0:54 Welcome and Introduction

0:54 Hello, and welcome to today's episode of Rawkode Live at the Rawkode Academy. I am, of course, your host, Rawkode. Today, we are taking a look at Crossplane. But before we do that, there's a little bit of housekeeping. First, please remember to subscribe to the channel, click the bell, get notifications for all new episodes, and remember to thumb the video, share it, comment, get involved. If you wanna support the channel, there are various membership options available. You can check them out on the YouTube page where we have some live courses currently in flight looking at InfluxDB.

1:07 Channel Housekeeping

1:27 Also, we have a rather active Discord server available at Rawkode.chat. There's nearly 600 of us on there now talking all things cloud native, Kubernetes, EBPF, and everything in between. So come say hello and I look forward to meeting you. Today's session is about Crossplane. And I am fortunate to be joined by a developer advocate at Upbound, the maintainers of the Crossplane project, Victor Farsek. Hey, man. How are you? Oh, very good. Thank you for caring me. No. It's it's it's my pleasure. It's it's really nice to be get to do something together. I've enjoyed your your DevOps channel onto YouTube

1:41 Introducing the Guest: Victor Farcic

2:02 for a while, so it's nice to have you come over here and join us and say hello. For anyone that's not familiar, could you do yourself a little bit of an introduction and tell us who you are? Sure. So my name is Victor Farcic. I currently work in Upbound, company behind Crossplane or the main contributor to Crossplane, and I'm a developer advocate. Now in the past, I did basically everything because my career can be qualified as Victor gets bored within a year, and then it changes what he does. And that change is either within a company, and then it ultimately I

2:41 I reach a point where the the the there were no there are no more things to do in a company than I changed the company. Right? So I've been tech lead, programmer, I mean, developer, tester, lead, product something, whatever, everything, basically. Nice. And now I I've been outbound mostly because I've been following and using Crossplane for at least a year before I joined. And then I innovate, told about guys kind of like, you should employ me. I like this product. I think that's great that you found a product that you liked and then just was

3:20 like, yeah. I should go work there. Like, that I mean, that's how you take your your interest and your passion and apply it in a really great way. So nice work. Thank you. We got a hello from Russell who is loving your energy. So thanks you for that. Thank you, Russell. And Thomas Lav from Croatia says, I guess. Oh, Thomas Lavie. There we go. Nice. Alright. So why don't we we mentioned this to you, so now everyone knows exactly who you are. But maybe people are not familiar with Crossplane. You wanna give us what what's the elevator

3:44 What is Crossplane?

3:55 pitch? What what is Crossplane? Controlplane for everything. I'm not sure whether that's official picture or whether that's on the website, but that's how I would explain it. Right? And so think of it this way. Right? When we manage infrastructure services and whatnot, we are all almost always using CLIs, right, directly or indirectly. You without naming products, you execute some command in some CLI, and that CLI talks with an API, which can be AWS, Azure, Google, Alibaba, Kubernetes, whatever it is. Right? And what people do not really, I I I believe, comprehend completely is that behind that

4:38 API, there is always a cross play. Sorry. There is always a control play. Now everybody knows control play. That's Kubernetes. Right? We know control play from there. But there is a control play behind the API in AWS. There is a control play behind literally any any cloud vendor, right, at least those that I know. Now what we are trying to do is create a control plane to manage all those control planes. So because we feel that there is a strong need for those things to be open source, and there is a lot of confusion about not confusion, but complications. Right? I need

5:17 to do something in Kubernetes. I need to do something in AWS, and then I need to jump into Azure and then maybe some on prem and so on and so forth. And the major difference why control plane is important for everything be seen in Kubernetes. Right? We we are we are moving away from the idea that I should execute a command to create something. It doesn't matter which tool they're using, right, or to update something and so on and so forth. We are now deeply into the era where all those things are managed by control planes because they're doing more than responding

5:55 to commands, like, something. Right? It's more like continuously monitoring the state of the the actual state of something, comparing it with the currents with the desired state, and making sure that all those things are happening all the time. Independently of which order we put things, how we define as long as we define the desired state, planes are managing those desired states. Right? And that's simply that's happening already right now. Whether you know it or no, it's just that we are trying to kind of create an open standard for control plane that will manage everything, give or take. Right?

