From a8176fbdb25f4497ef4f82850b9e0fdee4d5d8ce Mon Sep 17 00:00:00 2001 From: Nic Cope Date: Mon, 11 Aug 2025 13:30:07 -0700 Subject: [PATCH] Mostly show v2 style MRs in MRD docs Signed-off-by: Nic Cope --- .../disabling-unused-managed-resources.md | 24 ++-- .../master/guides/implementing-safe-start.md | 8 +- .../managed-resource-activation-policies.md | 116 ++++++++++++------ .../managed-resource-definitions.md | 8 +- 4 files changed, 99 insertions(+), 57 deletions(-) diff --git a/content/master/guides/disabling-unused-managed-resources.md b/content/master/guides/disabling-unused-managed-resources.md index 5a720b0a..3beb04a2 100644 --- a/content/master/guides/disabling-unused-managed-resources.md +++ b/content/master/guides/disabling-unused-managed-resources.md @@ -124,7 +124,7 @@ kubectl get mrds -o jsonpath='{.items[*].spec.state}' \ Notice that Crossplane didn't create any CRDs yet: ```shell -kubectl get crds | grep ec2.aws.crossplane.io +kubectl get crds | grep ec2.aws.m.crossplane.io # No output - CRDs don't exist until MRDs are activated ``` @@ -140,9 +140,9 @@ metadata: name: my-app-resources spec: activate: - - instances.ec2.aws.crossplane.io # EC2 instances for compute - - securitygroups.ec2.aws.crossplane.io # Security groups for networking - - vpcs.ec2.aws.crossplane.io # VPCs for isolation + - instances.ec2.aws.m.crossplane.io # EC2 instances for compute + - securitygroups.ec2.aws.m.crossplane.io # Security groups for networking + - vpcs.ec2.aws.m.crossplane.io # VPCs for isolation ``` Save this as `activation-policy.yaml` and apply it: @@ -162,18 +162,18 @@ Check that Crossplane activated only the specified resources: kubectl get mrds \ -o jsonpath='{range .items[*]}{.metadata.name}: {.spec.state}{"\n"}{end}' \ | grep Active -# instances.ec2.aws.crossplane.io: Active -# securitygroups.ec2.aws.crossplane.io: Active -# vpcs.ec2.aws.crossplane.io: Active +# instances.ec2.aws.m.crossplane.io: Active +# securitygroups.ec2.aws.m.crossplane.io: Active +# vpcs.ec2.aws.m.crossplane.io: Active # Verify Crossplane created corresponding CRDs -kubectl get crds | grep ec2.aws.crossplane.io -# instances.ec2.aws.crossplane.io -# securitygroups.ec2.aws.crossplane.io -# vpcs.ec2.aws.crossplane.io +kubectl get crds | grep ec2.aws.m.crossplane.io +# instances.ec2.aws.m.crossplane.io +# securitygroups.ec2.aws.m.crossplane.io +# vpcs.ec2.aws.m.crossplane.io # Count CRDs from EC2 provider - should match activated MRDs -kubectl get crds | grep ec2.aws.crossplane.io | wc -l +kubectl get crds | grep ec2.aws.m.crossplane.io | wc -l # 3 (only the activated resources) ``` diff --git a/content/master/guides/implementing-safe-start.md b/content/master/guides/implementing-safe-start.md index d3f52c73..b8c36a21 100644 --- a/content/master/guides/implementing-safe-start.md +++ b/content/master/guides/implementing-safe-start.md @@ -181,7 +181,7 @@ kubectl get mrds # All should show STATE: Inactive # No CRDs should exist yet -kubectl get crds | grep yourprovider.io +kubectl get crds | grep yourprovider.m.crossplane.io # Should return no results # Create activation policy @@ -192,15 +192,15 @@ metadata: name: test-activation spec: activate: - - "myresource.yourprovider.io" + - "myresource.yourprovider.m.crossplane.io" EOF # Verify activation worked -kubectl get mrd myresource.yourprovider.io +kubectl get mrd myresource.yourprovider.m.crossplane.io # Should show STATE: Active # CRD should now exist -kubectl get crd myresource.yourprovider.io +kubectl get crd myresource.yourprovider.m.crossplane.io ``` ## Troubleshooting diff --git a/content/master/managed-resources/managed-resource-activation-policies.md b/content/master/managed-resources/managed-resource-activation-policies.md index 1bc2d246..0d15583b 100644 --- a/content/master/managed-resources/managed-resource-activation-policies.md +++ b/content/master/managed-resources/managed-resource-activation-policies.md @@ -54,9 +54,9 @@ metadata: name: aws-core-resources spec: activate: - - buckets.s3.aws.crossplane.io - - instances.rds.aws.crossplane.io - - "*.ec2.aws.crossplane.io" # All EC2 resources + - buckets.s3.aws.m.crossplane.io # Modern v2 style S3 buckets + - instances.rds.aws.m.crossplane.io # Modern v2 style RDS instances + - "*.ec2.aws.m.crossplane.io" # All modern v2 style EC2 resources ``` When you apply this MRAP, Crossplane activates the specified S3 Bucket, RDS @@ -80,9 +80,9 @@ Specify complete MRD names for precise control: ```yaml spec: activate: - - buckets.s3.aws.crossplane.io - - databases.rds.aws.crossplane.io - - clusters.eks.aws.crossplane.io + - buckets.s3.aws.m.crossplane.io + - databases.rds.aws.m.crossplane.io + - clusters.eks.aws.m.crossplane.io ``` ### Wildcard patterns @@ -92,15 +92,15 @@ Use `*` wildcards to match multiple resources: ```yaml spec: activate: - - "*.s3.aws.crossplane.io" # All S3 resources - - "*.ec2.aws.crossplane.io" # All EC2 resources - - "*.rds.aws.crossplane.io" # All RDS databases + - "*.s3.aws.m.crossplane.io" # All S3 resources + - "*.ec2.aws.m.crossplane.io" # All EC2 resources + - "*.rds.aws.m.crossplane.io" # All RDS databases ``` {{}} MRAPs use prefix-only wildcards, not full regular expressions. Only `*` at -the beginning of a pattern works (for example, `*.s3.aws.crossplane.io`). -Patterns like `s3.*.aws.crossplane.io` or `*.s3.*` aren't valid. +the beginning of a pattern works (for example, `*.s3.aws.m.crossplane.io`). +Patterns like `s3.*.aws.m.crossplane.io` or `*.s3.*` aren't valid. {{}} {{}} @@ -108,12 +108,54 @@ You can mix exact names and wildcards for flexible activation: ```yaml spec: activate: - - buckets.s3.aws.crossplane.io # Exact S3 buckets - - "*.ec2.aws.crossplane.io" # All EC2 resources - - clusters.eks.aws.crossplane.io # Exact EKS clusters + - buckets.s3.aws.m.crossplane.io # Exact S3 buckets + - "*.ec2.aws.m.crossplane.io" # All EC2 resources + - clusters.eks.aws.m.crossplane.io # Exact EKS clusters ``` {{}} +## Legacy and modern resource versions + +Crossplane v2 supports two styles of managed resources: + +- **Modern v2 style** (recommended): Use `*.m.crossplane.io` domains for + namespaced managed resources with better isolation and security +- **Legacy v1 style**: Use `*.crossplane.io` domains for cluster-scoped + managed resources (maintained for backward compatibility) + +### Activating modern resources + +Most examples in this guide use modern v2 style resources: + +```yaml +spec: + activate: + - buckets.s3.aws.m.crossplane.io # Modern v2 S3 bucket + - "*.ec2.aws.m.crossplane.io" # All modern v2 EC2 resources +``` + +### Activating legacy resources + +To activate legacy v1 style resources, use patterns without `.m`: + +```yaml +spec: + activate: + - buckets.s3.aws.crossplane.io # Legacy v1 S3 bucket + - "*.ec2.aws.crossplane.io" # All legacy v1 EC2 resources +``` + +### Mixed activation + +You can activate both modern and legacy resources in the same MRAP: + +```yaml +spec: + activate: + - "*.aws.m.crossplane.io" # All modern AWS resources + - "*.aws.crossplane.io" # All legacy AWS resources +``` + ## Common activation strategies ### Activate everything (default behavior) @@ -140,7 +182,7 @@ helm install crossplane crossplane-stable/crossplane \ # Or provide custom default activations helm install crossplane crossplane-stable/crossplane \ --set provider.defaultActivations={\ - "*.s3.aws.crossplane.io","*.ec2.aws.crossplane.io"} + "*.s3.aws.m.crossplane.io","*.ec2.aws.m.crossplane.io"} ``` ### Provider-specific activation @@ -169,10 +211,10 @@ metadata: name: storage-and-compute spec: activate: - - "*.s3.aws.crossplane.io" # AWS S3 resources - - "*.ec2.aws.crossplane.io" # AWS EC2 resources - - "*.storage.gcp.crossplane.io" # GCP Storage resources - - "*.compute.gcp.crossplane.io" # GCP Compute resources + - "*.s3.aws.m.crossplane.io" # AWS S3 resources + - "*.ec2.aws.m.crossplane.io" # AWS EC2 resources + - "*.storage.gcp.m.crossplane.io" # GCP Storage resources + - "*.compute.gcp.m.crossplane.io" # GCP Compute resources ``` ### Minimal activation @@ -186,9 +228,9 @@ metadata: name: minimal-footprint spec: activate: - - buckets.s3.aws.crossplane.io # Just S3 buckets - - instances.ec2.aws.crossplane.io # Just EC2 instances - - databases.rds.aws.crossplane.io # Just RDS databases + - buckets.s3.aws.m.crossplane.io # Just S3 buckets + - instances.ec2.aws.m.crossplane.io # Just EC2 instances + - databases.rds.aws.m.crossplane.io # Just RDS databases ``` @@ -212,8 +254,8 @@ metadata: name: storage-team spec: activate: - - "*.s3.aws.crossplane.io" - - "*.storage.gcp.crossplane.io" + - "*.s3.aws.m.crossplane.io" + - "*.storage.gcp.m.crossplane.io" --- # Database team MRAP apiVersion: apiextensions.crossplane.io/v1alpha1 @@ -222,8 +264,8 @@ metadata: name: database-team spec: activate: - - "*.rds.aws.crossplane.io" - - "*.sql.gcp.crossplane.io" + - "*.rds.aws.m.crossplane.io" + - "*.sql.gcp.m.crossplane.io" ``` ### Configuration package activation @@ -238,10 +280,10 @@ metadata: name: web-platform-dependencies spec: activate: - - buckets.s3.aws.crossplane.io # For static assets - - instances.ec2.aws.crossplane.io # For web servers - - databases.rds.aws.crossplane.io # For application data - - certificates.acm.aws.crossplane.io # For HTTPS + - buckets.s3.aws.m.crossplane.io # For static assets + - instances.ec2.aws.m.crossplane.io # For web servers + - databases.rds.aws.m.crossplane.io # For application data + - certificates.acm.aws.m.crossplane.io # For HTTPS ``` @@ -291,12 +333,12 @@ status: status: "True" reason: Running activated: - - buckets.s3.aws.crossplane.io - - instances.ec2.aws.crossplane.io - - instances.rds.aws.crossplane.io - - securitygroups.ec2.aws.crossplane.io - - subnets.ec2.aws.crossplane.io - - vpcs.ec2.aws.crossplane.io + - buckets.s3.aws.m.crossplane.io + - instances.ec2.aws.m.crossplane.io + - instances.rds.aws.m.crossplane.io + - securitygroups.ec2.aws.m.crossplane.io + - subnets.ec2.aws.m.crossplane.io + - vpcs.ec2.aws.m.crossplane.io ``` @@ -407,7 +449,7 @@ package dependencies. add wildcards only when beneficial for maintainability 2. **Plan for provider evolution** - Design wildcard patterns that accommodate new resources as providers add them (for example, - `*.s3.aws.crossplane.io` works for future S3 resources) + `*.s3.aws.m.crossplane.io` works for future S3 resources) 3. **Group related resources logically** - Create MRAPs that activate resources teams actually use together 4. **Include activation dependencies in Configuration packages** - diff --git a/content/master/managed-resources/managed-resource-definitions.md b/content/master/managed-resources/managed-resource-definitions.md index 7f868fa3..248a9b52 100644 --- a/content/master/managed-resources/managed-resource-definitions.md +++ b/content/master/managed-resources/managed-resource-definitions.md @@ -63,9 +63,9 @@ managing instances of that resource. apiVersion: apiextensions.crossplane.io/v1alpha1 kind: ManagedResourceDefinition metadata: - name: buckets.s3.aws.crossplane.io + name: buckets.s3.aws.m.crossplane.io spec: - group: s3.aws.crossplane.io + group: s3.aws.m.crossplane.io names: kind: Bucket plural: buckets @@ -197,7 +197,7 @@ kubectl get managedresourcedefinitions View MRD details: ```shell -kubectl describe mrd buckets.s3.aws.crossplane.io +kubectl describe mrd buckets.s3.aws.m.crossplane.io ``` @@ -238,7 +238,7 @@ status: You can manually activate an MRD by changing its state: ```shell -kubectl patch mrd buckets.s3.aws.crossplane.io --type='merge' \ +kubectl patch mrd buckets.s3.aws.m.crossplane.io --type='merge' \ -p='{"spec":{"state":"Active"}}' ```