1:23 Introduction

1:23 Hello, and welcome to today's episode. Today, are taking a look at Crossplane, a tool for managing infrastructure using the Kubernetes API. We have some familiar faces joining us today. We have Dan and Marcus. Welcome to the stream again. Thanks for having us on. No. I'm I'm very excited. We've we've tried to find a date for the team for a little while now, and I'm I'm just glad that we're actually getting to sit down and play with this stuff together. It's gonna be awesome. Sure. I think I think the the intro is upgraded maybe since last time I was on

1:53 here. That was pretty cool. Yeah. I mean, it's it's getting a bit old for me now. I see it too much. Yeah. I bet. But I I'm I'm happy with it. And at the very least, it gives me an opportunity to click the buttons that I need to click over here. So, you know, to keep some mystery around the show. But Right. So I think what we should really do is just start with the what is Crossplane? Cool. Well, I'll I'll take that, and then, Marcus, you can just chime in wherever you see fit. But, essentially, it is, first and foremost, a

2:20 What is Crossplane?

2:31 way to provision infrastructure using the Kubernetes API. So most people come to Crossplane initially because they'd like to provision infrastructure on cloud providers or on, you know, any sort of hosted infrastructure provider from the same API that they use to actually deploy their workloads and that sort of thing, and they'd like to be able to connect them up easily and that sort of thing. So, generally, we'll see folks compare Crossplane to tools like Terraform or Pulumi or things like that. But it's a bit different for a number of reasons. And the first being I think Marcus and

3:10 me just switched positions there. The first being that it's running as as well, the different components of it are running as Kubernetes operators. Right? So they're constantly reconciling your state as opposed to traditional infrastructure as code tools where it's just kind of like a one shot, you know, and then when it's done, it lets you know. And then it continues as the the provider sees fit. Crossplane, on the other hand, is going to continuously reconcile your infrastructure. So a lot of times, we'll demo someone provisioning, like, a database or something like that, and someone going in and modifying part of

3:43 it and then seeing it brought back to the desired state as put forth in the Kubernetes cluster. So that's definitely kind of, like, the initial intro. It's usually pretty easy for folks to understand as well, and it provides value to people, which is great. On top of that, Crossplane itself, all all of the kind of provisioning of managed services is kind of in a plug in model, which we'll see in a little bit with the Equinix metal provider that we're gonna look at today. But, you know, there's different providers for for all kinds of different infrastructure hosting platforms.

4:17 And then the core part of Crossplane is essentially a package manager, which allows you to install different types of packages, one of them being providers. So after you install Crossplane, you can say, you know, add GCP support, please, and it'll bring the CRDs and controllers and that sort of thing. And the other being composition, which is where you take all of these different managed resources, these granular things that represent actual APIs on a cloud provider, and you compose them together into abstractions for, you know, developers within your organization to interact with. And then you can package those up in

4:53 a separate kind of package, call it configuration, and install those. And what you get is kind of a a platform as a service that you're defining the abstractions yourself. So today, we'll look at kind of, like, the the maturation process of using Crossplane. So starting off with, you know, maybe just looking at provisioning a device on Equinix metal and then moving towards, like, packaging that up and being able to reproduce your platform across Kubernetes clusters and that sort of thing. Nice. So, I mean, it it sounds really cool. I'm looking forward to this. Like, I

5:23 Benefits of Crossplane (GitOps, Policy)

5:28 guess we have the ability to represent all of these infrastructure components using Kubernetes CRDs. And I guess the the the really cool side effect of that is I can now get up to my infrastructure by having something continually apply those CRDs in my cluster, and then the Crossplane controllers just go and make the world happen. That's kinda what we're looking to do here. Right? Right. Yeah. Very very declarative. And another thing just kind of, like, going along with that is, you know, standardization on the Kubernetes API gives you things like GitOps, but also gives you things like policy.

5:58 So one of the things we really love is showing off using Crossplane with Open Policy Agent, you know, when you're writing granular rules that apply to CRDs that are created. And so you can say something like, you know, don't let anyone create a database that's larger than 20 gigs or something like that. And you can write these kind of, like, arbitrary rules that apply to any type of infrastructure, especially when you write abstractions. Right? So if you have a database abstraction, and behind that, you have Cloud SQL, RDS, Azure database, whatever. You can make a policy for that abstraction,

6:32 and then everything flows through that and you can kind of, you know, put barriers or firewalls, if you will, for actually creating infrastructure with different policies. Yeah. I mean, I'm gonna be honest. I often turn a blind eye to policy, our back end security, and I know that that is is not the way to be doing it. I'm looking forward to learning today. Well, I mean, if if you have the the privilege of not having to worry about it, then I'd say just keep rocking with that. That sounds pretty good to me. Oh, yeah. I'm really lucky that all I need

7:02 to do is spend things up for a short period of time and go look at cool and then disappear and shut it back down again. Like Right. So but of course, security is really important. And I definitely use seccomp every week now. I promise. So let me pop up my screen. Marcus, did you wanna add anything to to that description? You obviously have some context around Crossplane as well. Yeah. Yeah. And I also connected I disconnected from a VPN, which is why I switched Windows with you for a moment. So, yeah, I I think what I'd add

7:36 is that, you know, when you when you compare things to Terraforms, that Terraform is something obviously, it's not doing the continuous reconciliation loop. But trying to manage Kubernetes with with Terraform is maybe not as easy as it is to manage Kubernetes resources from inside of Crossplane when it's serving the same sort of purpose, especially when you're interacting with clients clients and any kind of application in Kubernetes that is going to need to have access to those cloud resources that you're provisioning. In the case of Google and Azure and etcetera etcetera and Amazon, you're talking about Microsoft

8:24 you're talking about, like, MySQL services, things like that where having the having the credentials be provisioned inside of your cluster and then be consumed inside your cluster is super convenient. In the case of this Equinix metal provider, what we're provisioning is, like, very raw resources. We have bare metal hardware, and we have networking resources. And sort of the sky's the limit with that. And in terms of how ready this is, like, earlier, David, you you alluded to how we could, like, provision everything. Right now, only a few of the only a few of the resources that Equinix Medal offers are

9:12 available in this provider. But it's an open source project. So, obviously, if anybody wants to contribute more, great. Otherwise, we're sort of, like, adding them in as as we find the need for them. Well, it's October. Right? So, you know, any any resources we identified today, were, like, gonna be really cool if the provider supported us. You know, then hopefully, the people watching are happy to come along and and help us out there. And, of course, if they want any help in return, they can head us all up on Twitter. I'm sure we'd be happy to help them contribute

9:40 Does Crossplane compete or complement tools like Terraform and Pulumi?