6:38 Nice. So I guess, you know, a lot of people now they know who you are, they know what Crossplane is, but they may wanna compare it to other tools that are on the market. Is it fair to say that Crossplane fits in that same space as Terraform, Pulumi? Is it different enough from them that you think it comes into a new space? And what would some of those differences be? So to begin with, currently, it is in the same space as our, let's say, entry point pitch head for Crossplane is is infrastructure, but we are definitely not aiming infrastructure

6:39 Crossplane vs. Terraform/Pulumi (The Role of the Control Plane)

7:15 being the the only thing that Crossplane manages, and and it's not. So the scope is different. And on top of that, it's the API is different as well because one of the things that are very important to us is that there is a single API to manage things. And when I say single API, I'm not now talking about Crossplane. I'm talking about Kubernetes API. Yeah. I believe that Kubernetes but people ask me kind of, what is the main advantage of Kubernetes? Usually, people think, hey. It can run containers. Right? To me, the main advantage is the scheduler and the

7:54 API that sits in front of it. Right? That I can define things, the state of things, and Kubernetes can make sure that those things are happening. And that's not only applying to our to applications, but to everything. Even though applications are beachhead for just like beachhead for Crossplane is infrastructure, but not the end goal, I think that the same holds true for Kubernetes and its API. Applications are only the first step towards total domination of Kubernetes API. Right? And those another difference is the the control plane, the scheduler that I was talking about. When you use other tools

8:38 or most of the other tools, you execute some command and something happens Yep. Somewhere in the cluster or in your infrastructure or whatever you're managing. In our case, there is a scheduler with the control plane, with reco continuous reconciliation, drift detection, and all the things that you expect from Kubernetes applications. So they just apply to everything else. Right? So the in my head, at least, there is a huge difference between I want this to happen now, and I want this to continue existing and being in certain state forever and ever or or at least until

9:15 I change my desire. Right? Yeah. I think that's really important, You know, if we talk about those Terraform workflows right now, you know, Terraform only runs when the user asks it to, when the HCL has changed. Like, if I use Terraform to spin up an s three bucket and it finishes and then I go delete the S3 bucket, I don't have an S3 bucket anymore. Is the Crossplane? Have in fact, because it runs on Kubernetes, it has that continuous reconciliation. It's gonna detect the bucket disappeared and then recreate it for me. And I think that's

9:49 almost a superpower to a certain degree. Like, that's that's what I want for my infrastructure. Right? I mean, everyone must want that. Correct. I mean, think of it like you can reframe it saying that what I what I'm doing with my applications, want that for infrastructure. And what we're doing with applications I mean, not everybody, but we are all moving into into Kubernetes domain for, if not all workloads, but for some. Right? And the same example that you said would be, hey. If I delete two pods of my deployment in Kubernetes, those two pods will be recreated because the

10:24 desired state is to have whatever the number is. And we are just applying the same logic on infrastructure and services. Awesome. We got a comment from Tim Martin there saying two of his YouTube Kubernetes favorites on the same stream. Sorry. We are crossing streams. I hope that's alright. I don't I don't think we're gonna cause, like, a a time space continuum problem or anything. Let's see. It's still time. Thanks for the kind words, Ty. We really appreciate it. Thank you. Alright. Shall we show people a little bit of a Crossplane? Sure. Are we ready for this? Yeah. Yeah.

10:56 Live Demo - Simple Resource (GKE Cluster)

11:02 I am. Let me move the browser so that you don't see infinite can you see me now? Let me pop this over to my other scene. Awesome. Your terminal is now visible. You are live. Take it away. Okay. So let's say that I have this definition, GKE YAML. Right? I'm going to start simple, and then I'm going to complicate things later on. Now what this does is basically uses Kubernetes manifest with custom resources to create something called GKE cluster and something called node pool. You can probably guess from the names what those things are, and it specifies some properties like, hey. It

11:45 should run-in US East 1. It should have the latest version of the cluster. And locations for the node pool are those and some other parameters. Right? So this is this is similar to what you would do with other tools, just that we are here talking about YAML, and I'm not not using, I don't know, like, Pulumi, it would be Go, JavaScript, or TerraForm would be RCL. So so far, this is more or less this is just looks like a different format of something that is very similar to other tools. Right? The major difference is that I

12:19 can do something like I mean, there are many, the major differences. But to begin with, this is all Kubernetes. It's Kubernetes API. So I can do something like apply dash dash file name, JK. Right? Now I already applied this before I joined the session, only so that you don't wait for long. But, basically, you need to trust me. I applied exactly the same same command. And then from there on, I can manage this as as if it's a normal Kubernetes resource because, actually, it is a normal Kubernetes resource. I can say, cube capital gets managed,

12:54 which is a catch it all crossplane type of resource, and I can see my resource is running. You see that, actually, I prepared it last night. The status is you can describe. You can do logs. You can plug it into whatever you're using for Kubernetes today, which is another huge thing that I didn't mention before. Because you think about it, apart from obvious advantages of Kubernetes, there is the ecosystem that was, I believe, never seen before. We at least in my career, I haven't seen any other platform, if you wanna call it, have such a big ecosystem.

