v1.15.0

The v1.15.0 release is a regular quarterly Crossplane release that is focused on expanding the capabilities of Crossplane's Composition features, enhancing the Crossplane CLI, and improving the developer experience. This release introduces key enhancements and new features that further empower platform engineers and developers to compose their infrastructure using Crossplane.

🎉 Highlights

• Server-Side Apply for Claim Syncing: This alpha feature uses Kubernetes' Server-Side Apply to improve syncing between Composite Resources and their claims. This feature resolves several outstanding issues but should be enabled carefully after consideration of known behavior changes.
• Expanding Composition Functions: Composition Functions now support requesting arbitrary cluster-scoped resources, enabling more complex compositions that can interact with a wider range of Kubernetes resources. Additionally, Crossplane introduces Python SDK and templates for Composition Functions, widening the community of potential function developers.
• Enhancements to the Crossplane CLI:
  • New subcommands like crossplane beta validate for schema validation, crossplane beta top for resource utilization views similar to kubectl top pods, and crossplane beta convert for converting resources to newer formats or configurations.
  • Improved existing commands like crossplane xpkg init with support for specific git references and additional templates, and crossplane beta render with new flags for including full XR details and context.
  • crossplane beta trace now understands Crossplane packages and can display the entire dependency graph for a given package, along with status for each entry, vastly simplifying the troubleshooting of Crossplane package installations and upgrades.

🚨 Warnings and breaking changes

• The default registry that Crossplane's package manager will install packages from has changed to xpkg.upbound.io from index.docker.io. After upgrading, Crossplane will start pulling packages from xpkg.upbound.io, unless a fully qualified name is specified for a package that includes the specific registry the package resides in, or you have overridden the default registry value with the --registry flag.
  • For example, when installing a package, if the spec.package field is set to:
    • crossplane-contrib/provider-aws:v0.39.0, it will now be pulled from xpkg.upbound.io.
    • index.docker.io/crossplane-contrib/provider-aws:v0.39.0, it will be pulled from index.docker.io (because an explicit registry is specified)
  • ⚠️ To preserve the previous behavior when upgrading to v1.15.0, make sure you pass --set args='{"--registry=index.docker.io"}' during the Helm upgrade.
  • More details can be found in:
    • Docs: https://docs.crossplane.io/latest/software/install/#change-the-default-package-registry
    • Blog post: https://blog.crossplane.io/new-default-crossplane-registry-in-crossplane-1-15/
• The RBAC manager's --manage flag was dropped, this flag allowed configuring the management policies between All and Basic.
  • In v1.13 we switched the default to Basic, and now we are removing the All option completely.
  • ⚠️ If needed, see the related issue to see how to restore the All behaviour.

💡 New features

What's new in v1.15.0?

Server-Side Apply based Claim syncing

Alpha support for Server-Side Apply (ssa) based syncing between Composite Resources and Claims was introduced in this release and can be enabled by passing the --enable-ssa-claims flag to Crossplane. This allows to solve a few syncing issues reported by users, but also implies some behaviour changes that users need to be aware of and provide feedback for before enabling it by default, see the related issue for more details.

Composition Functions

Extra Resources

Composition Functions can now request Crossplane to fetch any cluster-scoped resource Crossplane has access to for them, so before computing the "desired state", this opens up a lot of possibilities, such as reimplementing almost completely the in-tree environment support as a Function, see crossplane-contrib/function-environment-configs.

Metrics

Crossplane will now emit basic metrics related to Functions, e.g. number of requests sent, number of responses received and runs duration. See #5006 for example metrics.

Python Composition Functions

In addition to Go, Composition Functions can now easily be written in Python too, thanks to a new SDK and template. You can read more about it in the docs.