9:42 to the project. Definitely. So there was a question that's kinda spinning in my head then right now. We've we've now mentioned things like Pulumi and Terraform a couple of times here. And I I I'm wondering, you know, as a developer responsible for some sort of set of or some subset of production infrastructure, which does Crossplane replace that or augment it? Like, do you see all infrastructure provision happening for the Kubernetes API with Crossplane? Do you need to bootstrap stuff with another tool? I mean, how does this workflow work in reality, not just in my head? Right. Absolutely. That's that's a

9:46 Crossplane vs. Traditional IaC Tools

10:20 great point. And and the first thing I'd say to that is that I don't think Crossplane is for every organization or every person, and I definitely would not recommend someone do it. You know, if you are using a tool already and it serves every need that you have, then I would stick with that. I would not, you know, churn and and try and switch to something else. So that that would be the first thing. The second thing is I think that the these tools can coexist together. In fact, we've seen a lot of people use

10:50 Terraform's kind of Kubernetes provisioner where it basically allows you to spit out, you know, arbitrary CRDs, but you write the manifest using HCL. We've also seen this with CDK to where you're basically writing Kubernetes manifest using TypeScript. That's a great example. We actually have a video of of Kelsey Hightower provisioning Crossplane resources using the Terraform provider. So I definitely think these these can play nicely together. It is a a pretty fundamentally different model, and I think that Crossplane gives you more benefit as you scale to a larger organization. Obviously, if you have things coming up and

11:29 down really quickly, you you have a benefit there kind of with that GitOps flow that you're talking about. And then the other thing would be if you have a large organization where you're trying to provide kind of, like, a self-service platform to developers as opposed to, you know, you have your infrastructure team and they open a ticket and do it. The idea with Crossplane is that a developer has a cluster that they connect to, and they're presented with these abstractions that you've defined for them, and then they can self-service infrastructure. And that's where some of

11:59 that policy and stuff can come in. So yeah. I I absolutely think that that these tools can play nicely together and actually can be used together for the same use cases. So I I wouldn't recommend folks, you know, completely drop one or the other. I'd say evaluate your circumstances and see how you can use them together. I'm very diplomatic if you can't tell. That was a very fancy way of saying it depends. Yeah. Well, we had to fill an hour and a half somehow. Right? So So the the thing that's going through my head again, You know, I love to externalize

12:33 every single thought I have is that one of the biggest challenges I have using tools to Terraform and Ploom, as great as they are, is that if my infrastructure doesn't change too much Mhmm. And I I'm not making another change for maybe a few days or a few weeks or worst case even months is that by the time that we run that plan and apply is that so much could have changed in the state of the real world. And I guess that problem of having to do a refresh of the state and then the world kind of disappears by

12:59 using a tool like Crossplane because the reconciliation look is is always running. Is that right? Yep. That's as good as answers I need. Perfect. As long as your Kubernetes cluster is running, yes. Yeah. That's true. That's true. Well, I I guess, to kind of amend my my previous answer, if you're not using Kubernetes at all, I think Crossplane could still be valuable to you. But you obviously you know, Crossplane runs in Kubernetes. So if your organization is literally not touching Kubernetes and has no plans to, maybe not the right tool for you. Well, that was

13:36 until someone on Marcus and I's team, Jason, was working on a bad idea, which I saw that. Is I think it's such a really cool thing for projects like this and for the cluster API where you want that declarative Kubernetes API without a full fledged Kubernetes cluster. So Mhmm. I I'm looking forward to seeing that hack hack come forward one day, the proof of concept. Yeah. Alright. Let's let's get started. Right? As always with this stream, I tried to do very, very little upfront. Now what I have prepared just because we need a Kubernetes cluster is I've used the cluster API

14:02 Getting Started: Installation Prerequisites

14:12 to spin up a Kubernetes cluster on Equinix metal with three master nodes and three worker nodes. I've since been told that's maybe a little bit overkill, but we're gonna have a little bit of fun with it anyway. Now just to confirm that I haven't broken anything in the last five minutes. If I run key get notes, we're gonna see the view of our Kubernetes cluster from this point of view. I haven't done anything else. I've not installed Crossplane. I've not got the CRDs. I I I have done nothing. So this is where I need the guidance. So I'm on the

14:42 website. I'm assuming there's really good documentation and I'm hoping we can click on the docs page and start with the something really simple. That sounds great. Do I need a Crossplane CLI or do I need to just compute control applies and manifest to my cluster? So to install well, actually, to do anything with Crossplane, you don't need the CLI. We'll probably go ahead and install it just to make things a little bit easier, especially some of the things I'm gonna show later about with the CLI. You can actually build these packages, which are very opinionated OCI

15:14 images. So it can do some of that for you. So you don't have to use it by any means, but would recommend installing. Okay. So I can skip together Kubernetes cluster. I can Mhmm. Okay. So I'm not gonna skip installing Crossplane. So it wants me to use helm. What's it what's helm three alpha and helm three master? So alpha, we have two different channels of release. Alpha is gonna be our latest stable release, which this doesn't the the naming of these channels, I think, is confusing. But I guess as a pre one dot o project,

15:40 Installing Crossplane Core Components

15:53 you know, maybe you're not calling it stable. But anyway, master is gonna be literally the the latest helm chart built from master, and alpha will be the the latest release. So helm helm three alpha there is gonna give you a Crossplane version 0 dot 13. O. Now I know that you've both been really busy working on this provider this week. Does that mean we're working off the master branch, or are we working off the the alpha cut? We're on alpha. Zero dot 13 was actually released on Friday, so it's pretty fresh. Sweet. Okay. So first of all, I'm creating

16:26 a namespace. I'm adding a Helm repository. I like it when I just have to copy and paste from the docs. Yep. And you can we're not gonna use OAM today. So if you want to turn off the OAM flag, you can, but you don't have to. It'll just What what what is o OEM? OEM is kind of like the application level layer of Crossplane, and it's it's a general spec. And and then Crossplane is just the Kubernetes implementation of it that basically allows you to have kind of, like, a higher level abstraction over, like, deployments and pods and that sort of things.

17:04 You can define an application and then for sure it consumes. But so it kind of goes, like, the managed resources, which are granular reflecting the cloud provider, then composition, and then OAM, which would be like, how do these compositions play in with, know, an actual application that we wanna run? Alright. I mean, I'm still conflicted about whether I want it because one side of my head is saying, send the documentations. Another part is going, you don't really need it. So Well well, you I I would say if you wanna do application stuff, you need it,

17:37 but I don't think we're gonna touch on it today, at least from what I have planned. But we we can if you'd like. Well, you know what? Screw your plan. I'm good with it. I respect it. Yeah. Don't complain about my credentials. They're fine. Can you think of any kind of application we can make happen with the resources available? I don't think so. OAM is earlier in development than Crossplane, so I don't think that they have a, like, target for a bare metal machine. I think it's it has to, like, target the Kubernetes API. So we could run them directly,

18:16 I guess, in in cluster, but the the infrastructure consumed likely wouldn't be something provisioned on Equinix metal. K. No worries. So let's run our GET. We've got pods, deployments, replica. Alright. Okay. Alright. So we've got something running. Mhmm. And you're saying this will be easier if I install the CLI, and I love nothing better than piping to a shell. So It's very safe. Yeah. And then you'll need to move that to your path if you want up there. Okay. So oh, so this is a cube control plug in? Yep. Yep. So if you move it

18:40 Installing the Crossplane CLI

18:59 to user local Ben up there, it should just you should have Kube control cross line working. And I could have installed it with crew. You use the the Kubernetes plug in manager or no? The I think, Marcus, he wrote the original Crossplane CLI, and I think it was compatible potentially. This this new one is is not yet. Yeah. I had the crew version of it installed, but I don't recall if it if that was just running off of a local branch against crew or if that was merged into crew. There we go. We've got more Hacktoberfest