13:35 So I could I could now manage my just as a as a slight differences compared to other tools, I could manage my resources with Argo CD or Flux if I like GitOps. Right? I cannot do that with the other tools unless they move into Kubernetes area. I can get metrics from into Prometheus. I can do logging in the way how I'm doing logging in general and do all the stuff that you normally do with Kubernetes. And as a result, I have here a short of command. You can see if I put it on the different screen, you can see that my

14:12 cluster was created. There are three nodes, CPUs, and all the stuff. Right? This is a cluster now running in Google. Now one thing that is very important for us, and that's what we call composites. So composites allow you to compose infrastructure in a not not infrastructure. Compose everything. Infrastructure services applications in a way that they're much easier to manage, easier to digest, and so on and so forth. Because this is this was the simplest example that I could come up with. And this is kind of like, okay. Kind of an average person can understand this. Somebody

14:22 Introducing Composite Resources (XRs/XRDs)

14:56 who is not a Kubernetes ninja or not not proficient with the Google Cloud can understand this more or less. But let's say that I have that I want to create a cluster in AWS. What would I need to do? And imagine that I'm a developer. Right? I would need to create an EKS cluster. I would need a node pool. I would need a VPC or a couple of VPCs, subnets, Internet gateway, and a bunch of other things. Right? It gets complex very, very easily. Now alternative, and this is where composites come into play, I can do something like this. I can

15:31 Live Demo - Composite Kubernetes Cluster

15:31 say, hey. How about you create your cluster using something like this definition? And now the name of the this resource is, in this case, composite Kubernetes cluster. This is completely custom. This is imagine a situation where an operator or SRE or whatever the role is in my company said, okay. I will create the composition. I will create the I will manage the complexity of all that, and I will create a completely new resource type in Kubernetes just for everybody else. And this one says, okay. I'm going to reference something called cluster Google. Now for now,

16:07 imagine that I'm a developer. Right? I do not know all the details about everything. So I can select, hey. I'm going to reference something called cluster Google. It could be cluster AWS. Actually, let me change it. Why not? Let's do this. I'm a developer and say, hey. I will actually I want to run my cluster in AWS. Cool. I want to have small nodes. I do not know really whether that's t two something or t two t three something or whatever are the older variations in in AWS, I want to be as simple as small,

16:49 medium, large. Right? I want a specific version, or I don't want to specify anything because I trust that whatever is the default makes sense, the number of nodes, and a few other options. Right? Now this is something that can be digested by everybody potentially. And what what the final outcome is does not depend on me, does not depend on Crossplane. It depends on people in a company who wants to provide services to others. So think of this as shift left, and I will show you later how how all this how what is happening in the background for

17:29 something to be as simple as that. Right? So I'm going to save this change, and I'm going to do now I'm still a developer. I'm going to do kubectl apply dash dash file name, and the file is called cluster YAML, and that was created. Right? And now I can do something like kubectl get managed, and I should see stuff happening. Actually, I should not watch because there's too much output to fit on my screen. So let's do this. Now behind those 20 lines of YAML, I got two IAM roles. I got one, two, three, four, five

18:15 policy attachments, a node group, a cluster, a route table, subnets, security groups, Internet gateways, VPC, node, and the okay. Those two are Google from before, so I'm going to ignore those. Right? So those are all the things that I should have created if I wanted to manage, in this case, CKS cluster in AWS. And I still did not go crazy. Right? Things get more complicated than that in a real world situation. Now the bakehow all that happened is that somebody before created something like this, definition YAML. So that's somebody. Call it SRE. Right? Defined a completely new resource type for me, and

18:50 Anatomy of a Composition (Mapping Parameters, Provider Complexity)

19:02 it's call it's calling that resource type we call it composite resource definition or XRD. And the name of this new resource is going to be composite cluster composite Kubernetes cluster. That's the same name that I used previously in a definition when I was pretending to be a developer. Right? And there are some some parameters defined, like version, note size, min note count. Those are the same parameters that I used before. Right? So somebody creates a completely new definition of a resource that explains what are the things that teams in a company care about and what are the things that

19:45 they want to manage, like version, node size, minimum number of nodes, whatever those things are. And we are going to expose that to them. And and and by doing that, we are going to shift left. We are going to make those teams autonomous so they can manage their own stuff themselves without opening issues in Jira and sending it to some other people. So making people self sufficient by exposing them to the level of requirements or obstructions that they're comfortable with. Right? Some other team might need 57 parameters. Right? It's it's whatever you choose choose it to be.

20:23 So this is a definition of custom resource custom what is it? Custom composite resource definition that will that became later on when I applied it to the cluster to the control plane cluster became the custom resource that I used before. And now comes the madness. Right? Or different I'm going to show you different levels of madness. Right? Implementation of that interface that I just showed you for Azure would be this. Relatively small, straightforward. You human cannot comprehend it because in Azure, all you need is an EKS cluster. And I'm talking minimum because Azure can become extremely

21:07 complex, but I'm really talking about the minimum. If it's where did I put it? GCP, like the one that I used before I started the this session, slightly more complicated. Those are all the things you need to define no matter which tool you're you're using more or less. And now comes, let's say, AWS. The simplest possible I could imagine for AWS. Now let me go to the beginning and show you what I had to do. I don't think we have enough time for that, I'm afraid. We don't have enough time to go to the beginning of that. Exactly.

