Announcing Crossplane v1.13 - Security, Quality, and Maturing Key Features

We are happy to announce the release today of Crossplane v1.13, the latest major release of the Crossplane project. This particular milestone focused heavily on security, quality, and investing in key feature areas to push the project forward in its maturity and reliability. Let’s dive in!

Growing the Maintainer Team

We are thrilled to welcome our two newest maintainers for Crossplane, Bob Haddleton (bobh66) and Philippe Scorsolini (phisco)! They have both continuously demonstrated excellent technical capabilities, great insight and empathy into the needs of the community, and strong alignment with the overall project vision, earning them a trusted spot on the core maintainer team. We can expect to see even more of their valuable contributions going forward as they now have formally recognized leadership roles within the community. Congratulations and welcome aboard friends! 👋🤓

Security Audit Completed

We’ve spent the last couple months partnering with Ada Logics, the CNCF, and the OSTIF to complete a security audit of the Crossplane project. It was a rigorous amount of work for everyone that contributed, but the audit has undoubtedly hardened the code base with fixes for potential vulnerabilities found as well as matured the security posture and process of the entire project. We have a complete blog post dedicated to this security milestone, so we encourage you to read all the details there.

New Feature - Ignore Changes

An often requested feature in Crossplane is the ability to ignore certain changes that external systems may be making to the resources managed by Crossplane. In certain scenarios, it can actually be desirable to let someone else manage specific values of the resources. The classic example for this scenario is a cluster autoscaler that changes the size (e.g. number of nodes) of your provisioned cluster over time in response to load and demand. While Crossplane may have initially provisioned the cluster and its node pool, we need to “hand off” control of just the node count to the autoscaler so it can make changes over time. Instead of Crossplane fighting with the autoscaler, we can now tell Crossplane to simply “ignore the changes” that the autoscaler makes, resulting in harmonious collaboration in the management of the cluster.

The implementation of the “ignore changes” functionality is an evolution of Crossplane managed resource ManagementPolicies. As this API stabilizes during the v1.14 timeframe, we can expect it to be matured to the Beta level soon.

End-to-End Test Framework

We have also made a big step towards ensuring code and feature quality by adding a new e2e test framework. The team researched deeply and discussed at length to land on a design and approach that is best for the project. Now, on every pull request and change to the main branch, a suite of high level scenario tests will run across the code base, giving us extra assurance that functionality continues to work as expected and is free from regressions. With this new testing framework in place, along with a culture of developers authoring solid test coverage, we are confident that Crossplane has raised an already high quality bar for the project.

Maturing Composition Functions

While Composition Functions (XFN) are not quite ready to move to Beta yet, we have continued to invest in maturing their functionality and reliability, and have also accepted a proposal that will greatly improve their usability and flexibility. In their initial Alpha implementation, there is a large burden on the Platform Engineer to set up complicated build processes and to write a lot of code to get their composition function fully deployed. As we execute on the accepted proposal in the v1.14 timeframe, be on the lookout for a greatly improved experience around XFNs!

Provider Families Bringing Relief to Clusters

It may be easy to forget, since it was at the very beginning of the v1.13 release cycle, but we also made a significant investment in the way we package Providers. The shift to Provider Families brought much needed relief to clusters that were completely overwhelmed by the number of CRDs some Crossplane Providers would install. We published a dedicated blog post about this, so feel free to refresh yourself on the topic with the spare cycles you have from your now healthy clusters.

Onwards to v1.14

With v1.13 now out the door, it’s time to move our sights onto v1.14, the next quarterly release for Crossplane that is scheduled for late October. There are tons of impactful features and initiatives on the roadmap, so we’d love to hear your feedback and understand what features are most important to you.

Also, make sure not to miss our upcoming Crossplane community event! The call for speakers is now open and we’d love to hear your Crossplane stories and great ideas for talks. You can read all about the submission process in this blog post:

Crossplane is a community driven project and we welcome you to join the community and contribute through a variety of opportunities, such as opening and commenting on issues, joining the community meetings, sharing your adoption story, and providing feedback on design docs and pull requests.

We love to hear from the community, as they are exactly what makes this project great.

Over the next couple weeks, the maintainer team is hoping to get your feedback on the project in a short survey. Almost all responses are optional, but please do share as much of your feedback here as you can!

Whether you are a developer, user, or just interested in what we're up to, feel free to join us via one of the following methods:

Finally, we invite you to join us at an upcoming online event with the community. Register for our Control Plane Day with Crossplane, presented by Upbound, coming up September 19.

Keep up with Upbound

* indicates required