v1.16.0

The v1.16.0 release is a regular quarterly Crossplane release that is focused on maturing a number of key areas of functionality across the project, as Crossplane continues to become more capable, more reliable, and more performant for your production workloads.

🎉 Highlights

• New Contributors! This release has the most new contributors than any other release before - 24 community members made their first code contribution in this release, so a huge thank you to everyone starting to get more involved in the project! 🙇‍♂️
• High level metrics: Providers in the Crossplane ecosystem are now able to export fine grained data about the operations they are performing on Crossplane managed resources. Questions like "How long is it taking to discover that a resource is out of sync and needs to be updated?" can now be answered with these new metrics.
• Usage clean-up significantly faster: Resources protected by a Usage object can take a long time to be fully deleted. A solution for this is now available via a new replayDeletion field on the Usage object. Read more about this capability in the Usage docs.
• Credentials for Functions: Crossplane now provides a secure way via a new credentials field on function pipeline steps for a Composition Function to authenticate to external systems while they are executing their logic, for example to look up information from a remote service.
• Developer Experience improvements: DevEx continues to get plenty of love with numerous enhancements added in this release.

🚨 Warnings and breaking changes

• The crossplane CLI --version flag has been converted to a top level version command.
  • crossplane version can be used to retrieve the version of the Crossplane CLI software as well as the version of the Crossplane server side software running in the control plane.
  • crossplane --version is no longer supported and will return crossplane: error: unknown flag --version.
  • Thank you @phclark for calling this change out!

📖 Full Changelog

• Bump crossplane-runtime to v1.16.0-rc.1 by @phisco in #5345
• Update Consensys in ADOPTERS.md by @clementblaise in #5343
• feat(crank/trace): show resource name in wide if available by @phisco in #5347
• fix(crank/render): conditions' lastTransitionTime can not be null by @phisco in #5346
• chore(deps): update actions/upload-artifact digest to 5d5d22a (master) by @renovate in #5340
• Do not use version when indexing Used resources in Usage Handler by @turkenh in #5353
• Accept version changes in composed templates by @turkenh in #5369
• Adopters: Update SAPs entry by @maximilianbraun in #5352
• chore(deps): update dependency golang to v1.22.0 (master) by @renovate in #5350
• feat: drop aggregate-to-ns-* clusterroles by @phisco in #5373
• fix(crank/xpkg): push properly retrieve upbound credentials by @phisco in #5367
• chore(deps): update xpkg.upbound.io/crossplane-contrib/provider-nop docker tag to v0.2.1 (master) by @renovate in #5374
• Improve render debug logs style by @lsviben in #5384
• Reorganize the growing set of badges in the main README.md by @jbw976 in #5378
• Update ignore-changes docs managementPolicy => managementPolicies by @turkenf in #5383
• Add configuration-template to well known xpkg init templates by @jbw976 in #5389
• init - add option to select branch/tag by @lsviben in #5391
• Update ADOPTERS.md with Elastic Serverless information by @hwoarang in #5397
• chore: bump README and renovate for 1.15 by @phisco in #5396
• Bump golangci-lint to v1.56.2 by @negz in #5414
• Update claim status to Deleting while waiting for foreground deletion by @bobh66 in #5425
• Add a retroactive one-pager for rate limiting by @negz in #5415
• logging: wire klog backend, but only output request throttling logs by @sttts in #5419
• Recommend unwinding constant error string pattern by @negz in #4515
• Update ADOPTERS.md with Deutsche Bahn by @gandhiano in #5366
• Poll more frequently when waiting for composed resources to become ready by @negz in #5427
• Add Akamai to list of adopters by @nolancon in #5443
• apiextension/definition: don't attempt to start composite controllers multiple times by @sttts in #5437
• Add Variphy to ADOPTERS.MD by @dmvariphy in #5451
• Enable all golangci-lint linters by default by @negz in #5445
• Update steering committee listing with lindblombr by @jbw976 in #5452
• fix: ignore invalid resources when composing by @phisco in #5365
• Ability to replay deletion with Usage spec by @turkenh in #5394
• chore: remove repetitive words by @avoidalone in #5467
• Allow group changes in composed templates by @turkenh in #5474
• Bump default max reconcile rate and resource limits by @turkenh in #5478
• chore: remove repetitive words by @majorteach in #5502
• Update ADOPTERS.md by @simlarsen in #5505
• Update Upjet SIG by @jeanduplessis in #5508
• Add dnsPolicy as parameter to Helm chart #5500 by @Argannor in #5501
• fix: include generatName field in default metadata property by @amotolani in #5510
• Adds Xata to ADOPTERS list by @mattfield in #5509
• chore(deps): update gcr.io/distroless/static docker digest to 7e5c6a2 (master) by @renovate in #5516
• Fix broken links in CRD source by @plumbis in #5515
• Tweaks description of entry in ADOPTERS.md to include mention of dev, staging, and production by @mattfield in #5518
• tests(e2e): allow passing options when decoding files by @phisco in #5517
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security] (master) by @renovate in #5496
• Allow kubernetes service annotations by @AtzeDeVries in #5471
• chore(deps): update golangci/golangci-lint-action action to v4 (master) by @renovate in #5380
• fix(deps): update module golang.org/x/term to v0.18.0 (master) by @renovate in #5359
• Proposal to Allow Composition Functions to Set Claim Conditions by @dalton-hill-0 in #5426
• Add missing scrape annotations to provider pods by @turkenh in #5529
• docs: Adding AlphaSense to Crossplane adopters list by @abhihendre in #5528
• fix(helm): Explicitly set divisor in rbac-manager resources by @mboutet in #5526
• Add --context option to crossplane cli beta trace command by @padlar in #5542
• Update roadmap links to prioritized list view by @jbw976 in #5546
• feat(cli): add server version if available and subcommand by @haarchri in #5457
• Expand and improve docstrings to comply with Vale by @plumbis in #5527
• Update community meeting schedule by @jbw976 in #5556
• Add ToAdler32 to CRDs by @eskabetxe in #5560
• fix(sa): Merge image pull secrets created by other controllers by @bobh66 in #5558
• Run Renovate as a Github Action by @enesonus in #5493
• chore(deps): pin dependencies (master) by @crossplane-renovate in #5575
• cli: tilde expansion for validate command by @santhoshivan23 in https...

