Crossplane in Action | Rawkode Live

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello and welcome to today's episode of rockwood live at the rockhold academy i am of course your host rockcote today we're taking a look at crossplane but before we do that there's a little bit of housekeeping first please remember to subscribe to the channel click the bell get notifications for all new episodes and remember to thumb the video share it comment get involved if you want to support the channel there are various membership options available you can check them out on the youtube page where we have some live courses currently in flight looking at influx db also we have a rather active discord server available at rocco.chat there's nearly 600 of us on there now talking all things cloud native kubernetes ebpf and everything in between so come say hello and i look forward to meeting you today's session is about crossplane and i am fortunate to be joined by a developer advocate at upbound the maintainers of the crossbow the crossblade project victor farsig hey man how are you oh very good thank you for carrying me no it's my pleasure uh it's it's really nice that we get to do something together i've enjoyed your your devops channel onto youtube for a while so it's nice to have you come over here and join us in there say hello for anyone that's not familiar could you do yourself a little bit of an introduction and tell us who you are sure so my name is victor parsik i currently work in upbound company behind crossplane or the main contributor to the cost train and i'm a developer advocate now in the past i did basically everything because my career can be qualified as victor gets bored within a year and then it changes what he does and that changes either within a company and then ultimately i i uh reach a point where there there were no there are no more things to do in a company than i changed the company right so i've been tech lead programmer i mean developer tester lead product something whatever everything basically and uh now i i've been up bound mostly because uh i've been following and using crossplane for at least a year before i joined and then i in a way told about guys kind of like you should employ me i like this problem i think that's great that you found a product that you liked and then just was like yeah i should go work there like that i mean that's how you take your your interest and your passion and apply it in a really great way so nice work we got a hello from russell who is loving your energy so thank you for that thank you russell and thomaslav from croatia says uh book victor i guess oh thomas there we go nice uh all right so why don't we venture distributors so now everyone knows exactly who you are but maybe people are not familiar with a cross plane you want to give us what's the elevator pitch what is cross plane control plane for everything i'm not sure whether that's official picture whether that's on the website but that's how i would explain it right and so think of it this way right uh when we manage infrastructure services and what's or not we are all almost always using clies right directly or indirectly you without naming products you execute some commands in some cli and that cli talks with an api which can be aws azure google alibaba kubernetes whatever it is right and what people do not really i believe comprehend completely is that behind that api there is always a cross play sorry there is always a control plane uh now everybody knows control plane that's kubernetes right we know control plane from there but there is a control plane behind the api and aws there is a control plane behind literally any combat any cloud vendor right at least those that i know now what we are trying to do is create a control plane to manage all those control planes uh so because we feel that there is a strong need for those things to be open source and there is a lot of confusion about not confusion but complications right i need to do something in kubernetes i need to do something in aws and then i need to jump into azure and then maybe some and so on and so forth and the major difference why control plane is important for everything uh can be seen in kubernetes right we're we're moving away from the idea that i should execute a command to create something uh doesn't matter which tool they're using right or to update something and sony support we are now deeply into the era where all those things are managed by control planes because they're doing more than responding to commands like create something right it's more like continuously monitoring the state of the the actual state of something comparing it with the currents to be the desired state and making sure that all those things are happening all the time independently of which order we put things uh how we define as long as we define the desired state control planes are managing those desired states right and that's simply that's happening already right now uh whether you know it or no it's just that we are trying to kind of create an open standard uh for control plane that will manage everything give or take right nice so i guess you know a lot of people now they know who you are they know what crossplane is but they may want to compare it it's other tools that are on the market is it fair to say that crossplane fits in that same space as uh terraform pollumi is it different enough from them that you think it comes into a new space and what would some of those differences be so uh to begin with currently it is in the same space since our let's say entry point pitch head for cross plane is uh is infrastructure but we're definitely not aiming infrastructure being the the only thing that crossplan manages and it's not uh so the scope is different and on