v1.12.0
The v1.12.0 release is a regular quarterly Crossplane release featuring some eagerly awaited features such as ObserveOnly Resources, Pluggable Secret Stores and Composition Validation as well as a bunch of various improvements and fixes.
More details about this release can be read in the Crossplane v1.12 blog post.
New Features
- ObserveOnly Resources alpha feature introduced by @turkenh . With supporting providers, you are now able to set Crossplane to behave in a read-only mode for a particular resource using the new
managementPolicy
field. - With the new Composition Validation alpha feature by @phisco (and some help from @lsviben) introduced initially in #3921 users are now able to early-validate their Compositions and find errors before runtime.
- Pluggable Secret Stores by @ezgidemirel that enables the development and consumption of out-of-tree secret store plugins. This will allow building/using new secret stores for Crossplane without making any changes in Crossplane and/or Provider codebases.
Notable Updates
CompositionRevisions
have been promoted to v1, with no schema or functional changes that would impact adopters #3715- With the Pluggable Secret Stores update by @ezgidemirel and @turkenh, the External Secret Stores alpha feature is changing from using the now deprecated
in-tree
Vault secret store to using pluggable secret stores. - Added
defaultCompositeDeletePolicy
anddefaultCompositionUpdatePolicy
attributes to the XRD to enable the author to specify defaults for how the Composite should be deleted and how Compositions should be updated by @bobh66 in #3963 - Fixing RBAC for clusters which use OwnerReferencesPermissionEnforcement by @el-mail in #3444
- It is now possible configure XRD's to specify the conversion strategy of their resulting CRD, allowing users to define multiple versions with different schemas #2608
- Support was added for supplying additional volumes and volume mounts for Crossplane through its Helm chart #3830
What's Changed
- Add ADOPTERS.md file to capture all known users of Crossplane by @jbw976 in #3676
- ci(renovate): disable updates for kubernetes deps on release branches by @phisco in #3681
- Update actions/cache digest to 627f0f4 (master) by @renovate in #3682
- chore(renovate): disable non security gha updates to release branches by @phisco in #3688
- chore(renovate): disable everything except images on release branches by @phisco in #3692
- Add release-1.11 to baseBranches of renovate config by @jbw976 in #3696
- Update gcr.io/distroless/static Docker digest to 450981e (master) by @renovate in #3694
- Update releases table in README.md for v1.11 release by @jbw976 in #3697
- Update docker/setup-buildx-action digest to 15c905b (master) by @renovate in #3693
- Update aquasecurity/trivy-action action to v0.9.0 (master) by @renovate in #3704
- Update golangci-lint to v1.51.0 by @hasheddan in #3707
- Update dependency golang to v1.20.0 (master) by @renovate in #3703
- Add RunWhen to adopters list by @stewartshea in #3708
- Update kubernetes patches (master) by @renovate in #3683
- tests(fuzz): move remaining test cases from cncf-fuzzing by @phisco in #3671
- Add explanation and help text for signing DCO by @jbw976 in #3716
- Update ADOPTERS.md by @ddonahuex in #3709
- adding Renault in ADOPTERS list by @smileisak in #3710
- Update debian:bookworm-slim Docker digest to ffd3e96 (master) by @renovate in #3726
- Update gcr.io/distroless/static Docker digest to fc8cbb8 (master) by @renovate in #3731
- Update gcr.io/distroless/static Docker digest to d2e0993 (master) by @renovate in #3733
- Adds Gympass as an Adopters by @caiofralmeida in #3712
- Add jbw976 as a reviewer by @jbw976 in #3735
- Update dependency golangci/golangci-lint to v1.51.1 (master) by @renovate in #3737
- feat(adopters): added deutsche kreditbank ag by @haarchri in #3722
- chore(renovate): set monthly digest updates for kubernetes deps and every two weeks for docker images by @phisco in #3736
- Update docker/setup-buildx-action digest to f03ac48 (master) by @renovate in #3741
- Update debian:bookworm-slim Docker digest to 199482f (master) by @renovate in #3728
- Fix broken docs related links and move the xpkg specification to this repo by @hasheddan in #3719
- Update github/codeql-action digest to 39d8d7e (master) by @renovate in #3746
- Update golangci/golangci-lint-action digest to 08e2f20 (master) by @renovate in #3750
- Update github/codeql-action digest to 8775e86 (master) by @renovate in #3752
