{"id":22622511,"url":"https://github.com/developer-guy/crossplane-gitops-in-action-devfest-2024","last_synced_at":"2025-04-15T23:43:51.992Z","repository":{"id":260903380,"uuid":"882661107","full_name":"developer-guy/crossplane-gitops-in-action-devfest-2024","owner":"developer-guy","description":"Crossplane \u0026 GitOps in Action: Unlocking Kubernetes-Native Control for GCP: https://devfest.istanbul/schedule","archived":false,"fork":false,"pushed_at":"2024-12-18T16:16:43.000Z","size":16,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T12:55:15.913Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/developer-guy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-03T12:30:35.000Z","updated_at":"2024-12-18T16:16:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"791a13c0-df78-4c8c-ac1e-80055a93bb29","html_url":"https://github.com/developer-guy/crossplane-gitops-in-action-devfest-2024","commit_stats":null,"previous_names":["developer-guy/crossplane-gitops-in-action-devfest-2024"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fcrossplane-gitops-in-action-devfest-2024","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fcrossplane-gitops-in-action-devfest-2024/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fcrossplane-gitops-in-action-devfest-2024/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fcrossplane-gitops-in-action-devfest-2024/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/developer-guy","download_url":"https://codeload.github.com/developer-guy/crossplane-gitops-in-action-devfest-2024/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246131242,"owners_count":20728299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-08T23:15:34.137Z","updated_at":"2025-03-29T02:42:09.444Z","avatar_url":"https://github.com/developer-guy.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Crossplane \u0026 GitOps in Action\n\n## Prerequisites\n* kubectl\n* kind\n* argocd\n* kustomize\n* git\n\n## Setup\n\n### Kubernetes Cluster (Control Plane Cluster)\n\nCreate a local Kubernetes cluster using [kind](https://kind.sigs.k8s.io/) to run Crosplane and manage our infrastructure on GCP.\n\n```bash\nkind create cluster --wait 5m\n```\n\n### ArgoCD\n\nYou need to apply the kustomization under `gitops/argocd` directory:\n\n```bash\nkubectl apply -k ./gitops/argocd\n\n# Check the argocd namespace\nkubectl get pods -n argocd\n\n# Wait until argo is ready\nkubectl wait pods --all --for=condition=Ready --namespace=argocd --timeout=120s\n```\n\nTo access argocd, you can use the CLI tool or the Web UI:\n\n```bash\n# First, port forward to the argocd server\nkubectl port-forward svc/argocd-server 8080:443 -n argocd \u0026\n\n# Get the initial admin password\nARGO_PASS=$(kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath='{.data.password}' | base64 -d)\n\n# Connect using CLI\n# If you want to connect to the UI, you can use https://localhost:8080\nargocd login localhost:8080 --username admin --password ${ARGO_PASS} --insecure\n```\n\n### Argo Applications\n\nWe are ready to use GitOps. Let's start with Crossplane deploymenet:\n\nFirst, create the app of the apps:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/crossplane.yaml\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: crossplane-bootstrap\n  namespace: argocd\n  finalizers:\n    - resources-finalizer.argocd.argoproj.io\n  annotations:\n    argocd.argoproj.io/sync-wave: \"0\"\nspec:\n  project: default\n  source:\n    repoURL: https://github.com/developer-guy/crossplane-gitops-in-action-devfest-2024.git\n    targetRevision: HEAD\n    path: gitops/crossplane/bootstrap\n  destination:\n    server: https://kubernetes.default.svc\n    namespace: crossplane-system\n  syncPolicy:\n    automated:\n      prune: true    \n    syncOptions:\n    - CreateNamespace=true\n    retry:\n      limit: 1\n      backoff:\n        duration: 5s \n        factor: 2 \n        maxDuration: 1m\nEOF\n```\n\nLet's create the initial Application:\n\n```bash\n# Create the crossplane-bootstrap app\nkubectl apply -f ./gitops/crossplane/crossplane.yaml\n\n# Let's push the changes\ngit add gitops/crossplane/crossplane.yaml\ngit commit -am \"initial commit for crossplane setup\"\ngit push\n```\n\nThen, create the Crossplane installation:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/bootstrap/crossplane-install.yaml\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: crossplane\n  namespace: argocd\n  finalizers:\n    - resources-finalizer.argocd.argoproj.io\n  annotations:\n    argocd.argoproj.io/sync-wave: \"1\"\nspec:\n  project: default\n  source:\n    chart: crossplane\n    repoURL: https://charts.crossplane.io/stable\n    targetRevision: 1.17.2 # this was the latest version of the Helm Chart at the we were working on this.