Crossplane Lessons Learned #2967
Piotr1215
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Background
When learning Crossplane, there are a few "gotchas" and lessons learned that are either not easy to find in the documentation or sometimes missing and only discoverable in the source code.
Goal
The goal is to capture those "lessons learned" and make them easy to discover via GitHub search functionality as well as create "bread crumbs" for easier discovery.
Lessons Learned
This list is highly subjective, but those are "gotchas" and weird quirks of Crossplane that threw me off the loop when I was first learning about it.
What if 2 compositions with the same labels are selected by a claim?
In this case, Crossplane will randomly select one composition and ignore another one.
Best practice: Test your compositions labels and make sure that they are deliberate and do not overlap if you don't want them to.
There is no obvious way to know what connection details will be populated in a secret.
Crossplane stores connection details in a secret, but there is no easy way to discover what connection details will be stored per resource, again this is hardcoded somewhere in the codebase.
Workaround: Upvote this issue: #1143 to help prioritize the work related to connection details discovery
Why is patching in compositions not a turing complete language?
When I looked at patching first, I realized that it is relatively simplistic and does not support complex mappings and transformations. This decision is intentional in order to avoid creating a complex and convoluted DSL (Domain Specific Language). Instead, there is a proposal to use Custom Compositions #2524 that will allow for using containerized functions to output the transformations.
What is RBAC Manager?
When you install Crossplane, you will notice that there are 2 deployments, one for
crossplane
and one forcrossplane-rbac-manager
This feature is not documented in official Crossplane docs, but instead captured in this design doc: https://github.com/crossplane/crossplane/blob/master/design/design-doc-rbac-manager.md
In a nutshell, the RBAC Manager will create and bind roles to service accounts for every new Crossplane custom resource introduced to a cluster. This enables fine-grained security permissions for Crossplane cluster roles.
Why are there 2 Configurations and 2 Provider resources
Looking at the Crossplane's resource model shows that there are 2x Configuration and 2x Provider resources. Why?
Each resource belongs to a different
apiGroup
whereHow Crossplane processes secrets
For a claim to write a connection secret many things need to align, including (but not limited to):
Reference: #2594 (comment)
How to quickly find new Crossplane features
Crossplane's features are well documented on the crossplane.io docs, but it's not easy to find a conscience list of all features and release dates.
For reference, here are major themes from v1.1.0 onwards.
Please feel free to add/correct if anything is missing.
1.1.x
Bidirectional patching
This allows for specifying patches from composed resources back to the corresponding XR / XRC.
Patch Sets
Ref: Docs on GitHub
Allows for grouping patches as a named set.
Required patches
Added support for Required fromFieldPath patches, which will cause rendering of composing resources to fail if a patch that is marked as Required is missing its fromFieldPath
Naming composition templates
This enables reordering, as well as addition and deletion of templates in a Composition
Adds parameters for Crossplane installation
Adds parameters to the Crossplane Helm chart for setting nodeSelector, tolerations, and affinity on the Crossplane and RBAC Manager Deployments
Idea 💡 - this can be useful when installing Crossplane via helm chart on a more complex cluster.
1.2.x
No new notable features
1.3.x
Multi -field patching
adds new CombineFromComposite and CombineToComposite patch types that can be used to patch from multiple Composite Resource (XR) fields to a single composed resource field, and vice versa. Very useful when constructing labels or annotations.
Kubectl crossplane can wait for operations to complete
Ref: #2345
1.4.x
Composition Revisions
CompositionRevision
is 'current' #2500Revisions offer dev teams a way to upgrade Crossplane compositions independently from the platform team who can work on new compositions in the meantime.
Patch merge options
Supports merging instead of replacing values in patches. Useful when adding labels to existing ones for example.
1.5.x
ToUpper/ToLower string transforms
1.6.x
No new notable features
1.7.x
External Secret Support
Webhook support for crossplane and providers
1.8.x
Add support for base64 encode/decode in Convert transform
Guide for using Vault as an External Secret Store
1.9.x
Patch multiple array fields when passed a wildcarded
Allows for patching multiple nested arrays by using simple syntax.
Example usage
Add regexp support for string transforms
Support for regex capture groups. Capture regex into a group and use it late in patches.
Example usage
1.10.x
Allow mapping to any JSON value
Prior to this change
Crossplane's
map transforms allowed only for mapping string to stringmap[string]string
. This change makes it easier to map to any valid JSON value (string, number, bool, slice, object).Add support for a pause annotation on composite resources & claims, which pauses reconciliations
Setting an annotation
crossplane/paused: true
will cause the reconcilier to exit early from the reconciliation loop and do not reconcile the resource. Documentation.Add support for deleteCompositePolicy
Adding
compositeDeletePolicy: Background
will cause Crossplane to traverse the resources' dependency graph and start the deletion process from the most outer resource.Add regex support for string transformations
It's possible not to use transform of type
Regexp
and use regular expressions to match and use capture groups. This is useful when extracting parts of a string and patching with it. For example:would extract the number part of ARN.
1.11.x
Introducing composition functions support
Foreground cascading deletion aka compositeDeletePolicy
Beta Was this translation helpful? Give feedback.
All reactions