Crossplane CLI

Crossplane v1.15 introduces a few new subcommands:

• crossplane beta validate: allowing to validate a set of resources against their schemas. Being built for Crossplane, the command can automatically download schemas for Crossplane Packages (xpkgs) and directly understands CompositeResourceDefinitions (XRDs).
• crossplane beta top: providing quick resource utilization insight for Crossplane's pods, similar to kubectl top pods.
• crossplane beta convert with two subcommands:
  • pipeline-composition: which allows to automatically convert Compositions to the Pipeline mode, using crossplane-contrib/function-patch-and-transform.
  • deployment-runtime: which allows to automatically convert a deprecated ControllerConfig resource to the new DeploymentRuntimeConfig.

Existing subcommands were also improved:

• crossplane xpkg init now also supports printing helpful messages and init-scripts. It now support initialising from a specific git reference, --ref-name, and also two new templates: function-template-python and configuration-template.
• crossplane beta render was enriched with a few new flags and capabilities:
  • --include-full-xr: to output the full Composite Resource (XR), copying the spec and metadata provided as input, so that can be easily validated using crossplane beta validate.
  • --include-context: to output the pipeline's Context, for better insight in the pipeline execution.
  • --extra-resources: to load extra resources so that a Function in the pipeline can access them
  • It will now set the XR's Ready condition according to the pipeline's output.
• crossplane beta trace now can show the tree of resources also for Crossplane Packages (xpkgs: Providers/Functions/Configurations), to help debugging issues with those too. For Composite Resources instead it can now show also the resource name as defined by the Composition, using -o wide, to allow easily recognising resources with random names.

