From b6c703948238e5c90f6ad646bf50c43117065a45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CEli1123=E2=80=9D?= <“pevetoej@gmail.com”> Date: Tue, 16 Sep 2025 10:09:55 -0500 Subject: [PATCH 1/6] initial crossplane v2.0.2 branch upgrade commit --- packages/crossplane/dev/values.yaml | 2 +- .../terraform/deploy-apps/manifests/crossplane-dev.yaml | 5 ++--- .../terraform/deploy-apps/manifests/crossplane-prod.yaml | 5 ++--- .../mgmt/terraform/templates/argocd-apps/crossplane.yaml | 2 +- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/packages/crossplane/dev/values.yaml b/packages/crossplane/dev/values.yaml index 28a80497a..adbe2f1c8 100644 --- a/packages/crossplane/dev/values.yaml +++ b/packages/crossplane/dev/values.yaml @@ -1,3 +1,3 @@ args: - --debug - - --enable-environment-configs + # - --enable-environment-configs # Removed in v2.x diff --git a/platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml b/platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml index 5fe582a5e..063f5c1d9 100644 --- a/platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml +++ b/platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml @@ -8,12 +8,11 @@ spec: source: chart: crossplane repoURL: https://charts.crossplane.io/stable - targetRevision: 1.17.1 + targetRevision: 2.0.2 helm: releaseName: crossplane values: | - args: - - --enable-environment-configs + args: [] destination: name: 'dev-cluster' namespace: crossplane-system diff --git a/platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml b/platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml index dc748d28c..ccf8ff49a 100644 --- a/platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml +++ b/platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml @@ -8,12 +8,11 @@ spec: source: chart: crossplane repoURL: https://charts.crossplane.io/stable - targetRevision: 1.17.1 + targetRevision: 2.0.2 helm: releaseName: crossplane values: | - args: - - --enable-environment-configs + args: [] destination: name: 'prod-cluster' namespace: crossplane-system diff --git a/platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml b/platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml index 8ae2c29d4..3b8eeb759 100644 --- a/platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml +++ b/platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: crossplane repoURL: https://charts.crossplane.io/stable - targetRevision: 1.17.1 + targetRevision: 2.0.2 helm: releaseName: crossplane valueFiles: From 06a0b3b8e1a2969bb0bad768d9127bde2ab83044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CEli1123=E2=80=9D?= <“pevetoej@gmail.com”> Date: Tue, 16 Sep 2025 11:48:59 -0500 Subject: [PATCH 2/6] Added comprehensive readme for crossplane version upgrade --- Crossplane_V2_Upgrade.md | 244 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 Crossplane_V2_Upgrade.md diff --git a/Crossplane_V2_Upgrade.md b/Crossplane_V2_Upgrade.md new file mode 100644 index 000000000..4893eddf0 --- /dev/null +++ b/Crossplane_V2_Upgrade.md @@ -0,0 +1,244 @@ +# Crossplane v1.17.1 → v2.0.2 Upgrade Guide + +## Overview +This guide covers upgrading Crossplane from v1.17.1 to v2.0.2 across management, dev, and prod clusters managed by ArgoCD. + +## Key Breaking Changes in v2.0.2 +- `--enable-environment-configs` flag **removed** (causes crashes) +- CRD version alignment required (`storedVersions` vs `spec.versions`) +- Some CRDs need recreation due to version conflicts + +## Pre-Upgrade: File Changes + +### 1. Update Version Numbers +Update `targetRevision` from `1.17.1` to `2.0.2` in: +- `platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml` (line 15) +- `platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml` (line 11) +- `platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml` (line 11) + +### 2. Remove Deprecated Flag +Comment out or remove `--enable-environment-configs` from: +- `packages/crossplane/dev/values.yaml` +- Change `args: [--enable-environment-configs]` to `args: []` in dev/prod manifests + +## Upgrade Process + +### Management Cluster (First) + +1. **Apply File Changes & ArgoCD Refresh** + ```bash + kubectl patch application crossplane -n argocd --type='merge' -p='{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' + ``` + +2. **Fix CRD Issues** + ```bash + # Delete problematic CRDs + kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + + # Delete crash-looping pod + kubectl delete pod -n crossplane-system + ``` + +3. **Verify Success** + ```bash + kubectl get pods -n crossplane-system + # Should show Crossplane v2.0.2 running + ``` + +### Dev & Prod Clusters (Remote) + +**Issue**: ArgoCD applications have deprecated flag hardcoded in Helm values, causing continuous crashes. + +#### Step 1: Disable ArgoCD Auto-Sync (Management Cluster) +```bash +# Disable auto-sync to prevent ArgoCD from reverting manual fixes +kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' +kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' +``` + +#### Step 2: Fix Each Remote Cluster + +**For Dev Cluster:** +```bash +# Switch to dev cluster +# Delete problematic CRDs +kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + +# Manual deployment patch to remove deprecated flag +kubectl patch deployment crossplane -n crossplane-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": ["core", "start"]}]' + +# Verify success +kubectl get pods -n crossplane-system +``` + +**For Prod Cluster:** +```bash +# Switch to prod cluster +# Delete problematic CRDs +kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + +# Manual deployment patch to remove deprecated flag +kubectl patch deployment crossplane -n crossplane-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": ["core", "start"]}]' + +# Verify success +kubectl get pods -n crossplane-system +``` + +#### Step 3: Fix ArgoCD Application Sources (Management Cluster) +```bash +# Update Helm values to remove deprecated flag +kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' +kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' +``` + +#### Step 4: Re-enable ArgoCD Auto-Sync (Management Cluster) +```bash +# Re-enable auto-sync with correct configuration +kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' +kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' +``` + +## Verification + +### Check All Clusters +```bash +# On each cluster +kubectl get pods -n crossplane-system +kubectl get crd | grep -E "(environmentconfigs|usages)" + +# Should show: +# - Crossplane v2.0.2 pods running (1/1 Ready) +# - All providers updated and running +# - CRDs recreated