\n    helm:\n      releaseName: crossplane\n  destination:\n    server: https://kubernetes.default.svc\n    namespace: crossplane-system\n  syncPolicy:\n    automated:\n      prune: true    \n    syncOptions:\n    - CreateNamespace=true\n    retry:\n      limit: 1\n      backoff:\n        duration: 5s \n        factor: 2 \n        maxDuration: 1m\nEOF\n```\n\nWe need to push our changes to our repo. Then, when we create the `crossplane-bootstrap` app, ArgoCD will take care of deploying Crossplane Helm Chart for us.\n\n```bash\n# Push changes\ngit add gitops/crossplane/bootstrap/crossplane-install.yaml\ngit commit -am \"let's deploy the crossplane\"\ngit push\n\n# You can manually sync argocd, and check the app status\nargocd app sync argocd/crossplane-bootstrap\n\n# List the apps\nargocd app list\n\n# Now, check the pods in the crossplane-system namespace\nkubectl get pods -n crossplane-system\n```\n\n## Manage GCP\n\nFirst, add GCP Provider application, and it's configuration:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/bootstrap/provider.yaml\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: provider-gcp\n  namespace: argocd\n  finalizers:\n    - resources-finalizer.argocd.argoproj.io\n  annotations:\n    argocd.argoproj.io/sync-wave: \"2\"\nspec:\n  project: default\n  source:\n    repoURL: https://github.com/developer-guy/crossplane-gitops-in-action-devfest-2024.git\n    targetRevision: HEAD\n    path: gitops/crossplane/provider-gcp\n  destination:\n    server: https://kubernetes.default.svc\n    namespace: crossplane-system\n  syncPolicy:\n    automated:\n      prune: true    \n    syncOptions:\n    - CreateNamespace=true\n    retry:\n      limit: 1\n      backoff:\n        duration: 5s \n        factor: 2 \n        maxDuration: 1m\nEOF\n```\n\nLet's push the changes and create the `provider-gcp` application:\n\n```bash\n# Create the provider-gcp app\ngit add gitops/crossplane/bootstrap/provider.yaml\ngit commit -am \"let's create the provider-gcp application\"\ngit push\n\n# to not wait for the sync, you can manually sync the app\nargocd app sync argocd/crossplane-bootstrap\n```\n\nCreate the provider configuration:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/provider-gcp/storage-provider.yaml\napiVersion: pkg.crossplane.io/v1\nkind: Provider\nmetadata:\n  name: provider-gcp-storage\nspec:\n  package: xpkg.upbound.io/upbound/provider-gcp-storage:v1.8.3\nEOF\n```\n\nWe need to push those changes, then create the `provider-gcp-storage` provider:\n\n```bash\n# Push changes\ngit add gitops/crossplane/provider-gcp/storage-provider.yaml\ngit commit -am \"let's create the GCP storage provider\"\ngit push\n\n# to not wait for the sync, you can manually sync the app\nargocd app sync argocd/provider-gcp\n```\n\n### Resources\n\nTo be able to create resources on GCP side, you need to create a Service Account and put it's key to a Kubernetes Secret:\n\n```bash\n# Step 1: Set up variables for project ID and service account name\ncat \u003c\u003cEOF \u003e .envrc\nexport PROJECT_ID=$(gcloud config get-value project)\nexport SERVICE_ACCOUNT_NAME=\"crossplane-gcp-sa\"\nexport SECRET_NAME=\"gcp-credentials\"\nexport SECRET_KEY=\"creds.json\"\nEOF\n\n# Step 2: Create the service account\ngcloud iam service-accounts create \"${SERVICE_ACCOUNT_NAME}\" \\\n    --display-name=\"Crossplane GCP Service Account\"\n\n# Step 3: Assign the roles to the service account\ngcloud projects add-iam-policy-binding \"${PROJECT_ID}\" \\\n    --member=\"serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com\" \\\n    --role=\"roles/storage.admin\"\ngcloud projects add-iam-policy-binding \"${PROJECT_ID}\" \\\n    --member=\"serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com\" \\\n    --role=\"roles/cloudsql.admin\"\ngcloud projects add-iam-policy-binding \"${PROJECT_ID}\" \\\n    --member=\"serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com\" \\\n    --role=\"roles/compute.admin\"\ngcloud projects add-iam-policy-binding \"${PROJECT_ID}\" \\\n    --member=\"serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com\" \\\n    --role=\"roles/servicenetworking.networksAdmin\"\n\n# Step 4: Generate a JSON key for the service account\ngcloud iam service-accounts keys create gcp-crossplane-key.json \\\n    --iam-account=\"$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com\"\n\n# Create the secret\nkubectl create secret generic \"${SECRET_NAME}\" \\\n  -n crossplane-system --from-file=\"${SECRET_KEY}=gcp-crossplane-key.json\"\n```\n\nCreate the provider config with this information:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/provider-gcp/providerconfig.yaml\napiVersion: gcp.upbound.io/v1beta1\nkind: ProviderConfig\nmetadata:\n  name: default\nspec:\n  credentials:\n    secretRef:\n      key: $SECRET_KEY\n      name: $SECRET_NAME\n      namespace: crossplane-system\n    source: Secret\n  projectID: $PROJECT_ID\nEOF\n```\n\nPush the changes to take effect:\n\n```bash\n# Push changes\ngit add gitops/crossplane/provider-gcp/providerconfig.yaml\ngit commit -am \"let's create the GCP provider configuration\"\ngit push\n\n# to not wait for the sync, you can manually sync the app\nargocd app sync argocd/provider-gcp\n```\n\n## GCP Managed Resources\n\nAdd managed resources application to argocd:\n\n```bash\ncat \u003c\u003cEOF \u003e gitops/crossplane/bootstrap/managed-resources.yaml\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: managed-resources\n  namespace: argocd\n  finalizers:\n    - resources-finalizer.argocd.argoproj.io\n  annotations:\n    argocd.argoproj.io/sync-wave: \"3\"\nspec:\n  project: default\n  source:\n    repoURL: https://github.com/developer-guy/crossplane-gitops-in-action-devfest-2024.git\n    targetRevision: HEAD\n    path: gitops/crossplane/managed-resources\n  destination:\n    server: https://kubernetes.default.svc\n    namespace: crossplane-system\n  syncPolicy:\n    automated:\n      prune: true\n    syncOptions:\n    - CreateNamespace=true\n    retry:\n      limit: 1\n      backoff:\n        duration: 5s \n        factor: 2 \n        maxDuration: 1m\nEOF\n```\n\nPush the changes and create the `managed-resources` application:\n\n```bash\n# Create the managed-resources app\ngit add gitops/crossplane/bootstrap/managed-resources.yaml\ngit commit -am \"let's create the managed-resources application\"\ngit push\n\n# You can manually sync argocd, and check the app status\nargocd app sync argocd/crossplane-bootstrap\n```\n\nNow, you can create resources on GCP side. Let's create a bucket:\n\n```bash\n# Random ID for the bucket name:\nBUCKET_ID=$(uuidgen | cut -c -8 | tr '[:upper:]' '[:lower:]')\n\ncat \u003c\u003cEOF \u003e gitops/crossplane/managed-resources/bucket.yaml\napiVersion: storage.gcp.upbound.io/v1beta2\nkind: Bucket\nmetadata:\n  annotations:\n    meta.upbound.io/example-id: storage/v1beta1/bucketobject\n  labels:\n    testing.upbound.io/example-name: devfest-izmir-24-$BUCKET_ID\n  name: devfest-izmir-24-$BUCKET_ID\nspec:\n  forProvider:\n    location: EU\n    storageClass: MULTI_REGIONAL\nEOF\n```\n\nPush the code and apply the `managed-resources` application, and check the bucket being created!\n\n```bash\n# Push changes\ngit add gitops/crossplane/managed-resources/bucket.yaml\ngit commit -am \"let's create the bucket\"\ngit push\n\n# also the managed-resources app\nargocd app sync argocd/managed-resources\n```\n\nWait for the bucket to be created and fingers crossed!\n\n```bash\nwatch -n 5 'gcloud storage buckets list --format=\"json(name)\"'\n```\n\n## Composition \n\nCheckout the example in the [GCP database example](./configuration-gcp-database/) module.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Fcrossplane-gitops-in-action-devfest-2024","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeveloper-guy%2Fcrossplane-gitops-in-action-devfest-2024","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Fcrossplane-gitops-in-action-devfest-2024/lists"}