Migrate platform-ref-azure from Crossplane v1 to v2 with namespaced resources (#172)

* Migrates platform-ref-azure from Crossplane v1 to v2 with namespaced resources.

- XRD API version: `apiextensions.crossplane.io/v1` → `v2`
- Resource kinds: Removed X-prefix (`XCluster` → `Cluster`, `XSQLInstance` → `SQLInstance`, etc.)
- Scope: All XRs are now namespaced (`scope: Namespaced`)
- File naming: Renamed examples from `*-claim.yaml` to `*-xr.yaml`
- Management: `deletionPolicy` → `managementPolicies` array

- **Dependencies**: Updated all 6 dependent configurations to v2.0.0 (configuration-app to v2.1.0)
- **XRDs**: Updated to v2 API with namespace scope, removed `claimNames` and `connectionSecretKeys`
- **Functions**: Updated to use namespaced provider APIs (`azurem`, `helmm`) and v2 patterns
- **Tests**: Updated composition and E2E tests to v2 conventions with proper namespace handling
- **Usage Resources**: Migrated to `protection.crossplane.io/v1beta1` API with namespace support
- **Provider Config**: Added provider-family-azure to E2E test initResources for RBAC workaround

- Fixed configuration-app label propagation to support Usage resource dependencies
- Updated helm Release API to namespaced version in Usage resources

- ✅ All composition tests passing
- ✅ E2E test passing

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Extend README with the Application access

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Align composition tests to expect namespaced Release

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Add ghost admin screenshot to the platform readme

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Control screenshot size in the README

Signed-off-by: Yury Tsarev <yury@upbound.io>

* Remove unnecessary sequential instructions

Signed-off-by: Yury Tsarev <yury@upbound.io>

---------

Signed-off-by: Yury Tsarev <yury@upbound.io>

Author: ytsarev

README.md

@@ -24,7 +24,7 @@ This platform uses **Upbound DevEx** with:
 ## Overview
 
 This reference platform outlines a specialized API for generating an AKS cluster
-([XCluster](apis/xclusters/definition.yaml)) that incorporates XRs from the specified configurations:
+([Cluster](apis/clusters/definition.yaml)) that incorporates XRs from the specified configurations:
 
 * [upbound-configuration-app](https://github.com/upbound/configuration-app)
 * [upbound-configuration-azure-database](https://github.com/upbound/configuration-azure-database)
@@ -35,12 +35,12 @@ This reference platform outlines a specialized API for generating an AKS cluster
 
 ```mermaid
 graph LR;
-    MyApp(My App)---MyCluster(XRC: my-cluster);
-    MyCluster---XRD1(XRD: XCluster);
-    MyApp---MyDB(XRC: my-db);
-    MyDB---XRD2(XRD: XSQLInstance);
+    MyApp(My App)---MyCluster(XR: my-cluster);
+    MyCluster---XRD1(XRD: Cluster);
+    MyApp---MyDB(XR: my-db);
+    MyDB---XRD2(XRD: SQLInstance);
 		subgraph Configuration:upbound/platform-ref-azure;
-	    XRD1---Composition(XAKS, XNetwork, XServices);
+	    XRD1---Composition(AKS, Network, Services);
 	    XRD2---Composition2(Composition);
 		end
 		subgraph Provider:upbound/provider-azure
@@ -65,7 +65,7 @@ style Postgres.MRs color:#000,fill:#81CABB,stroke:#000,stroke-width:2px
 ```
 
 Learn more about Composite Resources in the [Crossplane
-Docs](https://docs.crossplane.io/latest/concepts/compositions/).
+Docs](https://docs.crossplane.io/latest/composition/compositions/).
 