v1.15.3

This is a patch release scoped to fixing issues reported by users of Crossplane v1.15.

What's Changed

• [Backport release-1.15] Adding support for Functions in crank validate (fixes #5491) by @github-actions in #5585
• [Backport release-1.15] fix(helm): Explicitly set divisor in rbac-manager resources by @github-actions in #5622
• [Backport release-1.15] Enhance permissions for Crossplane managed-roles by allowing access to the status subresource for Claims/Composites by @github-actions in #5666
• chore(deps): update xpkg.upbound.io/crossplane-contrib/provider-nop docker tag to v0.2.1 (release-1.15) by @crossplane-renovate in #5688
• chore(deps): update gcr.io/distroless/static docker digest to 4197211 (release-1.15) by @crossplane-renovate in #5687
• [Backport release-1.15] Fix locking in the PackagedFunctionRunner by @negz in #5690

Full Changelog: v1.15.2...v1.15.3

v1.14.9

This is a patch release scoped to fixing issues reported by users of Crossplane v1.14.

What's Changed

• chore(deps): update module golang.org/x/net to v0.23.0 [security] (release-1.14) by @renovate in #5563
• [Backport release-1.14] Enhance permissions for Crossplane managed-roles by allowing access to the status subresource for Claims/Composites by @github-actions in #5665
• [Backport release 1.14] Fix locking in the PackagedFunctionRunner by @negz in #5691

Full Changelog: v1.14.8...v1.14.9

v1.16.0-rc.1

Crossplane version v1.16.0-rc.1 is a release candidate intended to collect input from the community and offer users an opportunity to experiment with Crossplane in non-production environments before the official release of version v1.16.0.

Warning

This is a pre-release; do not use it in production environments!

To install Crossplane with this release:

helm repo add crossplane-stable https://charts.crossplane.io/stable --force-update
helm install crossplane --namespace crossplane-system --create-namespace crossplane-stable/crossplane --devel

To install the Crossplane CLI with this release:

curl -sL https://raw.githubusercontent.com/crossplane/crossplane/v1.16.0-rc.1/install.sh | XP_VERSION=v1.16.0-rc.1 sh

What's Changed

The detailed release notes will be provided with the official v1.16.0. In the meantime, you can review the commit changes made since version 1.15.0 here and see below for a short list of changes worth having a look at before upgrading/installing:

