-
-
Save ryuheechul/c0d4c6bbb558d46d05336ddf5dedec73 to your computer and use it in GitHub Desktop.
https://crossplane.io/ basically let you manage infrastructure (and apps) in a Kubernetes way.
describe the desired state and controllers will take care the rest
Links:
- Crossplane vs Terraform
- Tutorial: Building an Enterprise Infrastructure Control Plane on Kubernetes - Daniel Mangum
I have a strong feeling that this is gonna be next big thing after Terraform for these reasons:
- Terraform comes with strengths but also (critical) weaknesses as well - read Crossplane vs Terraform
- * Operator (or controller) model is quite powerful and let the controller to be actually responsible for all necessary actions CRUD
- ** possibly less needs to even access the credential, Crossplane's providers sink credentials as k8s secrets
- *** I've witnessed that a lot of time is wasted by just for connecting things before actual matters.
- so the needs for self-service way is more present than ever
- **** Crossplane runs on top of k8s and I don't think this is a coincidence
* Many configuration tools dont't seem to enforce you to deal with scenarios of cleaning up resource because they seemed to be more focusded on creating and updating. (Terraform and providers do this well)
** If your app runs in the same cluster as Crossplane cluster (which I think you probably shouldn't), it's easy to consume those creds, and when the app runs somewhere else you should be able to use just another controller to deliver that creds to the target environment.
*** It's easy to have no clear and efficient central interface to issue and consume infrastructure resources even in big organizations today. Often access that is not ready is issue (because you have so many different systems to access and they have all different way of manging access). Managing groups can be chaos and daunting, sometimes it's not even clear why some actions are denied and what exact permissions you have. This things are often overlooked and accepted as that's just how it is for infrastructure, which it shouldn't be.
**** Kubernetes is powerful compute platform, you can run almost anything there and also running cost of things are very cheap (in terms of the amount of work to do), for example, there are turns of helm chaart you can run even for sophisticated apps, it just takes seconds. Kubernetes is also a wonderful interface. It's API based, kubectl works well and extensible via plugins. k9s is an excellent tool to compliment kubectl. All the Objects (represented via YAML usually) and events make what's going on super clear. It's simply powerful and scalable and extensible, so why not?
All my thoughts above are not proven by my experience yet (I haven't used it just yet but I'm very interested to use it anytime soon)
https://danielmangum.com/posts/crossplane-infrastructure-llvm/
| # minimal standalone daemonset version of https://github.com/Quentin-M/weave-tc | |
| # to handle the conntrack race inducing high DNS latency on Kubernetes | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| name: weave-tc | |
| name: weave-tc | |
| namespace: kube-system | |
| spec: | |
| minReadySeconds: 5 | |
| selector: | |
| matchLabels: | |
| name: weave-tc | |
| template: | |
| metadata: | |
| labels: | |
| name: weave-tc | |
| spec: | |
| tolerations: | |
| - operator: Exists | |
| effect: NoSchedule | |
| - key: CriticalAddonsOnly | |
| effect: NoSchedule | |
| containers: | |
| - image: rainist/weave-tc-debian:latest | |
| imagePullPolicy: IfNotPresent | |
| name: weave-tc | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /run/xtables.lock | |
| name: xtables-lock | |
| - mountPath: /lib/tc | |
| name: lib-tc | |
| dnsPolicy: ClusterFirst | |
| hostNetwork: true | |
| hostPID: true | |
| restartPolicy: Always | |
| volumes: | |
| - hostPath: | |
| path: /run/xtables.lock | |
| type: "" | |
| name: xtables-lock | |
| - hostPath: | |
| path: /usr/lib/tc # for debian. other os will have different path for tc | |
| type: "" | |
| name: lib-tc |