v1.12.0

The v1.12.0 release is a regular quarterly Crossplane release featuring some eagerly awaited features such as ObserveOnly Resources, Pluggable Secret Stores and Composition Validation as well as a bunch of various improvements and fixes.

More details about this release can be read in the Crossplane v1.12 blog post.

New Features

• ObserveOnly Resources alpha feature introduced by @turkenh . With supporting providers, you are now able to set Crossplane to behave in a read-only mode for a particular resource using the new managementPolicy field.
• With the new Composition Validation alpha feature by @phisco (and some help from @lsviben) introduced initially in #3921 users are now able to early-validate their Compositions and find errors before runtime.
• Pluggable Secret Stores by @ezgidemirel that enables the development and consumption of out-of-tree secret store plugins. This will allow building/using new secret stores for Crossplane without making any changes in Crossplane and/or Provider codebases.

Notable Updates

• CompositionRevisions have been promoted to v1, with no schema or functional changes that would impact adopters #3715
• With the Pluggable Secret Stores update by @ezgidemirel and @turkenh, the External Secret Stores alpha feature is changing from using the now deprecated in-tree Vault secret store to using pluggable secret stores.
• Added defaultCompositeDeletePolicy and defaultCompositionUpdatePolicy attributes to the XRD to enable the author to specify defaults for how the Composite should be deleted and how Compositions should be updated by @bobh66 in #3963
• Fixing RBAC for clusters which use OwnerReferencesPermissionEnforcement by @el-mail in #3444
• It is now possible configure XRD's to specify the conversion strategy of their resulting CRD, allowing users to define multiple versions with different schemas #2608
• Support was added for supplying additional volumes and volume mounts for Crossplane through its Helm chart #3830