• Accept version changes in composed templates by @turkenh in #5369
• feat: drop aggregate-to-ns-* clusterroles by @phisco in #5373
• Poll more frequently when waiting for composed resources to become ready by @negz in #5427
• fix: ignore invalid resources when composing by @phisco in #5365
• Ability to replay deletion with Usage spec by @turkenh in #5394
• Allow group changes in composed templates by @turkenh in #5474
• Bump default max reconcile rate and resource limits by @turkenh in #5478
• Add dnsPolicy as parameter to Helm chart #5500 by @Argannor in #5501
• Add missing scrape annotations to provider pods by @turkenh in #5529
• Add functions to init container for helm chart deployment by @bobh66 in #5586
• Add server version if available and subcommand by @haarchri in #5457
• Clear XR field managers when upgrading to claim SSA by @negz in #5555
• Support passing credentials to composition functions by @negz in #5543
• clear SSA field managers from composed resources when migrating to composition functions by @ravilr in #5649

New Contributors

• @turkenf made their first contribution in #5383
• @hwoarang made their first contribution in #5397
• @gandhiano made their first contribution in #5366
• @nolancon made their first contribution in #5443
• @dmvariphy made their first contribution in #5451
• @avoidalone made their first contribution in #5467
• @majorteach made their first contribution in #5502
• @simlarsen made their first contribution in #5505
• @Argannor made their first contribution in #5501
• @amotolani made their first contribution in #5510
• @mattfield made their first contribution in #5509
• @AtzeDeVries made their first contribution in #5471
• @dalton-hill-0 made their first contribution in #5426
• @abhihendre made their first contribution in #5528
• @mboutet made their first contribution in #5526
• @padlar made their first contribution in #5542
• @eskabetxe made their first contribution in #5560
• @enesonus made their first contribution in #5493
• @santhoshivan23 made their first contribution in #5577
• @jtyr made their first contribution in #5570
• @fuyangpengqi made their first contribution in #5599
• @mjnovice made their first contribution in #5602
• @findmyhappy made their first contribution in #5623
• @pblgomez made their first contribution in #5627

Full Changelog: v1.15.0...v1.16.0-rc.1

v1.15.2

Notable Changes

This is a patch release scoped to fixing issues reported by users of Crossplane v1.15. The issues of particular note that are resolved in this release are:

• #5292 - Native patching behavior change - XR desired state dropped if a resource won't get all required schema values
  • Fixes a regression in the composition machinery that occurs when applying patches that fail.
  • After this fix, failures to apply patches to one resource in a composition will no longer block other resources within that composition from being applied.
  • This restores previous long standing behavior.
  • #5114 - Passing values in a composition to a required OpenAPI field causes an endless reconcile loop is also addressed by this fix.

What's Changed

• [Backport release-1.15] fix: include generatName field in default metadata property by @github-actions in #5513
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security] (release-1.15) by @renovate in #5507
• [Backport release-1.15] fix: ignore invalid resources when composing by @bobh66 in #5486
• [Backport release-1.15] Add missing scrape annotations to provider pods by @github-actions in #5530
• [Backport release-1.15] Add dnsPolicy as parameter to Helm chart by @phisco in #5548
• chore(deps): update module golang.org/x/net to v0.23.0 [security] (release-1.15) by @renovate in #5549
• [Backport release-1.15] tests(e2e): allow passing options when decoding files by @phisco in #5551
• [Backport release-1.15] Add ToAdler32 to CRDs by @github-actions in #5561
• [Backport release-1.15] fix(sa): Merge image pull secrets created by other controllers by @github-actions in #5565

Full Changelog: v1.15.1...v1.15.2

v1.14.8

Notable Changes

This is a patch release scoped to fixing issues reported by users of Crossplane v1.14. The issues of particular note that are resolved in this release are:

• #5292 - Native patching behavior change - XR desired state dropped if a resource won't get all required schema values
  • Fixes a regression in the composition machinery that occurs when applying patches that fail.
  • After this fix, failures to apply patches to one resource in a composition will no longer block other resources within that composition from being applied.
  • This restores previous long standing behavior.
  • #5114 - Passing values in a composition to a required OpenAPI field causes an endless reconcile loop is also addressed by this fix.

What's Changed

• [Backport release-1.14] fix: include generatName field in default metadata property by @github-actions in #5512
• fix(deps): update module github.com/docker/docker to v24.0.9+incompatible [security] (release-1.14) by @renovate in #5506
• [Backport release-1.14] Add missing scrape annotations to provider pods by @turkenh in #5531
• [Backport release-1.14] Add ToAdler32 to CRDs by @phisco in #5562
• [Backport release-1.14] fix(sa): Merge image pull secrets created by other controllers by @bobh66 in #5566
• [Backport release-1.14] fix(functions): unique field owners to prevent hijacking composed res… by @phisco in #5567
• [Backport release-1.14] fix: ignore invalid resources when composing by @phisco in #5569

