diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ae5452e6..5ba59e57b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,11 +15,10 @@ env: # Force Earthly to use color output FORCE_COLOR: "1" - # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run - # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether + # Common users. We can't run a step 'if secrets.DOCKER_USR != ""' but we can run + # a step 'if env.DOCKER_USR' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. DOCKER_USR: ${{ secrets.DOCKER_USR }} - AWS_USR: ${{ secrets.AWS_USR }} UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }} @@ -51,14 +50,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: | echo "EARTHLY_PUSH=true" >> $GITHUB_ENV echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV - name: Generate Files - run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +generate + run: earthly --strict --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }} +generate - name: Count Changed Files id: changed_files @@ -97,14 +96,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: | echo "EARTHLY_PUSH=true" >> $GITHUB_ENV echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV - name: Lint - run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +lint + run: earthly --strict --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }} +lint codeql: runs-on: ubuntu-22.04 @@ -133,14 +132,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: | echo "EARTHLY_PUSH=true" >> $GITHUB_ENV echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV - name: Run CodeQL - run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +ci-codeql + run: earthly --strict --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }} +ci-codeql - name: Upload CodeQL Results to GitHub uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3 @@ -197,14 +196,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: | echo "EARTHLY_PUSH=true" >> $GITHUB_ENV echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV - name: Run Unit Tests - run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +test + run: earthly --strict --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }} +test - name: Publish Unit Test Coverage uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4 @@ -249,7 +248,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: | echo "EARTHLY_PUSH=true" >> $GITHUB_ENV @@ -257,7 +256,7 @@ jobs: - name: Run E2E Tests run: | - earthly --strict --allow-privileged --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }}-${{ matrix.test-suite}} \ + earthly --strict --allow-privileged --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }}-${{ matrix.test-suite}} \ +e2e --FLAGS="-test.failfast -fail-fast --test-suite ${{ matrix.test-suite }}" - name: Publish E2E Test Flakes @@ -321,35 +320,19 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure Earthly to Push Cache to GitHub Container Registry + - name: Configure Earthly to Push Cache to GitHub Container Registry if: github.ref == 'refs/heads/master' run: echo "EARTHLY_MAX_REMOTE_CACHE=true" >> $GITHUB_ENV - name: Configure Earthly to Push Artifacts - if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-')) && env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != '' && env.AWS_USR != '' + if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-')) && env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != '' run: echo "EARTHLY_PUSH=true" >> $GITHUB_ENV - name: Set CROSSPLANE_VERSION GitHub Environment Variable run: earthly +ci-version - name: Build and Push Artifacts - run: earthly --strict --remote-cache ghcr.io/crossplane/earthly-cache:${{ github.job }} +ci-artifacts --CROSSPLANE_VERSION=${CROSSPLANE_VERSION} - - - name: Push Artifacts to https://releases.crossplane.io/build/ - if: env.AWS_USR != '' - run: | - earthly --strict \ - --secret=AWS_ACCESS_KEY_ID=${{ secrets.AWS_USR }} \ - --secret=AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_PSW }} \ - +ci-push-build-artifacts --AWS_DEFAULT_REGION=us-east-1 --CROSSPLANE_VERSION=${CROSSPLANE_VERSION} --BUILD_DIR=${GITHUB_REF##*/} - - - name: Push Artifacts to https://releases.crossplane.io/master/ and https://charts.crossplane.io/master - if: env.AWS_USR != '' && github.ref == 'refs/heads/master' - run: | - earthly --strict \ - --secret=AWS_ACCESS_KEY_ID=${{ secrets.AWS_USR }} \ - --secret=AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_PSW }} \ - +ci-promote-build-artifacts --AWS_DEFAULT_REGION=us-east-1 --CROSSPLANE_VERSION=${CROSSPLANE_VERSION} --BUILD_DIR=${GITHUB_REF##*/} --CHANNEL=master + run: earthly --strict --remote-cache ghcr.io/upbound/crossplane-earthly-cache:${{ github.job }} +ci-artifacts --CROSSPLANE_VERSION=${CROSSPLANE_VERSION} - name: Upload Artifacts to GitHub uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index ce69e8393..d8bf50f53 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -26,7 +26,6 @@ env: # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. DOCKER_USR: ${{ secrets.DOCKER_USR }} - AWS_USR: ${{ secrets.AWS_USR }} UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }} jobs: @@ -43,29 +42,20 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ env.EARTHLY_VERSION }} - - name: Promote Image to docker.io/crossplane/crossplane:${{ inputs.channel }} + - name: Promote Image to docker.io/upbound/crossplane:${{ inputs.channel }} if: env.DOCKER_USR != '' run: | earthly --strict \ --push \ --secret DOCKER_USER=${{ secrets.DOCKER_USR }} \ --secret DOCKER_PASSWORD=${{ secrets.DOCKER_PSW }} \ - +ci-promote-image --CHANNEL=${{ inputs.channel }} --CROSSPLANE_VERSION=${{ inputs.version }} --CROSSPLANE_REPO=docker.io/crossplane/crossplane + +ci-promote-image --CHANNEL=${{ inputs.channel }} --CROSSPLANE_VERSION=${{ inputs.version }} --CROSSPLANE_REPO=docker.io/upbound/crossplane - - name: Promote Image to xpkg.upbound.io/crossplane/crossplane:${{ inputs.channel }} + - name: Promote Image to xpkg.upbound.io/upbound/crossplane:${{ inputs.channel }} if: env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != '' run: | earthly --strict \ --push \ --secret DOCKER_USER=${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }} \ --secret DOCKER_PASSWORD=${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }} \ - +ci-promote-image --CHANNEL=${{ inputs.channel }} --CROSSPLANE_VERSION=${{ inputs.version }} --CROSSPLANE_REPO=xpkg.upbound.io/crossplane/crossplane - - - name: Promote Build Artifacts to https://releases.crossplane.io/${{ inputs.channel }} - if: env.AWS_USR != '' - run: | - earthly --strict \ - --push \ - --secret=AWS_ACCESS_KEY_ID=${{ secrets.AWS_USR }} \ - --secret=AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_PSW }} \ - +ci-promote-build-artifacts --AWS_DEFAULT_REGION=us-east-1 --CHANNEL=${{ inputs.channel }} --BUILD_DIR=${GITHUB_REF##*/} --PRERELEASE=${{ inputs.pre-release }} --CROSSPLANE_VERSION=${{ inputs.version }} + +ci-promote-image --CHANNEL=${{ inputs.channel }} --CROSSPLANE_VERSION=${{ inputs.version }} --CROSSPLANE_REPO=xpkg.upbound.io/upbound/crossplane diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 52be8b996..000000000 --- a/CODEOWNERS +++ /dev/null @@ -1,67 +0,0 @@ -# This file controls automatic PR reviewer assignment. See the following docs: -# -# * https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners -# * https://docs.github.com/en/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team -# -# The goal of this file is for most PRs to automatically and fairly have 1 to 2 -# maintainers set as PR reviewers. All maintainers