Crossplane v0.13 paves the way for v1.0 with platform configuration support to create a universal cloud API for your app teams
v0.13 is a major release with new support for platform Configurations and Providers in an overhauled v2 package manager with upgrade and rollback support plus faster deploys. Define your own cloud APIs with CompositeResourceDefinitions (XRDs) with multiple Compositions to offer classes-of-service, and enable your app teams to consume them with Composite Resource Claims (XRCs). More AWS cloud service primitives, a new Helm Provider, and Open Application Model (OAM) enhancements round out this release!
The momentum keeps rolling forward with a huge v0.13 release that establishes near final core APIs and major upgrades that pave the way for a v1.0 release later this year!
Composition naming has been finalized with InfrastructureDefinition and InfrastructurePublication types merged into a new CompositeResourceDefinition
(XRD). Requirements are now known as Composite Resource Claims (XRCs), and no longer require any specific kind suffix.
The v2 package manager is a major overhaul that adds support to install and manage new platform Configurations
and Providers
that enable you to define and compose a univeral cloud API for your app teams -- without writing code. An overhauled kubectl
plugin allows you to build, push, and install Configuration
and Provider
packages and a new crossplane.yaml
identifies each package and includes dependency info. The v2 package manager supports upgrade and rollback plus everything is much faster!
The's been a ton of community engagement and contributions adding support for more clouds and cloud services -- and we'd like to give a special shout out for some notable provider-aws
contributions to @enderv for adding ECR support and @krishchow and @RedHatOfficial! for:
- S3 Buckets upgrade to v1beta1 quality
- S3 Bucket Policy support
- ElasticCache and SNS Topic enhancements
RedHat and @krishchow also published an excellent blog post on how to provision cloud services in OpenShift clusters using Crossplane that expands on the previous work announced back in May 2020!
If there are additional cloud service primitives you'd like to see, please drop us a note in the Crossplane Provider repos on GitHub: AWS, GCP, Azure, or Alibaba!
The community has also made a ton of progress on code generating Crossplane Providers. We'd like to give a shout out to @jaypipes, @Dave_Fellows, @matthchr, @babbageclunk, and @theunrepentantgeek. Follow along with our progress with the links below or drop us a note in the Crossplane #providers channel on Slack to learn more:
- AWS ACK code generation of provider-aws
- Azure Service Operator code generation of provider-azure
- Cloud providers without code gen pipelines: wrap stateless Terraform providers
We've also been collaborating with @emeshbi from cdk8s on enabling cdk8s users to offer constructs as native CRDs via Crossplane Composition, to run cdk8s behind the Kubernetes API line as part of a longer journey to provide first-class multi-language support for authoring Crossplane platform Configurations
and Compositions
.
Packet (now Equinix Metal) has a Crossplane Provider for Equinix Metalwith contributions from @displague @rainleander and @jasmingacic plus an awesome Crossplane intro by David McKay, Marques Johansson, and Crossplane's Daniel Mangum, so be sure to check it out!
We'd love to see you at any of our upcoming virtual KubeCon NA talks November 17-20, so register now if you haven't already and checkout the schedule below!
TheNewStack (TNS) coverage has also been great, thanks for having us on the show @alexwilliams, @Joab_Jackson, @LibbyMClark, and @ricmac!
- Crossplane: A Kubernetes Control Plane to Roll Your Own PaaS
- OAM, the Kubernetes App Model Bridging Dev and Deployment
- KubeCon NA 2020 Preview Livestream Demos: 5 Projects, 10 Minutes Each
For the KubeCon Pre-event Livestream the folks at Upbound put together an AWS Reference Platform for Kubernetes and Data Services(Apache 2.0) that shows how to use all the new features of Crossplane v0.13 to define your own cloud platform and universal cloud API. The AWS Reference Platform works with both upstream Crossplane and Upbound Cloud -- which is powered by Crossplane.