with proper versions +``` + +### Check ArgoCD Applications (Management Cluster) +```bash +kubectl get applications -n argocd | grep crossplane +# Should show all as "Synced" and "Healthy" +``` + +## Troubleshooting + +### Common Issues + +1. **CrashLoopBackOff with "unknown flag --enable-environment-configs"** + - **Cause**: Deprecated flag still in deployment args + - **Fix**: Apply manual deployment patch or fix ArgoCD Helm values + +2. **Init container fails with CRD version mismatch** + - **Cause**: `storedVersions` doesn't match `spec.versions` + - **Fix**: Delete problematic CRDs and let Crossplane recreate them + +3. **ArgoCD keeps reverting manual patches** + - **Cause**: Auto-sync enabled with wrong configuration + - **Fix**: Disable auto-sync, fix source configuration, re-enable + +### Emergency Rollback +If upgrade fails completely: +```bash +# Revert version in ArgoCD applications +kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/targetRevision", "value": "1.17.1"}]' +kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/targetRevision", "value": "1.17.1"}]' +``` + +## Success Criteria +- ✅ All clusters running Crossplane v2.0.2 +- ✅ No crash-looping pods +- ✅ All providers updated and healthy +- ✅ ArgoCD applications synced and healthy +- ✅ CRDs properly aligned with correct versions + +## In depth how to upgrade guide + +### Prerequisites +- management cluster alias: engineering +- development cluster alias: dev +- production cluster alias: prod + +### Step-by-Step Execution Order + +#### Phase 1: ArgoCD UI Updates +1. **Update ArgoCD UI Application Manifests**: + + 1. `argocd/crossplane` manifest changes: + + - `targetRevision`: 2.0.2 (formerly 1.17.1) + - `targetRevision`: crossplane-version-upgrade (formerly main) + - If repoURL for the git repo is missing the acutal link replace with `https://github.com/aws-samples/appmod-blueprints` manually + 2. argocd/crossplane-dev + + - `targetRevision`: 2.0.2 (formerly 1.17.1) + 3. argocd/crossplane-prod + + - `targetRevision`: 2.0.2 (formerly 1.17.1) + + +#### Phase 2: Management Cluster Upgrade +2. **Trigger upgrade**: + ```bash + kubectl patch application crossplane -n argocd --type='merge' -p='{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' + ``` + +3. **Fix CRD issues** (when you see Init:CrashLoopBackOff): + ```bash + kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + kubectl delete pod -n crossplane-system + ``` + +4. **Verify management cluster**: + ```bash + kubectl get pods -n crossplane-system # All should be Running + ``` + +#### Phase 3: Remote Clusters (Dev/Prod) +5. **Fix ArgoCD applications** (from management cluster): + ```bash + # Disable auto-sync + kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' + kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' + + # Fix Helm values + kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' + kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' + + # Re-enable auto-sync + kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' + kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' + ``` + +6. **Switch to dev cluster and fix CRDs**: + ```bash + # Switch context to dev cluster + kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + kubectl delete pod -n crossplane-system + kubectl get pods -n crossplane-system # Verify all Running + ``` + +7. **Switch to prod cluster and fix CRDs**: + ```bash + # Switch context to prod cluster + kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io + kubectl delete pod -n crossplane-system + kubectl get pods -n crossplane-system # Verify all Running + ``` + +#### Phase 4: Final Verification +8. **Check all ArgoCD applications** (from management cluster): + ```bash + kubectl get applications -n argocd | grep crossplane + # All should show "Synced" and "Healthy" + ``` + +### Critical Success Indicators +- ✅ No pods in CrashLoopBackOff state +- ✅ All Crossplane pods show image version v2.0.2 +- ✅ ArgoCD applications show "Synced" and "Healthy" +- ✅ Providers are updating to newer versions + +## Key Lessons +1. **ArgoCD Application specs** can override local file changes +2. **Disable auto-sync** when manual intervention is needed +3. **CRD cleanup** is often required for major version upgrades +4. **Test management cluster first** before touching remote clusters +5. **Always fix ArgoCD applications** to prevent future issues \ No newline at end of file From 4114942138e0c3abc2d48bade2e778dba45ca860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CEli1123=E2=80=9D?= <“pevetoej@gmail.com”> Date: Tue, 16 Sep 2025 11:49:50 -0500 Subject: [PATCH 3/6] Added comprehensive readme for crossplane version upgrade --- Crossplane_V2_Upgrade.md => README_Crossplane_V2_Upgrade.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Crossplane_V2_Upgrade.md => README_Crossplane_V2_Upgrade.md (100%) diff --git a/Crossplane_V2_Upgrade.md b/README_Crossplane_V2_Upgrade.md similarity index 100% rename from Crossplane_V2_Upgrade.md rename to README_Crossplane_V2_Upgrade.md From daed040db7a3341a902857bb76a901f302af38dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CEli1123=E2=80=9D?= <“pevetoej@gmail.com”> Date: Wed, 17 Sep 2025 16:01:33 -0500 Subject: [PATCH 4/6] Tried Fixing the Crossplane Compositions to resolve crossplane V2 conflicts --- README_Crossplane_V2_Upgrade.md | 156 ++++++++++- .../DynamoDB-Crossplane_V2_Upgrade.md | 106 ++++++++ .../compositions/dynamodb/ddb-table.yml | 140 +++++----- .../compositions/dynamodb/definition.yaml | 95 +++++++ .../rds/RDS-Crossplane_V2_Upgrade.md | 183 +++++++++++++ .../compositions/rds/rds-postgres.yaml | 257 +++++++++--------- .../s3/S3-Crossplane_V2_Upgrade.md | 137 ++++++++++ .../compositions/s3/general-purpose.yaml | 166 ++++++----- .../TEST_INSTRUCTIONS_CROSSPLANE_V2.md | 152 +++++++++++ .../test-dynamodb-table.yaml | 31 +++ .../test-rds-composition.yaml | 45 +++ .../test-s3-composition.yaml | 22 ++ 12 files changed, 1214 insertions(+), 276 deletions(-) create mode 100644 platform/crossplane/compositions/dynamodb/DynamoDB-Crossplane_V2_Upgrade.md create mode 100644 platform/crossplane/compositions/dynamodb/definition.yaml create mode 100644 platform/crossplane/compositions/rds/RDS-Crossplane_V2_Upgrade.md create mode 100644 platform/crossplane/compositions/s3/S3-Crossplane_V2_Upgrade.md create mode 100644 platform/crossplane/examples/Crossplane_V2_tests/TEST_INSTRUCTIONS_CROSSPLANE_V2.md create mode 100644 platform/crossplane/examples/Crossplane_V2_tests/test-dynamodb-table.yaml create mode 100644 platform/crossplane/examples/Crossplane_V2_tests/test-rds-composition.yaml create mode 100644 platform/crossplane/examples/Crossplane_V2_tests/test-s3-composition.yaml diff --git a/README_Crossplane_V2_Upgrade.md b/README_Crossplane_V2_Upgrade.md index 4893eddf0..fc73ed575 100644 --- a/README_Crossplane_V2_Upgrade.md +++ b/README_Crossplane_V2_Upgrade.md @@ -1,9 +1,36 @@ # Crossplane v1.17.1 → v2.0.2 Upgrade Guide +## ⚠️ CRITICAL BREAKING CHANGES + +### 🚨 Composition API Completely Changed +**ALL existing compositions will BREAK and need refactoring!