have permission to approve -# and merge PRs. PRs only need -# -# Most lines in this file will assign one subject matter expert and one random -# maintainer. PRs only need to be approved by one of these people to be merged. -# -# This in part depends on how the groups in this file are configured. -# -# @crossplane/steering-committee - Assigns 3 members. Admin perms to this repo. -# @crossplane/crossplane-maintainers - Assigns 1 member. Maintain perms to this repo. -# -# Where possible, prefer explicitly specifying a maintainer who is a subject -# matter expert for a particular part of the codebase rather than using the -# @crossplane/crossplane-maintainers group. -# -# See also OWNERS.md for governance details - -# Fallback owners -* @crossplane/crossplane-maintainers - -# Governance owners - steering committee -/README.md @crossplane/steering-committee -/OWNERS.md @crossplane/steering-committee -/CHARTER.md @crossplane/steering-committee -/CODE_OF_CONDUCT.md @crossplane/steering-committee -/GOVERNANCE.md @crossplane/steering-committee -/ROADMAP.md @crossplane/steering-committee -/LICENSE @crossplane/steering-committee - -# Adopters list - steering committee and maintainers -/ADOPTERS.md @crossplane/steering-committee @crossplane/crossplane-maintainers - -# Design documents -/design/ @crossplane/crossplane-maintainers @negz - -# Contributing documentation -/contributing/ @crossplane/crossplane-maintainers @negz - -# Package manager -/apis/pkg/ @crossplane/crossplane-maintainers @turkenh -/internal/xpkg/ @crossplane/crossplane-maintainers @turkenh -/internal/dag/ @crossplane/crossplane-maintainers @turkenh -/internal/controller/pkg/ @crossplane/crossplane-maintainers @turkenh - -# Composition -/apis/apiextensions/ @crossplane/crossplane-maintainers @negz -/internal/controller/apiextensions/ @crossplane/crossplane-maintainers @negz -/internal/xcrd/ @crossplane/crossplane-maintainers @negz -/internal/xfn/ @crossplane/crossplane-maintainers @negz -/internal/validation/ @crossplane/crossplane-maintainers @phisco - -# RBAC Manager -/cmd/crossplane/rbac/ @crossplane/crossplane-maintainers @negz -/internal/controller/rbac/ @crossplane/crossplane-maintainers @negz - -# Crossplane CLI -/cmd/crank/ @crossplane/crossplane-maintainers @phisco - -# Misc -/apis/secrets/ @crossplane/crossplane-maintainers @turkenh -/internal/features/ @crossplane/crossplane-maintainers @negz diff --git a/Earthfile b/Earthfile index 6532253fd..af9457201 100644 --- a/Earthfile +++ b/Earthfile @@ -1,7 +1,7 @@ # See https://docs.earthly.dev/docs/earthfile/features VERSION --try --raw-output 0.8 -PROJECT crossplane/crossplane +PROJECT upbound/crossplane ARG --global GO_VERSION=1.22.3 @@ -44,7 +44,7 @@ generate: BUILD +go-generate BUILD +helm-generate -# e2e runs end-to-end tests. See test/e2e/README.md for details. +# e2e runs end-to-end tests. See test/e2e/README.md for details. e2e: ARG FLAGS="-test-suite=base" # Docker installs faster on Alpine, and we only need Go for go tool test2json. @@ -314,7 +314,7 @@ helm-docs-setup: FROM --platform=${NATIVEPLATFORM} curlimages/curl:8.8.0 IF [ "${TARGETARCH}" = "amd64" ] LET ARCH=x86_64 - ELSE + ELSE LET ARCH=${TARGETARCH} END RUN curl -fsSL https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_${TARGETOS}_${ARCH}.tar.gz|tar zx>helm-docs @@ -345,14 +345,14 @@ helm-setup: # ci-version is used by CI to set the CROSSPLANE_VERSION environment variable. ci-version: LOCALLY - RUN echo "CROSSPLANE_VERSION=$(git describe --dirty --always --tags|sed -e 's/-/./2g')" > $GITHUB_ENV + RUN echo "CROSSPLANE_VERSION=$(git describe --dirty --always --tags|sed -e 's/-/./2g'|sed 's/[\.,-]up.