What's Changed

• Add ADOPTERS.md file to capture all known users of Crossplane by @jbw976 in #3676
• ci(renovate): disable updates for kubernetes deps on release branches by @phisco in #3681
• Update actions/cache digest to 627f0f4 (master) by @renovate in #3682
• chore(renovate): disable non security gha updates to release branches by @phisco in #3688
• chore(renovate): disable everything except images on release branches by @phisco in #3692
• Add release-1.11 to baseBranches of renovate config by @jbw976 in #3696
• Update gcr.io/distroless/static Docker digest to 450981e (master) by @renovate in #3694
• Update releases table in README.md for v1.11 release by @jbw976 in #3697
• Update docker/setup-buildx-action digest to 15c905b (master) by @renovate in #3693
• Update aquasecurity/trivy-action action to v0.9.0 (master) by @renovate in #3704
• Update golangci-lint to v1.51.0 by @hasheddan in #3707
• Update dependency golang to v1.20.0 (master) by @renovate in #3703
• Add RunWhen to adopters list by @stewartshea in #3708
• Update kubernetes patches (master) by @renovate in #3683
• tests(fuzz): move remaining test cases from cncf-fuzzing by @phisco in #3671
• Add explanation and help text for signing DCO by @jbw976 in #3716
• Update ADOPTERS.md by @ddonahuex in #3709
• adding Renault in ADOPTERS list by @smileisak in #3710
• Update debian:bookworm-slim Docker digest to ffd3e96 (master) by @renovate in #3726
• Update gcr.io/distroless/static Docker digest to fc8cbb8 (master) by @renovate in #3731
• Update gcr.io/distroless/static Docker digest to d2e0993 (master) by @renovate in #3733
• Adds Gympass as an Adopters by @caiofralmeida in #3712
• Add jbw976 as a reviewer by @jbw976 in #3735
• Update dependency golangci/golangci-lint to v1.51.1 (master) by @renovate in #3737
• feat(adopters): added deutsche kreditbank ag by @haarchri in #3722
• chore(renovate): set monthly digest updates for kubernetes deps and every two weeks for docker images by @phisco in #3736
• Update docker/setup-buildx-action digest to f03ac48 (master) by @renovate in #3741
• Update debian:bookworm-slim Docker digest to 199482f (master) by @renovate in #3728
• Fix broken docs related links and move the xpkg specification to this repo by @hasheddan in #3719
• Update github/codeql-action digest to 39d8d7e (master) by @renovate in #3746
• Update golangci/golangci-lint-action digest to 08e2f20 (master) by @renovate in #3750
• Update github/codeql-action digest to 8775e86 (master) by @renovate in #3752
• Update kubernetes patches (master) by @renovate in #3711
• Update ADOPTERS.md by @wanghong230 in #3725
• adding Neux to ADOPTERS by @styk-tv in #3730
• Update ADOPTERS.md by @edalonso in #3739
• Add ConsenSys to Adopters by @clementblaise in #3740
• Add Wildlife Studios to adopters by @Kasama in #3743
• Update actions/cache digest to 6998d13 (master) by @renovate in #3755
• Update aquasecurity/trivy-action action to v0.9.1 (master) by @renovate in #3757
• Update github/codeql-action digest to 17573ee (master) by @renovate in #3760
• Update debian:bookworm-slim Docker digest to 72cc75f (master) by @renovate in #3763
• Update gcr.io/distroless/static Docker digest to d02be0e (master) by @renovate in #3764
• Update dependency golang to v1.20.1 (master) by @renovate in #3771
• Apply pollInterval to Claim and Composite reconcilers by @bobh66 in #3762
• Add guidance around code review process by @jeanduplessis in #3689
• Add SECURITY.md by @phisco in #3625
• Add compositeTypeRef kind and apiVersion to Composition output columns by @bobh66 in #3776
• Update module golang.org/x/net to v0.7.0 [SECURITY] (master) by @renovate in #3781
• Remove extra indirect directives in go.mod by @hasheddan in #3782
• Update dependency golangci/golangci-lint to v1.51.2 (master) by @renovate in #3783
• Update actions/cache digest to 69d9d44 (master) by @renovate in #3791
• Bump runtime to v0.19.1 by @turkenh in #3786
• Adding Autodesk by @jessesanford in #3788
• chore: minor go.mod reordering by @phisco in #3794
• Update zeebe-io/backport-action action to v1.2.0 (master) by @renovate in #3793
• Use NewAPIPatchingApplicator in PTF composite by @bobh66 in #3774
• Bump Ubuntu version to 22.04 in CI by @turkenh in #3800
• chore(renovate): rebase only on conflicts by @phisco in #3802
• Update module github.com/containerd/containerd to v1.6.18 [SECURITY] (master) by @renovate in #3778
• Update github/codeql-action digest to 32dc499 (master) by @renovate in #3805
• Update ADOPTERS.md by @infbase in #3806
• Update gcr.io/distroless/static Docker digest to 3c57678 (master) by @renovate in #3808
• chore: release issue template improvements by @phisco in #3702
• Update kubernetes patches (master) by @renovate in #3813
• Add finalizers for rbac provider and definition by @el-mail in #3444
• Design Doc for Observe Only Resources by @turkenh in #3531
• Update module sigs.k8s.io/controller-runtime to v0.14.5 (master) by @renovate in #3814
• Update aquasecurity/trivy-action action to v0.9.2 (master) by @renovate in #3825
• Update dependency golang to v1.20.2 (master) by @renovate in #3827
• chore: bump crossplane-runtime to v0.19.2 by @phisco in #3834
• Set args parameters to sequences instead of mappings by @bobh66 in #3832
• Update actions/cache digest to 940f3d7 (master) by @renovate in #3842
• Update Pluggable Secret Store proposal by @ezgidemirel in #3804
• Update ADOPTERS.md by @adrienzieba in #3844
• Update docker/setup-buildx-action digest to 4b4e9c3 (master) by @renovate in #3849
• Allow supplying additional volumes and volume mounts by @hasheddan in #3845
• Update github/codeql-action digest to 16964e9 (master) by @renovate in #3851
• Update gcr.io/distroless/static Docker digest to f1e013b (master) by @renovate in #3855