- Update kubernetes patches (master) by @renovate in #3711
- Update ADOPTERS.md by @wanghong230 in #3725
- adding Neux to ADOPTERS by @styk-tv in #3730
- Update ADOPTERS.md by @edalonso in #3739
- Add ConsenSys to Adopters by @clementblaise in #3740
- Add Wildlife Studios to adopters by @Kasama in #3743
- Update actions/cache digest to 6998d13 (master) by @renovate in #3755
- Update aquasecurity/trivy-action action to v0.9.1 (master) by @renovate in #3757
- Update github/codeql-action digest to 17573ee (master) by @renovate in #3760
- Update debian:bookworm-slim Docker digest to 72cc75f (master) by @renovate in #3763
- Update gcr.io/distroless/static Docker digest to d02be0e (master) by @renovate in #3764
- Update dependency golang to v1.20.1 (master) by @renovate in #3771
- Apply pollInterval to Claim and Composite reconcilers by @bobh66 in #3762
- Add guidance around code review process by @jeanduplessis in #3689
- Add SECURITY.md by @phisco in #3625
- Add compositeTypeRef kind and apiVersion to Composition output columns by @bobh66 in #3776
- Update module golang.org/x/net to v0.7.0 [SECURITY] (master) by @renovate in #3781
- Remove extra indirect directives in go.mod by @hasheddan in #3782
- Update dependency golangci/golangci-lint to v1.51.2 (master) by @renovate in #3783
- Update actions/cache digest to 69d9d44 (master) by @renovate in #3791
- Bump runtime to v0.19.1 by @turkenh in #3786
- Adding Autodesk by @jessesanford in #3788
- chore: minor go.mod reordering by @phisco in #3794
- Update zeebe-io/backport-action action to v1.2.0 (master) by @renovate in #3793
- Use NewAPIPatchingApplicator in PTF composite by @bobh66 in #3774
- Bump Ubuntu version to 22.04 in CI by @turkenh in #3800
- chore(renovate): rebase only on conflicts by @phisco in #3802
- Update module github.com/containerd/containerd to v1.6.18 [SECURITY] (master) by @renovate in #3778
- Update github/codeql-action digest to 32dc499 (master) by @renovate in #3805
- Update ADOPTERS.md by @infbase in #3806
- Update gcr.io/distroless/static Docker digest to 3c57678 (master) by @renovate in #3808
- chore: release issue template improvements by @phisco in #3702
- Update kubernetes patches (master) by @renovate in #3813
- Add finalizers for rbac provider and definition by @el-mail in #3444
- Design Doc for Observe Only Resources by @turkenh in #3531
- Update module sigs.k8s.io/controller-runtime to v0.14.5 (master) by @renovate in #3814
- Update aquasecurity/trivy-action action to v0.9.2 (master) by @renovate in #3825
- Update dependency golang to v1.20.2 (master) by @renovate in #3827
- chore: bump crossplane-runtime to v0.19.2 by @phisco in #3834
- Set args parameters to sequences instead of mappings by @bobh66 in #3832
- Update actions/cache digest to 940f3d7 (master) by @renovate in #3842
- Update Pluggable Secret Store proposal by @ezgidemirel in #3804
- Update ADOPTERS.md by @adrienzieba in #3844
- Update docker/setup-buildx-action digest to 4b4e9c3 (master) by @renovate in #3849
- Allow supplying additional volumes and volume mounts by @hasheddan in #3845
- Update github/codeql-action digest to 16964e9 (master) by @renovate in #3851
- Update gcr.io/distroless/static Docker digest to f1e013b (master) by @renovate in #3855
- Update actions/cache digest to 88522ab (master) by @renovate in #3856
- ci: scheduled trivy image scan by @phisco in #3815
- Pin dependencies (master) by @renovate in #3866
- Update ADOPTERS.md with Grafana Labs and Ancestry by @jbw976 in #3867
- Update github/codeql-action digest to 168b99b (master) by @renovate in #3871
- Update actions/checkout digest to 24cb908 (master) by @renovate in #3876
- Update actions/setup-go action to v4 (master) by @renovate in #3878
- chore: use helm flags to create namespace by @phisco in #3885
- fix: typo in CRDs by @phisco in #3886
- Update kubernetes patches (master) by @renovate in #3880
- Update dependency golangci/golangci-lint to v1.52.1 (master) by @renovate in #3889
- Update module github.com/moby/buildkit to v0.11.4 [SECURITY] (master) by @renovate in #3828
- Update github/codeql-action digest to 67a35a0 (master) by @renovate in #3895
- fixed crun 1.8.1 support by @AndrewChubatiuk in #3893
- Update actions/stale action to v8 (master) by @renovate in #3900
- fuzzing: add fuzzing security audit report by @AdamKorcz in #3901
- docs: refine patch release issue template by @phisco in #3858
- Add lsviben as a reviewer by @lsviben in #3898
- Add Audits section to SECURITY.md by @jbw976 in #3906