*//')" > $GITHUB_ENV # ci-artifacts is used by CI to build and push the Crossplane image, chart, and # binaries. ci-artifacts: BUILD +multiplatform-build \ - --CROSSPLANE_REPO=index.docker.io/crossplane/crossplane \ - --CROSSPLANE_REPO=xpkg.upbound.io/crossplane/crossplane + --CROSSPLANE_REPO=index.docker.io/upbound/crossplane \ + --CROSSPLANE_REPO=xpkg.upbound.io/upbound/crossplane # ci-codeql-setup sets up CodeQL for the ci-codeql target. ci-codeql-setup: diff --git a/README.md b/README.md index e2c1ad83a..0119d3d71 100644 --- a/README.md +++ b/README.md @@ -1,150 +1,14 @@ -[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/3260/badge)](https://www.bestpractices.dev/projects/3260) ![CI](https://github.com/crossplane/crossplane/workflows/CI/badge.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/crossplane/crossplane)](https://goreportcard.com/report/github.com/crossplane/crossplane) +# Upbound Crossplane -![Crossplane](banner.png) +This is the [Upbound] maintained version of [Crossplane] which is bundled and +shipped as part of the [Universal Crossplane]. -Crossplane is a framework for building cloud native control planes without -needing to write code. It has a highly extensible backend that enables you to -build a control plane that can orchestrate applications and infrastructure no -matter where they run, and a highly configurable frontend that puts you in -control of the schema of the declarative API it offers. - -Crossplane is a [Cloud Native Computing Foundation][cncf] project. - -## Get Started - -Crossplane's [Get Started Docs] cover install and cloud provider quickstarts. - -## Releases - -[![GitHub release](https://img.shields.io/github/release/crossplane/crossplane/all.svg)](https://github.com/crossplane/crossplane/releases) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/crossplane)](https://artifacthub.io/packages/helm/crossplane/crossplane) - -Currently maintained releases, as well as the next few upcoming releases are -listed below. For more information take a look at the Crossplane [release cycle -documentation]. - -| Release | Release Date | EOL | -|:-------:|:-------------:|:--------:| -| v1.14 | Nov 1, 2023 | Aug 2024 | -| v1.15 | Feb 15, 2024 | Nov 2024 | -| v1.16 | May 15, 2024 | Feb 2025 | -| v1.17 | Early Aug '24 | May 2025 | -| v1.18 | Early Nov '24 | Aug 2025 | -| v1.19 | Early Feb '25 | Nov 2025 | - -You can subscribe to the [community calendar] to track all release dates, and -find the most recent releases on the [releases] page. - -## Roadmap - -The public roadmap for Crossplane is published as a GitHub project board. Issues -added to the roadmap have been triaged and identified as valuable to the -community, and therefore a priority for the project that we expect to invest in. - -The maintainer team regularly triages requests from the community to identify -features and issues of suitable scope and impact to include in this roadmap. The -community is encouraged to show their support for potential roadmap issues by -adding a :+1: reaction, leaving descriptive comments, and attending the -[regular community meetings] to discuss their requirements and use cases. - -The maintainer team updates the roadmap on an as needed basis, in response to -demand, priority, and available resources. The public roadmap can be updated at -any time. - -Milestones assigned to any issues in the roadmap are intended to give a sense of -overall priority and the expected order of delivery. They should be considered -approximate estimations and are **not** a strict commitment to a specific -delivery timeline. - -[Crossplane Roadmap] - -## Get Involved - -[![Slack](https://img.shields.io/badge/slack-crossplane-red?logo=slack)](https://slack.crossplane.io) [![Twitter Follow](https://img.shields.io/twitter/follow/crossplane_io?logo=X&label=Follow&style=flat)](https://twitter.com/intent/follow?screen_name=crossplane_io&user_id=788180534543339520) [![YouTube