top of that it's uh the api is different as well because one of the things that are very important to us is that there is a single api to manage things and when i say single api i'm not now talking about cross plan i'm talking about kubernetes api i believe that kubernetes when people ask me kind of what is the main advantage of kubernetes usually people think hey it can run containers right to me the main advantage is the scheduler and the api that sits in front of it right that i can define things the state of things and kubernetes can make sure that those things are happening and that's not only applying to our complications but to everything even though applications are beach head for just like head for uh crossplane is infrastructure but not the end goal i think that the same holds true for kubernetes and its api uh applications are only the first step towards total domination of kubernetes api right and those another difference is the the control plane the scheduler that i was talking about uh when you use other tools uh or most of the other tools you execute some command that something happens uh somewhere in the cluster in your infrastructure or whatever you're managing in our case there is a scheduler with the control plane with continuous reconciliation drift detection and all the things that you expect from kubernetes applications so they just applied to everything else right so in my head at least there is a huge difference between i want this to happen now and i want this to continue existing and being in certain state forever and ever or or at least until i change my desire right yeah i think that's really important actually you know if we talk about those terraform workflows right now you know terraform only runs when the user asks it to when that hcl has changed like if i use terraform to spin up an s3 bucket and it finishes and then i go delete the s3 bucket i don't have an s3 bucket anymore where is the cross plane we have in fact because it runs on kubernetes it has that continuous reconciliation it's going to detect the bucket disappeared and then recreate it for me and i think that's almost a superpower to a certain degree like that's that's what i want for my infrastructure right i mean everyone must want that correct i mean think of it like you can reframe it saying that what i what i'm doing with my applications i want that for infrastructure and what we're doing with applications i mean not everybody but we are all moving into into kubernetes domain for if not all workloads but for some right and the same example that you said would be hey if i delete two parts of my deployment in kubernetes those two pots will be recreated because the desired state is to have whatever the number is and we are just applying the same logic on infrastructure and services awesome uh we got a comment from ty martin there saying two of his youtube kubernetes favorites on the same stream uh sorry we are crossing streams i hope that's all right i don't i don't think we're going to cause like a time-space continuum problem or anything let's see there's still time thanks for the kind words hi we really appreciate it thank you all right uh should we show people a little bit of a crossplane sure sorry for this yeah yeah i am let me move the browser so that you don't see uh infinity can you see me now uh let me pop this over to my other scene uh awesome your terminal is now visible you are live take it away okay so uh let's say that i have this definition jk jumbo right i'm going to start simple and then i'm going to complicate things later on now what this does is basically uses kubernetes manifests with custom resources to create something called gk cluster and something called node pool you can probably guess from the names what those things are and it specifies some properties like hey it should run in usc 1 it should have the latest version of the cluster and locations for the node pool are those and some other parameters right so this is this is similar to what you would do with other tools just that we are here talking about yaml and i'm not not using i don't know like pulum it would be go javascript or telephone would be hcl so so far this is more or less this is just uh looks like a different format of something that is very similar to other tools right the major difference is that i can do something like i mean there are many major differences but to begin with this is all kubernetes it's kubernetes api so i can do something like apply uh dash dash file name jk right now i already applied this before i joined this session only so that you don't wait for long uh but basically you need to trust me i applied exactly the same um same command and then from there on i can manage this as uh as if it's a normal kubernetes resource because actually it is a normal kubernetes resource i can say cube cattle get managed which is a catchy talk crossplane type of resource and i can see my resources running you see that actually i prepared it last night the status is you can describe you can do logs you can plug it into whatever you're using for kubernetes today which is another huge thing that i didn't mention before because when you think about it uh apart from obvious uh advantages of kubernetes there is the ecosystem that was i believe never seen before we at least in my career i haven't seen any other platform if you want to call it have such a big ecosystem so i could i could now manage my uh just as a slight differences compared to other tools i can manage my resources with argo cd or flux if i like it ups right i cannot do that with other tools unless they move into kubernetes area i can get metrics from into permit use i can do logging in the way how i'm doing logging in general and do all the stuff that you normally do with