一 背景
要在Azure上部署Crossplane,首先需要创建Azure账户并创建Azure服务主体。然后,将Crossplane安装到Kubernetes集群中,可以使用kubectl命令或Helm chart进行部署。接下来,配置Azure Provider并创建Provider配置,以指定Azure的访问凭据和权限。
在配置完成后,使用Crossplane的自定义资源定义(CRD)和Azure Provider的资源类来定义和创建Azure资源,如虚拟机、存储账户和数据库。通过创建相应的资源对象,使用Kubernetes API将这些资源部署到Azure上。
最后,利用Crossplane的功能来部署和管理应用程序。通过使用标准的Kubernetes命令和工具,如kubectl和kubectl describe,可以管理和监控已创建的Azure资源。Crossplane还提供了状态同步功能,确保资源状态与外部资源的一致性。
二 技术架构
三 实现逻辑
3.1 环境准备
3.1.1 K8s环境准备
- docker部署
shell
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io -y
sudo systemctl start docker- kind
shell
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
#- role: worker
#- role: worker- kubectl
shell
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl &&\
chmod +x ./kubectl &&\
mv ./kubectl /usr/bin/kubectl
https://get.helm.sh/helm-v3.14.1-linux-amd64.tar.gz3.1.2 Crossplane部署
shell
helm repo add \
crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane \
crossplane-stable/crossplane \
--namespace crossplane-system \
--create-namespace
$ kubectl get all -n crossplane-system3.2 Azure信息准备
3.2.1 Azure信息
利用az创建服务主体,参考:docs.crossplane.io/v1.15/getti...
shell
# az login 地域设置
# 登陆中国区
$ az cloud set -n AzureChinaCloud
# 登陆global
$ az cloud set -n AzureCloud登陆成功
shell
$ az login
[
{
"cloudName": "AzureCloud",
.........
}
}
]
# 设置账户
$ az account show --output table
# 设置订阅
$ az account set --subscription SUBSCRIPTION_ID- 查看订阅ID
shell
# 创建sp
$ az ad sp create-for-rbac \
--sdk-auth \
--role Owner \
--scopes /subscriptions/XXXXXX -n "crossplane-sp-rbac" > "azure-credentials.json"
# 内容azure-credentials.json
{
"clientId": "XXXXXX",
"clientSecret": "jWLXXXXXX",
"subscriptionId": "XXXXXX",
"tenantId": "857XXXXXX",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
3.2.2 安装Provider相关信息
- 安装provider
shell
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-azure
spec:
package: xpkg.upbound.io/upbound/provider-azure:v0.42.1- 创建密钥
shell
$ kubectl create secret \
generic azure-secret \
-n crossplane-system \
--from-file=creds=./azure-credentials.json
$ kubectl describe secret azure-secret -n crossplane-system- 创建ProviderConfig
shell
cat <<EOF | kubectl apply -f -
apiVersion: azure.upbound.io/v1beta1
metadata:
name: default
kind: ProviderConfig
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: azure-secret
key: creds
EOF3.3 Azure资源测试-single
- 部署RG
shell
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
metadata:
name: xuel-rg
spec:
forProvider:
location: West Europe
- 部署虚拟网络
shell
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetwork
metadata:
name: xuel-vn
spec:
forProvider:
addressSpace:
- 10.0.0.0/16
dnsServers:
- 10.0.0.4
- 10.0.0.5
location: West Europe
resourceGroupNameRef:
name: xuel-rg
---
apiVersion: network.azure.upbound.io/v1beta1
kind: Subnet
metadata:
name: xuel-subnet
spec:
forProvider:
addressPrefixes:
- 10.0.1.0/24
enforcePrivateLinkServiceNetworkPolicies: true
resourceGroupNameRef:
name: xuel-rg
virtualNetworkNameRef:
name: xuel-vn
kubectl describe providerrevision
- 创建删除
shell
kubectl get virtualnetwork.network
kubectl delete virtualnetwork.network crossplane-quickstart-network3.4 部署自定义资源
- xrd.yaml
shell