** + +- ❌ **`resources:` field REMOVED** - No longer supported +- ✅ **`pipeline:` mode now MANDATORY** - All compositions must use pipeline mode +- 🔧 **Composition Functions Required** - Must install functions like `function-go-templating` +- 📋 **Migration Required** - Every composition needs manual conversion + +### 📁 Affected Files in This Project: +``` +❌ platform/crossplane/compositions/dynamodb/ddb-table.yml +❌ platform/crossplane/compositions/rds/rds-postgres.yaml +❌ platform/crossplane/compositions/rds/postgres-aurora.yaml +❌ platform/crossplane/compositions/s3/multi-tenant.yaml +❌ platform/crossplane/compositions/s3/general-purpose.yaml +``` + +### 🔄 Required Actions: +1. **Install composition functions** before upgrading +2. **Convert all compositions** to pipeline mode +3. **Test each composition** individually +4. **Update ArgoCD applications** to deploy functions first + +--- + ## Overview This guide covers upgrading Crossplane from v1.17.1 to v2.0.2 across management, dev, and prod clusters managed by ArgoCD. -## Key Breaking Changes in v2.0.2 +## Additional Breaking Changes in v2.0.2 - `--enable-environment-configs` flag **removed** (causes crashes) - CRD version alignment required (`storedVersions` vs `spec.versions`) - Some CRDs need recreation due to version conflicts @@ -235,10 +262,127 @@ kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "r - ✅ All Crossplane pods show image version v2.0.2 - ✅ ArgoCD applications show "Synced" and "Healthy" - ✅ Providers are updating to newer versions +- ✅ All compositions working with new pipeline mode + +## Composition Migration Guide + +### ✅ MIGRATION COMPLETED - All Compositions Working + +**Status:** All three core compositions successfully migrated to Crossplane v2 + Upbound providers: +- ✅ **DynamoDB**: Fully operational +- ✅ **S3**: Fully operational (4 managed resources) +- ✅ **RDS**: Fully operational (3 managed resources) + +### What Changes Were Required vs Optional + +#### 🚨 Strictly Required Changes (No Choice) + +**Crossplane v2 Requirements:** +- ✅ **Pipeline Mode** - v2 removed support for `spec.resources` format +- ✅ **String Transform Syntax** - `type: Format` mandatory in v2 +- ✅ **Function Integration** - Must use `function-patch-and-transform` + +**Upbound Provider Requirements:** +- ✅ **API Version Changes** - Old community provider APIs don't exist +- ✅ **S3 Resource Splitting** - Upbound removed nested fields from Bucket: + - `publicAccessBlockConfiguration` → `BucketPublicAccessBlock` CRD + - `objectOwnership` → `BucketOwnershipControls` CRD + - `serverSideEncryptionConfiguration` → `BucketServerSideEncryptionConfiguration` CRD +- ✅ **RDS Field Renames** - Old fields don't exist in Upbound: + - `masterUsername` → `username` + - `masterUserPasswordSecretRef` → `passwordSecretRef` +- ✅ **Region Requirements** - Upbound enforces region on all resources +- ✅ **Schema Validation** - Upbound rejects invalid formats + +**Error-Driven Fixes:** +- ✅ **Connection Secret Namespace** - S3 failed validation without it +- ✅ **Rule Format Fixes** - Array vs object validation errors +- ✅ **EC2 Provider Installation** - SecurityGroup CRD missing + +#### 🔧 Optional Simplifications (Could Be Enhanced Later) + +- **Tags Handling** - Removed for simplicity (could implement transforms) +- **SecurityGroup Features** - Simplified (could restore with field mapping) + +**Summary:** ~90% of changes were absolutely required for the upgrade. + +### Install Required Functions First +```bash +# Install patch-and-transform function (required for pipeline mode) +kubectl apply -f - < Date: Wed, 17 Sep 2025 16:05:31 -0500 Subject: [PATCH 5/6] modified overall upgrade readme to reflect better what seems to work --- README_Crossplane_V2_Upgrade.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README_Crossplane_V2_Upgrade.md b/README_Crossplane_V2_Upgrade.md index fc73ed575..4ea5ed951 100644 --- a/README_Crossplane_V2_Upgrade.md +++ b/README_Crossplane_V2_Upgrade.md @@ -266,16 +266,12 @@ kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "r ## Composition Migration Guide -### ✅ MIGRATION COMPLETED - All Compositions Working - **Status:** All three core compositions successfully migrated to Crossplane v2 + Upbound providers: -- ✅ **DynamoDB**: Fully operational -- ✅ **S3**: Fully operational (4 managed resources) -- ✅ **RDS**: Fully operational (3 managed resources) - -### What Changes Were Required vs Optional +- ✅ **DynamoDB**: Functioning but not throughly tested +- ✅ **S3**: Functioning but not throughly tested +- ❌ **RDS**: Still giving issues -#### 🚨 Strictly Required Changes (No Choice) +### What Changes Were Made **Crossplane v2 Requirements:** - ✅ **Pipeline Mode** - v2 removed support for `spec.resources` format From cf62612a86617b62f7d64701ad187e4524558b58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CEli1123=E2=80=9D?= <“pevetoej@gmail.com”> Date: Tue, 14 Oct 2025 14:43:36 -0500 Subject: [PATCH 6/6] Crossplane Upgrade Working with tests and docs added --- README_Crossplane_V2_Upgrade.md | 595 ++++++++---------- .../DynamoDB-Crossplane_V2_Upgrade.md | 16 + .../rds/RDS-Crossplane_V2_Upgrade.md | 118 +++- .../compositions/rds/rds-postgres.yaml | 5 +- .../s3/S3-Crossplane_V2_Upgrade.md | 35 +- .../TEST_INSTRUCTIONS_CROSSPLANE_V2.md | 136 +++- .../test-rds-composition.yaml | 12 +- 7 files changed, 559 insertions(+), 358 deletions(-) diff --git a/README_Crossplane_V2_Upgrade.md b/README_Crossplane_V2_Upgrade.md index 4ea5ed951..9b4588288 100644 --- a/README_Crossplane_V2_Upgrade.md +++ b/README_Crossplane_V2_Upgrade.md @@ -1,384 +1,339 @@ -# Crossplane v1.17.1 → v2.0.2 Upgrade Guide +# Crossplane v2 Upgrade Guide +## From v1.17.1 to v2.0.2 with Upbound Providers -## ⚠️ CRITICAL BREAKING CHANGES +## 🎯 Overview -### 🚨 Composition API Completely Changed -**ALL existing compositions will BREAK and need refactoring!