Channel Subscribers](https://img.shields.io/youtube/channel/subscribers/UC19FgzMBMqBro361HbE46Fw)](https://www.youtube.com/@Crossplane) - -Crossplane is a community driven project; we welcome your contribution. To file -a bug, suggest an improvement, or request a new feature please open an [issue -against Crossplane] or the relevant provider. Refer to our [contributing guide] -for more information on how you can help. - -* Discuss Crossplane on [Slack] or our [developer mailing list]. -* Follow us on [Twitter] or [LinkedIn], or subscribe to our [newsletter]. -* Contact us via [Email]. -* Join our regular community meetings. -* Provide feedback on our [roadmap and releases board]. - -The Crossplane community meeting takes place every 4 weeks on [Thursday at -10:00am Pacific Time][community meeting time]. You can find the up to date -meeting schedule on the [Community Calendar][community calendar]. - -Anyone who wants to discuss the direction of the project, design and -implementation reviews, or raise general questions with the broader community is -encouraged to join. - -* Meeting link: -* [Current agenda and past meeting notes] -* [Past meeting recordings] -* [Community Calendar][community calendar] - -### Special Interest Groups (SIG) - -Each SIG collaborates in Slack and some groups have regular meetings, you can -find the meetings in the [Community Calendar][community calendar]. -- [#sig-composition-environments][sig-composition-environments-slack] -- [#sig-composition-functions][sig-composition-functions-slack] -- [#sig-deletion-ordering][sig-deletion-ordering-slack] -- [#sig-devex][sig-devex-slack] -- [#sig-docs][sig-docs-slack] -- [#sig-e2e-testing][sig-e2e-testing-slack] -- [#sig-observability][sig-observability-slack] -- [#sig-observe-only][sig-observe-only-slack] -- [#sig-provider-families][sig-provider-families-slack] -- [#sig-secret-stores][sig-secret-stores-slack] -- [#sig-upjet][sig-upjet-slack] - -## Adopters - -A list of publicly known users of the Crossplane project can be found in [ADOPTERS.md]. We -encourage all users of Crossplane to add themselves to this list - we want to see the community's -growing success! - -## License - -Crossplane is under the Apache 2.0 license. - -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcrossplane%2Fcrossplane.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcrossplane%2Fcrossplane?ref=badge_large) +Please check the [Universal Crossplane Github Repo] and [documentation] for further +details. - +[Upbound]: https://www.upbound.io [Crossplane]: https://crossplane.io -[release cycle documentation]: https://docs.crossplane.io/knowledge-base/guides/release-cycle -[install]: https://crossplane.io/docs/latest -[Slack]: https://slack.crossplane.io -[developer mailing list]: https://groups.google.com/forum/#!forum/crossplane-dev -[Twitter]: https://twitter.com/crossplane_io -[LinkedIn]: https://www.linkedin.com/company/crossplane/ -[newsletter]: https://eepurl.com/ivy4v-/ -[Email]: mailto:info@crossplane.io -[issue against Crossplane]: https://github.com/crossplane/crossplane/issues -[contributing guide]: contributing/README.md -[community meeting time]: https://www.thetimezoneconverter.com/?t=10:00&tz=PT%20%28Pacific%20Time%29 -[Current agenda and past meeting notes]: https://docs.google.com/document/d/1q_sp2jLQsDEOX7Yug6TPOv7Fwrys6EwcF5Itxjkno7Y/edit?usp=sharing -[Past meeting recordings]: https://www.youtube.com/playlist?list=PL510POnNVaaYYYDSICFSNWFqNbx1EMr-M -[roadmap and releases board]: https://github.com/orgs/crossplane/projects/20/views/9?pane=info -[cncf]: https://www.cncf.io/ -[Get Started Docs]: https://docs.crossplane.io/latest/getting-started/ -[community calendar]: https://calendar.google.com/calendar/embed?src=c_2cdn0hs9e2m05rrv1233cjoj1k%40group.calendar.google.com -[releases]: https://github.com/crossplane/crossplane/releases -[ADOPTERS.md]: ADOPTERS.md -[regular community meetings]: https://github.com/crossplane/crossplane/blob/master/README.md#get-involved -[Crossplane Roadmap]: https://github.com/orgs/crossplane/projects/20/views/9?pane=info -[sig-composition-environments-slack]: https://crossplane.slack.com/archives/C05BP6QFLUW -[sig-composition-functions-slack]: https://crossplane.slack.com/archives/C031Y29CSAE -[sig-deletion-ordering-slack]: https://crossplane.slack.com/archives/C05BP8W5ALW -[sig-devex-slack]: https://crossplane.slack.com/archives/C05U1LLM3B2 -[sig-docs-slack]: https://crossplane.slack.com/archives/C02CAQ52DPU -[sig-e2e-testing-slack]: https://crossplane.slack.com/archives/C05C8CCTVNV -[sig-observability-slack]: https://crossplane.slack.com/archives/C061GNH3LA0 -[sig-observe-only-slack]: https://crossplane.slack.com/archives/C04D5988QEA -[sig-provider-families-slack]: https://crossplane.slack.com/archives/C056YAQRV16 -[sig-secret-stores-slack]: https://crossplane.slack.com/archives/C05BY7DKFV2 -[sig-upjet-slack]: https://crossplane.slack.com/archives/C05T19TB729 +[Universal Crossplane]: https://www.upbound.io/product/universal-crossplane +[Universal Crossplane Github Repo]: https://github.com/upbound/universal-crossplane +[documentation]: https://cloud.upbound.io/docs/uxp diff --git a/cluster/charts/crossplane/README.md b/cluster/charts/crossplane/README.md index 8213ec695..87b10e946 100644 --- a/cluster/charts/crossplane/README.md +++ b/cluster/charts/crossplane/README.md @@ -80,7 +80,7 @@ and their default values. | `function.packages` | A list of Function packages to install | `[]` | | `hostNetwork` | Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. | `false` | | `image.pullPolicy` | The image pull policy used for Crossplane and RBAC Manager pods. | `"IfNotPresent"` | -| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.upbound.io/crossplane/crossplane"` | +| `image.repository` | Repository for the Crossplane pod image. | `"xpkg.upbound.io/upbound/crossplane"` | | `image.tag` | The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. | `""` | | `imagePullSecrets` | The imagePullSecret names to add to the Crossplane ServiceAccount. | `[]` | | `leaderElection` | Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. | `true` | diff --git a/cluster/charts/crossplane/values.yaml b/cluster/charts/crossplane/values.yaml index 48a36e684..c27992287 100755 --- a/cluster/charts/crossplane/values.yaml +++ b/cluster/charts/crossplane/values.yaml @@ -9,7 +9,7 @@ deploymentStrategy: RollingUpdate image: # -- Repository for the Crossplane pod image. - repository: xpkg.upbound.io/crossplane/crossplane + repository: xpkg.upbound.io/upbound/crossplane # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. tag: "" # -- The image pull policy used for Crossplane and RBAC Manager pods. diff --git a/cmd/crossplane/core/core.go b/cmd/crossplane/core/core.go index c3c0a2670..624f64199 100644 --- a/cmd/crossplane/core/core.go +++ b/cmd/crossplane/core/core.go @@ -113,6 +113,13 @@ type startCommand struct { EnableUsages bool `group:"Alpha Features:" help:"Enable support for deletion ordering and resource protection with Usages."` EnableRealtimeCompositions bool `group:"Alpha Features:" help:"Enable support for realtime compositions, i.e. watching composed resources and reconciling compositions immediately when any of the composed resources is updated."` EnableSSAClaims bool `group:"Alpha Features:" help:"Enable support for using Kubernetes server-side apply to sync claims with composite resources (XRs)."