kubernetes and as a result i have here a shortcut command you can see if i put it on the different screen you can see that my cluster was created there are three nodes cpus and all the stuff right this is a cluster now running in google now one thing that is very important for us and that's what we call composites so composites allow you to compose infrastructure in a va not infrastructure compose everything infrastructure services applications in a way that they're much easier to manage easier to digest and so on and so forth because this is this was the simplest example that i could uh come up with and this is kind of like okay kind of an average person can understand this somebody who is not a kubernetes ninja or not proficient with google cloud can understand this more or less but let's say that i have uh that i want to create a clustering aws what do they need to do and imagine that i'm a developer right i would need to create an eks cluster i would need a node pool i would need a vpc or a couple of vpcs subnets uh internet gateway and a bunch of other things right it gets complex very very easily now alternative and this is where composites come into play i can do something like this i can say hey how about you create your cluster using something like this definition and now the name of this resource is in this case composite kubernetes cluster this is completely custom this is imagine a situation where an operator or essay or whatever the role is in my company said okay i will create the composition i will create the i will manage the complexity of all that and i will create a completely new resource type in kubernetes just for everybody else and this one says okay i'm going to reference something called cluster google now for now imagine that i'm a developer right i do not know all the details about everything uh so i can select hey i'm going to reference something called cluster google it could be cluster aws actually let me change it why not uh let's do this i'm a developer and say hey i will actually i want to run my cluster in aws cool i want to have small nodes uh i do not know really whether that's uh t2 something or three two t three something or whatever are the all the variations in in aws i want to be as simple as small medium large right i want a specific version or i don't want to specify anything because i trust that whatever is the default makes sense the number of nodes and a few other options right now uh this is something that can be digested by everybody potentially and what what the final outcome is does not depend on me does not depend on cross plane it depends on people in a company who wants to provide services to others so think of this as shift left and i will show you later how how all this how what is happening in a background for something to be as simple as that right so i'm going to save this change and i'm going to do now i'm still a developer i'm going to do cube cattle apply file name and the file is called cluster yamu and that was created right and now i can do something like cube cattle get managed and i should see stuff happening actually i should not watch because there's too much output to fit on my screen so let's do this now behind those 20 lines of gamble i got two i am rolls i got one two three four five uh uh policy attachments a node group a cluster a route table subnets security groups internet gateways vpc node and no okay those two are google from before so i'm going to ignore those right so those are all the things that i should have created if i wanted to manage uh in this case cks cluster in aws and they still did not go crazy right things get more complicated than that in a real world situation now the way how all that happened is that somebody before created something like this definition yamo so that's somebody call it sre right defined a completely new resource type for me and it's called it's calling that resource type we call it composite resource definition or xrd and the name of this new resource is going to be composite cluster composite kubernetes cluster that's the same name that i used previously in a definition when i was pretending to be a developer right and there are some some parameters defined like version node size mean not count those are the same parameters that i used before right so somebody creates a completely new definition of a resource that explains what are the things that teams in a company care about and what are the things that they want to manage like version note size minimum number of nodes whatever those things are and we are going to expose that to them and in and by doing that we are going to shift left we are going to make those teams autonomous that they can manage their own stuff themselves without opening issues in jira and sending it to some other people so making people self-sufficient by exposing them to the level of uh requirements or obstructions that they're comfortable with right some other team might need 57 parameters right it's it's whatever you choose choose it to be so this is a definition of a custom resource custom whatever custom composite resource definition that will that became later on when i applied it to the cluster to the control plane cluster became the custom resource that i used uh before and now comes the madness right uh or different i'm going to show you different levels of madness right implementation of that interface that i just showed you for azure would be this relatively small straightforward you human cannot comprehend it because in azure all you need is an eks cluster and i'm talking minimum because azure can become extremely complex but i'm really talking about the minimum if it's whether they put the gcp like the one that i used before i uh started this session slightly more complicated