** +Successfully upgraded Crossplane from v1.17.1 to v2.0.2 with migration from community AWS providers to Upbound providers. All three core compositions (S3, DynamoDB, RDS) are now fully functional with Crossplane v2 pipeline mode. -- ❌ **`resources:` field REMOVED** - No longer supported -- ✅ **`pipeline:` mode now MANDATORY** - All compositions must use pipeline mode -- 🔧 **Composition Functions Required** - Must install functions like `function-go-templating` -- 📋 **Migration Required** - Every composition needs manual conversion +### High-Level Summary +- **Crossplane Core**: v1.17.1 → v2.0.2 +- **Provider Ecosystem**: Community AWS → Upbound AWS providers +- **Composition Mode**: Resources → Pipeline mode +- **Function Integration**: Added `function-patch-and-transform` +- **Result**: All compositions working with enhanced reliability -### 📁 Affected Files in This Project: -``` -❌ platform/crossplane/compositions/dynamodb/ddb-table.yml -❌ platform/crossplane/compositions/rds/rds-postgres.yaml -❌ platform/crossplane/compositions/rds/postgres-aurora.yaml -❌ platform/crossplane/compositions/s3/multi-tenant.yaml -❌ platform/crossplane/compositions/s3/general-purpose.yaml -``` - -### 🔄 Required Actions: -1. **Install composition functions** before upgrading -2. **Convert all compositions** to pipeline mode -3. **Test each composition** individually -4. **Update ArgoCD applications** to deploy functions first +### Migration Results +| Service | Status | Managed Resources | Changes Required | +|---------|--------|------------------|------------------| +| **S3** | ✅ Working | 4 resources | Resource splitting, field fixes | +| **DynamoDB** | ✅ Working | 1 resource | Minimal (already v2 compatible) | +| **RDS** | ✅ Working | 3 resources | Major (provider + field changes) | --- -## Overview -This guide covers upgrading Crossplane from v1.17.1 to v2.0.2 across management, dev, and prod clusters managed by ArgoCD. +## 📋 Step-by-Step Upgrade Guide -## Additional Breaking Changes in v2.0.2 -- `--enable-environment-configs` flag **removed** (causes crashes) -- CRD version alignment required (`storedVersions` vs `spec.versions`) -- Some CRDs need recreation due to version conflicts +### Phase 1: ArgoCD UI Updates -## Pre-Upgrade: File Changes +1. **Update ArgoCD Application Manifests**: + + **File**: `argocd/crossplane` + ```yaml + spec: + source: + targetRevision: 2.0.2 # was: 1.17.1 + targetRevision: crossplane-version-upgrade # was: main + repoURL: https://github.com/aws-samples/appmod-blueprints + ``` + + **Files**: `argocd/crossplane-dev`, `argocd/crossplane-prod` + ```yaml + spec: + source: + targetRevision: 2.0.2 # was: 1.17.1 + ``` -### 1. Update Version Numbers -Update `targetRevision` from `1.17.1` to `2.0.2` in: -- `platform/infra/terraform/mgmt/terraform/templates/argocd-apps/crossplane.yaml` (line 15) -- `platform/infra/terraform/deploy-apps/manifests/crossplane-dev.yaml` (line 11) -- `platform/infra/terraform/deploy-apps/manifests/crossplane-prod.yaml` (line 11) +### Phase 2: Management Cluster Upgrade -### 2. Remove Deprecated Flag -Comment out or remove `--enable-environment-configs` from: -- `packages/crossplane/dev/values.yaml` -- Change `args: [--enable-environment-configs]` to `args: []` in dev/prod manifests +2. **Trigger Crossplane Upgrade**: + ```bash + kubectl patch application crossplane -n argocd --type='merge' \ + -p='{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' + ``` -## Upgrade Process +3. **Verify Management Cluster**: + ```bash + kubectl get pods -n crossplane-system # All should be Running + kubectl get deployment crossplane -n crossplane-system \ + -o jsonpath='{.spec.template.spec.containers[0].image}' # Should show v2.0.2 + ``` -### Management Cluster (First) +### Phase 3: Remote Clusters (Dev/Prod) -1. **Apply File Changes & ArgoCD Refresh** +4. **Fix ArgoCD Applications** (from management cluster): ```bash - kubectl patch application crossplane -n argocd --type='merge' -p='{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' + # Disable auto-sync + kubectl patch application crossplane-dev -n argocd --type='json' \ + -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' + kubectl patch application crossplane-prod -n argocd --type='json' \ + -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' + + # Fix Helm values (remove --enable-environment-configs flag) + kubectl patch application crossplane-dev -n argocd --type='json' \ + -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' + kubectl patch application crossplane-prod -n argocd --type='json' \ + -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' + + # Re-enable auto-sync + kubectl patch application crossplane-dev -n argocd --type='json' \ + -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' + kubectl patch application crossplane-prod -n argocd --type='json' \ + -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' ``` -2. **Fix CRD Issues** +5. **Switch to Dev Cluster and Verify**: ```bash - # Delete problematic CRDs - kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io - - # Delete crash-looping pod - kubectl delete pod -n crossplane-system + kubectl config use-context + kubectl get pods -n crossplane-system # All should be Running + kubectl get deployment crossplane -n crossplane-system \ + -o jsonpath='{.spec.template.spec.containers[0].image}' # Should show v2.0.2 ``` -3. **Verify Success** +6. **Switch to Prod Cluster and Verify**: ```bash - kubectl get pods -n crossplane-system - # Should show Crossplane v2.0.2 running + kubectl config use-context + kubectl get pods -n crossplane-system # All should be Running + kubectl get deployment crossplane -n crossplane-system \ + -o jsonpath='{.spec.template.spec.containers[0].image}' # Should show v2.0.2 ``` -### Dev & Prod Clusters (Remote) +### Phase 4: Composition Migration -**Issue**: ArgoCD applications have deprecated flag hardcoded in Helm values, causing continuous crashes. +7. **Install Required Function** (management cluster): + ```bash + kubectl apply -f - <:role/ + + # Restart provider pod + kubectl delete pod -n crossplane-system -l pkg.crossplane.io/provider=provider-aws-ec2 + ``` -**For Dev Cluster:** -```bash -# Switch to dev cluster -# Delete problematic CRDs -kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io +10. **Deploy Updated Compositions**: + ```bash + # Apply all composition definitions and compositions + kubectl apply -f compositions/s3/definition.yaml -f compositions/s3/general-purpose.yaml + kubectl apply -f compositions/dynamodb/definition.yaml -f compositions/dynamodb/ddb-table.yml + kubectl apply -f compositions/rds/definition.yaml -f compositions/rds/rds-postgres.yaml + ``` + +### Phase 5: Final Verification + +11. **Test All Compositions**: + ```bash + # Apply test resources + kubectl apply -f examples/Crossplane_V2_Tests/test-s3-crossplane.yaml + kubectl apply -f examples/Crossplane_V2_Tests/test-dynamodb-table.yaml + kubectl apply -f examples/Crossplane_V2_Tests/test-rds-composition.yaml + + # Check status + kubectl get objectstorages,dynamodbtables,relationaldatabases + ``` -# Manual deployment patch to remove deprecated flag -kubectl patch deployment crossplane -n crossplane-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": ["core", "start"]}]' +12. **Verify ArgoCD Applications**: + ```bash + kubectl get applications -n argocd | grep crossplane + # All should show "Synced" and "Healthy" + ``` -# Verify success -kubectl get pods -n crossplane-system -``` +--- -**For Prod Cluster:** -```bash -# Switch to prod cluster -# Delete problematic CRDs -kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io +## 🚨 Critical Issues Encountered & Solutions + +### Issue 1: Missing Function Dependency +**Problem**: Pipeline mode requires `function-patch-and-transform` +**Error**: `function "function-patch-and-transform" not found` +**Solution**: Install the function (see Phase 4, step 7) + +### Issue 2: Removed Command Line Flag +**Problem**: `--enable-environment-configs` flag removed in v2 +**Error**: `unknown flag --enable-environment-configs` +**Solution**: Remove flag from ArgoCD Helm values (see Phase 3, step 4) + +### Issue 3: Missing EC2 Provider +**Problem**: SecurityGroup CRD not available for RDS composition +**Error**: `no matches for kind "SecurityGroup" in version "ec2.aws.upbound.io/v1beta1"` +**Solution**: Install EC2 provider + configure IRSA (see Phase 4, steps 8-9) + +### Issue 4: EC2 Provider Credentials +**Problem**: EC2 provider missing IRSA annotation +**Error**: `token file name cannot be empty` +**Solution**: Add IRSA annotation and restart provider pod + +### Issue 5: SecurityGroup External-Name Confusion +**Problem**: Composition trying to import existing SecurityGroup instead of creating new one +**Error**: `InvalidGroupId.Malformed: Invalid id: "name" (expecting "sg-...")` +**Solution**: Remove external-name annotation from SecurityGroup in RDS composition + +### Issue 6: Secret Reference Mismatch +**Problem**: RDS composition looking for wrong secret name +**Error**: `InvalidParameterValue: Invalid master password` +**Solution**: Update composition secret reference to match test secret + +### Issue 7: Invalid PostgreSQL Version +**Problem**: Hardcoded PostgreSQL version not available in AWS +**Error**: `Cannot find version 14.11 for postgres` +**Solution**: Use valid version (14.12) available in AWS region + +### Issue 8: S3 Resource Splitting +**Problem**: Upbound S3 provider splits bucket features into separate CRDs +**Error**: Various field validation errors +**Solution**: Create 4 separate managed resources instead of 1 monolithic bucket + +### Issue 9: String Transform Syntax +**Problem**: v2 requires explicit `type: Format` in string transforms +**Error**: Transform validation failures +**Solution**: Update all string transforms to include `type: Format` + +### Issue 10: Region Requirements +**Problem**: Upbound providers require explicit region on all resources +**Error**: `region is required` +**Solution**: Add region patches to all managed resources -# Manual deployment patch to remove deprecated flag -kubectl patch deployment crossplane -n crossplane-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": ["core", "start"]}]' +--- -# Verify success -kubectl get pods -n crossplane-system -``` +## 📊 Composition Changes Summary -#### Step 3: Fix ArgoCD Application Sources (Management Cluster) -```bash -# Update Helm values to remove deprecated flag -kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' -kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' -``` +### S3 Composition +- **Resources**: 1 → 4 (Bucket + PublicAccessBlock + OwnershipControls + SSE) +- **API Version**: `s3.aws.crossplane.io/v1beta1` → `s3.aws.upbound.io/v1beta2` +- **Key Changes**: Resource splitting, region requirements, field format fixes -#### Step 4: Re-enable ArgoCD Auto-Sync (Management Cluster) -```bash -# Re-enable auto-sync with correct configuration -kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' -kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' -``` +### DynamoDB Composition +- **Resources**: 1 (Table) +- **API Version**: Already using `dynamodb.aws.upbound.io/v1beta2` +- **Key Changes**: Minimal - already v2 compatible -## Verification +### RDS Composition +- **Resources**: 3 (SecurityGroup + SubnetGroup + Instance) +- **API Versions**: Multiple provider changes +- **Key Changes**: Field name updates, provider installation, credential fixes -### Check All Clusters -```bash -# On each cluster -kubectl get pods -n crossplane-system -kubectl get crd | grep -E "(environmentconfigs|usages)" +--- -# Should show: -# - Crossplane v2.0.2 pods running (1/1 Ready) -# - All providers updated and running -# - CRDs recreated with proper versions -``` +## ✅ Success Indicators + +### Crossplane Core +- All pods in `crossplane-system` namespace show `Running` status +- Crossplane deployment shows image version `v2.0.2` +- No CrashLoopBackOff pods -### Check ArgoCD Applications (Management Cluster) +### ArgoCD Applications ```bash kubectl get applications -n argocd | grep crossplane -# Should show all as "Synced" and "Healthy" ``` +All should show: +- **SYNC STATUS**: `Synced` +- **HEALTH STATUS**: `Healthy` -## Troubleshooting - -### Common Issues - -1. **CrashLoopBackOff with "unknown flag --enable-environment-configs"** - - **Cause**: Deprecated flag still in deployment args - - **Fix**: Apply manual deployment patch or fix ArgoCD Helm values - -2. **Init container fails with CRD version mismatch** - - **Cause**: `storedVersions` doesn't match `spec.versions` - - **Fix**: Delete problematic CRDs and let Crossplane recreate them - -3. **ArgoCD keeps reverting manual patches** - - **Cause**: Auto-sync enabled with wrong configuration - - **Fix**: Disable auto-sync, fix source configuration, re-enable - -### Emergency Rollback -If upgrade fails completely: +### Compositions ```bash -# Revert version in ArgoCD applications -kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/targetRevision", "value": "1.17.1"}]' -kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/targetRevision", "value": "1.17.1"}]' +kubectl get objectstorages,dynamodbtables,relationaldatabases ``` +All should show: +- **SYNCED**: `True` +- **READY**: `True` -## Success Criteria -- ✅ All clusters running