Provision complete environments (dev, staging, prod) from kubectl with a few lines of yaml using new minimal environment stacks for GCP, AWS, and Azure. Infrastructure operators can package turn-key environment templates and quickly spin up environments for app teams, so apps can be built and released faster with a streamlined workflow using familiar Kubernetes tooling. PostgreSQL 11 support, EKS support for IAM Roles for Service Accounts, enhanced logging and eventing, and a new Observability Developer Guide round out the release.
There's been a ton of activity on the project this past month with community contributions and collaboration coming in on multiple fronts. With more Crossplane deployments sprouting up we've been focused on enabling real-world scenarios for the community including Postgres 11 support (thanks @vasartori!), EKS support for IAM Roles for Service Accounts, versioning and upgrade, logging and eventing enhancements in
crossplane-runtime, a new Observability Developer Guide, and updated providers for GCP, AWS, and Azure!
Minimal environment stacks for GCP, AWS, and Azure
For example stack-minimal-gcp packages a turn-key environment template, so you can quickly spin up a dev or test environment using
Step 2: Install and configure the Minimal GCP stack
Install the Minimal GCP stack and apply the yaml below to spin up a dev/test environment that applications can be deployed into, including their cloud service dependencies.
apiVersion: gcp.resourcepacks.crossplane.io/v1alpha1 kind: MinimalGCP metadata: name: dev-uswest-demo spec: region: us-west2 projectID: crossplane-playground credentialsSecretRef: name: gcp-account-creds namespace: crossplane-system key: credentials
Environment core configuration:
Provider- used by Crossplane to talk with Cloud APIs
Network- environment network
Subnetwork- environment subnet
GlobalAddress- IP range for managed services
Connection- secure managed service connectivity
Service catalog (classes of service):
GKEClusterClass- GKE target clusters, for self-service via claims
CloudSQLInstanceClass- cloud databases, for self-service via claims
CloudMemorystoreInstanceClass- cloud caches, for self-service via claims
Step 3: Deploy applications with self-service cloud infrastructure
With a dev/test environment configured in step #2, app teams can deploy applications and consume cloud infrastructure on-demand from the service catalog.
For example the Wordpress application can be deployed via Crossplane using the following:
apiVersion: wordpress.samples.stacks.crossplane.io/v1alpha1 kind: WordpressInstance metadata: name: wordpress-demo spec: provisionPolicy: ProvisionNewCluster
WordpressInstance CRD is provided by the Wordpress application which uses the templating-controller to observe new
WordpressInstances and render the following child resources using helm3 templates.
KubernetesApplication- unit of scheduling for deployments and services
KubernetesCluster- resource claim to dynamically provision a target cluster
MySQLInstance- resource claim to dynamically provision a MySQL instance
WordpressInstance has successfully deployed into our
MinimalGCP environment with only a few lines of yaml!
New versions of stack-minimal-gcp and sample-stack-wordpress have been published to DockerHub, use the new templating-controller(kustomize, helm3, etc.), and provide a great starting point for building custom stacks of your own!
IAM Roles for Service Accounts on EKS
We also enabled stack-aws to authenticate to the AWS API using IAM Roles for Service Accounts in v0.8, based on community feedback that some people were unable to create RDS instances using Crossplane due to security restrictions in their environments -- they needed to use IAM roles associated with Kubernetes ServiceAccounts, rather than providing credentials as a Kubernetes Secret.
Checkout the details here!
Logging and Eventing Upgrade
Observability is crucial to Crossplane users; both those operating Crossplane and those using Crossplane to operate their infrastructure. Crossplane currently approaches observability via Kubernetes events and structured logs with enhancements made to the
crossplane-runtime in the v0.8 release. Providers for GCP, AWS, and Azure were also updated to emit logs and events as outlined in the Observability Developer Guide.
In short, a non-admin user and an admin user should both be able to debug any issues only by inspecting logs and events. There should be no need to rebuild the Crossplane binary or to reach out to a Crossplane developer, but we have great community on Slack so please reach out with any questions.
Checkout the Observability Developer Guide for logging and eventing best-practices when developing Crossplane controllers!
Additional noteworthy items in v0.8
- More v1beta1 APIs:
- GCP networking resources
- Host-aware Stack Manager
- Enables deploying multiple Crossplane instances watching different Kubernetes API servers on a single Host Kubernetes cluster.
- RBAC group and role refinements
- Default Crossplane roles (admin, edit, view)
- Checkout the v0.8 release notes for more info.
- Versioning and upgrade support for all aspects of Crossplane
- Stacks Manager support for private repos and robot account credentials
- Rename GitHub org from crossplaneio to crossplane
Minimal Environment Stacks (alpha)
- hardening and UX refinements
- stack-minimal-gcp enhancements for clean delete
- stack-minimal-aws and stack-minimal-azure to use the new templating-controller
- Release process and efficiency improvements
More v1beta1 APIs:
- remaining GCP API types (storage buckets)
- AWS and Azure to follow
- Enable Workload Identity for stack-gcp when running on GKE
- Enhanced automated integration tests for GCP, AWS, Azure
- Additional real-world App Stacks
- Expanded Rook support for additional in-cluster stateful storage types
- Policy-based secure connectivity strategies
- Enhanced application scheduling (cost, weight)
We are excited to see the continual growth of the Crossplane community and would love for you to get involved. Whether you are a developer, user, or just interested in what we are up to, feel free to join us via one of the following methods:
Join the open cloud movement to help level the playing field for everyone!