21:44 Leakers, cluster, so on. It's a lot of stuff. Right? Now what is happening here is this is partly what you would normally see in other tools. Like, hey. There are some parameters that you need to supply when you create an EKS cluster and version and whatever you need. Right? And then there are patches. Those are the things that typically would get translated in from what user specified in that YAML that I started with into into what is propagated later on to this resource type. Like, for example, if you look at if you remember, I used node size

22:24 and I said small. Right? And here, I am translating small to t two t t three small and medium to something else and so on and so forth. Right? It's nice that you showed that. We actually got a comment from Russell in the chat asking how those sizes were mapped or configurable. So Yeah. There you go. And you are kind of in control. Right? This is not something that is opinionated vendor specific. Like, we decided that whenever people when I say we, outbound decided whenever people want small nodes, it will be t three small. Right? This you are in complete control.

22:57 You as a person, necessarily, let's say, you're defining those things and so on and so forth. So all those are defined. There are some patches that overwrite values depending on user input, and they're all grouped together and end up being something like what they showed initially, which I believe was this file. Right? So all what I showed you, the all those hundreds of lines and something from an end user perspective, that's what you get. Right? And I'm still using very simple examples. Normally, I would add over there maybe to in that cluster, to maybe if it's, let's say, EKS cluster, maybe I

23:40 would install some applications, like system level applications, maybe from mid use, who would be running there, maybe ArgoCity, maybe additional stuff. Right? So it can get much more complicated than that. But from end user perspective, the interface is whatever you define it to be. Right? And that's what we call compositions. And even if somebody doesn't know what that interface is and let's say that whomever created all that stuff did not document it. You know? No Wiki files, no readmess, and stuff like that. You can always do something like this. Explain composite Kubernetes cluster and recursive.

24:18 Now this requires slight understanding of Kubernetes, but not really out of this world. And you know okay. So this is actually what my specification is. Those are the parameters, bin node count, node size, version, whatever somebody defined. Off you go. Create your own manifest. Be in full control of the things that matter to you and leave the things you don't care about but are still important, like, somebody else. Right? So it's separation of concerns and shift left in a way at the same time. Yeah. It's nice. It's like, you know, tools like Terraform allow you to directly access the

24:52 Platform Building with Composites (Abstraction, Consistency)

24:57 API to spin up devices or clusters or node builds, etcetera. But composite resources actually allow you to build platforms within these resources and distribute them and share them across your organization. Correct. Correct. So if I would simplify it greatly, you would think of it as being equivalent of, Somebody creates a Helm chart, and then everybody else can modify Helm values. But that that would be only partly true because we are not talking about some properties file. We are talking about Crossplane creating completely new custom resources that can be used by anybody else. Yeah. We have a a question in the chat

25:40 from Thomas Lav, which aligns directly with my interests. So Thomas Lav asks, what about bare metal or on premise clusters? Crossplane support that? So I'm not sure about bare metal. I would need to check the check it. I could check it later and get back to you specifically for that question because if the Google Crossplane contribute contribute, I think, you will see all the contributions. Right? So it really depends on the community. And if it doesn't support, then it's just one pull request away from supporting it. Right? So there there is an Equinix metal provider

26:20 for Crossplane, so you can spin up devices. And, actually, the focus of my work for the last six months has been provisioning Kubernetes clusters through user data alone. So while there's nothing directing Crossplane provider now, in theory, you could do something like this. So I mean, as long as there is an API that Crossplane can talk to, then yes. Right? Alright. Awesome. Thank you for that. And I I think maybe one of your colleagues has joined us in the chat. Grant has been kindly answering questions as we as we run along at. So Thank you.

26:59 Alright. Awesome. So that's good to see. I like the way those composite resources are relatively, you know, not easy, but, you know, writing the ammo is something that we're all getting very comfortable with these days. And they've been able to define them that way as a combination of other resources within Crossplane. Once it's done once, you just reuse that as much as possible, and you've you've got this kind of platform provider, which is which is pretty sweet. Exactly. It allows you to build your own interfaces, right, that fits exactly Yeah. Your needs. Because every every organization does

27:34 this stuff their own little unique way and being able to codify that in a way that is reusable is something that is often lost. It's something I've seen in the past. It's just that each team ends up doing their own implementation, their own way, and there's all these different variances. And then eventually, someone wants to do a security audit. You're like, why are all these things different? And, like, being able to codify it in this way removes that whole class of problem, which I think a lot of people need. Yes. Especially when you when you run at