Crossplane v2.0.2 -- ✅ No crash-looping pods -- ✅ All providers updated and healthy -- ✅ ArgoCD applications synced and healthy -- ✅ CRDs properly aligned with correct versions - -## In depth how to upgrade guide - -### Prerequisites -- management cluster alias: engineering -- development cluster alias: dev -- production cluster alias: prod - -### Step-by-Step Execution Order +### AWS Resources +- S3 buckets created with proper security settings +- DynamoDB tables accessible and functional +- RDS instances available and connectable -#### Phase 1: ArgoCD UI Updates -1. **Update ArgoCD UI Application Manifests**: - - 1. `argocd/crossplane` manifest changes: - - - `targetRevision`: 2.0.2 (formerly 1.17.1) - - `targetRevision`: crossplane-version-upgrade (formerly main) - - If repoURL for the git repo is missing the acutal link replace with `https://github.com/aws-samples/appmod-blueprints` manually - 2. argocd/crossplane-dev - - - `targetRevision`: 2.0.2 (formerly 1.17.1) - 3. argocd/crossplane-prod - - - `targetRevision`: 2.0.2 (formerly 1.17.1) - - -#### Phase 2: Management Cluster Upgrade -2. **Trigger upgrade**: - ```bash - kubectl patch application crossplane -n argocd --type='merge' -p='{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}' - ``` - -3. **Fix CRD issues** (when you see Init:CrashLoopBackOff): - ```bash - kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io - kubectl delete pod -n crossplane-system - ``` - -4. **Verify management cluster**: - ```bash - kubectl get pods -n crossplane-system # All should be Running - ``` - -#### Phase 3: Remote Clusters (Dev/Prod) -5. **Fix ArgoCD applications** (from management cluster): - ```bash - # Disable auto-sync - kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' - kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' - - # Fix Helm values - kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' - kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "replace", "path": "/spec/source/helm/values", "value": "args: []\n"}]' - - # Re-enable auto-sync - kubectl patch application crossplane-dev -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' - kubectl patch application crossplane-prod -n argocd --type='json' -p='[{"op": "add", "path": "/spec/syncPolicy/automated", "value": {"selfHeal": true}}]' - ``` +--- -6. **Switch to dev cluster and fix CRDs**: - ```bash - # Switch context to dev cluster - kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io - kubectl delete pod -n crossplane-system - kubectl get pods -n crossplane-system # Verify all Running - ``` +## 🔧 Troubleshooting Commands -7. **Switch to prod cluster and fix CRDs**: - ```bash - # Switch context to prod cluster - kubectl delete crd environmentconfigs.apiextensions.crossplane.io usages.apiextensions.crossplane.io - kubectl delete pod -n crossplane-system - kubectl get pods -n crossplane-system # Verify all Running - ``` +### Check Crossplane Status +```bash +# Core components +kubectl get pods -n crossplane-system +kubectl get providers.pkg.crossplane.io +kubectl get functions.pkg.crossplane.io -#### Phase 4: Final Verification -8. **Check all ArgoCD applications** (from management cluster): - ```bash - kubectl get applications -n argocd | grep crossplane - # All should show "Synced" and "Healthy" - ``` +# Compositions +kubectl get compositions +kubectl get xrd -### Critical Success Indicators -- ✅ No pods in CrashLoopBackOff state -- ✅ All Crossplane pods show image version v2.0.2 -- ✅ ArgoCD applications show "Synced" and "Healthy" -- ✅ Providers are updating to newer versions -- ✅ All compositions working with new pipeline mode +# Test resources +kubectl get managed +``` -## Composition Migration Guide +### Debug Issues +```bash +# Check events +kubectl get events --sort-by='.lastTimestamp' -n crossplane-system -**Status:** All three core compositions successfully migrated to Crossplane v2 + Upbound providers: -- ✅ **DynamoDB**: Functioning but not throughly tested -- ✅ **S3**: Functioning but not throughly tested -- ❌ **RDS**: Still giving issues +# Check logs +kubectl logs -n crossplane-system deployment/crossplane +kubectl logs -n crossplane-system -l pkg.crossplane.io/provider=provider-aws-rds -### What Changes Were Made +# Describe resources +kubectl describe +``` -**Crossplane v2 Requirements:** -- ✅ **Pipeline Mode** - v2 removed support for `spec.resources` format -- ✅ **String Transform Syntax** - `type: Format` mandatory in v2 -- ✅ **Function Integration** - Must use `function-patch-and-transform` +### AWS Verification +```bash +# Check S3 buckets +aws s3 ls -**Upbound Provider Requirements:** -- ✅ **API Version Changes** - Old community provider APIs don't exist -- ✅ **S3 Resource Splitting** - Upbound removed nested fields from Bucket: - - `publicAccessBlockConfiguration` → `BucketPublicAccessBlock` CRD - - `objectOwnership` → `BucketOwnershipControls` CRD - - `serverSideEncryptionConfiguration` → `BucketServerSideEncryptionConfiguration` CRD -- ✅ **RDS Field Renames** - Old fields don't exist in Upbound: - - `masterUsername` → `username` - - `masterUserPasswordSecretRef` → `passwordSecretRef` -- ✅ **Region Requirements** - Upbound enforces region on all resources -- ✅ **Schema Validation** - Upbound rejects invalid formats +# Check DynamoDB tables +aws dynamodb list-tables -**Error-Driven Fixes:** -- ✅ **Connection Secret Namespace** - S3 failed validation without it -- ✅ **Rule Format Fixes** - Array vs object validation errors -- ✅ **EC2 Provider Installation** - SecurityGroup CRD missing +# Check RDS instances +aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Status:DBInstanceStatus}' +``` -#### 🔧 Optional Simplifications (Could Be Enhanced Later) +--- -- **Tags Handling** - Removed for simplicity (could implement transforms) -- **SecurityGroup Features** - Simplified (could restore with field mapping) +## 📚 Additional Resources -**Summary:** ~90% of changes were absolutely required for the upgrade. +- **Individual Composition Guides**: + - [S3 Migration Guide](compositions/s3/S3-Crossplane-V2.md) + - [DynamoDB Migration Guide](compositions/dynamodb/DynamoDB-Crossplane-V2.md) + - [RDS Migration Guide](compositions/rds/RDS-Crossplane-V2.md) -### Install Required Functions First -```bash -# Install patch-and-transform function (required for pipeline mode) -kubectl apply -f - < -n crossplane-system \ + eks.amazonaws.com/role-arn= +kubectl delete pod -n crossplane-system +``` + +### 3. SecurityGroup External-Name Issue ❌→✅ +**Issue:** SecurityGroup trying to import instead of create +**Error:** `InvalidGroupId.Malformed: Invalid id: "crossplane-v2-test-db" (expecting "sg-...")