19:36 ideas for anyone watching this. For sure. Also, I am going to you have some of these commands here to get started. Packet or Equinix metal is not included in the documentation here, so that's something we definitely like to do once we have CI set up and that sort of thing for for Packet. But instead, I'll just put some commands here in our shared editor, and and you can just run those. So first, what we're gonna wanna do is install the packet or the Equinix metal provider. And like I said, we don't have CI set up for that right now, so I'll

20:00 Installing the Equinix Metal provider

20:11 just let you install my own build of that. So you're gonna do cube control crossplane install provider, and I believe it's at Ashtan Crossplane provider Equinix. We were going back and forth on how long this name should be before it started annoying people. Yeah. So if you run that, you we should be good to go though. Alright. So this is using the Crossplane CLI. It's installing a provider, and this reference on the end, I'm assuming, is a container image on maybe the docker registry. Yep. Absolutely. And and as you're doing this, I can kind of explain a little bit about how

20:54 this works. So in the case of a provider, what you're installing is some CRDs and a controller to reconcile them, and you're gonna have some collisions on the provider name. So if you do, just do k get p k g or k get Crossplane would also work. But k get p k g will will get you all the packages, that are installed or it should. Let's see. Yep. Yep. So look, it it's installed and healthy. So essentially, what's happening behind the scenes is this package is an OCI image, basically just has a configuration file and a bunch of YAML and a stream

21:32 in it. It's a single layer OCI image, and it has also a reference to a separate image, which is the controller that we're gonna actually install and run. And and what it does is the Crossplane package manager, which is part of that Crossplane pod we saw running, when it sees the creation of a provider resource, it's gonna look at the source of it and see this image, and it's gonna pull that image and extract kind of the package configuration for it. And from that, what it's first gonna do is say, hey. Can I install all of these

22:03 CRDs and control them? Right? So in Kubernetes, you have owner references and controller references. Controller references are basically just a special type of owner reference, and there can only be one controller of a resource type. And so in this case, there is no other providers installed, so it will easily gain control of these. So first, the package manager is gonna say, can I install all of these CRDs and be the controller of them? If so, it's gonna go ahead and create them. And then if it creates them all successfully, then it's gonna start a controller to reconcile

22:36 them. If it's unable to say that I'm gonna be able to gain control of all of them, it's gonna say, hey. This isn't installable. This is gonna conflict with another another provider you have, and that kind of guards you from, you know, having providers fight over control of resources. Okay. Cool. So you can see I'm having a nosy now to see who the CID that you've you've thrown into my system here. So the OEM stuff, we can maybe try and talk about at the end. I won't try to deviate from your plan too much. Well well, I will do whatever you want.

23:10 So this is your show. And then we've got the Crossplane extensions down here. So we've got our providers, configurations, the same as the basis, virtual networks. Okay. Mhmm. And, yeah, those those packet ones are specifically the ones that came. So if you if you had run k get CRDs before we install the provider Equinix metal, those packet CRDs wouldn't be there. We need to update those that API group as well now. But now that it's installed, it brought those and installed those. And if you actually, you know, described one of those CRDs there, you would

23:47 see a controller ref to the provider revision, which is the installed version of the Equinix metal provider. Does that mean I have a pod running now? It's a the Equinix metal pod? Yep. Crossplane. We do. Yep. Yeah. And you'll see that has kind of a a hash and then kind of the stuff that the deployment does to do the randomized UID. The hash there is actually the hash of the or the digest of the OCI image. So since we're using this actually kind of dangerous except for that we have control over the docker, image. We're using a latest tag here. So

24:25 what would actually happen, we have different types of on the provider, type, there's different types of policies you can have for update. So if since we're using the latest tag and the default policy is auto update, if I pushed a new OCI image that had different configuration in it with the latest tag, Crossplane would automatically go and see that on a reconcile and say, oh, I see there's a new version of this provider available. And it would create a new revision for it, and it would transition ownership or controllership, I guess, of those resources to the new

24:59 one. And you can also customize that to say, create the new revision, but don't transfer controllership. You know, don't start don't switch out the controllers, etcetera. Okay. That makes sense to me. That was that was, like, 2¢ that represents, like, over over the years to work and thinking and and ideas scratching. Yeah. So, yeah, I'm I'm really glad to hear that explained so concisely. Yeah. Yeah. It it definitely has been a long road. And and Marcus did a ton of the work on the original package manager. And in this new release, we kind of redesigned it from the ground up and it

25:40 enabled some of the stuff that that there's a bunch of issues assigned to me that you had originally created. It was fun to get to close out some of those. And things that are coming in future releases are actually some some advanced dependency management and that sort of things you can especially with configuration packages, which we'll look at in a minute, you can depend on providers. And it'll say, like, install my configuration with my abstractions, And these abstractions are serviced by provider Equinix metal and provider AWS, and it'll automatically go ahead and install those providers for you.

26:17 Okay. So let me see if I understand where we are at the moment then. Cool. We've got Crossplane running on a cluster. We've added the Equinix metal provider and that has opened up three CRDs that we are now going to start playing with, I'm assuming, which is server VLAN imports. So is there a next step now that we're gonna deploy something? Is that what the configuration you just mentioned was or is that something else? So we can yeah. Actually, to to go ahead and let's let's jump to the end and then work our way back. You want to? Or is

26:49 that does that work? We can we can show the the simplest workflow and then go back to sort of, like, the more granular stuff you can do. I mean, it's just my intuition is telling me I I've installed Crossplane. I've added my provider. I've not given any token yet. I'm assuming there's something I have to do here, and then I can say, hey. Go get me go get me a server. Like, I want some bare metal. Yep. Absolutely. So do you wanna go to the provider packet kind of GitHub page, and we can look at the read me, which will show you

27:11 Provider Authentication (Credentials)

27:17 how to do your explicit credentials for Equinix metal? I'm I'm gonna try and not call it packet as much as possible, but it's really hard. I'm gonna be honest. Packets are those things that go over the network. Right? Yeah. Exactly. Yeah. That could be confusing. Yeah. Alright. So this is the yeah. This is the provider. Okay. Cool. Mhmm. So, yeah, if you do the the credential setup there, install that Equinix metal provider. Yeah. There you go. So we already ran that command beforehand, but with my own personal image. Alright. So in order for me to do

27:55 this, what I now need to do is that's gonna be Linux instructions, isn't it? Yeah. If you if you just set API key equal to your API key, you know, just the the variable, then the next commands are gonna work. Alright. Let's move the magic over here. Alright. So export API key. I still have the YAML for that tank deployment. If we want to go crazy, but we probably should go crazy. Actually, some of this new stuff, excuse me, should actually make that a bit easier, some of that stuff we're trying to do with tank. So maybe we will look

28:38 at that in a little bit. But I I'm also gonna have to load back up on what we did because I kinda pushed it out of my brain after we included that one. I'll jump. Thank you. Alright. Guess we do wanna use it. Cool. Alright. I just run PS because whenever I move the window back to other display, always pull the school buffer back and keep the screen. So Yeah. I I've done that before as well on some of my screens. Alright. So I'm assuming the commands I need are being typed into here. Yeah. So so did you go ahead let's

29:16 see. You just created those environment variables. Did you actually create the provider object there also? Nope. I can do that. Let's see. So yeah. Exactly. So so what you're doing here is basically, you know, just creating a secret and then creating our provider object, which then gets referenced by every other resource. Basically, every resource has a provider ref. And this is a general pattern for all of our providers. It's just the way that you know, our method of authentication. We've also talked about and there's been some some work recently towards having different back ends than just a Kubernetes secret for authentication.

