v1.14.0

The v1.14.0 release is a regular quarterly Crossplane release that is packed full of big features that will make platform engineers more productive and effective in building control planes to power their infrastructure. This is the biggest release we’ve done to date, with over 700 commits, so the velocity has only continued to increase as the project matures.

🎉 Highlights

• Composition functions promoted to v1beta1.
• A new Provider DeploymentRuntimeConfig to eventually replace the deprecated ControllerConfig.
• New Crossplane CLI for troubleshooting and package management.
• Support for ordered deletion with Usages.
• Alpha support for real time composition

🚨 Warnings and breaking changes

• Crossplane Helm images have moved from index.docker.io to xpkg.upbound.io. Images are still published to index.docker.io but is moving to only publish on xpkg.upbound.io in a future release.
• Changes to TLS certificates. Existing users of external secret stores need to manually update their TLS certificates. Read Crossplane issue #4565 for more information.
• Removed Vault support for External Secret Stores. Crossplane suggests using the ESS Plugins as a replacement.
• Removed the controllerConfigRef from the Configuration package and package revision APIs, which was a no-op before.
• The introduction of the new Crossplane CLI deprecates the existing kubectl crossplane plugin.
• The v1beta1 implementation of Composition Functions is incompatible with existing v1alpha1 functions.

💡 New features

What's new in v1.14.0 ?

Crossplane CLI

Crossplane v1.14 introduces a rebuilt Crossplane CLI.
The Crossplane CLI provides features to help troubleshoot Crossplane resources, build and publish Crossplane packages, and locally test composition functions.
Read the CLI documentation for information on installing and the full set of supported features.

Real time Compositions

This release adds the alpha feature "real time compositions" to Crossplane.
Real time compositions allow Kubernetes to immediately notify Crossplane of changes to composed resources. Crossplane doesn't need to poll resources to determine their state.
Real time compositions dramatically speed up the time Crossplane reacts to changes or failures of managed resources.
The real time compositions feature is an alpha feature and isn't enabled by default.
The Crossplane pods documentation has more information about real time compositions.

Ordered resource deletion

Crossplane introduces a new usages type to prevent resources from deletion or to ensure deletion happens in the correct order.
A Usages defines a dependency mapping between a resource and any dependencies. Crossplane can't delete the parent resource until after deleting the child resource.
A usage also allow Crossplane to prevent accidental deletion of a resource.
The usage feature is an alpha feature and isn't enabled by default.
The Usages documentation provides information on enabling and configuring Usages.

🏗️ Notable changes

Composition functions

v1.14 promotes composition functions to v1beta1 with a new, more scalable architecture for running functions.

Crossplane v1.14 includes CLI tooling, templates, SDKs, and documentation for building functions.

Several new functions available for the new architecture, including function patch and transform, function Go templating,
and function cue.

Management policies enabled by default

Managed resource "management policies" moved to beta and are now enabled by default.

Object has been modified warnings

Crossplane changed the behavior causing this confusing event message, so users should see much less of these:

cannot patch object: Operation cannot be fulfilled on compositenetworks.gcp.platformref.crossplane.io "test-network-d6xjh": the object has been modified; please apply your changes to the latest version and try again`

Adding extra objects during Crossplane install

The Crossplane Helm chart now supports an extraObjects: [] array to install other Kubernetes objects during the Crossplane install.

Support for pausing other Crossplane objects

The Crossplane annotation crossplane.io/paused is now supported in Claims, Composites, Configurations, Functions, and Provider objects.

