After recently turning 1 year old, the Crossplane project is excited to have closed out 2019 with enhanced API support for GKE clusters (node pools, auto-scaling, gVisor container security, networking policies), simplified permission management with new default RBAC roles, and a new integration test framework in the crossplane-runtime.
These new features enable production-facing scenarios for application delivery platforms, like VSHN’s ProjectSyn, that have sprung up around Crossplane to streamline application delivery with self-service provisioning of cloud infrastructure that apps depend on without getting bogged down on infrastructure details.
The momentum continues to build with lots of community engagement around adopting Crossplane and new features needed to enable real-world scenarios with a focus on quality, scalability, and security.
v0.6 is the monthly installment of Crossplane that builds on the v0.5 release and incorporates lots of community feedback which is always great to see as Crossplane is enhanced to support production-facing use cases!
We’ll cover some of the release highlights below and be sure to checkout all the details in the latest version of the crossplane.io/docs!
Support for GKE node pools, auto-scaling, gVisor, and more
The GKE cluster API has moved to v1beta1 and now supports most features of GKE clusters including GKE node pools, cluster and pod auto-scaling, gVisor enabled clusters, and network policy enabled clusters.
Checkout the API docs for more details: container.gcp.crossplane.io/v1beta1
Note: v1alpha3 GKE cluster support has been left intact and can run side by side with v1beta1.
Simplified permission management with new default RBAC roles
Kubernetes provides the concept of built-in roles (cluster-admin, admin, edit, view) that provide a clear role to bind to when assigning permissions to users or teams with well-defined expected behavior.
Crossplane follows the Kubernetes model for default roles and now provides default Crossplane roles that simplify secure integration:
- Default admin, editor, and viewer roles are automatically updated as Stacks are installed/uninstalled.
- Admins can create role bindings to these default Crossplane roles, to manage permissions for users and teams.
Crossplane uses the automatic role aggregation provided by Kubernetes to support auto-updating these roles and it turned out to provide a very clean way to implement a concise consumption and permissioning model around all Crossplane installed resources:
- Cluster-scoped Stacks aggregate to cluster (environment) roles.
- Namespace-scoped Stacks aggregate to namespace (workspace) roles.
This is a huge improvement over having to craft roles manually, plus Crossplane keeps them up to date automatically as Stacks are installed and uninstalled!
See the design doc for more info.
Crossplane-runtime gets a new integration test framework
The crossplane-runtime has a new integration test framework that reduces the burden to provide integration test coverage across all projects and prevent regressions. Integration tests will be added to the GCP Stack first and then rolled out to the other stacks (AWS, Azure).
This is a huge improvement in our end-to-end testing story and a very welcome addition to the crossplane-runtime as we move towards production-ready!
- Schedule KubernetesApplications to any Kubernetes cluster including bare-metal
- Versioning and upgrade support for all aspects of Crossplane
- Template Stacks - easier to build App & Config Stacks (Preview)
- More v1beta1 APIs:
- GCP storage buckets
- GCP networking resources
- AWS and Azure to follow
- Improved logging and eventing
- Automated integration tests for GCP, AWS, Azure
- Improved error messages surfaced in claims and/or eventing
- Additional real-world App Stacks
- Expanded Rook support for additional in-cluster stateful storage types
- Policy-based secure connectivity strategies
- Enhanced application scheduling (cost, weight)
There are many different ways to get involved in the Crossplane project, both from the user side and the developer side. Please join us in helping the project continue to grow on its way beyond the v0.6 milestone as we move from alpha to beta over the coming months!
Join the open cloud movement to help level the playing field for everyone!