To get a better idea of using Crossplane v0.13 in action, let's walk through some key aspects of the KubeCon Lightning demo and the AWS Reference Platform for Kubernetes and Data Services.
Note: see APIs in this Configuration for an overview of all APIs provided in this Configuration
and full resource definitions.
Define your own cloud APIs with XRDs
CompositeResourceDefinitions
aka XRDs let you define your own cloud APIs with a simple API schema that generates two CRDs:
- composite resource (XR) kind - e.g.
CompositePostgreSQLInstance
- composite resource claim (XRC) kind - e.g.
PostgreSQLInstance
apiVersion: apiextensions.crossplane.io/v1alpha1
kind: CompositeResourceDefinition
metadata:
name: compositepostgresqlinstances.aws.platformref.crossplane.io
spec:
claimNames:
kind: PostgreSQLInstance
plural: postgresqlinstances
group: aws.platformref.crossplane.io
names:
kind: CompositePostgreSQLInstance
plural: compositepostgresqlinstances
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
storageGB:
type: integer
required:
- storageGB
required:
- parameters
The API schema is the same for the XR and XRC kinds and is passed down from the XRC to the XR and into the Composition
where it is mapped onto the composed resources using a patch overlay, in this case onto a DBSubnetGroup
and an RDSInstance
.
apiVersion: apiextensions.crossplane.io/v1alpha1
kind: Composition
metadata:
name: compositepostgresqlinstances.aws.platformref.crossplane.io
spec:
compositeTypeRef:
apiVersion: aws.platformref.crossplane.io/v1alpha1
kind: CompositePostgreSQLInstance
resources:
- base:
apiVersion: database.aws.crossplane.io/v1beta1
kind: DBSubnetGroup
spec:
forProvider:
region: us-west-2
description: An excellent formation of subnetworks.
reclaimPolicy: Delete
patches:
...
- base:
apiVersion: database.aws.crossplane.io/v1beta1
kind: RDSInstance
spec:
forProvider:
region: us-west-2
dbInstanceClass: db.t2.small
engine: postgres
engineVersion: "9.6"
skipFinalSnapshotBeforeDeletion: true
reclaimPolicy: Delete
patches:
- fromFieldPath: "metadata.uid"
toFieldPath: "spec.writeConnectionSecretToRef.name"
transforms:
- type: string
string:
fmt: "%s-postgresql"
- fromFieldPath: "spec.parameters.storageGB"
toFieldPath: "spec.forProvider.allocatedStorage"
The XRD defines a custom cloud API for a PostgreSQLInstance
that your teams can provision with kubectl
that will be satisfied with a Composition
that composes a DBSubnetGroup
and RDSInstance
.
Multiple Compositions
can be used to offer classes-of-service for each API, while providing a consistent API across environments.
Include Helm Releases in your Compositions
The AWS Reference Platform for Kubernetes and Data Services also supports a K8s Cluster
API and a Composition
of EKSCluster
, NodeGroup
, IAMRole
, IAMPolicyAttachment
, and cluster Services
that compose Helm Releases
to provision a fully-configured EKS cluster with the exact configuration you're looking for.
apiVersion: apiextensions.crossplane.io/v1alpha1
kind: Composition
metadata:
name: services.aws.platformref.crossplane.io
spec:
compositeTypeRef:
apiVersion: aws.platformref.crossplane.io/v1alpha1
kind: Services
resources:
- base:
apiVersion: helm.crossplane.io/v1alpha1
kind: Release
spec:
forProvider:
namespace: operators
chart:
# from https://github.com/prometheus-community/helm-charts
# default values are overridden by the patches below.
name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts
version: "10.1.0"
values: {}
patches:
# All Helm releases derive their labels and annotations from the XR.
- fromFieldPath: metadata.labels
toFieldPath: metadata.labels
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
# All Helm releases derive the ProviderConfig to use from the XR.
- fromFieldPath: spec.providerConfigRef.name
toFieldPath: spec.providerConfigRef.name
# Derive the Prometheus operator image and tag from the XR.
- fromFieldPath: spec.operators.prometheus.version
toFieldPath: spec.forProvider.chart.version
The composed Helm Releases
are automatically installed into the target EKS cluster as part of the Services
composition in the top-level Cluster composition, showing how Compositions
can compose both Managed Resources
and other Compositions
.
