Skip to content

Kubernetes provider

The Kubernetes provider is a community provider. As the name suggests, it lets you manage Helm chart installations with Crossplane.

Install

You can install the provider via the up CLI or a Kubernetes manifest.

up controlplane provider install \
  xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.5.0
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-kubernetes
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.5.0
EOF

Once created, you can wait for the provider to become healthy.

kubectl wait --for=condition="Healthy" providers.pkg.crossplane.io crossplane-contrib-provider-kubernetes

Configure

The Kubernetes provider needs Kubernetes credentials to install Kubernetes manifests. The following is required if installing in the same cluster as the provider.

cat <<EOF | kubectl apply -f -
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: InjectedIdentity
EOF

Give Service Account permissions

The Kubernetes provider needs several RBAC permissions. It does so via a generated Service Account, which you can find like this:

SA=$(kubectl -n upbound-system get sa -o name | grep provider-kubernetes | sed -e 's|serviceaccount\/|upbound-system:|g')

You can give it the specific RBAC configuration you want or the cluster-admin cluster role, as in the example below.

Danger

Do not do this in production environments.

In production environments, ensure the Service Accounts have only the permissions you need.

kubectl create clusterrolebinding provider-kubernetes-admin-binding --clusterrole cluster-admin --serviceaccount="${SA}" || true

Last update: 2023-01-10 16:45:04