📖 Full Changelog

• Promote Action: expose pre-release option by @turkenh in #4903
• curl should fail on 404 by @plumbis in #4911
• chore(deps): update jlumbroso/free-disk-space action to v1.3.1 (master) by @renovate in #4913
• Fix indentation in startup probe by @turkenh in #4919
• feat(cli/trace): support resource/name format by @phisco in #4910
• Push Protobufs to Buf Schema Registry by @negz in #4923
• More descriptive error for package parsing by @phisco in #4927
• Handle externally managed Provider service accounts properly by @turkenh in #4925
• fix: avoid spamming SyncPackage and InstallPackageRevision events by @phisco in #4934
• Update releases table and base branches for v1.14 by @turkenh in #4944
• ci: only push to buf registry on crossplane repo by @phisco in #4950
• fix(deps): update module github.com/google/uuid to v1.4.0 (master) by @renovate in #4909
• docs: add Intility to ADOPTERS.md by @JonasKs in #4949
• fix(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] (master) by @renovate in #4930
• fix(deps): update module github.com/go-logr/logr to v1.3.0 (master) by @renovate in #4917
• chore(deps): pin bufbuild/buf-breaking-action action to a074e98 (master) by @renovate in #4953
• fix(deps): update module github.com/bufbuild/buf to v1.27.2 (master) by @renovate in #4957
• chore(deps): update zeebe-io/backport-action action to v2 (master) by @renovate in #4959
• Support pushing to BSR from release branches by @negz in #4958
• chore(deps): update github/codeql-action digest to 74483a3 (master) by @renovate in #4954
• chore(deps): update aquasecurity/trivy-action action to v0.13.1 (master) by @renovate in #4956
• fix(deps): update module golang.org/x/sync to v0.5.0 (master) by @renovate in #4967
• Return after single arch push by @djeremiah in #4977
• chore(deps): update aquasecurity/trivy-action action to v0.14.0 (master) by @renovate in #4981
• chore(deps): update dependency golang to v1.21.4 (master) by @renovate in #4991
• k8s API sets the default value of XR .spec.compositionUpdatePolicy field by @pedjak in #4928
• chore(deps): update dependency helm/helm to v3.13.2 (master) by @renovate in #4992
• chore(deps): update zeebe-io/backport-action action to v2.1.1 (master) by @renovate in #4969
• Use controller-runtime's pprof server rather than our own by @negz in #5005
• fix(deps): update module github.com/bufbuild/buf to v1.28.0 (master) by @renovate in #4994
• fix(deps): update module github.com/bufbuild/buf to v1.28.1 (master) by @renovate in #5009
• Bump golangci-lint to v1.55.2 by @negz in #5010
• Add one-pager for go-templating function by @ezgidemirel in #4935
• chore(deps): update github/codeql-action digest to 689fdc5 (master) by @renovate in #5013
• Bump goverter to v1.1.0 by @negz in #5011
• chore(deps): update github/codeql-action digest to 66b90a5 (master) by @renovate in #5020
• fix: use right service name for conversion webhooks in CRDs by @phisco in #5018
• Add a one-pager guiding Function build tooling by @negz in #4885
• fix(deps): update module github.com/golang-jwt/jwt/v5 to v5.1.0 (master) by @renovate in #4995
• Leave deletion of package service account to garbage collector by @turkenh in #5039
• feat(cli): sort composed resources in the render output by @phisco in #5030
• apiextensions/definition: don't implicitly wait for MR informer, we do that ourselves by @sttts in #5034
• Add a gRPC interceptor for function metrics by @negz in #5006
• fix(deps): update module github.com/prometheus/client_golang to v1.17.0 (master) by @renovate in #5046
• Improve robustness of releasing objects by @turkenh in #5044
• Fix linter in release object by removing redundant if by @turkenh in #5049
• fix(cli): trace show xrc connection secret too by @phisco in #5031
• fix(environment): Revert patch order back to v1.13 by @MisterMX in #5051
• chore(deps): update github/codeql-action digest to 407ffaf (master) by @renovate in #5058
• Use NameGenerator for composite name generation by @pedjak in #5062
• fix: avoid spamming SyncPackage and InstallPackageRevision events - pt.2 by @phisco in #5066
• fix(deps): update module github.com/spf13/afero to v1.11.0 (master) by @renovate in #5067
• crank: fix xpkg build --ignore help text by @sttts in #5071
• fix(deps): update module github.com/jmattheis/goverter to v1.2.0 (master) by @renovate in #5052
