No namespaced MRs?

[milkpirate]

What happened?

I tried to create a namespace scoped resouce.

How can we reproduce it?

With this (really) minimal example:

composition.yaml

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: xfoo
spec:
  compositeTypeRef:
    apiVersion: bar.private/v1alpha1
    kind: Foo

  mode: Pipeline
  pipeline:
  - step: sa
    functionRef:
      name: function-go-templating
    input:
      apiVersion: gotemplating.fn.crossplane.io/v1beta1
      kind: GoTemplate
      source: Inline
      inline:
        template: |
          {{ $xr := .observed.composite.resource }}
          {{ $name := $xr.metadata.name }}

          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: sa-{{ $name }}
            namespace: crossplane-system
            annotations:
              gotemplating.fn.crossplane.io/composition-resource-name: some-sa

  writeConnectionSecretsToNamespace: crossplane-system

xrd.yaml

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: bar.private
spec:
  group: bar.private
  names:
    kind: Foo
    plural: foos
  versions:
  - name: v1alpha1
    served: true
    referenceable: true
    schema:
      openAPIV3Schema:  {}

claim.yaml

apiVersion: bar.private/v1alpha1
kind: Foo
metadata:
  name: example

Then I get:

$ kgf cfsetup/claim.yaml -oyaml
...
status:
  conditions:
  - lastTransitionTime: "2024-05-21T20:41:51Z"
    message: 'cannot compose resources: cannot update composite resource spec.resourceRefs:
      failed to create typed patch object (/example; bar.private/v1alpha1,
      Kind=Foo): .spec.resourceRefs[0].namespace: field not declared in schema'
    reason: ReconcileError
    status: "False"
    type: Synced

But if I remove the namespace from the SA it for sure complains about it missing. What am I doing wrong?

What environment did it happen in?

Function version:

• Cloud provider or hardware configuration

  ubuntu 22.04.4 @ amd64

• Kubernetes version

  Client Version: v1.29.0
  Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
  Server Version: v1.28.9

• Kubernetes distribution (e.g. Tectonic, GKE, OpenShift)

  microk8s

• OS (e.g. from /etc/os-release)

  PRETTY_NAME="Ubuntu 22.04.3 LTS"
  NAME="Ubuntu"
  VERSION_ID="22.04"
  VERSION="22.04.3 LTS (Jammy Jellyfish)"
  VERSION_CODENAME=jammy
  ID=ubuntu
  ID_LIKE=debian
  HOME_URL="https://www.ubuntu.com/"
  SUPPORT_URL="https://help.ubuntu.com/"
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
  UBUNTU_CODENAME=jammy

• Kernel (e.g. uname -a)

  Linux nuc 5.15.0-100-generic #110-Ubuntu SMP Wed Feb 7 13:27:48 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

[phclark]

I don't believe this is a bug, so much as a limitation to how Crossplane creates Managed Resources, to accomplish this, you'll want to wrap your Kube resource in a provider-kubernetes Object

[phisco]

Exactly as @phclark said. Closing this. 🙏