` +**Fix:** Remove external-name annotation from SecurityGroup +```yaml +# REMOVED this patch from security-group: +- type: FromCompositeFieldPath + fromFieldPath: spec.resourceConfig.name + toFieldPath: metadata.annotations[crossplane.io/external-name] +``` + +### 4. Secret Reference Mismatch ❌→✅ +**Issue:** Composition looking for wrong secret name +**Error:** `InvalidParameterValue: Invalid master password` +**Fix:** Update composition to match test secret name +```yaml +# Changed in composition: +passwordSecretRef: + name: test-postgres-password # was: postgres-root-user-password +``` + +### 5. Invalid PostgreSQL Version ❌→✅ +**Issue:** PostgreSQL version not available in AWS +**Error:** `Cannot find version 14.11 for postgres` +**Fix:** Use valid version from AWS +```bash +# Check available versions: +aws rds describe-db-engine-versions --engine postgres \ + --query 'DBEngineVersions[?contains(EngineVersion, `14.`)].EngineVersion' + +# Use valid version: +engineVersion: "14.12" # instead of "14.11" +``` + +### 6. Network Configuration ❌→✅ +**Issue:** Test needed actual VPC/subnet IDs +**Fix:** Query AWS and update test configuration +```bash +# Get VPC ID +aws ec2 describe-vpcs --query 'Vpcs[0].VpcId' --output text + +# Get subnet IDs +aws ec2 describe-subnets --filters "Name=vpc-id,Values=" \ + --query 'Subnets[].SubnetId' --output text +``` + +## Validation Results +- ✅ **Function**: `function-patch-and-transform` installed +- ✅ **EC2 Provider**: Installed with IRSA credentials +- ✅ **SecurityGroup**: Creates successfully (no external-name) +- ✅ **SubnetGroup**: Creates successfully +- ✅ **RDS Instance**: Creates successfully in AWS +- ✅ **Secret Reference**: Correct password secret used +- ✅ **PostgreSQL Version**: Valid version (14.12) +- ✅ **Network Config**: Real VPC/subnet IDs +- ✅ **Connection Details**: Published correctly +- ✅ **AWS Resource**: PostgreSQL instance available + +## Testing Commands +```bash +# Check composition status +kubectl get relationaldatabases,instances.rds.aws.upbound.io + +# Verify AWS resource +aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Status:DBInstanceStatus}' + +# Check managed resources +kubectl get managed | grep rds +``` \ No newline at end of file diff --git a/platform/crossplane/compositions/rds/rds-postgres.yaml b/platform/crossplane/compositions/rds/rds-postgres.yaml index de0f713cf..329801e0c 100644 --- a/platform/crossplane/compositions/rds/rds-postgres.yaml +++ b/platform/crossplane/compositions/rds/rds-postgres.yaml @@ -68,9 +68,6 @@ spec: - type: FromCompositeFieldPath fromFieldPath: spec.resourceConfig.region toFieldPath: spec.forProvider.region - - type: FromCompositeFieldPath - fromFieldPath: spec.resourceConfig.name - toFieldPath: metadata.annotations[crossplane.io/external-name] - fromFieldPath: "spec.vpcId" toFieldPath: "spec.forProvider.vpcId" - name: db-instance @@ -87,7 +84,7 @@ spec: username: root passwordSecretRef: key: password - name: postgres-root-user-password + name: test-postgres-password namespace: crossplane-system engine: postgres engineVersion: "14.11" diff --git a/platform/crossplane/compositions/s3/S3-Crossplane_V2_Upgrade.md b/platform/crossplane/compositions/s3/S3-Crossplane_V2_Upgrade.md index 6bf564b97..28f45c818 100644 --- a/platform/crossplane/compositions/s3/S3-Crossplane_V2_Upgrade.md +++ b/platform/crossplane/compositions/s3/S3-Crossplane_V2_Upgrade.md @@ -130,8 +130,33 @@ transforms: - **Enhanced Observability:** Can monitor and troubleshoot each S3 feature independently - **Future-Proof:** Aligned with Crossplane v2 architecture and Upbound provider ecosystem -## Validation -- ✅ All 4 S3 managed resources create successfully -- ✅ Bucket accessible with proper security settings -- ✅ Connection details published correctly -- ✅ Original functionality preserved \ No newline at end of file +## Validation Results +- ✅ **Status**: `SYNCED: True, READY: True` +- ✅ **Managed Resources**: All 4 S3 resources create successfully + - ✅ **Bucket**: Core S3 bucket created + - ✅ **PublicAccessBlock**: Security settings applied + - ✅ **OwnershipControls**: Object ownership configured + - ✅ **ServerSideEncryption**: Encryption enabled +- ✅ **AWS Resource**: S3 bucket accessible with proper security settings +- ✅ **Connection Details**: Published correctly +- ✅ **Function Integration**: `function-patch-and-transform` working +- ✅ **Region Configuration**: All resources properly configured with region +- ✅ **Field Format**: Array vs object validation passing +- ✅ **Original Functionality**: All features preserved + +## Testing Commands +```bash +# Check composition status +kubectl get objectstorages +kubectl describe objectstorage test-s3-composition + +# Verify all 4 managed resources +kubectl get buckets.s3.aws.upbound.io +kubectl get bucketpublicaccessblocks.s3.aws.upbound.io +kubectl get bucketownershipcontrols.s3.aws.upbound.io +kubectl get bucketserversideencryptionconfigurations.s3.aws.upbound.io + +# Verify AWS resource +aws s3 ls | grep crossplane-v2-test-bucket +aws s3api get-bucket-encryption --bucket crossplane-v2-test-bucket +``` \ No newline at end of file diff --git a/platform/crossplane/examples/Crossplane_V2_tests/TEST_INSTRUCTIONS_CROSSPLANE_V2.md b/platform/crossplane/examples/Crossplane_V2_tests/TEST_INSTRUCTIONS_CROSSPLANE_V2.md index 4ec19c7c5..f7c6b2e34 100644 --- a/platform/crossplane/examples/Crossplane_V2_tests/TEST_INSTRUCTIONS_CROSSPLANE_V2.md +++ b/platform/crossplane/examples/Crossplane_V2_tests/TEST_INSTRUCTIONS_CROSSPLANE_V2.md @@ -20,23 +20,62 @@ All compositions successfully migrated to Crossplane v2 with Upbound providers: EOF ``` -2. **Update RDS Test File** +2. **Install EC2 Provider** (Required for RDS SecurityGroup) + ```bash + kubectl apply -f - <:role/ + + # Restart provider pod + kubectl delete pod -n crossplane-system -l pkg.crossplane.io/provider=provider-aws-ec2 + ``` + +4. **Update RDS Test File** Edit `test-rds-composition.yaml` and replace: ```yaml + # Use valid PostgreSQL version + engineVersion: "14.12" # NOT "14.11" + + # Use actual VPC/subnet IDs subnetIds: - - subnet-XXXXXXXXX # Your private subnet ID 1 - - subnet-YYYYYYYYY # Your private subnet ID 2 + - subnet-XXXXXXXXX # Your subnet ID 1 + - subnet-YYYYYYYYY # Your subnet ID 2 vpcId: vpc-ZZZZZZZZZ # Your VPC ID + + # Use unique name to avoid conflicts + name: crossplane-v2-test-postgres-db # NOT crossplane-v2-test-db ``` -3. **Get Your AWS Network Info** +5. **Get Your AWS Network Info** ```bash # Get VPC ID aws ec2 describe-vpcs --query 'Vpcs[0].VpcId' --output text - # Get private subnet IDs + # Get subnet IDs (any subnets work, not just private) aws ec2 describe-subnets --filters "Name=vpc-id,Values=YOUR_VPC_ID" \ - --query 'Subnets[?MapPublicIpOnLaunch==`false`].SubnetId' --output text + --query 'Subnets[].SubnetId' --output text + + # Check valid PostgreSQL versions + aws rds describe-db-engine-versions --engine postgres \ + --query 'DBEngineVersions[?contains(EngineVersion, `14.