• fix(deps): update google.golang.org/protobuf digest to 2087447 (master) by @renovate in #5079
• fix(helm): grant access to all ("*") pkg.crossplane.io resources in user-facing clusterroles by @erikgb in #5088
• chore(deps): update github/codeql-action digest to c0d1daa (master) by @renovate in #5096
• chore(deps): update dependency golang to v1.21.5 (master) by @renovate in #5100
• rbac: add finalizer update permissions to claim resource by @bobh66 in #5091
• chore(deps): update aquasecurity/trivy-action action to v0.15.0 (master) by @renovate in #5101
• chore(deps): update zeebe-io/backport-action action to v2.2.0 (master) by @renovate in #5103
• chore(deps): update aquasecurity/trivy-action action to v0.16.0 (master) by @renovate in #5108
• fix(environment): erroring if no matches in Single mode, configurable minMatch for Multiple by @P0t4T0o in #5076
• fix(xrd): Limit deprecation warning length to 256 by @MisterMX in #5083
• Fix synchronization between claim and the counterpart composite by @pedjak in #4896
• fix(environment): avoid out of bound on maxMatch greater than matches by @phisco in #5128
• chore(deps): update actions/setup-go action to v5 (master) by @renovate in #5109
• chore(deps): update github/codeql-action digest to 03e7845 (master) by @renovate in #5131
• chore(deps): update dependency helm/helm to v3.13.3 (master) by @renovate in #5132
• renovate: configure to automatically bump e2e dependencies by @phisco in #5119
• fix(deps): update module github.com/google/uuid to v1.5.0 (master) by @renovate in #5133
• chore(deps): update e2e-manifests (master) by @renovate in #5135
• tests(e2e): properly teardown resources in TestPropagateFieldsRemovalToXR by @phisco in #5141
• chore(deps): update github/codeql-action action to v3 (master) by @renovate in #5136
• chore(deps): update actions/stale action to v9 (master) by @renovate in #5139
• chore(deps): update actions/upload-artifact action to v4 (master) by @renovate in #5140
• Add Continental in ADOPTERS.md by @yogeek in #5152
• Added Luminar to the ADOPTERS.md by @satishweb in #5153
• Add Transfix to ADOPTERS.md by @amanfredi in #5155
• Update ADOPTERS.md by @mcanevet in #5158
• add Scaleway to the list of adopters by @remyleone in #5159
• Add Skyscrapers to ADOPTERS.md by @iuriaranda in #5160
• Change type assertion on packages to enable correct use of --runtime-… by @djeremiah in #5165
• Update ADOPTERS.md by @alex-souslik-hs in #5168
• Update adopters by @morningspace in #5170
• Update ADOPTERS.md from recent form submissions by @jbw976 in #5167
• Add CODEOWNERS entry for ADOPTERS.md by @jbw976 in #5166
• Indicate in log/events the composite readiness by @pedjak in #5145
• Update release dates for full quarterly cycles after v1.14 by @jbw976 in #5177
• fix: avoid requiring webhook tls certificate for inactive revisions by @phisco in #5176
• fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (master) by @renovate in #5175
• fix(deps): update module google.golang.org/grpc to v1.60.1 (master) by @renovate in #5134
• fix(deps): update module github.com/golang-jwt/jwt/v5 to v5.2.0 (master) by @renovate in #5084
• chore(deps): update github/codeql-action digest to 012739e (master) by @renovate in #5181
• chore(deps): update zeebe-io/backport-action action to v2.3.0 (master) by @renovate in #5182
• fix(deps): update module github.com/go-logr/logr to v1.4.1 (master) by @renovate in #5183
• Ensure ownerRef on objects for inactive package revisions by @turkenh in #5178
• Update ADOPTERS.md by @mateusz-lubanski-sinch in #5187
• Add Novo Nordisk to ADOPTERS.md by @CasperGN in #5191
• chore(deps): update module golang.org/x/crypto to v0.17.0 [security] (master) by @renovate in #5156
• Add "new provider" GitHub issue template, remove new release templates by @negz in #5195
• chore(deps): update module github.com/cloudflare/circl to v1.3.7 [security] (master) by @renovate in #5201
• chore(deps): update mheap/require-checklist-action digest to 01fe247 (master) by @renovate in #5199
• chore(deps): update github/codeql-action digest to e5f05b8 (master) by @renovate in #5203
• [bug] helm chart: explicitly set divisor in container resources by @prune998 in #5198
• fix(deps): update module github.com/jmattheis/goverter to v1.3.0 (master) by @renovate in #5185