29:53 One of the things you can do, for instance, if you're running provider AWS and your Crossplane is in an EKS cluster, they have things like I'm roles for service counts where you can just give the Crossplane pod service count, you know, an annotation, and it'll inject that into that. And then on your provider that you create, you don't specify a secret. You say, you know, like, I think native is, like, the the the type of authentication, and the AWS SDK and the controller will just say, oh, I'm supposed to look in my file system and pull out this token.

30:26 Okay. We're using that generic secret today, but that's there are other options. What I'm taking away from that. Yeah. Exactly. And you care about security, but of course. Right. But, of course, you don't you don't care about security or policy. Right? So we we should be good today. But if now you'll need to create an actual provider instance here, which you'll see just below there, and then we should be pretty good to go. I was looking at another screen, but you did do the the read into the environment variables with the secrets? I got yes. We're we're good there. I

31:01 mean, hopefully. That was behind the scenes. Yeah. So this is I mean, I'm just gonna save this as a fail because I'll probably push this up somewhere, and then I'll apply it manually. So this is just API version Crossplane, and we create a provider, the project ID. Oh, so that's been interpolated actually from my bash environment. Alright. Okay. So I can't just take that off. Or you can just paste it in. Yeah. The project. Yeah. It's it's not a secret, is it? Right. Okay. And then we reference the okay. We reference API token from the secret

31:38 that we just created. Right. Right. Cool. This is This goes back to your wanting to copy and paste from the instructions. That's that's what this is all about. And we're good. It's now being create edit. Nice. Okay. So let's see what the instructions tell me to do next. So this is we're now getting into the the actual specification using CRDs to deploy Equinix meta hardware now. Right? Right. Although, I will say, if we want to skip ahead and go for the advanced mode, we can we can skip this a little bit and come back to it. Are you game?

32:00 Deploying a Crossplane Configuration

32:14 I mean, I do love advanced mode. So Alright. Well, I I mean, I got that feeling from you. So alright. Switch back over to the editor. Alright. And if you go to your read me here, I've put this command in here. And because I think you're so awesome, I actually created a Rawkode configuration package before this that is going to allow you to have your own custom platform, your Rawkode crossplane platform that's consisting of Equinix metal resources behind the scenes. I'm really playing this up. It's not gonna be that cool, but it will show the new functionality. So

32:54 if you run that command there, let's let's take a look at what happens. Hold on. Let's let's let's back up a moment here right now. You're you're luring me in with advanced mode. I get it. Right? You're you're you're catering to my eagle. Right. But you're also telling me that I'm not security conscious, and then you get me a random bit of YAML that you want me to apply to my cluster. I know how this works. Like, I know your game. So I'm gonna look at this first, and I know it's gonna interest you. Yeah. The you're talking about the link above

33:22 this one. Right? Oh, yeah. No. I'm talking about the command above this. You don't have to this is this is Marcus. Marcus put this link in here. He's the malicious one here. So In my demo. You just have to run a simple CLI command that pulls an arbitrary image from our registry. It's not near as risky. Uh-huh. I mean, I don't even have Docker run. Oh, no. You you don't need it. You won't need it. But it says no such image. Are you sure you pushed this image? Or do I need to build it first? Does that how

33:54 Docker registry is worked. Right? So, yeah, you can you can pull it. So it looks like you got it there. Created 292 ago, you can see. But if you run this command, it it will take care of everything you need for you. Alright. I'll trust you. I'm not I'm not gonna start tearing apart an OCI image just to pick up. I all that's inside of this is three one YAML file that is three resources concatenated together. So we'll we'll look at the contents in a minute. Try kubectl get package again, p k g. I feel like I wanna watch this again

34:33 in, like, the the the behind the scene commentary version of it and, like, ask Dan what what's going on behind some of these things? We're we're gonna go to all of it. We're gonna get it all. But what you'll see here is so we had that provider that was already running. Right? And then we now have this configuration package type, is the Rawkode Equinix metal, and it looks like it's installed and healthy. So what we should see is run k get CRDs and check and just to grab equinox.metal or something like that. Yeah. There we go. So this infra's resource

35:11 is what we wanna look at. So, basically, what I've done is I've taken a just a device resource. So we're not composing multiple different types together, but I've taken just the device resource and create an abstraction over it. And if you look at this, this is gonna be a pretty small CRD. Yeah. I think you're gonna need describe CRD and then the name. Yeah. Yeah. Of course. And it's only gonna have one field that you populate. And let me drop in actually in our thing here. Oh, so this this isn't this is a CRD. It's not actually

35:48 Right. Right. An object of the of the CRD type. Right. Okay. Right. We'll create that in just a minute. There we go. So, yeah, if you scroll up, it's a rather small CRD actually. We we get a lot of the the stuff here from the Kubernetes API. But essentially, it just has one field, and that's gonna be your host name. And if I can get Versus Code to open this one second here. I'm trying to see if I can get another window open that's not the the editor that we're in. We're basically gonna create an instance of this

36:32 this info resource, and we'll see what's happening behind the scenes. But let me grab it. And so that is great. Oh, what we have here? So I just added in here. So you'll see this is a pretty simple resource here. Right? You just have this one host name field and then write connection secret to ref, which is just kind of where we want the the information to go if there's any output from the infrastructure that this provisions. But feel free go ahead and keep control apply this in your cluster, and we can see what happens.

37:11 Alright. So since we installed that CRD, we can create instances of it, and we probably won't get too much information there. It's not ready yet, but try a k get Crossplane. It's a group annotation? Yeah. Okay. Alright. So what you see here at the bottom is a packet server device, and you'll see that it synced true and ready as false. And you'll see some other information there, and you'll see that that host name Rawkode live. If you switch over to your Equinix metal console, we should see this spinning up also. I think you can also k get

37:51 packet there. Yeah. I couldn't remember if we added the categories to this one or not, so I I played it safe. There we go. We have a well, I mean, I would never spend up a CentOS seven machine, So you clearly don't know me that well, but we do have a machine spinning up. Well, let's you you wanna look at what happened? I mean, I said I was ready for advanced mode, but I have no idea what just happened here. So Right. Exactly. Well well, the nice thing is you don't really have an idea what happened, but you

38:17 Deep Dive: Composite Resource Definitions (XRDs) and Compositions

38:21 got your your infrastructure going. Right? Which, you know, you didn't have a lot of options about what you could do here. You could only customize that host name field. But what's actually happening behind the scenes is I've created what's called an XRD, a composite resource definition, which is kind of akin to a CRD, which defines a new type that we want to exist. So generally, when you want a new CRD type, you know, you create a CRD object. Creating an XRD gives Crossplane some information about going and creating a CRD for you and starting a controller

38:53 to reconcile that. And then we also have a composition resource that that satisfies that XRD, and that includes the different actual, you know, manage resources, the device in this case that are in that. So let me go ahead and copy over into the editor the exact contents of that package that I had you install there. Yeah. So let me let me see if I got this right then. Alright. You've created you're you're storing something in an OCI compatible fashion that is actually a collection of resources that can be consumed by Kubernetes. I'm assuming what I just did when I

39:31 ran what did I run? Kube control crossplane. Yeah. That's one here. Kube control crossplane install configuration. That's configuration lives in an OCI registry, but it's really just a collection of Kubernetes resources that you're applying to my cluster for me. So it's just a really convenient I mean, it's essentially replacing comply fhtpsgethub.com blah blah blah. Right? Is that Right. Exactly. And as that grows to be more complex, you get kind of more and more benefit out of that. And and also another thing you get is the ability to kind of share this with other people in an installable manner.