` + // NOTE(hasheddan): this feature is unlikely to graduate from alpha status + // and should be removed when a runtime interface is introduced upstream. + // See https://github.com/crossplane/crossplane/issues/2671 for more + // information. + // TODO(turkenh): Consider removing this feature flag in favor of providing + // a default DeploymentRuntimeConfig. + EnableProviderIdentity bool `group:"Alpha Features:" help:"Enable support for Provider identity."` EnableCompositionWebhookSchemaValidation bool `default:"true" group:"Beta Features:" help:"Enable support for Composition validation using schemas."` EnableDeploymentRuntimeConfigs bool `default:"true" group:"Beta Features:" help:"Enable support for Deployment Runtime Configs."` @@ -199,6 +206,11 @@ func (c *startCommand) Run(s *runtime.Scheme, log logging.Logger) error { //noli Features: &feature.Flags{}, } + if c.EnableProviderIdentity { + o.Features.Enable(features.EnableProviderIdentity) + log.Info("Alpha feature enabled", "flag", features.EnableProviderIdentity) + } + if !c.EnableCompositionRevisions { log.Info("Composition Revisions are GA and cannot be disabled. The --enable-composition-revisions flag will be removed in a future release.") } diff --git a/go.mod b/go.mod index 04041d0b0..92b78138f 100644 --- a/go.mod +++ b/go.mod @@ -120,7 +120,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect - github.com/aws/smithy-go v1.20.2 // indirect + github.com/aws/smithy-go v1.20.2 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect diff --git a/internal/controller/pkg/revision/reconciler.go b/internal/controller/pkg/revision/reconciler.go index 29ab28d84..1d6d04dcd 100644 --- a/internal/controller/pkg/revision/reconciler.go +++ b/internal/controller/pkg/revision/reconciler.go @@ -908,6 +908,10 @@ func (r *Reconciler) runtimeManifestBuilderOptions(ctx context.Context, pwr v1.P opts = append(opts, RuntimeManifestBuilderWithRuntimeConfig(rc)) } + if r.features.Enabled(features.EnableProviderIdentity) { + opts = append(opts, RuntimeManifestBuilderWithProviderIdentity()) + } + // Note(turkenh): Until we completely remove the old controller config // reference, we support both the old and the new way with DeploymentRuntimeConfig. // If both are specified, we will start with DeploymentRuntimeConfig as the diff --git a/internal/controller/pkg/revision/runtime.go b/internal/controller/pkg/revision/runtime.go index de18952da..e04c99a03 100644 --- a/internal/controller/pkg/revision/runtime.go +++ b/internal/controller/pkg/revision/runtime.go @@ -101,6 +101,7 @@ type RuntimeManifestBuilder struct { serviceAccountPullSecrets []corev1.LocalObjectReference runtimeConfig *v1beta1.DeploymentRuntimeConfig controllerConfig *v1alpha1.ControllerConfig + providerIdentity bool } // RuntimeManifestBuilderOption is used to configure a RuntimeManifestBuilder. @@ -130,6 +131,14 @@ func RuntimeManifestBuilderWithServiceAccountPullSecrets(secrets []corev1.LocalO } } +// RuntimeManifestBuilderWithProviderIdentity sets the provider identity flag +// to use when building the runtime manifests. +func RuntimeManifestBuilderWithProviderIdentity() RuntimeManifestBuilderOption { + return func(b *RuntimeManifestBuilder) { + b.providerIdentity = true + } +} + // NewRuntimeManifestBuilder returns a new RuntimeManifestBuilder. func NewRuntimeManifestBuilder(pwr v1.PackageRevisionWithRuntime, namespace string, opts ...RuntimeManifestBuilderOption) *RuntimeManifestBuilder { b := &RuntimeManifestBuilder{ @@ -237,6 +246,10 @@ func (b *RuntimeManifestBuilder) Deployment(serviceAccount string, overrides ... allOverrides = append(allOverrides, DeploymentRuntimeWithTLSServerSecret(*b.revision.GetTLSServerSecretName())) } + if b.providerIdentity { + allOverrides = append(allOverrides, DeploymentWithUpboundProviderIdentity()) + } + // We