uh those are all the things you need to define no matter which tool you're you're using more or less and now comes let's say aws the simplest possible i could imagine for aws now let me go to the beginning and show you what i had to do i don't think we have enough time for that i'm afraid ah we don't have enough time to go to the beginning exactly weakest cluster but so on it's a lot of stuff right now what is happening here is this is partly what you would normally see in other tools like hey there are some parameters that you need to supply when you create an eks cluster and version and whatever you need right and then there are patches those are the things that typically would get translated in from what user specified in that jumbo that i started with into um into what is propagated later on uh to this resource type like for example if you look at if you remember i used node size and i said small right and here i'm translating small to t through t3 small and medium to something else and so on and so forth right it's nice that you showed that we actually got a comment from russell in the chat asking how those sizes were mapped or configurable so yeah there you go and you are kind of in control right this is not something that is opinionated vendor specific like we decided that whenever people when they say we outbound decided whenever people want small nodes it will be t3 small right this you're in complete control you as a person necessary let's say you're defining those things and so on and support so all those are defined uh there are some patches that overwrite values depending on user input and they're all grouped together and uh end up uh being something like uh what they showed initially which i believe was this file right so all what i showed you all those hundreds of lines and something from an end user perspective that's what you get right and i'm still using very simple examples normally i would add over there maybe to uh in that cluster to maybe if it's let's say eks cluster maybe i would install some applications like system level applications maybe from mid user would be running there maybe argo cd maybe additional stuff right so it can get much more complicated than that but from end user perspective the interface is whatever you define it to be right and that's what we call compositions and even if somebody doesn't know what that interface is and let's say that whoever created all that stuff did not document it you know no wiki files no readme and stuff like that you can always do something like this explain composite kubernetes cluster and recursive now this requires slight understanding of kubernetes but not really out of this world and you know okay so this is actually what my specification is those are the parameters min not count node size version whatever somebody defined off you go create your own manifests uh be in full control of the things that matter to you and leave the things you don't care about but are still important like subnets to somebody else right so it's a separation of concerns and shifts left in a way at the same time yeah it's nice it's like you know tools like terraform allow you to directly access the api to spin up devices or clusters or node bills etc but composite resources actually allow you to build platforms within these resources and distribute them and share them across your organization correct correct so if i would simplify it greatly you would think of it as being equivalent of hey somebody creates a helm chart and then everybody else can modify uh hum values uh but that that would be only partly true because we are not talking about some properties file we are talking about crossplane creating completely new custom resources that can be used by anybody else yeah we have a question in the chat from lav which aligns directly with my interests so thomaslav asks what about bare metal or on-premise clusters does cross planes support that so i'm not sure about bare metal i would need to check the check it i could check it later and get back to you specifically for that question because uh if you google cross plane contribute contrib i think uh you will see all the contributions right so it really depends on the community uh and if it doesn't support then it's just one pull request away from supporting it right so there is an equinix metal provider for cross play so you can spin up devices and actually the focus of my work for the last six months has been provisioning kubernetes clusters through user data alone and so while there's nothing directly in crossplane provider now in theory you could do something like this as long as there is an api that crossplan can talk to then yes right all right awesome thank you for that and i i think maybe one of your colleagues is joining us in the chat grant has been kindly answering questions as we as we run on uh so thank you all right awesome so that's good to see um i like the way those composite resources are relatively you know not easy but you know right in the ammo is something that we're all getting very comfortable with these days and being able to define them that way is a combination of other resources within crossplane once it's done once you just reuse that as much as possible and you've got this kind of platform provider which is which is pretty sweet exactly it allows you to build your own interfaces right that fits exactly your needs because every organization does this stuff their own little unique way and being able to codify that in a way that is reusable it's something that is often lost and something i've seen in the past is just that each team ends up doing their own implementation their own way and there's all these different variances and then eventually someone wants to do a security audit you're like why are