Amazon EKS cluser management with Crossplane and Argo CD

This Git repository contains software artifacts to deploy Crossplane server and Argo CD to an existing Amazon EKS cluster and then leverage the GitOps workflow to manage both provisioning a remote EKS cluster with Crossplane and subsequently manage application deployments to it using Argo CD. Please refer to the accompanying blog post for details about how this works.

Deployment architecture

Solution overview

Here’s the high level overview of the solution architecture.

  • Start off with an Amazon EKS cluster that was created using any one of the approaches outlined here
  • Install Argo CD on this cluster to manage all deployment tasks and point it to a Git repository containing the deployment artifacts
  • Deploy Crossplane components that are needed to manage the lifecycle of AWS managed service resources
  • Deploy Crossplane-specific custom resources to provision an Amazon EKS cluster
  • Deploy a set of workloads to the new cluster

The goal is to manage all of these tasks in a declarative style based on the GitOps approach.

Deployment overview

Imperative approach

The script crossplane.sh outlines the CLI commands used in this implementation to install Crossplane to a management EKS cluster and then provision a workload EKS cluster. The implementation uses Crossplane's Composition and CompositeResourceDefinition to create a Crossplane Configuration package that will provision the complete infrastructure for setting up an EKS cluster - VPC, subnets, internet gateway, NAT gateways, route tables, and the EKS cluster with a managed node group. The figure below shows the relationship between various Crossplane custom resources used in this Configuration package and the set of AWS managed resources that they provision.

Component Relationship

Declarative approach

The script argocd.sh outlines the steps involved in installing Argo CD on the management EKS cluster and then leveraging the GitOps workflow in Argo CD to manage both provisioning and management of a remote workload cluster.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.