 ## Quickstart
 
@@ -89,7 +89,7 @@ up project build
 up test run tests/*
 
 # Render compositions with examples
-up composition render apis/xclusters/definition.yaml apis/xclusters/composition.yaml examples/cluster-claim.yaml
+up composition render apis/clusters/definition.yaml apis/clusters/composition.yaml examples/cluster-xr.yaml
 ```
 
 ## Using the Platform
@@ -98,19 +98,75 @@ Once installed, you can create platform resources using the provided examples:
 
 ```console
 # Create a cluster with networking, observability, and GitOps
-kubectl apply -f examples/cluster-claim.yaml
+kubectl apply -f examples/cluster-xr.yaml
 
-# Create a MySQL database (after cluster is ready)
-kubectl apply -f examples/mysql-claim.yaml
+# Create a MySQL database
+kubectl apply -f examples/mysql-xr.yaml
 
 # Deploy a sample application
-kubectl apply -f examples/app-claim.yaml
+kubectl apply -f examples/app-xr.yaml
 ```
 
 Monitor deployment status:
 
 ```console
-kubectl get claim,composite,managed
+kubectl get composite,managed
+```
+
+### Accessing Your Application
+
+Once your Ghost application is deployed, you can access it using one of these methods:
+
+#### Option 1: Via LoadBalancer (External IP)
+
+Get the AKS cluster kubeconfig and access Ghost:
+
+```bash
+# Get the kubeconfig from the AKS connection secret
+kubectl get secret <cluster-id>-akscluster -n default -o jsonpath='{.data.kubeconfig}' | base64 -d > /tmp/aks-kubeconfig
+
+# Use the AKS kubeconfig to check Ghost service
+export KUBECONFIG=/tmp/aks-kubeconfig
+kubectl get svc -n ghost -l app.kubernetes.io/name=ghost
+kubectl get pods -n ghost
+
+# Get the external IP
+EXTERNAL_IP=$(kubectl get svc -n ghost -l app.kubernetes.io/name=ghost -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}')
+echo "Ghost Frontend: http://$EXTERNAL_IP"
+echo "Ghost Admin: http://$EXTERNAL_IP/ghost"
+```
+
+Then access:
+- **Frontend**: `http://<EXTERNAL-IP>` (Your blog)
+- **Admin**: `http://<EXTERNAL-IP>/ghost` (Admin interface)
+
+You should see the Ghost admin login screen with "Upbound Rocks!" confirming your deployment:
+
+<p align="center">
+  <img src="docs/images/ghost-admin.png" width="500" alt="Ghost Admin Interface showing Upbound Rocks!">
+</p>
+
+#### Option 2: Via kubectl port-forward (No external IP needed)
+
+```bash
+# Get the kubeconfig
+kubectl get secret <cluster-id>-akscluster -n default -o jsonpath='{.data.kubeconfig}' | base64 -d > /tmp/aks-kubeconfig
+export KUBECONFIG=/tmp/aks-kubeconfig
+
+# Forward Ghost service to local port 8080
+kubectl port-forward -n ghost svc/$(kubectl get svc -n ghost -l app.kubernetes.io/name=ghost -o jsonpath='{.items[0].metadata.name}') 8080:80
+
+# Access in browser
+open http://localhost:8080          # Frontend
+open http://localhost:8080/ghost    # Admin interface
+```
+
+**Reset KUBECONFIG** when done:
+
+```bash
+unset KUBECONFIG
+# or
+export KUBECONFIG=~/.kube/config
 ```
 
 ## Development

apis/xclusters/composition.yaml apis/clusters/composition.yamlapis/xclusters/composition.yaml renamed to apis/clusters/composition.yaml

@@ -1,16 +1,16 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
-  name: xclusters.azure.platformref.upbound.io
+  name: clusters.azure.platformref.upbound.io
 spec:
   compositeTypeRef:
     apiVersion: azure.platformref.upbound.io/v1alpha1
-    kind: XCluster
+    kind: Cluster
   mode: Pipeline
   pipeline:
   - functionRef:
-      name: upbound-platform-ref-azurexcluster
-    step: xcluster
+      name: upbound-platform-ref-azurecluster
+    step: cluster
   - functionRef:
       name: crossplane-contrib-function-auto-ready
     step: crossplane-contrib-function-auto-ready

apis/xclusters/definition.yaml apis/clusters/definition.yamlapis/xclusters/definition.yaml renamed to apis/clusters/definition.yaml

@@ -1,22 +1,18 @@
-apiVersion: apiextensions.crossplane.io/v1
+apiVersion: apiextensions.crossplane.io/v2
 kind: CompositeResourceDefinition
 metadata:
-  name: xclusters.azure.platformref.upbound.io