• Update actions/cache digest to 88522ab (master) by @renovate in #3856
• ci: scheduled trivy image scan by @phisco in #3815
• Pin dependencies (master) by @renovate in #3866
• Update ADOPTERS.md with Grafana Labs and Ancestry by @jbw976 in #3867
• Update github/codeql-action digest to 168b99b (master) by @renovate in #3871
• Update actions/checkout digest to 24cb908 (master) by @renovate in #3876
• Update actions/setup-go action to v4 (master) by @renovate in #3878
• chore: use helm flags to create namespace by @phisco in #3885
• fix: typo in CRDs by @phisco in #3886
• Update kubernetes patches (master) by @renovate in #3880
• Update dependency golangci/golangci-lint to v1.52.1 (master) by @renovate in #3889
• Update module github.com/moby/buildkit to v0.11.4 [SECURITY] (master) by @renovate in #3828
• Update github/codeql-action digest to 67a35a0 (master) by @renovate in #3895
• fixed crun 1.8.1 support by @AndrewChubatiuk in #3893
• Update actions/stale action to v8 (master) by @renovate in #3900
• fuzzing: add fuzzing security audit report by @AdamKorcz in #3901
• docs: refine patch release issue template by @phisco in #3858
• Add lsviben as a reviewer by @lsviben in #3898
• Add Audits section to SECURITY.md by @jbw976 in #3906
• Update actions/checkout digest to 8f4b7f8 (master) by @renovate in #3908
• Update dependency golangci/golangci-lint to v1.52.2 (master) by @renovate in #3910
• Update gcr.io/distroless/static Docker digest to 97b762e (master) by @renovate in #3911
• ci: exit code 1 if trivy finds vulnerabilities by @phisco in #3914
• Update github/codeql-action digest to 04df126 (master) by @renovate in #3916
• Update module sigs.k8s.io/controller-runtime to v0.14.6 (master) by @renovate in #3923
• Add Syntasso to ADOPTERS.md by @aclevername in #3909
• chore(linter): switching from goimports to gci enforcing imports sorting by @phisco in #3924
• Generate TLS certificates for ESS and use them by @ezgidemirel in #3884
• docs(fuzz): explicitly state assumption about fuzz tests by @phisco in #3925
• Fuzz testing contributing guide by @phisco in #3927
• docs(proposal): compositions validating webhook by @phisco in #3756
• feat: logical composition validation [1/3] by @phisco in #3921
• Replace deprecated command with environment file by @jongwooo in #3935
• Upgrade to Go 1.20 by @clfs in #3930
• Update dependency golang to v1.20.3 (master) by @renovate in #3943
• Update github/codeql-action digest to 8c8d71d (master) by @renovate in #3945
• chore(renovate): group also actions' digest by @phisco in #3946
• feat: support conversions in XRDs by @phisco in #3940
• Update all non-major github action (master) by @renovate in #3953
• Add Roadmap section and links by @jbw976 in #3958
• Update gcr.io/distroless/static Docker digest to a01d47d (master) by @renovate in #3959
• feat(chart): enable webhooks by default by @phisco in #3951
• feat: ClampMin and ClampMax math transforms by @julienduchesne in #3917
• feat: In match transform, allow fallback to input by @julienduchesne in #3919
• fix: validate Composition MathTransform clamp by @phisco in #3968
• Add FromEnvironmentFieldPath to EnvironmentPatch types by @clementblaise in #3966
• Update codecov/codecov-action digest to 40a12dc (master) by @renovate in #3970
• feat: Composition patches validation with schemas by @phisco in #3937
• Pass ESS cert directory name as env variable by @ezgidemirel in #3974
• Add VSHN as a Crossplane adopter by @tobru in #3975
• Update actions/checkout digest to 83b7061 (master) by @renovate in #3977
• Add defaults for CompositeDelete and CompositionUpdate policies by @bobh66 in #3963
• Update all non-major github action (master) by @renovate in #3980
• Small style nits in validation code by @negz in #3983
• fix: respect logical validation option by @phisco in #3984
• Bump default package cache size limit to 20Mi by @turkenh in #3988
• refactor: reduce validation code public API by @phisco in #3986
• fix(helm): #3891 - add hostNetwork functionality to crossplane pod by @portswigger-tim in #3892
• Promote CompositionRevision to v1 by @negz in #3964
• Warn that the --enable-composition-revisions flag will be removed by @negz in #3997
• Update aquasecurity/trivy-action action to v0.10.0 (master) by @renovate in #4000
• docs: update helm chart README and document missing parameters by @phisco in #3978
• build(helm): remove values template, generate readme by @phisco in #4002
• Update codecov/codecov-action digest to 894ff02 (master) by @renovate in #4007
• Update github/codeql-action digest to b2c19fb (master) by @renovate in #4009
• fix: schema-aware validation code cleanup and bug fixes by @phisco in #4001
• ci: avoid running scheduled trivy scan on forks by @phisco in #4012
• fix some typos by @cuishuang in #4014

New Contributors

• @stewartshea made their first contribution in #3708
• @ddonahuex made their first contribution in #3709
• @caiofralmeida made their first contribution in #3712
• @wanghong230 made their first contribution in #3725
• @styk-tv made their first contribution in #3730
• @edalonso made their first contribution in #3739
• @Kasama made their first contribution in #3743
• @jessesanford made their first contribution in #3788
• @infbase made their first contribution in #3806
• @el-mail made their first contribution in #3444
• @adrienzieba made their first contribution in #3844
• @AndrewChubatiuk made their first contribution in #3893
• @aclevername made their first contribution in #3909
• @jongwooo made their first contribution in #3935
• @clfs made their first contribution in #3930
• @julienduchesne made their first contribution in #3917
• @portswigger-tim made their first contribution in #3892

Full Changelog: v1.11.0...v1.12.0