Checkout provider-helm
being incubated in https://github.com/crossplane-contrib/provider-helm for more info.
Build and push your platform Configuration
Once you have your platform Configuration
defined, you can build and push it to any OCI registry using the new Crossplane CLI kubectl
plugin:
kubectl crossplane build configuration --name package.xpkg
kubectl crossplane push configuration acme/platform-aws:v1.0.0 -f package.xpkg
To build a Configuration
package, you'll need to define a crossplane.yaml
that identifies the package as a Configuration
and lists its dependencies:
apiVersion: meta.pkg.crossplane.io/v1alpha1
kind: Configuration
metadata:
name: platform-ref-aws
annotations:
company: Acme
maintainer: Joe <joe@acme.io>
keywords: aws, cloud-native, kubernetes, example, platform, reference
source: github.com/acme/platform-aws
description: |
Acme cloud platform k8s applications running in AWS.
spec:
crossplane:
version: ">=v0.13.0-0"
dependsOn:
- provider: crossplane/provider-aws
version: v0.12.0
To learn more about building and pushing your platform Configurations checkout the Package Infrastructure section of the https://crossplane.io/docs!
Install and use your platform APIs
The new Crossplane v2 Package Manager supports installing and upgrading Configurations
that bundle all the XRDs and Compositions
that define the cloud APIs in your platform and the Provider
packages they depend on.
1) Install your platform Configuration:
kubectl crossplane install configuration acme/platform-aws:v1.0.0
2) Connect to your cloud provider
Create the ProviderConfig
and Secret
:
kubectl create secret generic aws-creds --from-file=key=./creds.conf
kubectl apply -f examples/aws-default-provider.yaml
3) Use the cloud APIs in your platform
Now you can consume the cloud APIs in your platform using kubectl
, deployment pipelines and GitOps workflows, or anything that works with the Kubernetes API:
kubectl apply -f examples/network.yaml
kubectl apply -f examples/cluster.yaml
kubectl apply -f examples/postgres-claim.yaml
The PostgreSQLInstance
claim used above can be customized to have the exact shape and size of the abstraction you want in the cloud APIs for your teams, by customizing the platform Configuration
XRDs to your liking:
apiVersion: aws.platformref.crossplane.io/v1alpha1
kind: PostgreSQLInstance
metadata:
name: my-db
spec:
parameters:
storageGB: 20
networkRef:
id: network-fabric-1
writeConnectionSecretToRef:
name: my-db-conn
Crossplane provides kubectl
categories to see the resources created:
kubectl get claim
kubectl get composite
kubectl get managed
Checkout the AWS Reference Platform for Kubernetes and Data Services to learn more and customize it to match the exact needs of your organization!
Other Notable v0.13 Items
- A new RBAC manager automatically manages the RBAC roles and bindings required by providers and composite resources. It is an optional deployment that uses RBAC privilege escalation - Crossplane no longer requires cluster-admin privileges.
- Crossplane provider’s
Provider
resource has been replaced by a similar type namedProviderConfig
. - Workload APIs (e.g.
KubernetesApplication
) are deprecated and slated for removal in v0.14. Take a look at provider-helm for an alternative way to run workloads from within aComposition
using a HelmRelease
resource. - Crossplane’s original resource claims (e.g. MySQLInstance) were deprecated in v0.12 and have been removed in v0.13, since you can now define your own claim kinds in a
CompositeResourceDefinition
(XRD). - Helm Provider: install a Helm
Release
from a CrossplaneComposition
- Open Application Model (OAM)
- can now be installed using:
helm install crossplane
with the--set alpha.oam.enabled=true
flag - Enhanced health scopes with informative health conditions
- Health check support for containerized.standard.oam.dev in Health
- Run with fewer privileges
- Hardening and robustness enhancements towards v1beta1 quality
TBS#23: Sourcegraph
In TBS#23 Dan is joined by Beyang Liu, the CTO and co-founder of Sourcegraph. Sourcegraph is a fast, open-source, fully-featured code search and navigation engine.