Full Changelog

• Empty commit for 1.13 by @ezgidemirel in #4365
• fix: omitempty environmentConfigs label selector fields by @phisco in #4367
• doc: Add SIG info in readme by @csantanapr in #4287
• composite: add fuzzer by @AdamKorcz in #4198
• fix: validate Package images by @phisco in #4370
• composite: fix nil-dereference by @AdamKorcz in #4380
• Update module google.golang.org/grpc to v1.57.0 (master) by @renovate in #4388
• Add Crossplane 2023 security audit report by @AdamKorcz in #4390
• ci: add cleanup disk step before publish by @phisco in #4394
• Update release table and base branches for v1.13 by @ezgidemirel in #4395
• Bugfix/propagate composition revision ref by @dukanto in #4386
• inject noop logger by default to ctrl-runtime to avoid warnings by @lsviben in #4403
• fix(intializer): update storage version of CompositionRevision CRs in etcd by @sttts in #4402
• Update github/codeql-action digest to 0ba4244 (master) by @renovate in #4387
• [DevEx] controller/rbac: edge based events for applies by @sttts in #4307
• Update mikefarah/yq Docker tag to v4.34.2 (master) by @renovate in #4411
• Add Predrag as reviewer by @pedjak in #4420
• fix: Include top-level description in CRDs generated from XRDs by @mbbush in #4371
• Update module github.com/bufbuild/buf to v1.25.0 (master) by @renovate in #4340
• add revision fuzzer by @AdamKorcz in #4199
• dag: improve fuzzer by @AdamKorcz in #4200
• Add Airnity to adopters by @duizabojul in #4425
• Update dependency golang to v1.20.7 (master) by @renovate in #4426
• Update the status of observe-only and ignore-changes design docs by @lsviben in #4421
• Move hasheddan to emeritus maintainers by @hasheddan in #4434
• Update module github.com/bufbuild/buf to v1.25.1 (master) by @renovate in #4435
• Update module github.com/google/go-containerregistry to v0.16.1 (master) by @renovate in #4437
• feat: add xfn v1beta1 grpc interface by @phisco in #4431
• chore: added docs reminder to PR checklist by @phisco in #4441
• Introduce Function CRDs by @ezgidemirel in #4430
• fix(crds): add crd migration for locks.pkg.crossplane.io v1alpha1 by @haarchri in #4447
• fix: copy x-kubernetes-validations from spec to composite/claim CRDs by @tenstad in #4424
• Update module golang.org/x/sys to v0.11.0 (master) by @renovate in #4453
• fix: avoid panics due to reflect.TypeOf usage by @phisco in #4389
• Update module github.com/crossplane/crossplane-runtime to v0.20.1 (master) by @renovate in #4459
• chore(renovate): enable conventional commits by @phisco in #4460
• docs: add further details to release issue template by @phisco in #4456
• chore(deps): update module golang.org/x/net to v0.13.0 [security] (master) by @renovate in #4439
• fix(transforms): properly compute hashes for strings by @stevendborrelli in #4445
• Release template improvement: Close GH milestone by @pedjak in #4461
• chore(deps): update actions/setup-go digest to 93397be (master) by @renovate in #4468
• chore(deps): update github/codeql-action digest to 5b6282e (master) by @renovate in #4469
• chore(deps): update dependency golangci/golangci-lint to v1.54.0 (master) by @renovate in #4474
• Update release issue templates with recent changes/learnings by @jbw976 in #4345
• Package Runtime Config one-pager by @negz in #4322
• feat: add MatchTrue and MatchFalse readiness checks by @LCaparelli in #4399
• fix(deps): update module github.com/bufbuild/buf to v1.26.1 (master) by @renovate in #4478
• tests(e2e): introduce environment wrapper and test suites by @phisco in #4343
• Move xfn out-of-tree by @phisco in #4433
• Use new runtime versioning on master by @turkenh in #4495
• chore(deps): update dependency helm/helm to v3.12.3 (master) by @renovate in #4482
• chore(deps): update dependency golangci/golangci-lint to v1.54.1 (master) by @renovate in #4486
• Make docs contribution link 'reference' style by @negz in #4501
• chore(deps): update golangci/golangci-lint-action digest to 3a91952 (master) by @renovate in #4502
• chore(deps): update github/codeql-action digest to a09933a (master) by @renovate in #4499
• Update release process with releasing runtime by @turkenh in #4496
• Consume latest runtime without in tree Vault by @turkenh in #4503
• chore(deps): update zeebe-io/backport-action action to v1.4.0 (master) by @renovate in #4505
• fix(deps): update module github.com/jmattheis/goverter to v0.17.5 (master) by @renovate in #4507
• chore(deps): update dependency golang to v1.21.0 (master) by @renovate in #4473
• Adler32 string transform implementation by @stevendborrelli in #4417
• Generate TLS certificates for XP and providers by @ezgidemirel in #4485
• Readme Get Started Section by @shanecmiller23 in #4465
• chore(deps): bump e2e-framework to v0.3.0 by @phisco in #4516
• tests(e2e): Environment configs E2Es by @phisco in #4379
• chore(deps): update actions/checkout digest to f43a0e5 (master) by @renovate in #4517
• Fix Crossplane crash after creating an XRD with an empty schema by @ezgidemirel in #4510
• Move muvaf from maintainers to emeritus by @muvaf in #4518
• feat: add build function subcommand to crank and image to meta functions spec by @phisco in #4525
• chore(deps): update docker/setup-buildx-action digest to 885d146 (master) by @renovate in #4534
• fix(alpha): schema aware validation properly handling ToJson string t… by @phisco in #4527
• Add support for convert transforms from JSON to object/array by @turkenh in #4524
• fix(chart): explicitly set resourceFieldRef.divisor to avoid flapping by @phisco in #4538
• fix(helm): add conditionals around workload securityContexts by @erikgb in #4513
• chore(deps): update github/codeql-action digest to 00e563e (master) by @renovate in #4536
• Deploy Functions with package manager by @ezgidemirel in #4530
• Snake-case-i-fy environmentConfig_test.go by @negz in #4559
• chore(deps): update aquasecurity/trivy-action action to v0.12.0 (master) by @renovate in #4560
• chore(deps): update mheap/require-checklist-action digest to 1baf7cf (master) by @renovate in #4564
• chore(deps): update actions/checkout action to v4 (master) by @renovate in #4567
• feat(composition): check only defined PatchSets are used by @phisco in #4550
• feat(xrd): generated CRDs validation by @phisco in #4484
• feat(environmentConfig): allow setting sourceFieldPath label selector optional by @phisco in #4547
• chore(environment): fromFieldPathPolicy instead of policy by @phisco in #4568
• apiextensions/composite: tame "Successfully selected composition" event by @sttts in #4570
• Bump e2e step timeouts by @turkenh in #4578
• feat(environment): Environment init data by @MisterMX in #4555
• apiextension/definition: tame "Applied composite resource CRD" event by @sttts in #4575
• fix(deps): update github.com/google/go-containerregistry/pkg/authn/k8schain digest to a748190 (master) by @renovate in #4554
• chore(deps): update actions/upload-artifact digest to a8a3f3a (master) by @renovate in #4585
• fix(deps): update module google.golang.org/grpc to v1.58.0 (master) by @renovate in #4587
• chore(deps): update dependency golang to v1.21.1 (master) by @renovate in #4586
• contributing: doc good conditions and events by @sttts in #4580
• Allow overriding REGISTRY_ORGS from outside by @turkenh in #4589
• chore(deps): update actions/cache digest to 704facf (master) by @renovate in #4592
• chore(deps): update gcr.io/distroless/static docker digest to e7e79fb (master) by @renovate in #4596
• Add Usage type for Deletion Ordering and Resource Protection by @turkenh in #4444
• fix(deps): update module github.com/jmattheis/goverter to v0.18.0 (master) by @renovate in #4595
• apiextensions/composite: list unready resources in condition message by @sttts in #4565
• chore(deps): update dependency golangci/golangci-lint to v1.54.2 (master) by @renovate in #4508
• fix(deps): update github.com/adalogics/go-fuzz-headers digest to ced1acd (master) by @renovate in #4553