all these things different and like being able to codify it in this way removes that whole class of problem which i think a lot of people need yes especially when you when you run at scale uh i can't tell you how many times i've seen you know whichever tool is used hundreds so and hundreds of files that are doing exactly the same but simply because there is a small variation or simply because the teams do not communicate with each other and so on and so forth right so you want to codify what you explained actually fits the bill very well you want to codify all your knowledge in a way and expose it to an interface that contains things that matter and are not repeatable over and over again exactly all right we've got a couple more comments and questions and so tai says a cross plane with talos or sedero would be pretty sweet i agree big fan of talos and sadero and that would be a nice integration yeah we have a question from andreas is there a way to define more specific validations than just a data type how does it feel if you mistype small other multiple field validations if you mistype small then that then you would see that resource not being created and you would have to go to the resource to describe the resource you know and see in the events like basically with any kubernetes resource so we are this might be important actually to mention we're intentionally not trying to um build things that exist in kubernetes ecosystem right like uh validations are just we're just following what how all the other kubernetes resources are working like or same thing for logging or for metrics or another popular question which i don't know whether it popped up there but uh usually pops up hey can you have conditionals you know if else statements and again we're really trying to avoid those things because there is this part of the ecosystem like hey you need conditionals excellent kind of like there is helm right helm can do those things can can template it and uh so so we are really kind of trying to avoid uh anything that is not really really specific and non-existent if that makes sense it does make sense yes andreas if you want to add anything to that feel free to drop back into the comments but i hope the answer helps so i quite i quite like that um obviously the aws one is is rather massive because although eks is a managed service and it is very far from from managed without tools like eks control uh or something like a composite resource with crossplane um but i love the simplicity of the azure one and the the google one as well like they're so easy for people just to be able to play around with yes i mean give or take right yeah even the simplest one like google becomes complicated over time because it's not really hey i need a cluster no i really need a cluster and i need uh i'm inventing now a database and that cluster cannot be just jk it needs to run something inside so it's always more than a single resource now we can what i'm trying to say is that it almost always gets complex now the levels of complexity depending on providers differ greatly right and uh yes some are some are easier than others can we do something funny or crazy depending on how you would look at it like you've actually provisioned an eks cluster there is that correct yes i can let me let me double check maybe i didn't yet because another interesting thing about aws is the speed with which things are happening the lack of speech you mean you're selling it yeah i don't i don't mind being just pushing it or saying it i think the median time for an ets cluster is around 20 to 25 minutes it is uh so cluster is still not up and running and the node group did not start because it needs to wait for the cluster to be created and this is another thing that i think makes the difference between using a control plane then let's say simple cli right i do not have to specify dependencies normally i would need to say hey node group depends on cluster because you cannot create a node group until cluster is there and that can also get messy in this case we do not i did not specify any dependencies because simply control plane's job is to figure out what to do and repeat if it cannot be done and all this stuff right but yeah you will need to if it's something funny you would need to wait until aws is created or you can tell me whether that's something funny can be done in uh yeah yeah well no what i'm thinking is right like if we've got a couple of subnets there right so and they all say true true for ready and sync now i i just want to show people my favorite thing about crossplane is the continual reconciliation like can we just go delete a subnet from the euro of course of course let's do that uh let me this is my account uh subnets uh okay here we are uh i think that uh let me double check obf is one of them yes do you wanna choose or number one two three uh two there we go okay this one goes out bye bye yeah no it cannot be deleted because okay let's let's do this simpler because i don't want to go into uh uh aws madness of dependencies you know you cannot delete this because it depends on that and that depends on something else let's do this let's go here and delete the note group how does that sound yeah go for it uh if i i hardly ever use the console i don't know how you do stuff in uh from from web you are here delete uh what do we need to do team okay okay it will be deleted eventually and then uh give it a minute or something like that and uh if i didn't mess it up um it should reappear so does that mean that on your cli you could run cube control get node groups oh yeah yeah cubecut will get node not grouped ropes right and right now it's synced soon it will detect when one is deleted i will actually put it watch it right cube cattle get node groups uh at