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xaks.compute.example.com
spec:
group: compute.example.com
names:
kind: Xaks
plural: xaks
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
location:
type: string
oneOf:
- pattern: '^EU$'
- pattern: '^US$'
- pattern: '^WE$'
required:
- location
served: true
referenceable: true
claimNames:
kind: XaksClaim
plural: xaksclaims- Composition.yaml
shell
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: crossplane-xuel-aks
spec:
resources:
- name: xuel-rg
base:
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
spec:
forProvider:
location: "West Europe"
patches:
- type: FromCompositeFieldPath
fromFieldPath: "spec.location"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
EU: "Sweden Central"
US: "Central US"
WE: "West Europe"
- name: xuel-vn
base:
apiVersion: network.azure.upbound.io/v1beta1
kind: VirtualNetwork
spec:
forProvider:
addressSpace:
- 10.0.0.0/16
dnsServers:
- 10.0.0.4
- 10.0.0.5
location: "West Europe"
resourceGroupNameSelector:
matchControllerRef: true
patches:
- type: FromCompositeFieldPath
fromFieldPath: "spec.location"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
EU: "Sweden Central"
US: "Central US"
WE: "West Europe"
- name: xuel-subnet
base:
apiVersion: network.azure.upbound.io/v1beta1
kind: Subnet
spec:
forProvider:
addressPrefixes:
- 10.0.1.0/24
enforcePrivateLinkServiceNetworkPolicies: true
virtualNetworkNameSelector:
matchControllerRef: true
resourceGroupNameSelector:
matchControllerRef: true
patches:
- type: FromCompositeFieldPath
fromFieldPath: "spec.location"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
EU: "Sweden Central"
US: "Central US"
WE: "West Europe"
- name: xuel-aks
base:
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
spec:
forProvider:
apiServerAccessProfile:
- authorizedIpRanges:
- 192.168.1.0/24
defaultNodePool:
- name: default
nodeCount: 1
vmSize: Standard_D2_v2
dnsPrefix: xuel-dns
identity:
- type: SystemAssigned
location: West Europe
resourceGroupNameSelector:
matchControllerRef: true
tags:
Environment: Production
patches:
- type: FromCompositeFieldPath
fromFieldPath: "spec.location"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
EU: "Sweden Central"
US: "Central US"
WE: "West Europe"
compositeTypeRef:
apiVersion: compute.example.com/v1alpha1
kind: Xaks- XR.yaml
shell
apiVersion: compute.example.com/v1alpha1
kind: Xaks
metadata:
name: xuel-aks
spec:
location: "WE"- 测试
shell
[root@xuel-crossplane custom-aks]# k get composition
NAME XR-KIND XR-APIVERSION AGE
crossplane-xuel-aks Xaks compute.example.com/v1alpha1 17h
[root@xuel-crossplane custom-aks]# k get xrd
NAME ESTABLISHED OFFERED AGE
virtualmachines.compute.example.com True True 17h
xaks.compute.example.com True True 12m
[root@xuel-crossplane custom-aks]# k get xaks
NAME SYNCED READY COMPOSITION AGE
xuel-aks True True crossplane-xuel-aks 11m
- 查看资源
- 删除
shell
k delete xaks xuel-aks四 总结
要在Azure上部署Crossplane,您需要创建Azure资源组并部署Crossplane Operator到Kubernetes集群中。然后,通过配置Azure Provider将Azure与Crossplane集成,并使用Crossplane的自定义资源定义和Azure Provider的资源类来定义和创建Azure资源。通过标准的Kubernetes命令和工具,您可以管理和监控这些资源。通过这些步骤,您可以在Azure上利用Crossplane实现跨云资源管理的能力,提高管理效率并简化应用环境的部署和操作。