28:02 scale. I can't tell you how many times I've seen, you know, whichever tool is used, hundreds so and hundreds of files that are doing exactly the same, but simply because there is a small variation or simply because the teams do not communicate with each other and so on and so forth. Right? So you want to codify what you explained actually fits the bill very well. You want to codify all your knowledge in a way and expose it to an interface that contains things that matter and are not repeatable all over and over again. Exactly. Alright. We've got a couple more comments and

28:38 questions. So Ty says a Crossplane with Talos or Sudero would be pretty sweet. I agree. Big fan of Talos and Sudero, and that would be a nice integration. Yeah. We have a question from Andreas. Is there a way to define a more specific validations than just the data type? How does it feel if you mistype small after multiple field validations? If you mistype small, then that then you would see that resource not being created, and you would have to go to the resource to describe the resource, you know, and see in the events, like, basically, with any Kubernetes resource.

28:52 Q&A: Bare Metal, Validations, Conditionals

29:19 So we we are this might be important, actually, to mention. We are intentionally not trying to build things that exist in Kubernetes ecosystem. Right? Like, validations are just we are just following what how all the other Kubernetes resources are working, like or same thing for logging or for metrics. Or another popular question, which I don't know whether it popped up there, but usually pops up. Hey. Can you have conditionals? You know, if else statements. And, again, we are really trying to avoid those things because there is this part of the ecosystem. Like, hey. You need conditional. It's excellent. Kind of

30:01 like there is Helm. Right? Helm can do those things. Can can can can template it. And so so we are really kind of trying to avoid anything that is is not really, really specific and nonexistent, if that makes sense. It does make sense. Yes. Andreas, if you wanna add anything to that, feel free to drop back into the comments, but I hope the answer helps. So I quite I quite like that. Obviously, the AWS one is is is rather massive because although ETS is a managed service, it is very far from from managed without tools like ETS

30:38 control or something like a composite resource with Crossplane. But I love the simplicity of the Azure one and the the Google one as well. Like, they're so easy for people just to be able to play around with. Yes. I mean, give or take. Right? Even the simplest one like Google becomes complicated over time because it's not really, hey. I need a cluster. No. I really need a cluster, and I need I'm inventing now a database, and that cluster cannot be just JKE. It needs to run something inside. So it's it's always more than a single

31:11 resource. Now they can what I'm trying to say is that it almost always gets complex. Now the levels of complexity depending on providers differ greatly. Right? Mhmm. And, yes, some are some are easier than others. Alright. Can can we do something funny or crazy depending on how you would look at it? Like, you've you've actually provisioned an EKS cluster there. Is that correct? Mhmm. Yes. I can let me let me double check. Maybe I didn't yet. Because another interesting thing about AWS is the speed with which things are happening. The lack of speed, you mean?

31:28 Live Demo - Drift Detection (Deleting Node Group)

31:50 You said it. Yeah. I don't I don't mind being biased on your stream. Pushing it towards saying it. I think the median time for an ETS cluster is around twenty to twenty five minutes. It is. So cluster is still not up and running, and the node group did not start because it needs to wait for the cluster to be created. And this is another thing that I think makes a difference between using a control plane than, let's say, simple CLI. Right? I do not have to specify dependencies. Normally, I would need to say, hey. Node

32:24 group depends on cluster because you cannot create a node group until cluster is there, and that can also get messy. In this case, we do not I did not specify any dependencies because simply control plane's job is to figure out what to do and repeat if it cannot be done and all that stuff. Right? Mhmm. But, yeah, you will need to if it's something funny, you would need to wait until AWS is created, or you can tell me whether that's something funny can be done in Yeah. We yeah. Well, no. What I'm thinking is, right, we've

32:56 we've got a couple of subnets there. Right? So and they all say true true for ready and synced. Now I I just wanna show people what my favorite thing about Crossplane is the continual reconciliation. Like, can we just go delete a subnet from the UI? Of course. Of course. Let's do that. Let me this is my account. Submits. Okay. Here we are. I think that let me double check. OBF is one of them. Yes. Do you wanna choose or number? One to three. Two. There we go. Okay. This one goes out. Bye bye, Submit. Yeah.

33:46 No. It cannot be deleted because Oh, I just got a reference back. Okay. Let's let's do this simpler because I I don't wanna go into AWS badness of dependencies. You know, you cannot delete this because it depends on that, and that depends on something else. Let's do this. Let's go here and delete the node group. How does that sound? Yeah. Go for If I I hardly ever use the console. I don't know how how you do stuff in from from web UI. Here. Delete. What do I need to do? Team. Okay. Okay. It will be deleted eventually, and then

34:37 give it a minute or something like that. And if I didn't mess it up, it should reappear. So does that mean that on your CLI, you could run kubectl get node groups? Oh, yeah. Yeah. Kubectl get node node groups. Right? And right now, it's synced. Soon, it will detect when when it's deleted. I I will actually put it watch it. Right? Get node groups. At one moment, it will change sync to false and sorry. It will change ready to false, and then it will change ready to true again. Yeah. So that's Crossplane as what it's just checking that every

