Crossplane and ArgoCD on your own local machine on a KinD cluster – from scratch – Salman Abbas Naqvi

A bunch of Crossplane/ArgoCD tutorials exist already – so why create another one? This one starts FROM SCRATCH, and takes you through all the way to creating resources on AWS.

Crossplane is not necessarily easy to get started with. But, once you get it going, it’s not much harder to use than Terraform, but with a whole lot more benefits.

If you’re new to Crossplane, these videos offer an excellent introduction. Now, are you ready to dive into the world of Crossplane?

This tutorial walks you through the complete process of setting up your own local Crossplane environment. This guide covers the installation of the entire stack within your WSL Debian or Ubuntu instance. The tutorial includes steps for installing:

Kubernetes in Docker (KIND)
ArgoCD
Crossplane
Deploying test infrastructure

Assumptions

If you’re following this tutorial, it’s assumed you already have a high-level understanding of what Crossplane is. Watching the first video above will provide you with the necessary background. Additionally, it’s expected that you have basic knowledge of AWS, Git, Linux, and general cloud concepts.

Ready to dive in?

References

Table of Contents

Install Ubuntu or Debian

Install a WSL Virtual Machine, preferably different from your day-to-day operating system to avoid disrupting your regular workflow. For instance, I use Debian daily, so I installed Crossplane on Ubuntu. If you typically use Ubuntu, simply follow this tutorial using a Debian instance.

This should help keep things running smoothly!

On Windows Command Prompt:

wsl –install Ubuntu

wsl –install Debian

Open Ubuntu

Open a new shell, log in as super user using “sudo -s” command

Update Ubuntu / Debian

apt-get update

apt-get upgrade

Download and install Kubernetes in Docker – KIND

# For AMD64 / x86_64

[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64

# For ARM64

[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-arm64

chmod +x ./kind

mv ./kind /usr/local/bin/kind

Add Docker’s official GPG key:

apt-get update

apt-get install ca-certificates curl

install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc

chmod a+r /etc/apt/keyrings/docker.asc

Add the repository to Apt sources:

echo “deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \

$(. /etc/os-release && echo “$VERSION_CODENAME”) stable” | tee /etc/apt/sources.list.d/docker.list > /dev/null

Update Repositories

apt-get update

Install Docker

apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

docker ps -a –filter label=io.x-k8s.kind.cluster=kind –format ‘{{.Names}}’

Install AWS CLI

apt-get update

sudo apt update

curl “https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip” -o “awscliv2.zip”

sudo apt-get install unzip

unzip awscliv2.zip

sudo ./aws/install

aws

Define Git parameters

cd /home/salman/

touch .gitconfig

nano .gitconfig

[credential]

email = x.y@gmail.com

user = x.y

Create A New Repo

Create a new empty repo, similar to this: https://github.com/main-salman/xargocd-gitops

Use these instructions to create a GitHub Personal Access Token: Managing your personal access tokens – GitHub Docs

Define GIT Repository credentials

Using the above created repo URL and git credentials, copy paste the below with new variables into your Linux box.

GITHUB_PRIVATE_ACCESS_TOKEN=*****

YOUR_PRIVATE_GITHUB_REPO_URL=https://github.com/main-salman/xargocd-gitops

YOUR_GITHUB_USERNAME=y.x

Create kubernetes cluster

kind create cluster –config – <<EOF

kind: Cluster

apiVersion: kind.x-k8s.io/v1alpha4

# configure cluster with containerd registry config dir enabled

containerdConfigPatches:

– |-

[plugins.”io.containerd.grpc.v1.cri”.registry]

config_path = “/etc/containerd/certs.d”

nodes:

– role: control-plane

image: “kindest/node:v1.27.3”

EOF

Configure kubernetes Cluster, Define Context, Define Namespace

snap install kubectl –classic

kubectl config use-context kind-platformwale

kubectl config current-context

kubectl create namespace argocd

Install ArgoCD

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

kubectl get po -n argocd

curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64

install -m 555 argocd-linux-amd64 /usr/local/bin/argocd

Run ArgoCD WebServer

kubectl port-forward svc/argocd-server -n argocd 8080:443

Get ArgoCD WebServer Credentials

Open a new shell, log in as super user using “sudo -s” command:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=”{.data.password}” | base64 -d && echo

Log into ArgoCD web interface using any browser using this address: https://localhost:8080/

use username ‘admin’ and the password retrieved using the above command. Click on “User Info” on the left to update the password to something you will remember.

Send ArgoCD Git Credentials

kubectl apply -f – <<EOF

—

# setup argocd secret for private gitops repository

apiVersion: v1

kind: Secret

metadata:

namespace: argocd

labels:

argocd.argoproj.io/secret-type: repository

type: Opaque

stringData:

url: ${YOUR_PRIVATE_GITHUB_REPO_URL}

username: ${YOUR_GITHUB_USERNAME}

password: ${GITHUB_PRIVATE_ACCESS_TOKEN}

EOF

kubectl get secrets -n argocd xargocd-gitops-credentials

Define GIT Repo to be watched

Change the SOURCE_REPO variable to point to your repo.