40:09 So, I mean, I think as as people that are working with Kubernetes, right, we're we're always applying remote matter. Not always. Once they don't care about security, but generally sometimes apply in remote manifest. And that's one of the challenges with that is is that if you wanna be able to modify that in flight before it has Kubernetes API, you generally gonna need to do some weird bash maneuvers or or download it and make the modifications. The first thing that struck me is cool about the OCI format is do I have a ways to inject configuration into the the

40:38 Crossplane configurate? Can I modify that configuration in some way? So as it's coming through, right now, no. You could during that install for providers, especially where it's actually creating a deployment that's gonna reconcile them. We want to make it so that folks can go ahead and modify, you know, how they how that's actually installed. So kind of like install time configuration. So I definitely think that's something that will happen. One of the benefits you get of installing via Crossplane is that it's gonna do some validation for you. And so, like, if this OCI image, you

41:13 know, had a bunch of nonsense in it, it's not gonna get applied to your cluster. Right? Crossplane's gonna parse this and say this is valid or it's not. And then you can kind of just go from there. But if if you hop over back to the editor again, I've actually pasted the contents of what's in this image into the configuration directory here. And so the first thing, what you're looking at there is the composite resource definition. So you'll see this looks a lot like a CRD, but it's a little bit, you know, scaled down. And it's pretty simple. We're just defining a

41:49 new resource type called infra. And so you saw that, you know, we create an instance of infra. So the the result of creating this composite resource definition or XRD as we call it is for Crossplane to create a new CRD for you and for it to start the controller to reconcile that. And that reconciliation loop that runs watches for instances of these to be created, and then it looks for compositions, which if if you switch over to that other file that I added. This composition, you'll see, has a composite type ref, and it references that same XRD that we

42:24 mentioned, which basically says, I can satisfy this. So you could have a number of different compositions that satisfy a single XRD, and that can be beneficial if you want, you know, different types of configurations to meet, you know, a a generic abstraction. So once again, the easy one to think of is if you had, like, an AWS, GCP, and Azure kind of backing for a a maybe, like, if or let's say in this case, you had this one which is Equinix metal device, and then you also had one that was like a AWS EC two instance or something like

42:57 that. On the XRD, you could actually or on the instance that we created of it, you could use a selector, which will select it by label, or you could reference one of those compositions directly, but all through the same resource. And then in line in this resource or in this composition here, you'll see we have the device type. And then we have some patches which are basically saying from that abstract, go ahead and overwrite this field in the body of this resource we have in line. And then also things like using these transforms, which we have some simple transforms

43:33 for you to be able to choose the name. So in this case, it's taking the UID of the the abstract type, the input type we created, and it's saying write the connection secret ref for this object to that UID post grad SQL, which obviously doesn't make sense here, but it was copied from something else. And and then all of these fields you see here in the middle, which are, you know, configuring the actual device, those could all be in exposed in some way or another, mapped in some way or another to the abstract type that we created.

44:06 So in this case, we're just saying that we want the host name to be exposed on it. But especially it's especially useful if you have something that has, like, a common configuration across. So you could have maybe a map that was on packet or on Equinix metal mapped, you know, or small to c one small x 86. And on AWS, it was like, you know, AWS standard two or whatever, you know, their instance types are called. You can kind of map that so you can have a consistent translation to to different backing things. And you can have any number of resources

44:42 in line here. So we could have also created, you know, a VLAN or or any of the other resources that are created with the Equinix metal provider. Cool. Alright. I actually I think I understood. I'll say I'll I'll I'll be, you know, humble. 96%. But That's pretty good. Yeah. There's a lot there's a lot of moving parts here. I'm I that's better than I understood less of it and I was saying it. So I know. I'm I'm gonna have to ask Marcus for a proper translation later, but let's I'm curious. Right? So this composition CRD is just a way for

45:00 Deploying a Device with a CRD

45:17 me to collectively add this stuff together. Right? But there's there's nothing I I could deploy that on its own. Is that right? Yeah. Absolutely. There's some fields missing here. Obviously, you'll you'll notice that the the metadata is missing, so you don't have, like, a name for the device up there, which is obviously required for a resource. That's actually getting replaced automatically by the machinery in Crossplane. But, yeah, you can call this here. I think that everything else should be okay. So, yeah, this is kind of the the original kind of initial flow that folks will go

45:54 through when they're using Crossplane. You don't need the name. That's everything that's in the box. Is there anything that's not in the box that you get? Do you get something extra like our back? With the when you say the box, what do you mean? Yeah. So the the package. Right? So the the the configuration package or what are calling an OCI image included that XRD and and The composition. To apply the composition to apply for it. Mhmm. When it when that gets installed or applied, like like what David's saying, you know, I could have just cube CTL applied this exact

46:38 output. Mhmm. Is there anything in addition to that? Like like, for example, is RBAC being generated? And this is coming from my my knowing how things used to be and how things are now and and wondering about the changes. Yep. Absolutely. So in terms of RBAC, there's a number of different things. So when you install a provider, yes, we are creating the RBAC for that controller to be able to control the things that you install. Some of the RBAC, we don't have to worry about as much now that that Marcus had worked on because we don't have namespace

47:14 scoped installs, and we also don't have claims anymore. So there aren't things outside of the provider that say, please give me RBAC to manage this. We're saying, like, you need to install it. There is we have another resource called a provider config usage, which kinda does behind the scenes stuff that it needs access to as well. But also in the future, we'll have the ability to request extra permissions and and ways to lock that down and stuff similar to how we did in the past. A configuration obviously isn't starting a controller. Right? So there isn't RRAC that needs to be

47:47 created and given to a service account for a controller. But in order for Crossplane to be able to create a CRD and then manage instances of that CRD, it needs to be given our back to do that. Right? And so one way that, you know, in the past, the the package manager ran as cluster admin, and it could basically just sort of do what it pleased. Now Crossplane actually runs with a pretty scoped role by default, and the package manager is built into Crossplane. And then we have a separate r back manager. So if you run k get pods,

48:23 in the Crossplane system namespace or just all, you'll see that there's an RBAC manager running. The RBAC manager solely is responsible for handling the creation of, you know, roles that are given to either Crossplane or to providers that are installed. Basically, Crossplane itself doesn't produce any roles. It it says, you know, I will put these labels on this thing and ask the RBAC manager to do it for me essentially. And what that does is, you know, obviously, there can be, some some danger with being able to create arbitrary RBAC. So we isolate that to a single process,

48:58 and you can actually deploy Crossplane without the RBAC manager where you're basically saying, don't create RBAC for me. I'll either, you know, just go outside of this or I will manually create the RBAC myself. So we have a really strong separation of concern now between that RBAC and kind of the actual installation of these packages. Another thing to mention in terms of things that come along with a with installing any type of package is let me grab this from my other repo here. Every package so I left one thing out that's also in this package.

