default && echo -e "[default]\naws_access_key_id = $(aws configure get aws_access_key_id --profile $AWS_PROFILE)\naws_secret_access_key = $(aws configure get aws_secret_access_key --profile $AWS_PROFILE)" > creds.conf
kubectl create secret generic aws-creds -n crossplane-system --from-file=key=./creds.conf
kubectl apply -f examples/aws-default-provider.yaml
kubectl apply -f examples/network.yaml
Verify status:
kubectl get claim
kubectl get composite
kubectl get managed
- Create a team
Workspace
in Upbound Cloud, namedteam1
. - Enable self-service APIs in each
Workspace
. - Invite app team members and grant access to
Workspaces
in one or morePlatforms
.
- Join your Upbound Cloud
Organization
- Verify access to your team
Workspaces
- Browse the available self-service APIs (XRDs) in your team
Workspace
- Provision a
PostgreSQLInstance
using the custom generated GUI for your PlatformConfiguration
- View status / details in your
Workspace
GUI console
- Connect
kubectl
to aWorkspace
from the self-service GUI console in aWorkspace
kubectl apply -f examples/postgres-claim.yaml
Verify status:
kubectl get claim -n team1
kubectl get composite
kubectl get managed
Delete resources created through the Workspace
GUI:
- From the
Workspace
GUI using the ellipsis menu in the resource view. - Using
kubectl delete -n team1 <claim-name>
.
Delete resources created using kubectl
:
kubectl delete -f examples/postgres-claim.yaml
kubectl delete -f examples/network.yaml
Verify all underlying resources have been cleanly deleted:
kubectl get managed
kubectl delete configurations.pkg.crossplane.io platform-ref-aws
kubectl delete providers.pkg.crossplane.io provider-aws
kubectl delete providers.pkg.crossplane.io provider-helm
rm /usr/local/bin/kubectl-crossplane*
Cluster
- provision a fully configured EKS cluster- definition.yaml
- composition.yaml includes (transitively):
EKSCluster
NodeGroup
IAMRole
IAMRolePolicyAttachment
HelmReleases
for Prometheus and other cluster services.
Network
- fabric for aCluster
to securely connect to Data Services and the Internet.- definition.yaml
- composition.yaml includes:
VPC
Subnet
InternetGateway
RouteTable
SecurityGroup
PostgreSQLInstance
- provision a PostgreSQL RDS instance that securely connects to aCluster
- definition.yaml
- composition.yaml includes:
RDSInstance
DBSubnetGroup
Create a Repository
called platform-ref-aws
in your Upbound Cloud Organization
:
Set these to match your settings:
UPBOUND_ORG=acme
[email protected]
REPO=platform-ref-aws
VERSION_TAG=v0.1.0
REGISTRY=registry.upbound.io
PLATFORM_CONFIG=${REGISTRY:+$REGISTRY/}${UPBOUND_ORG}/${REPO}:${VERSION_TAG}
Clone the GitHub repo.
git clone https://github.com/upbound/platform-ref-aws.git
cd platform-ref-aws
Login to your container registry.
docker login ${REGISTRY} -u ${UPBOUND_ACCOUNT_EMAIL}
Build package.
kubectl crossplane build configuration --name package.xpkg --ignore "examples/*,hack/*"
Push package to registry.
kubectl crossplane push configuration ${PLATFORM_CONFIG} -f package.xpkg
Install package into an Upbound Platform
instance.
kubectl crossplane install configuration ${PLATFORM_CONFIG}
The AWS cloud service primitives that can be used in a Composition
today are
listed in the Crossplane AWS Provider
Docs.
To learn more see Configuration Packages.
The Crossplane community is targeting a v1.0 release with 90% coverage of all Cloud APIs by end of year 2020 with multiple workstreams in flight:
- Code gen of native Crossplane providers by adapting existing codegen pipelines:
- ACK Code Generation of the Crossplane
provider-aws
- Azure Code Generation of the Crossplane
provider-azure
- ACK Code Generation of the Crossplane
- Code gen of Crossplane providers that wrap the stateless Terraform providers
- Clouds that don't have code gen pipelines
If you're interested in building your own reference platform for your company, we'd love to hear from you and chat. You can setup some time with us at [email protected].
For Crossplane questions, drop by slack.crossplane.io, and say hi!