• chore(deps): update aquasecurity/trivy-action action to v0.16.1 (master) by @renovate in #5205
• fix(deps): update module github.com/google/go-containerregistry to v0.17.0 (master) by @renovate in #5072
• fix(crank): error out on timeout installing package by @phisco in #5207
• fix(deps): update module github.com/docker/go-connections to v0.5.0 (master) by @renovate in #5210
• fix(deps): update module golang.org/x/sync to v0.6.0 (master) by @renovate in #5214
• fix(functions): restore uid too after FromStructure by @phisco in #5213
• chore(deps): update dependency golang to v1.21.6 (master) by @renovate in #5208
• Re-add ownership for existing CompositionRevisions after backup/restore by @turkenh in #5174
• fix(xrd): propagate OneOf under spec and status by @phisco in #5221
• docs: document registry credential fallback by @maximilianbraun in #5200
• chore(renovate): ignore provider-initial.yaml by @phisco in #5204
• fix(deps): update module github.com/aws/smithy-go to v1.19.0 (master) by @renovate in #5206
• fix(deps): update module github.com/prometheus/client_golang to v1.18.0 (master) by @renovate in #5212
• chore(deps): update actions/cache digest to e12d46a (master) by @renovate in #5222
• fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.1 (master) by @renovate in #5215
• fix(deps): update module golang.org/x/term to v0.16.0 (master) by @renovate in #5217
• Update README.md by @kellytenn in #5226
• Bump protobuf to v1.32 by @negz in #5229
• Add VMware Tanzu to ADOPTERS.md by @teddyking in #5235
• Add Artifact Hub badge to README.md by @jeanduplessis in #5232
• chore(deps): update actions/upload-artifact digest to 1eb3cb2 (master) by @renovate in #5237
• feat: added customAnnotations to RBAC Manager by @pierluigilenoci in #5243
• Include OpenSSF best practices badge to README by @jeanduplessis in #5231
• design: Functions requesting extra resources by @phisco in #5099
• Add function-template-python to well-known xpkg init templates by @negz in #5249
• Add post-initialization hooks for init command by @lsviben in #5190
• chore(deps): update gcr.io/distroless/static docker digest to 9be3fcc (master) by @renovate in #5238
• chore(deps): update github/codeql-action digest to 0b21cf2 (master) by @renovate in #5253
• chore(deps): update dependency helm/helm to v3.14.0 (master) by @renovate in #5254
• chore(deps): update actions/cache action to v4 (master) by @renovate in #5256
• fix(deps): update module github.com/google/go-containerregistry to v0.18.0 (master) by @renovate in #5255
• Add Nexthink to adopters list by @fernandezcuesta in #5257
• fix(deps): update module github.com/emicklei/dot to v1.6.1 (master) by @renovate in #5258
• Return an error when the RBAC manager is started with --manage by @negz in #5260
• Add "--include-full-xr" flag to the render command by @ezgidemirel in #5248
• fix(charter): fixes a weird markdown issue by @bobh66 in #5268
• chore(deps): update actions/upload-artifact digest to 694cdab (master) by @renovate in #5264
• chore(deps): update zeebe-io/backport-action action to v2.4.0 (master) by @renovate in #5274
• Update default registry to xpkg.upbound.io by @jbw976 in #5261
• Bump crossplane-runtime by @negz in #5276
• feat: functions requesting extra resources by @phisco in #5247
• Incorporate convert command by @lsviben in #5275
• chore(deps): update actions/upload-artifact digest to 26f96df (master) by @renovate in #5277
• fix(deps): update module google.golang.org/grpc to v1.61.0 (master) by @renovate in #5281
• Add crossplane beta validate subcommand for offline schema validation by @ezgidemirel in #5197
• feat(transform): Support string joining arrays by @MisterMX in #5148
• Crossplane top command - pods resources utilization implementation by @Piotr1215 in #5245
• fix(functions): unique field owners to prevent hijacking composed resources by @phisco in #5236
• doc: update adopters list by @akesser in #5284
• feat: add support for tracing package types by @jbw976 in #5252
• fix(crank/trace): show state for not true conditions by @phisco in #5290
• Add Nokia to ADOPTERS.md by @bobh66 in #5291
• Update ADOPTERS.md by @rwsweeney in #5293
• Add Printbox and DeepSea to ADOPTERS.md by @jbw976 in #5295
• Don't run Realtime Composition E2E tests in CI by @negz in #5296
• Display package images unmodified in trace pkg output by @jbw976 in #5299