one moment it will uh change sync to false and sorry it will change ready to false uh and uh then it will change ready to true again yeah so that's cross playing this watch is just checking that every one minute four minutes or something like that there's some interval right and the fact that there is i think and don't take me don't take this as brittany stone i think that the default interval is three minutes or something like that just not to bomb providers with requests and uh and it can be changed right you can configure what that interval is that's actually hey look at this ready false while talking and then periodically checks things and make sure that everything is synchronized and all the chess let's see what's happening here it's still deleting man you cannot even oh no there we are it's ready right oh that that's the node inside the node group uh this is uh okay i'm definitely confused with our configuration as i said i'm not using web uis deleting still we'll need to wait for aws to catch up and for that to disappear and then cross playing can maybe go and try and create a new one with the same name so who knows how long that's going to take but um all right cool yeah it's just nice like the fact that it even noticed that it wasn't ready and the fact that it's going to be able to resync and recreate that i just think it's a really cool property of cross plane that we we haven't seen in this type of tool to date until really cross plane came along so just taking it sorry and you go yeah sorry uh that specific thing actually i don't know how far back you go right but we had it with chef and puppet in a different way right he didn't use kubernetes scheduler and all this stuff and i'm not now glorifying chef and puppet because that would be the last thing i would do but some sort of reconciliation loop existed and after that it was lost and uh now we have it again well i mean i preferred salt stacks take on it with its high state and its minion based check-ins but yeah you're right salt chef and puppet did have agent-based setups as well which would on an interval re-run their their recipes and their manifests exactly yeah you're right i was i mean i was just trying to be nice to crossplane but i took it back it's crap i don't like it uh okay so as mean we don't need to sit and watch for that to lean maybe we can check on in a little bit uh was there anything else you wanted to show us or do you want me just to keep throwing random stuff at you uh cool random stuff but i liked it more than me having prepared i mean i have run the money for like a show and run right but uh hey if you have random questions even better oh yeah so let's you know put this on of the lens i mean and i am relatively new to crossplane so i've got this lens anyway but if i want to get started how do i work out what providers are available how do i work out uh you know what i can actually do with crossplane so uh i know that's uh wrong address crossplane io okay um so getting started uh is where you would usually go uh and follow uh follow the instructions uh it has i'll be honest there are things to be improved there but it's a good starting point and regarding providers there are two let's say types of providers uh those that you see actually let me make this bigger those the two and uh let me do this um okay those over here right uh are the providers that are official and uh then there are providers that are not official like um when i say official it's kind of strange but let's say or providers that are exist for a while that are proven to be working that past all the tests and and everything that we expect them to do which does not make them uh perfect and then there is uh what did i want to do now um my keyboard is going crazy cross plane contrib which is where uh everybody else can contribute and eventually things from here will go go to the docks like we recently uh worked with civo folks and got a civil provider right uh and so on and so forth like uh i'm working right now some materials that i will probably publish in in a few days but i use this one provide this sql that allows you to do something with your databases no matter whether where they're running so there's a decent number of providers outside of the official docs uh waiting to go into the docs thanks so there's also a i mean you work for a company called upbound and they've they have a sas offering that allows people to try this out relatively easily is that product yeah you want to share a little bit about that so yeah uh if you go to about cloud you have um you have basically a web ui that allows you to do stuff um and uh let me switch to the one that i'm using today right yes yes i i did everything from the cli uh there we are right and this is the oh come on it will happen right uh you can uh you know you can browse things uh i don't know why it's so slow it's embarrassing uh there we are right look at i don't know what did they do we care something you can see the resources that are of certain name or certain um phrases um you can consult them you can see that all the providers that are having like for example for aws those are all the types of resources or providers that we can use actually the list is bigger because some of them have like multiple things inside like elastic compute has several resources in total and then repositories where you can package your configurations and your code into a container push them there and make it even simpler to use you know users themes security and all the things that usually enterprise companies are looking for looking for and uh we are soon to release a version of this that is uh self-hosted actually actually there are three ways like when you create a new control plane you can have it oh that was too fast i clicked too soon