49:37 Every package has to have a crossplane.yaml in it. And the crossplane.yaml basically says, I am this type of package and I intend to do these sorts of things. In this case, it's relatively straightforward. Right? We don't even have any spec. What you actually can do, and more of this will be supported in the future, is add in things like, depend on these other providers being present, or I depend on these other configurations being present. And, you know, the first line of defense would be, okay. We just won't let allow you to install if those aren't present.

50:10 Second line would be, we'll go ahead and get those for you and install them automatically. Other things you can do here is specify a minimum Crossplane version itself you need. So Crossplane will say, what version am I running as? And make sure that when it installs a package that, you know, it's compatible with that version and it will reject it if not. And then there's kind of like arbitrary other things you could add in to get the benefit, you know, that the package manager will kind of set up for you. Cool. That's a lot. I mean, that it's very

50:45 cool system. Now okay. Before I start deviate from your plan, is there is there anything else that you what are gonna go into next before I I throw I throw a spanner in the works? So so you are welcome to do whatever you want. If you want to do something else that might be interesting is we could have you build your own configuration, push it, install it, and get some of that flow as well. So, you know, I'll I'll leave up to you what next steps we do, though. So what I'm thinking is I I I

51:00 Provisioning the Device

51:16 always try to look at this through the lens of someone who's just watching the video either live or or or later. And they're like, okay. How how am I gonna apply this to my own workflow? Now I think it's really cool that we spun up a Rawkode live and I'm assuming if I hit refresh, we're gonna see the the Debian one just chilling there too. But broke my Debian one. I'm sure my fault. Anyway, we've not done anything with that machine. Now what I was thinking, is it gonna be as simple as can I just put user

51:42 Customizing Deployed Resources & Immutability (User Data)

51:45 data here and then have that do something? How do what's what's the next step here to get software running on this machine? Yeah. For sure. So, obviously, it kind of depends on the sort of thing you're provisioning. If it's a, like, database or something like that, you might wanna run some SQL commands. And it depends on how the provider itself, you know, exposes information to you. And this also gets to something else that I think we're gonna have a TVS on with both y'all, hopefully soon. But and I just dropped in the editor here a link to our

52:21 documentation site that has all the different fields that are supported. And so you can look there. There is a user data field, so we can do that in this case. But something that Marcus and I worked on on the last TVS episode we did was a provider SSH. So you can imagine if you have a composition, you could put I think I think we called it script was the the API type that we created for provider SSH. So this this really shows the power of configuration, I think. Let's say you had a configuration package, and in that crossplane.yaml,

52:56 you said, I depend on provider Equinix metal, and I depend on provider SSH. And I have this composition which includes a device and a script object in it. And that script object has a reference to the device or somehow is able to get its connection information from it. I have an abstract type that is, you know, device with script run, you know, or something like that. And I expose whatever fields I want there. And then when I actually create an instance of that device with script run, it spins up a device and it spins up this script resource

53:31 which waits for that device to come ready and then runs a command on it. Obviously, this is a bit of a contrived example because the device here actually has a user data field, so it would obviously make more sense to just do that if you wanted a one off command. But that that kinda shows the example of how you can piece together different providers though to do powerful things with a with a configuration package. Okay. So there were two points there, I think. The first one was, yes, the user data does work. So we could do

54:02 I guess it would have to be here. Uninstall SSH. And that would work. Right? Should work. I I assuming that flows through to whatever the packet API does or excuse me, the Equinix metal API does. So I would imagine that would work. This field might also be I item potent, and it might stop you from applying from making this change. That was my next question. I saw this thing, and it's like, you know, this machine has already been deployed. It's already configured. So to modify these data, I'm assuming is the provider going to delete that machine

54:43 and then recreate me a new one? So it won't. So that's that's actually a great question. A lot of times in Terraform or something like that, it'll say, you know, this is a destructive command. Right? Like, this is going to to make this change, we have to delete this infrastructure and and and recreate it. So in Crossplane, we're not gonna do that. We will say we'll basically reflect back whatever that provider tells you. So there's some fields of a resource which are immutable. If you look at our structs in our code, we actually annotate all of

55:14 those as immutable. And I believe, actually, in v one CRDs, I think you can have API validation for immutable fields as well. So if you for instance, if we mark user data as immutable, when you apply this, it would say, hey. Like, you know, it would get rejected. Right now, instead, what it would do if this is an immutable field is it would send it off to the Equinix metal API and it would say, sorry. You can't do that. And that would be reflected and your status would be like, you know, this device is not in a

55:42 sync state. You made you tried to make an update. It didn't happen. And then if you then remove the user data, it would go back to being healthy. Okay. So let's use this as a a learning opportunity for me. Cool. I've now added a user data, but we're also in a situation where the machine doesn't deploy anyway. So now if this was me working with standard Kubernetes, I would run, get the bases. Is this ID the packet ID or a Crossplane ID? Your your Debian machine is there. The host name of it is Crossplane. It was on

56:20 the top of the UI. Right. Okay. So this is the name and the Crossplane object, but the host Well, you've ruined that for me. I was gonna have some fun. Okay. So let's check out the immutability thing. No. Let's let's not delete that. Alright? We have we did get the machine. So that's mean, that's pretty cool. So we're assuming that's maybe immutable, but we're not sure. Is that what I'm getting? I'm fairly certain it's immutable. But let's see. So you applied it and then yeah. Let's describe it or get it or whatever. And you're probably thinking in your head, just

57:01 stick to the script, man. Come on. No. No. No. This is great. Let's see. Oh, we did get it in our message. Okay. Mhmm. Yep. The obvious has been so that's actually just a transient error. So successfully requested update. It seems like it it did go through, actually. Just do k get device or devices. This might this might be impacted API, I think. So I think maybe the API allows you to send an update to the user data even though I think we've had this discussion somewhere else. Well, we'll see here. Yeah. Let's just I'm

57:37 gonna jump on the machine. Right? Because oh, yes. The nice thing about the way we do this, well, you could view it as nice or cumbersome depending on the situation you're in, is that, you know, we aren't maintaining separate documentation about how our API types work. They are you know, it it's gonna flow through exactly what the the API of the cloud provider gives you, or the bare metal provider or what have you. And so that way, you know, when you see an error, in your events there, you can actually just Google that and it's likely,

58:11 you know, somewhere documented in the issues on on the Equinix metal side. Or we see this a lot with, like, GCP. They have pretty good documentation on some of the different errors that it can occur when using GKE clusters and different configurations you have there. So we literally just propagate that error back. If they update the error that's returned and then they update their documentation, right, users just are able to use that and we don't have to maintain a separate layer of documentation on top of it. Okay. So, I mean, the good news is we have

58:42 to use our data. I have to say since the machine, I had to meditate the Equinix metal user data metadata API, and it worked. And it doesn't run, but that's because I got the package name wrong. So that was kinda cool. So, I mean, there's a whole host of things going through my head right now. It's like, how do I close a few gaps and see? I start to use Crossplane to do this kind of device management, injecting the user data. I mean, I've got two things that I cannot naturally gravitate into now. One of them is,

59:05 Extending Crossplane with Other Providers & Advanced Use Cases

59:12 is there a way for me who to hook in to the Crossplane events that I can then, you know, SaltStack pick up the user data changed and, you know, go across my plate and tell it all to update. And and auto scaling, is that something where the responsibilities are deferred to somewhere else or something that Crossplane made or does or or may bring in later? Yeah. So that's interesting, especially auto scaling. One of the things that we've actually had requested recently is it's not really auto scaling, guess, but it's replication. So right when another another target unit, whatever that may be, comes