• Bump github.com/bufbuild/buf to v1.29.0 by @negz in #5297
• feat(crank/render): set XR readiness condition by @phisco in #5305
• tests: add more thorough cleanup step to ProviderUpgrade by @phisco in #5307
• Add Imagine Learning to Adopters by @blakeromano in #5303
• chore(deps): update github/codeql-action digest to b7bf0a3 (master) by @renovate in #5300
• chore(deps): update zeebe-io/backport-action action to v2.4.1 (master) by @renovate in #5278
• fix(deps): update module github.com/google/uuid to v1.6.0 (master) by @renovate in #5280
• chore(deps): update codecov/codecov-action digest to ab904c4 (master) by @renovate in #5286
• fix(deps): update module github.com/google/go-containerregistry to v0.19.0 (master) by @renovate in #5309
• Bump goverter by @negz in #5312
• Bump build submodule by @negz in #5311
• fix(deps): update module github.com/jmattheis/goverter to v1.3.2 (master) by @renovate in #5317
• Miscellaneous cleanups in Composition controllers by @negz in #5319
• controller/usage: remove debug output by @sttts in #5304
• fix(deps): update github.com/upbound/up-sdk-go digest to 2d00664 (master) by @renovate in #5318
• fix(deps): update module github.com/docker/docker to v25.0.2+incompatible (master) by @renovate in #5266
• chore: Bump k8s io dependencies to v0.29.1 by @MisterMX in #5315
• fix(deps): update module github.com/docker/docker to v25.0.2+incompatible (master) by @renovate in #5324
• chore(deps): revert to buf 1.27.2 to avoid cel-go dep ahead of k8s by @phisco in #5325
• Add babelforce to ADOPTERS.md by @nik843 in #5323
• design: One-pager for Beta Composition Environment, a.k.a. EnvironmentConfigs by @phisco in #5061
• Add CEL validation to validate subcommand by @ezgidemirel in #5326
• Update Governance with the new steering committee. by @bassam in #5331
• Specify production usage for a few adopters by @jbw976 in #5333
• chore(deps): update dependency kubernetes-sigs/kind to v0.21.0 (master) by @renovate in #5332
• chore(deps): update github/codeql-action digest to e8893c5 (master) by @renovate in #5330
• Adds Nike to ADOPTERS.md by @jcooklin in #5342
• Put SSA-based claim syncing behind a feature flag by @negz in #5313
• Added debug logs for render command by @lsviben in #5328
• chore(deps): update aquasecurity/trivy-action action to v0.17.0 (master) by @renovate in #5341
• Bump crossplane-runtime to v1.15.0-rc.1 by @phisco in #5344
• [Backport release-1.15] feat(crank/trace): show resource name in wide if available by @github-actions in #5348
• [Backport release-1.15] fix(crank/render): conditions' lastTransitionTime can not be null by @github-actions in #5349
• [Backport release-1.15] Do not use version when indexing Used resources in Usage Handler by @github-actions in #5354
• [Backport release-1.15] Accept version changes in composed templates by @github-actions in #5371
• [Backport release-1.15] feat: drop aggregate-to-ns-* clusterroles by @github-actions in #5375
• [Backport release-1.15] fix(crank/xpkg): push properly retrieve upbound credentials by @github-actions in #5379
• [Backport release-1.15] Add configuration-template to well known xpkg init templates by @github-actions in #5390
• [Backport release-1.15] init - add option to select branch/tag by @github-actions in #5392
• Bump crossplane-runtime to v1.15.0 by @phisco in #5395

🆕 New Contributors

• @djeremiah made their first contribution in #4977
• @satishweb made their first contribution in #5153
• @amanfredi made their first contribution in #5155
• @mcanevet made their first contribution in #5158
• @remyleone made their first contribution in #5159
• @iuriaranda made their first contribution in #5160
• @alex-souslik-hs made their first contribution in #5168
• @mateusz-lubanski-sinch made their first contribution in #5187
• @CasperGN made their first contribution in #5191
• @prune998 made their first contribution in #5198
• @kellytenn made their first contribution in #5226
• @teddyking made their first contribution in #5235
• @pierluigilenoci made their first contribution in #5243
• @fernandezcuesta made their first contribution in #5257
• @rwsweeney made their first contribution in #5293
• @blakeromano made their first contribution in #5303
• @nik843 made their first contribution in #5323
• @jcooklin made their first contribution in #5342

Full Changelog: v1.15.0-rc.0...v1.15.0