k8s-for-bigdogs-examples

How to create your own IDP(internal developer platform) locally.

This is what I run for local machine for testing reasons, interview practice,whatever it might be. There is not enough tutorials on using Crossplane locally, in my opinion. These are some of the things I use; and a couple of dead simple demos for now.

This gives you a real, and very usable IDP where Argo deploys your platform resources from Github and Crossplane composes them into your actual workloads.

Argo syncs everything from Git, and Crossplane builds the actual k8s resources.

An example of using a fully featured Argo, Helm, Kubernetes stack on minikube via crossplane. Woof woof. 🐕

Example Crossplane Apps Repo

Index

• Components used
• Setup
• Manual apply steps
• Login to ArgoCD
• Minikube Dashboard
• What Argo looks like
• Minikube commands
• Start or Build the stack
• Local Host Entries
• Open URLs
• Local CA + TLS setup
• Component Usage Breakdown

Components used

• minikube
• Crossplane
• ArgoCD
• cert-manager
• nginx-ingress
• helm
• prometheus-kube-stack

Setup

Initial Manual Apply Steps

helm install crossplane \
  crossplane-stable/crossplane \
  --namespace crossplane-system \
  --create-namespace

• kubectl apply -f ops/
• kubectl apply -f crossplane-resources/

This creates 26 pods in total on my local, feel free to check though: kubectl get pods -A --no-headers | awk '{print $1}' | sort | uniq -c

• 7 argocd
• 5 crossplane-system
• 1 demo-nginx
• 7 kube-system
• 6 observability

Login to ArgoCd

Get the password for the admin user and login kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Minikube Dashboard

minikube dashboard

What argo looks like when everything from the repo is synced as apps and runnning -

All port-forward commands as managed by argocd + crossplane for nginx-ingress

Do not use the minikube addon, for consistency in hostnames manage it in argo.

minikube cmds

minikube tunnel minikube dashboard

Start or Build the stack(after you've done the initial manual apply step, you don't need to

After you've done the initial manual apply step, you won't need to do it again. minikube start And sync argocd - argocd sync

Local Host Entries

127.0.0.1 argocd.dev demo-nginx.dev hello.dev

Open URLs

https://argocd.dev https://demo-nginx.dev https://hello.dev

Local CA + TLS setup

The CA gets installed into your macOS keychain so browsers can trust the cluster domains. kubectl get secret local-dev-ca-secret -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > local-dev-ca.crt

Then you can add the local-dev-ca.crt to your keychain, on a mac this works - sudo security add-trusted-cert \ -d \ -r trustRoot \ -k /Library/Keychains/System.keychain \ local-dev-ca.crt

Restart your browser and you should be able to see all the URLs without any port-forwards.

Component Usage Breakdown

PlatformApp

Deploys Helm charts as argocd apps.

PlatformWorkload

Container Workload. Usually deployment + svc + ingress

PlatformDatabase

Creates psql instance.

PlatformStack

A bundle of PlatformApps and PlatformWorkloads. This is what you deploy to get a full stack of resources within k8s itself. aka, a bundle of a mutiple platform resources in this env.