SOURCE_REPO=https://github.com/main-salman/xargocd-gitops

kubectl apply -f – <<EOF

# The ‘applications-project’ AppProject allows a non-admin user to deploy

# only Application resources in the ‘argocd’ namespace.

—

apiVersion: argoproj.io/v1alpha1

kind: AppProject

metadata:

namespace: argocd

finalizers:

– resources-finalizer.argocd.argoproj.io

spec:

description: Project for argocd applicatons

sourceRepos:

– ${SOURCE_REPO}

# Allow this project to deploy only to ‘argocd’ namespace

destinations:

– namespace: argocd

server: https://kubernetes.default.svc

# Deny all namespace-scoped resources from being created, except for Application

namespaceResourceWhitelist:

– group: ‘argoproj.io’

kind: Application

EOF

Define ArgoCD application

kubectl apply -f – <<EOF

# ‘sqs-project’ is used for actual SQS crossplane resources

apiVersion: argoproj.io/v1alpha1

kind: AppProject

metadata:

namespace: argocd

finalizers:

– resources-finalizer.argocd.argoproj.io

spec:

description: Project for deploying crossplane resources to the cluster

sourceRepos:

– ${SOURCE_REPO}

# can deploy to any namespace but within the kind cluster only

destinations:

– namespace: ‘*’

server: https://kubernetes.default.svc

# can deploy any resources

clusterResourceWhitelist:

– group: ‘*’

kind: ‘*’

EOF

Define some more parameters for ArgoCD application/Project

REPO_URL=https://github.com/main-salman/xargocd-gitops

kubectl apply -f – <<EOF

—

apiVersion: argoproj.io/v1alpha1

kind: Application

metadata:

namespace: argocd

finalizers:

– resources-finalizer.argocd.argoproj.io

spec:

project: my-project

source:

repoURL: ${REPO_URL}

targetRevision: HEAD

path: ./my-app

destination:

server: https://kubernetes.default.svc

namespace: crossplane-system

syncPolicy:

automated:

prune: true

selfHeal: true

syncOptions:

– SyncWaveOrder=true

retry:

limit: 1

backoff:

duration: 5s

factor: 2

maxDuration: 1m

EOF

Verify

kubectl get applications -A

Log into ArgoCD shell

You will be prompted for the password changed earlier when you run these commands.

kubectl config use-context kind-platformwale

argocd admin initial-password -n argocd

argocd login localhost:8080

argocd app list

Install Crossplane

snap install helm –classic

helm repo add crossplane-stable https://charts.crossplane.io/stable

helm repo update

helm search repo crossplane-stable

helm install crossplane crossplane-stable/crossplane –namespace crossplane-system –create-namespace

kubectl get po -n crossplane-system

Define SQS Provider for Crossplane

cat <<EOF | kubectl apply -f –

apiVersion: pkg.crossplane.io/v1

kind: Provider

metadata:

spec:

package: xpkg.upbound.io/upbound/provider-aws-sqs:v0.38.0

EOF

kubectl get providers

kubectl api-resources | grep sqs.aws.upbound.io

Define AWS credentials and send credentials to Crossplane

Go to AWS Console, generate IAM credentials, and use them in the below section.

touch aws-credentials.txt

nano aws-credentials.txt

[default]

aws_access_key_id = REPLACE_ME_AWS_ACCESS_KEY_ID

aws_secret_access_key = REPLACE_ME_AWS_SECRET_ACCESS_KEY

kubectl create secret generic aws-secret -n crossplane-system –from-file=creds=./aws-credentials.txt

cat <<EOF | kubectl apply -f –

apiVersion: aws.upbound.io/v1beta1

kind: ProviderConfig

metadata:

spec:

credentials:

source: Secret

secretRef:

namespace: crossplane-system

key: creds

EOF

Create and Delete a test SQS Queue

kubectl apply -f – <<EOF

apiVersion: sqs.aws.upbound.io/v1beta1

kind: Queue

metadata:

spec:

forProvider:

region: ca-central-1

providerConfigRef:

EOF

kubectl get queues.sqs.aws.upbound.io

kubectl delete queues.sqs.aws.upbound.io demo-queue

Create a new file in the SQS Watched repo and manage infrastructure via Crossplane

Steps:

Create “my-app” directory in your GIT repo defined above – e.g. https://github.com/main-salman/xargocd-gitops
Create YAML file (any name, e.g. my-queue.yaml) with the following content in the “my-app”:

apiVersion: sqs.aws.upbound.io/v1beta1

kind: Queue

metadata:

spec:

forProvider:

region: ca-central-1

If Crossplane is functioning as expected, Crossplane will create the above SQS queue within a 2-3 minutes.
To remove the Queue, simply empty the content of the YAML file, and commit the file again, and then in ArgoCD, run a Sync operation with the “Prune” option enabled, which will delete the queue.

Share this:

Leave a comment Cancel reply