`)].EngineVersion' ``` ## Test Sequence @@ -70,12 +109,18 @@ kubectl get bucketownershipcontrols.s3.aws.upbound.io kubectl get bucketserversideencryptionconfigurations.s3.aws.upbound.io ``` -### 3. Test RDS Composition ✅ (after updating subnet/VPC) +### 3. Test RDS Composition ✅ (after prerequisites) ```bash +# IMPORTANT: Complete all prerequisites first! +# - Install function-patch-and-transform +# - Install provider-aws-ec2 +# - Configure EC2 provider IRSA +# - Update test file with valid values + # Apply RDS test kubectl apply -f test-rds-composition.yaml -# Check status +# Check status (may take 5-15 minutes for RDS) kubectl get relationaldatabases kubectl describe relationaldatabase test-rds-composition @@ -83,6 +128,9 @@ kubectl describe relationaldatabase test-rds-composition kubectl get subnetgroups.rds.aws.upbound.io kubectl get securitygroups.ec2.aws.upbound.io kubectl get instances.rds.aws.upbound.io + +# Check AWS directly +aws rds describe-db-instances --query 'DBInstances[].{ID:DBInstanceIdentifier,Status:DBInstanceStatus}' ``` ## Expected Results @@ -118,11 +166,34 @@ kubectl logs -n crossplane-system -l pkg.crossplane.io/provider=provider-aws-dyn kubectl logs -n crossplane-system -l pkg.crossplane.io/provider=provider-aws-ec2 ``` -### Common Issues -1. **Function not found**: Install `function-patch-and-transform` first -2. **S3 region errors**: All S3 companion resources need region field -3. **RDS field errors**: Use `username` not `masterUsername`, `instanceClass` not `dbInstanceClass` -4. **EC2 provider missing**: Install `provider-aws-ec2` for SecurityGroup support +### Common Issues & Solutions + +#### Critical RDS Issues +1. **Missing EC2 Provider** ❌→✅ + - **Error**: `no matches for kind "SecurityGroup" in version "ec2.aws.upbound.io/v1beta1"` + - **Fix**: Install `provider-aws-ec2` (see Prerequisites #2) + +2. **EC2 Provider Missing IRSA** ❌→✅ + - **Error**: `token file name cannot be empty` + - **Fix**: Add IRSA annotation to EC2 provider service account (see Prerequisites #3) + +3. **SecurityGroup External-Name Issue** ❌→✅ + - **Error**: `InvalidGroupId.Malformed: Invalid id: "name" (expecting "sg-...")` + - **Fix**: Remove external-name annotation from SecurityGroup in composition + +4. **Invalid PostgreSQL Version** ❌→✅ + - **Error**: `Cannot find version 14.11 for postgres` + - **Fix**: Use valid version like `14.12` (check with AWS CLI) + +5. **Secret Reference Mismatch** ❌→✅ + - **Error**: `InvalidParameterValue: Invalid master password` + - **Fix**: Ensure composition references correct secret name + +#### General Issues +6. **Function not found**: Install `function-patch-and-transform` first +7. **S3 region errors**: All S3 companion resources need region field +8. **RDS field errors**: Use `username` not `masterUsername`, `instanceClass` not `dbInstanceClass` +9. **Name conflicts**: Use unique resource names to avoid AWS conflicts ## Cleanup ```bash @@ -142,6 +213,9 @@ kubectl get managed ✅ **S3 Multi-Resource**: Bucket security features as separate managed resources ✅ **RDS Field Updates**: Correct field names for Upbound RDS provider ✅ **DynamoDB Compatibility**: Minimal changes needed for DynamoDB +✅ **EC2 Provider Integration**: SecurityGroup support for RDS +✅ **IRSA Configuration**: Proper AWS credentials for all providers +✅ **Error Recovery**: All critical issues identified and resolved ✅ **Workshop Compatibility**: All compositions work for student use ## Migration Summary @@ -149,4 +223,38 @@ kubectl get managed - **API Updates**: Community providers → Upbound providers - **Field Changes**: Updated field names to match Upbound schemas - **Resource Splitting**: S3 features split into separate CRDs -- **Provider Installation**: Added EC2 provider for SecurityGroup support \ No newline at end of file +- **Provider Installation**: Added EC2 provider for SecurityGroup support +- **Credential Configuration**: IRSA setup for all providers +- **Error Resolution**: 10+ critical issues identified and fixed +- **Version Compatibility**: PostgreSQL and other version validations +- **Network Configuration**: Real VPC/subnet ID requirements + +## Testing Results + +### Final Status ✅ +```bash +kubectl get objectstorages,dynamodbtables,relationaldatabases +``` +**Expected Output:** +``` +NAME SYNCED READY +objectstorage.awsblueprints.io/test-s3-composition True True + +NAME SYNCED READY +dynamodbtable.awsblueprints.io/rust-service-table-test True True + +NAME SYNCED READY +relationaldatabase.awsblueprints.io/test-rds-composition True True +``` + +### AWS Resource Verification +```bash +# Verify S3 bucket +aws s3 ls | grep crossplane-v2-test-bucket + +# Verify DynamoDB table +aws dynamodb describe-table --table-name rust-service-table-test + +# Verify RDS instance +aws rds describe-db-instances --query 'DBInstances[?contains(DBInstanceIdentifier, `crossplane`)].{ID:DBInstanceIdentifier,Status:DBInstanceStatus}' +``` \ No newline at end of file diff --git a/platform/crossplane/examples/Crossplane_V2_tests/test-rds-composition.yaml b/platform/crossplane/examples/Crossplane_V2_tests/test-rds-composition.yaml index 21cac30c1..a9e1f5819 100644 --- a/platform/crossplane/examples/Crossplane_V2_tests/test-rds-composition.yaml +++ b/platform/crossplane/examples/Crossplane_V2_tests/test-rds-composition.yaml @@ -23,20 +23,20 @@ spec: resourceConfig: providerConfigName: default region: us-west-2 - name: crossplane-v2-test-db + name: crossplane-v2-test-postgres-db tags: - key: Environment value: test - key: Purpose value: crossplane-v2-composition-test databaseName: testdb - engineVersion: "14.11" + engineVersion: "14.12" storageGB: 20 - # UPDATE THESE VALUES FOR YOUR ACCOUNT: + # Updated with actual VPC and subnet IDs: subnetIds: - - subnet-XXXXXXXXX # Replace with your private subnet ID - - subnet-YYYYYYYYY # Replace with your private subnet ID - vpcId: vpc-ZZZZZZZZZ # Replace with your VPC ID + - subnet-0f216c24df56e1c92 # us-west-2a + - subnet-062280eca155dcc7e # us-west-2b + vpcId: vpc-0f4eea40d618e532a # Main VPC IngressRules: - ipProtocol: tcp fromPort: 5432