35:28 one minute, four minutes, something like that. There's some interval, right, of the factory There is I think and it don't take me that's don't take this as pretty in stone. I think that the default interval is three minutes or something like that just not to bomb providers with requests. And and it can be changed. Right? You can configure what that interval is. That's hey. Look at this. Ready false Yep. While talking. And then periodically checks things and make sure that everything is synchronized and all the chess. Let's see what's happening here. It's still deleting. Man, you cannot even oh, no. There we

36:09 are. It's ready. Nice. That's oh, that that's the node inside the node group. This is okay. I'm definitely confused with configuration. As I said, I'm not using web UIs. Deleting still might be That we'll need to wait for AWS to catch up for that to to to disappear, and then Crossplane can maybe go and try and create a new one with the same name. So who knows how long that's gonna take? But alright. Cool. Yeah. It's just nice. Like, the fact that it even noticed that it wasn't ready and the fact that it's gonna be

36:43 able to resync and recreate that, I just think it's a really cool property of Crossplane that we we haven't seen in this type of tool to date until really Crossplane came along. So just taking it sorry. On you go. Yeah. Sorry. That specific thing, actually, I don't know how far back you go. Right? But we had it with Chef and Puppet in a different way. Right? It didn't use Kubernetes scheduler and all this stuff, and I'm not now glorifying Chef and Puppet because that would be the last thing I would do. But some sort of reconciliation loop existed, and

37:15 after that, it was lost. And now we have it again. Well, I mean, I preferred SaltStack's take on it with its high state and its minion based check ins. But, yeah, you're right. Salt, Chef, and Puppet did have agent based setups as well, which would, on an interval, rerun their their recipes and their manifests. Exactly. Yeah. You're right. I was I mean, I was just trying to be nice to Crossplane, but I take it back. It's crap. I don't like it. Okay. So, I mean, we don't need to sit and watch for that, Deline. Maybe we can

37:49 check on it a little bit. Was there anything else you wanted to show us, or do want me just to keep throwing random stuff at you? Go random stuff. I like that more than me having prepared. I mean, I have random money if can show and run. Right? But, hey, if you have random questions, even better. Oh, yeah. So let's, you know, put this on of the lens. I mean and I am relatively new to Crossplane, I've got this lens anyway. But if I wanna get started, how do I work out what providers are available? How

38:15 do I work out, you know, what I can actually do with Crossplane? So no. No. That's wrong address. Crossplane IO. Okay. So getting started is where you would usually go and follow follow the instructions. It has I'll be honest. There are things to be improved there, but it's a good starting point. And regarding providers, there are two, let's say, types of providers. Those that you see actually, let me make this bigger. Those that you and let me do this. Okay. Those over here, right, are the providers that are official. And then there are providers that are not official.

38:20 Finding Providers & Upbound Cloud

39:11 Like, when I when I say official, it's kind of strange. But let's say, providers that are exist for a while, that are proven to be working, that passed all the tests and and everything that we expect them to do, which does not make them perfect. And then there is what did I want to do now? My keyboard is going crazy. Crossplane contrib, which is where everybody else can contribute. And, eventually, things from here will go go to the docs. Like, we recently worked with Civo folks and got a Civo provider, right, And so on and so forth. Like,

39:58 I'm working right now on some materials that I will probably publish in in a few days, but I use this one, provide us SQL that allows you to do something with your databases no matter where the where they're running. So there is a decent number of providers outside of the official docs waiting to go into the docs. Thanks. So there's also a I mean, you work for a company called Upbound, and they've they have a SaaS offering that allows people to try this out relatively easily. Is that Correct. Yeah. Wanna share a little bit about that?

40:36 So, yeah, if you go to Upbound Cloud, you have you have basically a web UI that allows you to do stuff. And let me switch to the one that I'm using today. Oh, so you're you're using outbound cloud today. Right? Yes. Yes. I I I did everything from the CLI. There we are. Right? And this is the oh, come on. It will happen. Right? You can't, you know, you can browse things. I don't know why it's so slow. It's embarrassing. There we are. Right? Look. I don't know. What did they do? We get something. You

41:19 can see the resources that are of certain name or certain phrases. You can consult them. You can see that all the providers that are having like, for example, for AWS, those are all the types of resources or providers that we can use. Actually, the list is bigger because some of them have, like, multiple things inside. Like, Elastic Compute has seven resources in total. And then repositories where you can package your configurations and your code into a container, push them there, and make it even simpler to use, you know, users, teams, security, and all the things that usually enterprise