• Support v1beta1 style Functions by @negz in #4500
• chore(deps): update github/codeql-action digest to 701f152 (master) by @renovate in #4612
• chore(deps): update docker/setup-qemu-action action to v3 (master) by @renovate in #4613
• chore(deps): update docker/setup-buildx-action action to v3 (master) by @renovate in #4608
• chore(deps): update docker/login-action action to v3 (master) by @renovate in #4607
• Hardwire the XR Reconciler to use *composite.Unstructured by @negz in #4614
• Set golangci-lint to automatically fix issues by @jeanduplessis in #4621
• Further clarifies ControllerConfig deprecation by @jeanduplessis in #4618
• test/e2e: print related objects by @sttts in #4594
• package-manager: always set Unhealthy() message by @sttts in #4610
• apiextensions/composite: report environment errors in Ready condition by @sttts in #4584
• chore(deps): update github/codeql-action digest to 04daf01 (master) by @renovate in #4628
• fix(deps): update module google.golang.org/grpc to v1.58.1 (master) by @renovate in #4629
• controller/revision: use uncached client for secrets by @sttts in #4626
• Add Functions to the xpkg spec by @negz in #4633
• charter: Expand scope of charter to make the project a more complete experience by @jbw976 in #4643
• Add a specification for Composition Functions by @negz in #4640
• chore(deps): update github/codeql-action digest to 6a28655 (master) by @renovate in #4642
• Do not report success before package deployment is ready by @turkenh in #4647
• Add new SIG-DevEx to list of SIGs by @jbw976 in #4653
• fix(deps): update module google.golang.org/grpc to v1.58.2 (master) by @renovate in #4658
• chore(deps): update actions/checkout digest to 8ade135 (master) by @renovate in #4666
• fix(deps): update module github.com/spf13/afero to v1.10.0 (master) by @renovate in #4665
• functions/proto: clarify that desired state must be SSA compatible by @sttts in #4687
• feat[compositions]: realtime compositor – part 1: changes to compositions by @sttts in #4582
• chore(deps): update github/codeql-action digest to ddccb87 (master) by @renovate in #4696
• chore(deps): update dependency helm/helm to v3.13.0 (master) by @renovate in #4698
• Deploy to kind cluster with debugging on by @pedjak in #4700
• feat: set XR and XRC conditions to map by type by @phisco in #4701
• fix(lock) empty package and type in lock when dependsOn is a function by @haarchri in #4706
• feat(runtime): bump crossplane-runtime to fix #4631 by @haarchri in #4713
• Use a different SSA field owner for XRs and composed resources by @negz in #4717
• Deactivate inactive revisions without pulling/parsing the package contents by @turkenh in #4071
• Move up xpkg build command to crossplane by @lsviben in #4694
• fix(message): fix event message to print composition revision by @haarchri in #4714
• chore(renovate): always update crossplane-runtime digests by @phisco in #4718
• fix(roles): System ProviderRevision named clusterRoles should have labels by @Mitsuwa in #4716
• fix(deps): update github.com/google/go-containerregistry/pkg/authn/k8schain digest to dbcd01c (master) by @renovate in #4711
• feat: switch to new tls certs by @phisco in #4656
• Wire errors.WithSilentRequeueOnConflict by @sttts in #4724
• feat: switch kubectl-crossplane to just crossplane by @phisco in #4719
• chore(deps): update dependency golang to v1.21.2 (master) by @renovate in #4737
• test/e2e: print condition trace while waiting by @sttts in #4735
• tests(e2e): related objects working also for claims by @phisco in #4740
• fix(deps): update module golang.org/x/sync to v0.4.0 (master) by @renovate in #4734
• feat(functions): support environment if present by @phisco in #4632
• feat(helm): add extra object option by @haarchri in #4664
• tests(e2e): always delete resources and check their status on creation by @phisco in #4749