Full Changelog: v1.14.7...v1.14.8

v1.15.1

What's Changed

• [Backport release-1.15] Ability to replay deletion with Usage spec by @turkenh in #5466
• [Backport release-1.15] Allow group changes in composed templates by @github-actions in #5480
• [Backport release-1.15] Bump default max reconcile rate and resource limits by @turkenh in #5482

Full Changelog: v1.15.0...v1.15.1

v1.14.7

What's Changed

• [Backport release-1.14] Ability to replay deletion with Usage spec by @turkenh in #5465
• [Backport release-1.14] Allow group changes in composed templates by @github-actions in #5479
• [Backport release-1.14] Bump default max reconcile rate and resource limits by @turkenh in #5481

Full Changelog: v1.14.6...v1.14.7

v1.14.6

Release v1.14.6 contains a few recent bug and security fixes.

What's Changed

• [Backport release-1.14] fix: avoid requiring webhook tls certificate for inactive revisions by @github-actions in #5179
• [Backport release-1.14] chore(deps): bump go-git to v5.11.0 to fix CVE-2023-49568 by @phisco in #5180
• [Backport release-1.14] Ensure ownerRef on objects for inactive package revisions by @github-actions in #5189
• [Backport release-1.14] fix(crank): error out on timeout installing package by @github-actions in #5211
• [Backport release-1.14] fix(functions): restore uid too after FromStructure by @github-actions in #5216
• [Backport release-1.14] Re-add ownership for existing CompositionRevisions after backup/restore by @github-actions in #5220
• [Backport release-1.14] Do not use version when indexing Used resources in Usage Handler by @turkenh in #5355
• [Backport release-1.14] Accept version changes in composed templates by @github-actions in #5370
• [Backport release-1.14] fix(crank/xpkg): push properly retrieve upbound credentials by @phisco in #5381

Renovate

• chore(deps): update module github.com/cloudflare/circl to v1.3.7 [security] (release-1.14) by @renovate in #5202
• chore(deps): update module golang.org/x/crypto to v0.17.0 [security] (release-1.14) by @renovate in #5184

Full Changelog: v1.14.5...v1.14.6

v1.15.0

The v1.15.0 release is a regular quarterly Crossplane release that is focused on expanding the capabilities of Crossplane's Composition features, enhancing the Crossplane CLI, and improving the developer experience. This release introduces key enhancements and new features that further empower platform engineers and developers to compose their infrastructure using Crossplane.

🎉 Highlights

• Server-Side Apply for Claim Syncing: This alpha feature uses Kubernetes' Server-Side Apply to improve syncing between Composite Resources and their claims. This feature resolves several outstanding issues but should be enabled carefully after consideration of known behavior changes.
• Expanding Composition Functions: Composition Functions now support requesting arbitrary cluster-scoped resources, enabling more complex compositions that can interact with a wider range of Kubernetes resources. Additionally, Crossplane introduces Python SDK and templates for Composition Functions, widening the community of potential function developers.
• Enhancements to the Crossplane CLI:
  • New subcommands like crossplane beta validate for schema validation, crossplane beta top for resource utilization views similar to kubectl top pods, and crossplane beta convert for converting resources to newer formats or configurations.
  • Improved existing commands like crossplane xpkg init with support for specific git references and additional templates, and crossplane beta render with new flags for including full XR details and context.
  • crossplane beta trace now understands Crossplane packages and can display the entire dependency graph for a given package, along with status for each entry, vastly simplifying the troubleshooting of Crossplane package installations and upgrades.

🚨 Warnings and breaking changes

• The default registry that Crossplane's package manager will install packages from has changed to xpkg.upbound.io from index.docker.io. After upgrading, Crossplane will start pulling packages from xpkg.upbound.io, unless a fully qualified name is specified for a package that includes the specific registry the package resides in, or you have overridden the default registry value with the --registry flag.
  • For example, when installing a package, if the spec.package field is set to:
    • crossplane-contrib/provider-aws:v0.39.0, it will now be pulled from xpkg.upbound.io.
    • index.docker.io/crossplane-contrib/provider-aws:v0.39.0, it will be pulled from index.docker.io (because an explicit registry is specified)
  • ⚠️ To preserve the previous behavior when upgrading to v1.15.0, make sure you pass --set args='{"--registry=index.docker.io"}' during the Helm upgrade.
  • More details can be found in:
    • Docs: https://docs.crossplane.io/latest/software/install/#change-the-default-package-registry
    • Blog post: https://blog.crossplane.io/new-default-crossplane-registry-in-crossplane-1-15/
• The RBAC manager's --manage flag was dropped, this flag allowed configuring the management policies between All and Basic.
  • In v1.13 we switched the default to Basic, and now we are removing the All option completely.
  • ⚠️ If needed, see the related issue to see how to restore the All behaviour.