42:03 companies are looking for looking for. And we are soon to release a version of this that is self hosted. Actually, actually, there are three ways. Like, when you create a new control plane, you can have it oh, that was too fast. I clicked too soon. Right? You can have a control plane hosted by us. You can have a control plane self hosted. That's Crossplane itself. And the third option will be what you see on the screen, the let's say, cloud to be self hosted as well. It is this is the hosted version is, I think, especially helpful if you wanna just

42:44 if you just want to start and you don't want to set up Kubernetes cluster with Crossplane there, you just want to play around fast, hosted version is is brilliant. It just gives you instructions. You get distraction. Actually, let's do it. Right? Test one. I understand. Create control plane. And now this takes a few seconds, and you get the control plane only for you in a way. Right? And all you have to do is execute the command to connect your KubeCuttle with control plane. Why do the control planes have a scheduled deletion? Because we think of them more as a temporary

43:27 solution for free usage. If you want to make it permanent, then you speak without sales guys. I got it. Okay. There you go. Still fourteen days usage to kick the tires across, play and play with the providers, start building out your composite resources. That's that's enough time to get a feel for it and see if it's right for for you and your organization. There's another important thing we're really trying. Nothing really we are not keeping anything from Crossplane proprietary. Right? We have we have things on top of it like this cloud, web UI, stuff like that, but Crossplane itself,

44:01 that's completely so you you can go for free from day one without really suffering at all. Alright. Okay. If you're watching and you have any questions, then please drop them into the comment section and we'll do our best to answer them before we finish. So I guess we've got two things. Right? We're gonna wait for this oh, there we go. It's already ready, so never mind. We now have our own control Crossplane control plane that we can use. And that just I I'm assuming that just gives you a KubeConfig, right, or something like It goes to your

44:33 KubeConfig. That's that's the whole gist. We just need to connect your KubeConfig with this. This is behind the scenes, this is a virtual Kubernetes cluster in our Kubernetes cluster. So we are stacking clusters on top of clusters for every user. I see. I I don't know if you can go into implementation details, but I'm curious if it uses vCluster, which is a pretty cool tool in this space. No. We are not for a couple of reasons. Actually, I'll to begin with, I love vCluster. I think it's absolutely brilliant. But we started before vCluster with this or when vCluster was

45:10 not a thing or popular or whatnot. So we have we have investment in in when we started, I think that there was no real solution like vCluster. And the guys working on it have some security concerns about vCluster. Actually, not security concern. The bigger thing is that now that we built our own solution, let's say, it is optimized for exactly what it does. Right? While vCluster is more generic. Like, in that virtual cluster, we are not packaging the whole Kubernetes interface and everything, but only the things that Crossplane needs. It's highly optimized custom solution. But big cluster is awesome. I love it.

45:51 Alright. Let's let's check on the status of our delete node group. I'm curious about that. Wonder if Amazon's caught up yet. No. Come on, Adam. No. No. I I need to refresh. I'm never sure which parts of the screen are refreshed automatically and which okay. I I'm not sure. Tell me if I'm on a wrong screen, but I think that I'm on the right screen. You're on the right screen. Yes. That has been recreated to our node group. Active. It was deleting. So there are two possible explanations. Either AWS gave up on deleting and said, I cannot do it, and I'm

46:27 gonna make it active again. Or Crossplane detected that the there is a drift and corrected the drift. Nice. What is our It's the latter. What does our get node groups show? Get node groups, here we are. Yes. Sure. Okay. Alright. I fixed it. That's pretty cool. Yeah. And in fact, you can I think the the node group name changed? Right? I I was I I did not really pay attention, to be honest. And even if it did, my brain cannot remember those random strings for more than two seconds. Yeah. We got a a comment and a chat

47:04 from Ty who says that you have some great videos on vCluster and others. So, yeah, I definitely encourage people to check out Victor's channel. I will put a link into the show notes so you can check that out. Oh, thank you. Alright. We have a question from Andres. How do you manage credentials for the providers, and how can you restrict usage inside of the control plane? So, like, if there if I don't want everyone to be able to spin up a JKE cluster, how would that work? So that that's another kind of like you know, there there are so

47:20 Q&A: Credentials & Access Control

47:35 many differences or advantages depending on how you look at it. So in in in traditional solutions, right, I mean, that's that's a wrong word, traditional. Okay. Another solution. Let's not let's just say traditional. When you interact with, let's say, AWS through, let's say, CLI, you the user that is using that CLI needs to have access to whatever will be done in AWS. Right? So you need to have permissions. If you want to create a EKS cluster, you need to have permissions for that. Your user needs to be privileged and what's not. Now in our case,

48:10 Crossplane itself is, let's say, privileged user of your provider. You as a human running kubectl commands, you are claiming certain resources in certain namespace, or you don't have to. Depends really how you configure it. So think of it as yeah. Let's let's say when you claim volumes in Kubernetes. Right? Kubernetes has information and out in can authenticate to create a volume like EFS or VBS or whatever it is. You as a user, an admin of that cluster gave you permission to create certain volumes in certain namespaces. Right? So you need to claim them. So there are those two distinctions.