59:52 online to automatically provision new infrastructure for it. So in in the case that I'm alluding to here, it's more Kubernetes clusters being added as Helm provider targets. And every time a Kubernetes cluster kind of, like, pops up in the Kubernetes API, folks wanna basically have a Helm script run on it. So if you have, like, a service mesh that runs on all of your your clusters, that's kind of the use case there. Right now, that's not something that's supported in the core composition model. We have talked a little bit about we actually were talking about this in the community

1:00:25 meeting yesterday. The idea of, like, a composition set, which would be kind of, like, similar to a replica set with pods, but it would just be infrastructure or grouping of infrastructure that you could have, you know, replicated, you know, typically a a daemon set or something like that is gonna be on every node, but you could have that, you know, every Kubernetes cluster, every packet device you see. So that's something we've talked about. What you can do instead of that is you could also write a provider or just a standalone controller with kind of that logic already in it

1:00:55 and install it to do some of that functionality. So we generally try to defer things to extensions just to kind of keep the core cross by model cleaner and also allow folks to have things custom to their use case. Right? Because as soon as we we go with a single model, then it kind of eliminates other options. Yeah. I I think that that's probably a good way to do it, it it's just my my brain is just thinking about all this other stuff that I want, you know, to take care of me so I don't

1:01:21 have to do it. Well, open up some issues, man. We'll we'll get to them. Yeah. I think I mean, I could see I could see exactly how I'd wanna use this and and to manage my devices. I love the fact that I updated that use of data. You know, I can actually build enough automation on the the device side anyway to keep a track of that and make sure that it's the reconciliation never kinda stops at that that kinda wall. Alright. Let's pop back over here. So, Marcus, what was this? What were you trying to I don't

1:01:53 know if it's a virus or if it's a some sort of Monero minor, like, what is it? Are there? Oh, you're muted. Muted now. You're still muted, Marcus. Muted. There you go. We're just cycling on me. I don't know why it's doing that. So there was an episode of the binding status where we were exploring Tinkerbell. And I'm I'm trying to recall how how much of this was prebaked and how much of this we, what, run live. But this this set of YAML here provision the think provisioner, the virtual network necessary for it. And then

1:02:00 Looking at the spec to deploy Tinkerbell

1:02:45 once we had that, how much of it did we manually have to configure or install? That's the part I'm not sure about. I'm pulling up the YouTube video right now. I'm gonna drop a link. Just gonna watch you gotta watch the YouTube video and let's post the We're have a group watch here. Let's see. This is the oh, I'm not logged in. Well, here, I'll put it well, I guess if I just send in the private chat only, I'll get it. It's in the readme.md. There's a link for folks. I don't know. I don't know, David, if you're able to

1:03:17 put that in the chat or or whatever. But this is us hacking for an hour and a half and barely getting something running, but it was interesting. So having a quick look at this. What expense of a device, there's no user data here. So I'm assuming the manual steps you're maybe talking about were did you deploy Tinkerbell? Did I guess you SSH then, or did you use this new provider that you were working on? Is that why this popped up? I I I think that with this provisioner, we manually ran did we create the provisioner? We ran kind

1:03:54 on it. No. Did we run kind? We ran Docker Compose. We we used the tank Tinkerbell install scripts. Oh, nice. So then we had we had the provisioner running there. And was there and then there was a bit of copy and paste, I think. But because you need the you need the hardware IDs and and right. So it it was a manual effort, but it what the re the work that went into getting this demo working was creating the ports, creating the creating the port assignments, and the VLANs. Yeah. And I think one thing we can

1:04:40 see here is so this is, like, some inline YAML again. You know, with these different resources, we could put them in a composition, right, and have an abstract type. It was like a a Tinker Bell instance or something like that and kind of take care of some of that that manual stuff for us. I think there'd probably be some more manual stuff here, but maybe some of the provider SSH stuff could also be dropped in to create kind of like a a package that you could install to provision Tinker Bell instances on on Equinix metal.

1:05:11 Provider SSH & Future Provider Features

1:05:11 So it sounds to me like the provider SSH fills in a few of the the gaps that are maybe missing here for, like, a complete I think just from my understanding from a complete end to end. Is that something we can use now? I would say no. We got it to let's see. I've even pushed up what we had recently because I need to clean it up a little bit. And and it needs to be refactored a little bit for zero dot 13. So this can be a teaser. Right? We'll come back and we'll use provider SSH.

1:05:43 And if folks there's also a TBS episode on provider SSH. So if folks wanna see how that works a little bit, then we can we can definitely do that in the future. But I don't think we could fit it in in twenty five minutes here. And and when on the on the Equinix metal side, the sorts of resources that we would need to support are the the Equinix metal projects Equinix metal project SSH keys so that you can, you know, create some crossplane, some YAML for them to get those provisions. So that that is a a work in progress

1:06:21 PR open for that. Yeah. I I thought I was gonna be able to just hop right in the SSH keys, but then I kinda realized that I would also need to have support for projects. When you think of, like, a Terraform provider, you think, okay. I have support to create the devices. That's enough. And then you realize quickly, oh, no. I also need the projects. I need to this. I need that. And sooner, your module gets huge. And and that's what that's what kind of happened here. This started with permitted support for devices. Now we've added networking support,

1:06:57 and then we'll add, you know, projects, SSH key support, fabric interconnects. That's a a thing that we can add. Yeah. Tell me tell me well, I'm gonna turn into the interview here for just a second. What is what is fabric? Because I know when we are working on you know, so we just changed the packet provider to Equinix metal provider. What is and and you mentioned, you know, having an Equinix fabric, I think, provider. What what is that? Have you done a few of these, Dave? Trying to fix some or thought? I mean, I stormed off in a half, so I

1:07:11 Equinix Fabric Integration Potential

1:07:37 only heard the latter half of the question. But I'm assuming what you're asking to Dan is what is Equinix Fabric? Yep. That's that's exactly right. Yeah. So, I mean, I think that I mean, I don't know where to give you the the sales blurb or just, you know, just answer it in one sentence. Okay. So Equinix is in a very unique position and that the locality and number of data center and IBXs they have around the world is huge. Right? I mean, if you want to run colocation or bare metal servers in any of these locations, then it's available in API

1:08:09 and that's great. What they don't do is provide a lot of managed services on top of that. And what a lot of people want to do is then default to manage cloud services. You know, maybe they wanna use s three or GCS or they wanna use RDS as a database or, you know, back table or all these other things. Or even they just wanna run some workloads on a hybrid cloud or multi cloud fashion. So they wanna split their workloads across, bare metal. They've got virtualization with easy to and all this other stuff. So really, you

1:08:35 know, modern applications aren't just sticking on a server and walk away or even a single Kubernetes cluster probably isn't the default or what the default in this near future. What fabric does is actually gives you a fiber backbone to all of these different cloud providers. So you can have servers and an Equinix IBX. You can have some workloads running on EC two or on GCS, and you can consume their managed services without going over the public Internet and taking the hat on latency or even the ingress and egress cost of going in and out of Amazon can actually