- Update actions/checkout digest to 8f4b7f8 (master) by @renovate in #3908
- Update dependency golangci/golangci-lint to v1.52.2 (master) by @renovate in #3910
- Update gcr.io/distroless/static Docker digest to 97b762e (master) by @renovate in #3911
- ci: exit code 1 if trivy finds vulnerabilities by @phisco in #3914
- Update github/codeql-action digest to 04df126 (master) by @renovate in #3916
- Update module sigs.k8s.io/controller-runtime to v0.14.6 (master) by @renovate in #3923
- Add Syntasso to
ADOPTERS.md
by @aclevername in #3909 - chore(linter): switching from goimports to gci enforcing imports sorting by @phisco in #3924
- Generate TLS certificates for ESS and use them by @ezgidemirel in #3884
- docs(fuzz): explicitly state assumption about fuzz tests by @phisco in #3925
- Fuzz testing contributing guide by @phisco in #3927
- docs(proposal): compositions validating webhook by @phisco in #3756
- feat: logical composition validation [1/3] by @phisco in #3921
- Replace deprecated command with environment file by @jongwooo in #3935
- Upgrade to Go 1.20 by @clfs in #3930
- Update dependency golang to v1.20.3 (master) by @renovate in #3943
- Update github/codeql-action digest to 8c8d71d (master) by @renovate in #3945
- chore(renovate): group also actions' digest by @phisco in #3946
- feat: support conversions in XRDs by @phisco in #3940
- Update all non-major github action (master) by @renovate in #3953
- Add Roadmap section and links by @jbw976 in #3958
- Update gcr.io/distroless/static Docker digest to a01d47d (master) by @renovate in #3959
- feat(chart): enable webhooks by default by @phisco in #3951
- feat: ClampMin and ClampMax math transforms by @julienduchesne in #3917
- feat: In
match
transform, allow fallback to input by @julienduchesne in #3919 - fix: validate Composition MathTransform clamp by @phisco in #3968
- Add FromEnvironmentFieldPath to EnvironmentPatch types by @clementblaise in #3966
- Update codecov/codecov-action digest to 40a12dc (master) by @renovate in #3970
- feat: Composition patches validation with schemas by @phisco in #3937
- Pass ESS cert directory name as env variable by @ezgidemirel in #3974
- Add VSHN as a Crossplane adopter by @tobru in #3975
- Update actions/checkout digest to 83b7061 (master) by @renovate in #3977
- Add defaults for CompositeDelete and CompositionUpdate policies by @bobh66 in #3963
- Update all non-major github action (master) by @renovate in #3980
- Small style nits in validation code by @negz in #3983
- fix: respect logical validation option by @phisco in #3984
- Bump default package cache size limit to 20Mi by @turkenh in #3988
- refactor: reduce validation code public API by @phisco in #3986
- fix(helm): #3891 - add hostNetwork functionality to crossplane pod by @portswigger-tim in #3892
- Promote
CompositionRevision
to v1 by @negz in #3964 - Warn that the --enable-composition-revisions flag will be removed by @negz in #3997
- Update aquasecurity/trivy-action action to v0.10.0 (master) by @renovate in #4000
- docs: update helm chart README and document missing parameters by @phisco in #3978
- build(helm): remove values template, generate readme by @phisco in #4002
- Update codecov/codecov-action digest to 894ff02 (master) by @renovate in #4007
- Update github/codeql-action digest to b2c19fb (master) by @renovate in #4009
- fix: schema-aware validation code cleanup and bug fixes by @phisco in #4001
- ci: avoid running scheduled trivy scan on forks by @phisco in #4012
- fix some typos by @cuishuang in #4014
New Contributors
- @stewartshea made their first contribution in #3708
- @ddonahuex made their first contribution in #3709
- @caiofralmeida made their first contribution in #3712
- @wanghong230 made their first contribution in #3725
- @styk-tv made their first contribution in #3730
- @edalonso made their first contribution in #3739
- @Kasama made their first contribution in #3743
- @jessesanford made their first contribution in #3788
- @infbase made their first contribution in #3806
- @el-mail made their first contribution in #3444
- @adrienzieba made their first contribution in #3844
- @AndrewChubatiuk made their first contribution in #3893
- @aclevername made their first contribution in #3909
- @jongwooo made their first contribution in #3935
- @clfs made their first contribution in #3930
- @julienduchesne made their first contribution in #3917
- @portswigger-tim made their first contribution in #3892
Full Changelog: v1.11.0...v1.12.0