48:56 What you as a what you as a person do, you're interacting with Kubernetes, and you have permissions to create certain Kubernetes resources in certain namespace. So I could I'm not going to do that now, but I could go and say, hey. There is a namespace Rawkode. And in Rawkode, you can create, let's say, resources GKE cluster, but you I will never give you permissions to create EKS cluster, right, because I don't trust you with with AWS. You've been too negative towards it. And on top of that and this is now plugging back into the whole idea of leveraging Kubernetes ecosystem.

49:36 You can combine whichever RBAC you're using in in Kubernetes itself, let's say, with policies like or whatever you're using, and further define things like, hey. Joe can everybody in this day's space that can create TKS cluster, but Joe can only do up to three nodes. And I don't know. Somebody else can create after five to five nodes. So whatever the rules are. Right? So if you combine Kubernetes RBAC and policy management with whichever tool you're using, I would say that you're getting a level of both simplicity for the end user, but also control for others that is really not there

50:22 with almost anything else that is not Kubernetes friendly, native, let's say. Yeah. That makes a lot of sense. You know, Crossplane is using the Kubernetes API. So all of these things should be implemented using the Kubernetes API. Definitely. Yeah. You're it's it's more like kind of you need to think about it differently. Right? You're not the question is not about the credentials in AWS or whatever you're running. The it's about credentials to create or modify or delete specific Kubernetes resources. For majority of users, there is only Kubernetes API. Nothing else. Alright. I hope that helps, Andreas.

51:02 And if you have anything else, drop it into the comments. Alright, Victor. Is there anything else you would like to show us before we start wrapping this up for today? No. If I got Razor, I will I will will I will stay here for a couple of hours, and I think that we have a limit. Yeah. I think, you know, we we pushed our luck deleting the node group and seeing that coming back. So let's let's let's take that as a success. And Yeah. Kind of as as a parting gift. Right? Just kind of as a parting gift,

51:29 I will delete the whole cluster. And then we'll see whether it will come back come back by the time we wrap up. Do you think it's gonna delete by the time we wrap up? Let's see. You know, usually, those are the moments when I go and watch something on Netflix, so I never really paid attention. Alright. I cannot because node group is attached. That's alright. I trust you that it works. I I think we've seen what we wanted to see with the node group. You know? I think the the one takeaway for everyone watching here is that, one, your interest in Crossplane

52:01 should definitely be peaked. And secondly, the continuous reconciliation and working with the Kubernetes API, which hopefully you're already familiar with, brings a lot of superpowers to your infrastructure. I think it's just a fantastic, fantastic product. I'm gonna pop back over to our big face mode. There we go. Okay. It was so strange for me looking at the blank screen all the time. You know? But my terminal is. I would see your face, man. This is better. Yeah. Definitely. So, you know, just as we as we kinda wrap up, is there anything that you can share? Like, what are what are Crossplane

52:30 Crossplane Future Plans

52:34 excited by right now? What are they what are you guys working on? What's coming soon? What challenges are you gonna solve next? Like, just Yeah. So the the major effort, let's say, or push right now is towards provider coverage. We need to get close to % for all the all the major use cases. Right? So that's kind of that's not really exciting. It's just simply the first queue that needs to be done. And there will be some very exciting news about that very soon. I cannot say the dates, you know, otherwise. Grant, the one that was in comments, he

53:12 he's listening on this. He's he's the one above me. He's he's going to do something bad. And so most most of the off effort right now is in debt. And then in soon for next quarter, we are going to have some very exciting exciting announcements, but I don't wanna share it yet. So boring stuff. Provide the coverage. Boring stuff. Alright. Okay. Well, yeah, that that that's cool. It's nice that, you know, the provider ecosystem has been expanded on and elaborated on. I think it's just gonna open up a lot more doors to people that wanna use Crossplane.

53:49 We got a thank you from Russell in the chat. Thank you, Russell. Yeah. Alright. Well, we have no more questions. We got we got a few more. Thanks. People are telling us to leave now. I think that's what that means when they start saying thank you. Victor, thank you so much for joining me today. Really cool demos to see composite resources providing essentially an abstraction or a platform that doesn't really matter what the underlying infrastructure is. And I think that's a really cool thing for people to take away, that you can build these schematics for what a platform means in your organization

53:58 Conclusion and Final Thoughts

54:23 and use that Kubernetes API to show them. Very, very cool Yeah. All right. And if any any last words before before I push the button? Try it out. And if you get confused, then ping me on Twitter or LinkedIn or whatever. Find me somewhere. Yeah. Find me somewhere. Get the help you need. Slack somewhere in Kubernetes or CNCF. Google me, and I'll help you out. Alright. Well, thank you again, Victor. Have a wonderful day, and I'll speak to you again soon. Have a good one. Bye.