1:09:07 add up really expensively. So that's what fabric is. It's like you can just pick and choose all the cool bits that you want from the various providers and still have that choice and flexibility. It's really important for multi cloud or hybrid cloud. I don't know if that was the quick answer of the sales pitch. And if in did I get anything wrong there, Marcus? No. That sounded sounds great to me. I just linked in our shared chat. I I added a link to Alright. Cool. Yeah. That's something fair. Yeah. I mean, it's definitely one of the things I'm

1:09:38 most excited about, you know, having now being at a packet now Equinix Meadow for the last three months, you know, the the idea and the potential that I can see for a product of this is and I'm not gonna get two sales pitches, not point of the stream. But I see a lot of really cool use cases for that. And I'm looking forward to exploring hybrid cloud workloads with it. So and Crossplane needs to support it just for me now. So, you know, we're gonna have to kinda get that added to the to the provider

1:10:04 over the coming weeks or months or whatever. For sure. Is there an API for Equinix Fabric yet? There is. There is an API. So you can I don't know? Do I have it enabled on my account? I do. So, I mean, the fact that it's here in the UI means there's an API as well. I'm not gonna point to the API documentation, but you can feel free to go and find that. And I'll put a link in the show notes. But, you know, you can come here and click connections, and we've got a few different options here

1:10:34 that allows you to get started in the process of fabric. I don't know if it's automatically approved or if it has manual just now as we roll it out. I don't know if Marcus knows better than me there. Yeah. I'm not sure if it's if it's beta stage right now or if this is GA. I don't know if, like, there's a special target we're seeing. I'm just question that went running through my head. But the documentation is there, which is probably a good sign. I don't know how quickly the API responds right now to these requests. I think that

1:11:07 there is probably some level of verification right now. On the Equinix API side, I know it's possible to provision fabric once once you've got your account created there. And this API needs some information from that API, So there's a, you know, a little bit of hand holding you have to do yourself. What another thing that I'd like to share, if I can dig it up, is that the the Terraform provider for Equinix has some examples of how you can of how you can use, say, the Google and the Amazon and Azure, like, link them all up through their

1:11:53 through Equinix Fiber to create one, like, humongous cloud network. So Humongous cloud network. Oh, they can't Yeah. Anyway, that that's Trademark. My marketing. Yeah. That was my marketing. I didn't go with that. But Equinix Metal can also be connected in in those same sort of ways. And one of the things that we'd like to be able to do in terms of Crossplane is be able to take advantage of all of the resources that are native to Equinix Metal API, turn them into something that you can provision in Kubernetes, and imagine you're in Kubernetes. And and another

1:12:31 one of those resources that we can't control right now because we haven't created we haven't written it into the provider yet. But you can provision these bare metal servers, the networks, all their interconnects to other clouds, provision the BGP networks and control those all from Kubernetes. Like, I'm in this weird spot of, like, building these tools and not quite knowing what to do with them, but it sounds like I could do a lot of things with them. Yeah. So so could you, like, let's say, provision a device on Equinix metal and then some of this fabric

1:13:10 stuff, and then, like, a database on Azure and then just have connectivity between them? Is that is that kind of along the lines of what you're talking about? Like, could you make use of these other providers and the resource they can provision and then have that connection to them via fabric? Yeah. And so you're you're you're getting you're getting the latency drop, the the reduced latency. You're getting I I believe there's gonna be some difference in what you're paying for throughput since you're, like, within the same facility. Mhmm. Again, we're we're talking about three different providers

1:13:47 in this case. We're talking about Equinix middle middle Equinix and, like, Azure or AWS or whoever. So each of them has some different policies around this. But in the end, the the capabilities are on there. Right? Yeah. That's one of the examples that I really like was one where there was, like, ECQ nodes and packet devices being bridged together for a for a single cluster. I that's the kind of thing that this enables. Yeah. We should definitely put together a configuration package that has, like, a bunch of different examples of these in that. And then you

1:14:25 can just, you know, install configuration that you have all the different, like, you know, Equinix fabric metal things that you can just try them out, you know, immediately if you have a Kubernetes cluster. That'd be pretty sweet. Yeah. I agree. Definitely. So what I'm gonna say is we'll kinda let's wrap this up now. I think there's a few follow ups that we need to agree. And I I think the best way for me to do that is just to get you to confirm now so that you can't back out. But I think what we've agreed there is that

1:14:41 Contributing to Crossplane & Community Resources

1:14:54 there's still some work to do in the Crossplane provider. We wanna build out more support from all these objects. You know, it's October. There is Oktoberfest. I always find that it's when I'm looking for new things that I can go and contribute to, one of the most daunting things is just where to start. So I think it would be really cool if the three of us could maybe find some time and it doesn't have to be tomorrow or, you know, or next week. But maybe just to show people how to get involved in writing a Crossplane provider support in

1:15:21 a new Equinix metal API and and walking through the process. And one of the things that always trips me up again when I especially coming to a project like this is I always feel like I should submit a PR with a test. I never know how to write the test. So, you know, having something like this where we can show people how to do that, I think would be really beneficial and hope to drive more support as a provider. And Marcus, think we definitely need to start, you know, showing off the fabric stuff. I'm looking forward to playing with us a bit

1:15:48 more now that it's coming available. So really exciting stuff, and we've got lots more content to come. Is there anything that either of you would like to close on before we finish up? No. That sounds that sounds pretty good to me. Folks are interested just generally in Crossplane providers. If you go and look at the the TVS playlist on the Crossplane YouTube channel, there's a few different examples of bootstrapping new providers, which should give you some context on, you know, how to contribute to the Equinix metal one. And then also in either I I guess it's still packet Slack. I

1:16:23 don't know if it or Equinix Metal Slack and Crossplane Slack are both great places or on Twitter to reach any of us. So, yeah, definitely reach out and we'll we'll go the extra mile to make sure you're able to contribute. That sounds awesome. And from Premier Marcus. Yeah. Thanks for asking all the right questions, David, join this conversation. And and also, it's cool for me to just, like, sit back and listen to Dan finally, like, explain to me, like, have the time, the window to explain all the changes that have happened in Crossplane over the last two versions.

1:16:38 Conclusion and Future Plans

1:16:59 Yeah. The things have been called there were different names for some of the same features, but they've evolved and they've evolved in, like, powerful ways. So I still have the old names in my head, but they're not those old things. They are new things that that Right. Can be used in bigger and better ways and took a lot of work together there. So I'm glad to see that. Yeah. For sure. Well, we we definitely or I guess I I'll speak for myself for sure working on the package manager, was something that you originally kinda got started.

1:17:33 Definitely was was nice to have all the ideas that you recorded from all that and that sort of thing and build on on the work that you did. So definitely appreciate that. And and and the the the functionality today comes from the work that you did as well. So I'm loving the good vibes here, man. This is gonna make me tear up. So yeah. This was really cool. Crossplane is really exciting. I'm looking forward to playing with us more. I'm looking forward to hopefully contribute and and help him with some of these API gaps. And I really hope that we can

1:18:02 come back around full circle here in a month or whatever and really show this off as well. And I'm gonna commit you to showing off the SSH provider too. So we'll get that ready. Got it. There there was a lot of things we said we're also gonna be in the show notes. So let me catch up with you both afterwards. We'll get make sure that we haven't messed anything and we'll get all that included. So anything we said will be there, we'll hopefully be there. Thank you again, both of you, for joining me. This is a really good session.

1:18:27 I enjoyed it. Yep. Thank you. You have a good one. Have a great day. Thanks again. Bye. Bye.