• feat: add readiness and liveness probes to crossplane by @phisco in #4748
• fix(test/e2e/readme) -installcrossplane option is actually -preinstallcrossplane by @pedjak in #4756
• add: --tar-path parameter to the build command by @JonasKs in #4741
• xpkg push by @lsviben in #4721
• tests(e2e): export kind logs on failure, enable audit logs and fail fast by @phisco in #4750
• tests(e2e): add events to related objects and report also on deletion by @phisco in #4752
• chore(ci): set action to use semantic version by @phisco in #4763
• chore(deps): pin dependencies (master) by @renovate in #4765
• chore(deps): update gcr.io/distroless/static docker digest to 6706c73 (master) by @renovate in #4759
• chore(deps): update github/codeql-action digest to fdcae64 (master) by @renovate in #4743
• feat(crank): alpha/beta subcommands and tree view by @phisco in #4755
• chore(deps): update dependency golang to v1.21.3 (master) by @renovate in #4773
• fix(deps): update module github.com/google/go-cmp to v0.6.0 (master) by @renovate in #4774
• fix(deps): update module google.golang.org/grpc to v1.58.3 (master) by @renovate in #4775
• fix(deps): update module github.com/alecthomas/kong to v0.8.1 (master) by @renovate in #4778
• chore(deps): update module golang.org/x/net to v0.17.0 [security] (master) by @renovate in #4788
• fix(deps) bump crossplane-runtime to a8f7557 commit by @pedjak in #4782
• chore(deps): update dependency helm/helm to v3.13.1 (master) by @renovate in #4793
• chore(deps): update github/codeql-action digest to d90b8d7 (master) by @renovate in #4792
• fix: just requeue all conflict errors by @phisco in #4758
• feat(crank): add render command from xrender by @phisco in #4764
• chore(deps): update github/codeql-action digest to 0116bc2 (master) by @renovate in #4802
• feat: switch probes port to 8081 by @phisco in #4812
• Support loading context when running crossplane beta render by @negz in #4811
• fix(helm): Add custom annotation for rbac manager pods by @siddharthdeshmukh in #4801
• k8s API sets the default value of claim's spec.compositeDeletePolicy field by @pedjak in #4768
• feat(crank): add init function subcommand by @phisco in #4736
• tests: adhere to standard by @phisco in #4815
• test/e2e: print related object events in kubectl style by @sttts in #4816
• feat(crank): drop duplicated build/push commands by @phisco in #4818
• Log events automatically by @sttts in #4754
• e2e: wait for all nop resource deleted before deleting prerequisites by @turkenh in #4819
• Beta support for Package Runtime Config by @turkenh in #4744
• Improve contribution message about adding e2e tests by @pedjak in #4805
• Stop propagation of claim's *.kubernetes.io/*.k8s.io annotations/labels down to XR by @pedjak in #4821
• internal/xcrd: limit claim and composite name length in OpenAPI to actual values by @sttts in #4777
• fix: use k8s.io/utils/ptr everywhere by @phisco in #4824
• Speed up e2e by @sttts in #4733
• feat[compositions]: realtime compositor – part 2: changes to MRs by @sttts in #4637
• fix convert transforms toType field validation by @ravilr in #4825
• ci(configurations): remove unused getting started configurations by @phisco in #4766
• feat(crank): add marketplace login/logout commands and enable push. by @phisco in #4823
• e2e/funcs: stop LogResources on test termination by @sttts in #4829
• e2e: in realtime compositions test delete claim and wait for nop resources by @sttts in #4836
• e2e: fix provider upgrade by waiting correct revision by @turkenh in #4835
• fix(deps): update module github.com/bufbuild/buf to v1.27.1 (master) by @renovate in #4730
• fix(deps): update module google.golang.org/grpc to v1.59.0 (master) by @renovate in #4833
• chore: remove getting started configs from release procedure by @phisco in #4838
• fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (master) by @renovate in #4830
• Update Helm chart to install Crossplane images from xpkg.upbound.io by @jbw976 in #4831