right you can have a control plane hosted by us you can have a control plane self-hosted uh that's crossplane itself and the third option will be what you see on the screen the let's say about cloud to be self-hosted as well it is this is the hosted version is i think especially helpful if you want to just if you just want to start and you don't want to set up kubernetes cluster with crossplane there you just want to play around fast hosted version is is brilliant it just gives you uh in instructions you get instructions actually let's do it right um test one uh i understand create control plane and uh now this takes a few seconds and you get the control plane only for you in a way right and uh all you have to do is execute the command to connect your cube cattle with control plane why do the control planes have a scheduled deletion uh because uh be think of them more as a per a temporary solution for free usage uh if you want to make it permanent then you speak without sales guys i got it okay there you go still 14 days usage to kick the tires across play and play with the providers start building out your composite resources that's enough time to get a feel for it and see if it's right for for you and your organization there's another important thing we're really trying nothing really we're not keeping anything from crossplaying proprietary right there we have things uh on top of it like this uh cloud uh web ui and stuff like that but crosstalk itself that's completely so you you can go for free from day one without really suffering at all all right okay if you're watching and you have any questions then please drop them into the comments section and we'll do our best to answer them before we finish uh so i guess we've got two things like we're going to wait for this well there we go it's already released and i remain we now have our own control a cross plane control plane that we can use and then that just like i'm assuming that just gives you a cube config right or something yeah it goes to your cube config that's that's the whole gist we just need to connect your cube config with this uh this is uh behind the scenes this is a virtual kubernetes cluster in our kubernetes cluster so we are stacking clusters on top of clusters for every user i see i i don't know if you can go into implementation details but i'm curious if it uses vcluster which is a pretty cool tool in this space no we are not for a couple of reasons uh actually to begin with i love vcluster i think it's absolutely brilliant uh uh but we started before we clustered with this or when big cluster was not a thing or popular or what's or not so we have become investment in in when we started i think that there was no real solution like v cluster and uh the guys working on it uh have some security concerns about the cluster actually not security concern the bigger thing is that um now that we built our own solution let's say it is optimized for exactly what it does right but big cluster is more generic uh like in that virtual cluster we're not packaging the whole kubernetes interface and everything but only the things that uh crossplan needs it's highly optimized custom solution but free cluster is awesome i love it all right uh let's let's check on the status of a delete node group i'm curious about that i wonder yeah amazon's copy no come on no relate i need to refresh i'm never sure which parts of the screen are refreshed automatically which are uh okay i'm not sure tell me if i'm on the wrong screen but i think that i'm on the right side you're in the race screen yes that has been recreated or not grip uh active it was deleting so there are two possible explanations either aws gave up on deleting and said i cannot do it and i'm going to make it active again or crossplane detected that there is a drift and the corrected adrift nice what is that what is our get node groups sure get note groups uh here we are that's true okay all right it fixed it that's pretty cool yeah and in fact you can i think the the node group name changed right i i was i did not really pay attention to be honest and even if it did my brain cannot remember those random strings for more than two seconds yeah uh we got a comment and a chat from tai who says that you have some great videos on v cluster and others so yeah i definitely encourage people to check out victor's channel i will put a link into the show notes so you can check that out oh thank you all right we have a question from andreas how do you manage credentials for the providers and how can you restrict usage inside of the control plane so like if they're if i don't want everyone to be able to spin up a jke cluster how would that work so that that's another kind of like you know there are so many differences or advantages depending on how you look at it um so in in in traditional solutions right uh i mean that's that's a wrong word tradition okay another solution let's let's say traditional uh when you interact with let's say aws through let's say cli you the user that is using that cli needs to have access to whatever will be done in aws right so you need to have permissions if you want to create a eks cluster you need to have permissions for that your user needs to be privileged and what's not now in our case uh crossplane itself uh is a let's say privileged user of your provider you as a human running commands you are claiming certain resources in certain namespace uh or you don't have to depends really how you configure it so think of it as um yeah let's uh let's say when you claim volumes in kubernetes right uh kubernetes has information and now can authenticate to create a volume like uh efs or vbs or whatever it is you as a user an admin of that cluster gave you permission to create certain volumes in certain namespaces