💡 New features

What's new in v1.15.0?

Server-Side Apply based Claim syncing

Alpha support for Server-Side Apply (ssa) based syncing between Composite Resources and Claims was introduced in this release and can be enabled by passing the --enable-ssa-claims flag to Crossplane. This allows to solve a few syncing issues reported by users, but also implies some behaviour changes that users need to be aware of and provide feedback for before enabling it by default, see the related issue for more details.

Composition Functions

Extra Resources

Composition Functions can now request Crossplane to fetch any cluster-scoped resource Crossplane has access to for them, so before computing the "desired state", this opens up a lot of possibilities, such as reimplementing almost completely the in-tree environment support as a Function, see crossplane-contrib/function-environment-configs.

Metrics

Crossplane will now emit basic metrics related to Functions, e.g. number of requests sent, number of responses received and runs duration. See #5006 for example metrics.

Python Composition Functions

In addition to Go, Composition Functions can now easily be written in Python too, thanks to a new SDK and template. You can read more about it in the docs.

Crossplane CLI

Crossplane v1.15 introduces a few new subcommands:

• crossplane beta validate: allowing to validate a set of resources against their schemas. Being built for Crossplane, the command can automatically download schemas for Crossplane Packages (xpkgs) and directly understands CompositeResourceDefinitions (XRDs).
• crossplane beta top: providing quick resource utilization insight for Crossplane's pods, similar to kubectl top pods.
• crossplane beta convert with two subcommands:
  • pipeline-composition: which allows to automatically convert Compositions to the Pipeline mode, using crossplane-contrib/function-patch-and-transform.
  • deployment-runtime: which allows to automatically convert a deprecated ControllerConfig resource to the new DeploymentRuntimeConfig.

Existing subcommands were also improved:

• crossplane xpkg init now also supports printing helpful messages and init-scripts. It now support initialising from a specific git reference, --ref-name, and also two new templates: function-template-python and configuration-template.
• crossplane beta render was enriched with a few new flags and capabilities:
  • --include-full-xr: to output the full Composite Resource (XR), copying the spec and metadata provided as input, so that can be easily validated using crossplane beta validate.
  • --include-context: to output the pipeline's Context, for better insight in the pipeline execution.
  • --extra-resources: to load extra resources so that a Function in the pipeline can access them
  • It will now set the XR's Ready condition according to the pipeline's output.
• crossplane beta trace now can show the tree of resources also for Crossplane Packages (xpkgs: Providers/Functions/Configurations), to help debugging issues with those too. For Composite Resources instead it can now show also the resource name as defined by the Composition, using -o wide, to allow easily recognising resources with random names.

📖 Full Changelog

• Promote Action: expose pre-release option by @turkenh in #4903
• curl should fail on 404 by @plumbis in #4911
• chore(deps): update jlumbroso/free-disk-space action to v1.3.1 (master) by @renovate in #4913
• Fix indentation in startup probe by @turkenh in #4919
• feat(cli/trace): support resource/name format by @phisco in #4910
• Push Protobufs to Buf Schema Registry by @negz in #4923
• More descriptive error for package parsing by @phisco in #4927
• Handle externally managed Provider service accounts properly by @turkenh in #4925
• fix: avoid spamming SyncPackage and InstallPackageRevision events by @phisco in #4934
• Update releases table and base branches for v1.14 by @turkenh in #4944
• ci: only push to buf registry on crossplane repo by @phisco in #4950
• fix(deps): update module github.com/google/uuid to v1.4.0 (master) by @renovate in #4909
• docs: add Intility to ADOPTERS.md by @JonasKs in #4949
• fix(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] (master) by @renovate in #4930
• fix(deps): update module github.com/go-logr/logr to v1.3.0 (master) by @renovate in #4917
• chore(deps): pin bufbuild/buf-breaking-action action to a074e98 (master) by @renovate in #4953
• fix(deps): update module github.com/bufbuild/buf to v1.27.2 (master) by @renovate in #4957
• chore(deps): update zeebe-io/backport-action action to v2 (master) by @renovate in #4959
• Support pushing to BSR from release branches by @negz in #4958
• chore(deps): update github/codeql-action digest to 74483a3 (master) by @renovate in #4954
• chore(deps): update aquasecurity/trivy-action action to v0.13.1 (master) by @renovate in #4956
• fix(deps): update module golang.org/x/sync to v0.5.0 (master) by @renovate in #4967
• Re...