• feat: promote composition schema-aware validation to beta by @phisco in #4814
• Re-streamline PR checklist by @negz in #4834
• Updates to pass docs vale checking by @plumbis in #4841
• Rearrange the crossplane subcommands by @negz in #4832
• added sig-observability to README.md by @humoflife in #4826
• Fix sig-observability Slack link, and README badges by @negz in #4842
• e2e: fix flakes with environment-configs suite by @turkenh in #4847
• Use updated image for local dev by @turkenh in #4845
• chore(deps): update actions/checkout digest to b4ffde6 (master) by @renovate in #4848
• Add ability to pause reconciliation of Provider/Configuration/Function instances by @pedjak in #4820
• Update Upjet SIG Slack channel name by @jeanduplessis in #4851
• Update ControllerConfig deprecation notice to point DeploymentRuntimeConfig by @turkenh in #4846
• Don't auto-assign reviewers, for now by @negz in #4853
• Overhaul crossplane --help output. by @negz in #4843
• chore(deps): update github/codeql-action digest to 49abf0b (master) by @renovate in #4862
• cmd/core: step down from leader election immediately by @sttts in #4859
• compositor: minimal invasive name generation without dry-run by @sttts in #4858
• Don't assume xpkg.upbound.io for runtime images by @negz in #4867
• Support pushing multi-platform packages by @negz in #4870
• chore(deps): update fkirc/skip-duplicate-actions action to v5.3.1 (master) by @renovate in #4865
• Fix log for composition webhook schema validation as beta by @turkenh in #4880
• feat: switch probes to only startupProbe by @phisco in #4861
• Add feature flag for DeploymentRuntimeConfig as beta by @turkenh in #4857
• fix(crank): properly load yaml files from directories by @phisco in #4883
• feat(crank): add beta trace command by @phisco in #4849
• feat(crank/render): enforce function and composition type by @phisco in #4887
• Don't load observed composed resources if none are provided by @negz in #4888
• fix(schema-aware-validation): readiness check with no target field type by @phisco in #4889
• crank/trace: fix order of column to match managed resources by @sttts in #4895
• feat(schema-aware-validation): only emit warnings by default by @phisco in #4892
• fix(deps): update module github.com/go-git/go-git/v5 to v5.10.0 (master) by @renovate in #4890
• chore(deps): update aquasecurity/trivy-action action to v0.13.0 (master) by @renovate in #4898
• Propagate package annotations from config file labels to layer annotations by @negz in #4901
• [release-1.14] Bump Crossplane Runtime to v1.14.0-rc.1 by @turkenh in #4902
• [Backport release-1.14] Promote Action: expose pre-release option by @github-actions in #4905
• [Backport release-1.14] chore(deps): update jlumbroso/free-disk-space action to v1.3.1 (master) by @github-actions in #4916
• [Backport release-1.14] Fix indentation in startup probe by @github-actions in #4920
• [Backport release-1.14] feat(cli/trace): support resource/name format by @github-actions in #4921
• [Backport release-1.14] More descriptive error for package parsing by @github-actions in #4931
• [Backport release-1.14] Handle externally managed Provider service accounts properly by @github-actions in #4936
• [Backport release-1.14] fix: avoid spamming SyncPackage and InstallPackageRevision events by @github-actions in #4940
• [release-1.14] Bump Crossplane Runtime to v1.14.0 by @turkenh in #4942

New Contributors

• @dukanto made their first contribution in #4386
• @duizabojul made their first contribution in #4425
• @LCaparelli made their first contribution in #4399
• @shanecmiller23 made their first contribution in #4465
• @Mitsuwa made their first contribution in #4716
• @JonasKs made their first contribution in #4741
• @siddharthdeshmukh made their first contribution in #4801
• @ravilr made their first contribution in #4825
• @humoflife made their first contribution in #4826

Full Changelog: v1.13.0...v1.14.0