all right so you need to claim them so uh there are those two distinctions uh what you as a what you as a person do you're interacting with kubernetes and you have permissions to create certain kubernetes resources in certain namespace so i could i'm not going to do that now but uh i could go and say hey there is a namespace row code and in row code you can create let's say resources gk cluster but you i will never give you permissions to create eks cluster right because i don't trust you with aws you've been too negative towards it and uh on top of that and this is now plugging back into the whole idea of leveraging kubernetes ecosystem you can combine whichever arabic you're using in in kubernetes itself let's say with policies like opa or kyvern or whatever you're using and further define things like hey uh joe can uh everybody in this namespace they can create eqs cluster but joe can only do up to three nodes and i know somebody else can create after five no up to five nodes so whatever the rules are right so if you combine kubernetes arabic and policy management with whichever tool you're using i would say that you're getting a level of both simplicity for the end user but also control for others that is really not there with almost anything else that is not kubernetes friendly native let's say yeah that makes a lot of sense you know crossplane is using the kubernetes api so all of these things should be implemented using the kubernetes api yeah yeah it's it's more like kind of you need to think about it differently right you're not the question is not uh about the credentials in aws or whatever you're running the it's about credentials to create or modify or delete specific kubernetes resources for majority of users there is only kubernetes api nothing else all right i hope that helps andreas and if you have anything else drop it into the comments all right victor is there anth now she would like to show us before we start wrapping this up for today no if i got crazy i will i will i'll stay here for a couple of hours and i think that we have a limit yeah i think you know we pushed our luck deleting the node group and seen that coming back so let's let's let's take that as a success and uh yeah kind of as a parting gift right just kind of as a parting gift i will delete the whole cluster and then we'll see whether it will come back come back by the time we wrap up do you think it's going to delete by the time we wrap up uh let's see you know usually those are the moments when i go and watch something on netflix so i never really paid attention no i cannot because not group is attached that's all right i trust you that it works i think we've seen what we wanted to see with the north group you know i think there's the one takeaway for everyone watching here is that one you're interested in crossplanes should definitely be peaked and secondly the continuous reconciliation and working with the kubernetes api which hopefully you're already familiar with brings a lot of super purse to your infrastructure i think it's just a fantastic fantastic product i'm going to pop back over to our big face mode there we go okay it was so strange for me looking at the blank screen all the time you know where my criminal is i don't see your face man this is better yeah definitely uh so you know just as we as we kind of wrap up is there anything that you can share like what are what are cross playing excited about right now what are they what are you working on what's coming soon what challenges are you solved next like just yeah so the the major effort let's say or push right now is towards provider coverage uh we need to get close to 100 for all the all the major use cases right so that's kind of that's not really exciting it's just simply the work you that needs to be done and there will be some very exciting news about that very soon i cannot say the dates you know uh otherwise grant the one that was in comments he is listening on this he's he's the one above me he's he's going to do something bad uh and um so most most of the of uh effort right now is in that and then uh in uh soon for next quarter we are going to have some very exciting exciting announcements but i don't want to share it yet so boring stuff provide the coverage boring stuff all right okay well yeah that that's cool it's nice that you know the provider ecosystem has been expanded on and elaborated on i think it's just going to open up a lot more doors to people that want to use crossplane uh we got a thank you from russell in the chat so thank you russell yeah all right well we have no more questions what we're getting we're getting a few more thanks people are telling us to leave now i think that's what that means when they start saying thank you victor thank you so much for joining me today uh really cool demos to see composite resources providing essentially an abstraction or a platform that doesn't really matter what the underlying infrastructure is and i think that's a really cool thing for people to take away that you can build these schematics for what a platform means in your organization and use that kubernetes api to show them um very very cool all right uh have any any last words before before i push the button try it out and if you get confused then ping me on twitter or linkedin or whatever find me somewhere yeah thanks for watching i hope you did like somebody in kubernetes or cncf google me and i'll help you out all right well thank you again victor have a wonderful day and i'll speak to you again soon have a good one bye [Music] [Applause] thank you for watching [Music] you

Info

Channel: Rawkode Academy

Views: 461

Rating: 5 out of 5

Keywords:

Id: tz698kZByyw

Channel Id: undefined

Length: 55min 34sec (3334 seconds)

Published: Wed Sep 08 2021