Dan and Beyang will explore why universal code search is valuable for developers, how Sourcegraph works, and why Kubernetes is a useful platform for deploying a code search platform. Then they will demonstrate how Crossplane can enhance the experience of deploying Sourcegraph on Kubernetes by providing access to cloud provider managed services from within the cluster.
To get the latest content subscribe to the Crossplane YouTube channeland join the TBS livestreams which are announced by @hasheddan and @crossplane_io on Twitter and in the #general channel of Crossplane Slack!
Beyond v0.13
v0.14.0 - Hardening, robustness, v1beta1 APIs in core (Nov 2020)
- XRDs can support defining multiple versions of an XR
- Surface XR claim binding and secret publishing errors
- ControllerConfig can override default values for a Provider
- Crossplane version constraints in Provider and Configuration packages
- AWS Provider:
- S3 Bucket Policy to v1beta1
- IAM User Access Key v1alpha1
- Open Application Model (OAM)
- HealthScope support for PodSpecWorkload
- Allow OAM controller to create events
- CRD discovery mechanism
- Remove deprecated Workload API types:
KubernetesApplication
,KubernetesTarget
,KubernetesCluster
- replaced by Composition and provider-helm
- All core APIs to v1/v1beta1
- Code Generation of Providers (work-in-progress)
- AWS ACK Code Generation of the Crossplane provider-aws
- Azure SO Code Generation of the Crossplane provider-azure
- Clouds that don't have code gen pipelines - wrap stateless Terraform Providers #262
v1.0.0 Release Candidate (Dec 2020)
- Leader election for all controllers
- Prometheus metrics for all binaries
- Claim update propagation to its underlying composite resource
- Bi-directional Composition patching for status
- Revision support for incremental Composition upgrades
- Use Composition members to fill a connection secret
- Composition validation webhooks
- Auto dependency resolution for packages - install providers
- All core APIs to v1/v1beta1
- Code Generation of Providers (initial set of generated resources)
- Native AWS, Azure provider resources.
- Terraform-based provider resources.
- Code Generation of Providers (100% coverage)
- First-class multi-language support for
Compositions
andConfigurations
- Managed resources can accept an array of resource references for enhanced cross-resource reference (CRR) / dependencysupport.
- Per-namespace mapping of IRSA and workload identity for finer grained infra permissions in multi-tenant clusters
- Additional conversion strategies for XRDs with multiple versions of an XR
- Conversion webhooks to support installing multiple API versions
- CustomComposition support for use with cdk8s sidecar, TYY, and others
Checkout the following to learn more:
KubeCon NA 2020 - November 17-20th
We'd love to see you at any of our upcoming virtual KubeCon NA talks, so register now if you haven't already and note all times are in Eastern Time (UTC–05:00)!
Wednesday Nov. 18th
Crossplane Project Office Hours - Join Here (Zoom)
Crossplane Maintainers
03:00 PM EST
Managing Apps and Cloud Resources with a Unified Approach in Kubernetes
Jianbo Sun, Alibaba & Jared Watts, Upbound
4:55 pm EST
Friday Nov. 20th
Building an Enterprise Infrastructure Control Plane on Kubernetes
Daniel Mangum, Upbound & Steven Borrelli, Mastercard
5:05 pm EST
Get involved!
We're excited to see the continual growth of the Crossplane community and would love for you to get involved. Whether you are a developer, user, or just interested in what we're up to, feel free to join us via one of the following methods: