Edit on GitHub
Providers extend Crossplane to enable infrastructure resource provisioning. In order to provision a resource, a Custom Resource Definition (CRD) needs to be registered in your Kubernetes cluster and its controller should be watching the Custom Resources those CRDs define. Provider packages contain many Custom Resource Definitions and their controllers.
Here is the list of current providers:
The core Crossplane controller can install provider controllers and CRDs for you
through its own provider packaging mechanism, which is triggered by the
application of a Provider resource. For example, in order to request
installation of the provider-aws package, apply the following resource to the
cluster where Crossplane is running:
apiVersion: pkg.crossplane.io/v1beta1
kind: Provider
metadata:
name: provider-aws
spec:
package: crossplane/provider-aws:master"
The field spec.package is where you refer to the container image of the
provider. Crossplane Package Manager will unpack that container, register CRDs
and set up necessary RBAC rules and then start the controllers.
There are a few other ways to to trigger the installation of provider packages:
helm install command: --set
provider.packages={crossplane/provider-aws:master}.kubectl crossplane install provider
crossplane/provider-aws:masterYou can uninstall a provider by deleting the ClusterPackageInstall resource
you’ve created.
In order to authenticate with the external provider API, the provider
controllers need to have access to credentials. It could be an IAM User for AWS,
a Service Account for GCP or a Service Principal for Azure. Every provider has a
type called ProviderConfig that has information about how to authenticate to
the provider API. An example ProviderConfig resource for AWS looks like the
following:
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
name: aws-provider
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: aws-creds
key: key
You can see that there is a reference to a key in a specific Secret. The value
of that key should contain the credentials that the controller will use. The
documentation of each provider should give you an idea of how that credentials
blob should look like. See Getting Started guide for more
details.
The following is an example usage of Azure ProviderConfig, referenced by a
RDSInstance:
apiVersion: database.aws.crossplane.io/v1beta1
kind: RDSInstance
metadata:
name: prod-sql
spec:
providerConfigRef: prod-acc
...
The AWS provider controller will use that provider for this instance of
RDSInstance. Since every resource has its own reference to a ProviderConfig,
you can have multiple ProviderConfig resources in your cluster referenced by
different resources. When no providerConfigRef is specified, the RDSInstance
will attempt to use a ProviderConfig named default.
© Crossplane Authors 2020. Documentation distributed under CC-BY-4.0.
© 2020 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.