append the overrides passed to the function last so that they can // override the above ones. allOverrides = append(allOverrides, overrides...) diff --git a/internal/controller/pkg/revision/uxp_runtime_override_options.go b/internal/controller/pkg/revision/uxp_runtime_override_options.go new file mode 100644 index 000000000..8b988f256 --- /dev/null +++ b/internal/controller/pkg/revision/uxp_runtime_override_options.go @@ -0,0 +1,32 @@ +package revision + +import ( + "github.com/aws/smithy-go/ptr" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +// DeploymentWithUpboundProviderIdentity mounts the Upbound Provider Identity +// CSI driver as a volume to the runtime container of a Deployment. +func DeploymentWithUpboundProviderIdentity() DeploymentOverride { + proidcVolumeName := "proidc" + proidcDriverName := "proidc.csi.upbound.io" + proidcMountPath := "/var/run/secrets/upbound.io/provider" + + return func(d *appsv1.Deployment) { + d.Spec.Template.Spec.Volumes = append(d.Spec.Template.Spec.Volumes, corev1.Volume{ + Name: proidcVolumeName, + VolumeSource: corev1.VolumeSource{ + CSI: &corev1.CSIVolumeSource{ + Driver: proidcDriverName, + ReadOnly: ptr.Bool(true), + }, + }, + }) + d.Spec.Template.Spec.Containers[0].VolumeMounts = append(d.Spec.Template.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{ + Name: proidcVolumeName, + ReadOnly: true, + MountPath: proidcMountPath, + }) + } +} diff --git a/internal/controller/pkg/revision/uxp_runtime_test.go b/internal/controller/pkg/revision/uxp_runtime_test.go new file mode 100644 index 000000000..22075a3db --- /dev/null +++ b/internal/controller/pkg/revision/uxp_runtime_test.go @@ -0,0 +1,70 @@ +/* +Copyright 2023 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package revision + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + pkgmetav1 "github.com/crossplane/crossplane/apis/pkg/meta/v1" +) + +func TestUXPRuntimeManifestBuilderDeployment(t *testing.T) { + type args struct { + builder ManifestBuilder + overrides []DeploymentOverride + serviceAccountName string + } + type want struct { + want *appsv1.Deployment + } + cases := map[string]struct { + reason string + args args + want want + }{ + "ProviderDeploymentWithProviderIdentity": { + reason: "If provider identity is enabled, a proidc volume should be added.", + args: args{ + builder: &RuntimeManifestBuilder{ + revision: providerRevision, + namespace: namespace, + providerIdentity: true, + }, + serviceAccountName: providerRevisionName, + overrides: providerDeploymentOverrides(&pkgmetav1.Provider{ObjectMeta: metav1.ObjectMeta{Name: providerMetaName}}, providerRevision, providerImage), + }, + want: want{ + want: deploymentProvider(providerName, providerRevisionName, providerImage, DeploymentWithSelectors(map[string]string{ + "pkg.crossplane.io/provider": providerMetaName, + "pkg.crossplane.io/revision": providerRevisionName, + }), DeploymentWithUpboundProviderIdentity()), + }, + }, + } + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got := tc.args.builder.Deployment(tc.args.serviceAccountName, tc.args.overrides...) + if diff := cmp.Diff(tc.want.want, got); diff != "" { + t.Errorf("\n%s\nDeployment(...): -want, +got:\n%s\n", tc.reason, diff) + } + }) + } +} diff --git a/internal/features/uxp_features.go b/internal/features/uxp_features.go new file mode 100644 index 000000000..d3bbf3846 --- /dev/null +++ b/internal/features/uxp_features.go @@ -0,0 +1,10 @@ +package features + +import "github.com/crossplane/crossplane-runtime/pkg/feature" + +// Alpha Feature flags. +const ( + // EnableProviderIdentity enables alpha support for Provider identity. This + // feature is only available when running on Upbound. + EnableProviderIdentity feature.Flag = "EnableProviderIdentity" +)