+  name: clusters.azure.platformref.upbound.io
 spec:
+  scope: Namespaced
   # We require Foreground Deletion for cases where XRs are generated without a Claim, like in XServices.
   # In such situations, XService is deleted right away,
-  # taking the Usage and XAKS with it,
+  # taking the Usage and AKS with it,
   # which causes issues for Release.helm's deletion process.
   defaultCompositeDeletePolicy: Foreground
   group: azure.platformref.upbound.io
   names:
-    kind: XCluster
-    plural: xclusters
-  claimNames:
     kind: Cluster
     plural: clusters
-  connectionSecretKeys:
-    - kubeconfig
   versions:
     - name: v1alpha1
       served: true
@@ -38,13 +34,19 @@ spec:
                     region:
                       type: string
                       description: Region is the region you'd like your resource to be created in.
-                    deletionPolicy:
-                      description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete
-                      enum:
-                        - Delete
-                        - Orphan
-                      type: string
-                      default: Delete
+                    managementPolicies:
+                      description: "ManagementPolicies for resources. Defaults to [\"*\"] which includes all operations (Create, Observe, Update, Delete, LateInitialize). To orphan resources on deletion, use [\"Create\", \"Observe\", \"Update\", \"LateInitialize\"]."
+                      type: array
+                      items:
+                        type: string
+                        enum:
+                          - "*"
+                          - Create
+                          - Observe
+                          - Update
+                          - Delete
+                          - LateInitialize
+                      default: ["*"]
                     providerConfigName:
                       description: Crossplane ProviderConfig to use for provisioning this resources
                       type: string
@@ -53,10 +55,10 @@ spec:
                       type: string
                       description: Kubernetes version of the Cluster
                       enum:
-                        - "1.31"
-                        - "1.30"
-                        - "1.29"
-                      default: "1.31"
+                        - "1.34"
+                        - "1.33"
+                        - "1.32"
+                      default: "1.34"
                     nodes:
                       type: object
                       description: Cluster node configuration parameters.
@@ -161,7 +163,7 @@ spec:
                       required:
                         - git
                   required:
-                    - deletionPolicy
+                    - managementPolicies
                     - gitops
                     - id
                     - nodes

docs/images/ghost-admin.png

@@ -6,11 +6,14 @@ metadata:
   labels:
     platform.upbound.io/deletion-ordering: enabled
 spec:
-  compositeDeletePolicy: Foreground
   parameters:
+    helm:
+      chart:
+        name: ghost
+        repo: "oci://registry-1.docker.io/bitnamicharts"
+        version: 25.0.4
+      wait: false
     providerConfigName: platform-ref-azure-cluster
     passwordSecretRef:
       namespace: default
       name: platform-ref-azure-cluster-db-conn-mysql
-  writeConnectionSecretToRef:
-    name: platform-ref-azure-cluster-app-conn

examples/app-claim.yaml examples/app-xr.yamlexamples/app-claim.yaml renamed to examples/app-xr.yaml

@@ -1,11 +1,11 @@
-apiVersion: azure.upbound.io/v1beta1
+apiVersion: azure.m.upbound.io/v1beta1
 kind: ProviderConfig
 metadata:
   name: default
+  namespace: default
 spec:
   credentials:
     source: Secret
     secretRef:
-      namespace: upbound-system
       name: azure-creds
       key: credentials

examples/azure-default-provider.yaml

@@ -1,12 +1,13 @@
 apiVersion: azure.platformref.upbound.io/v1alpha1
-kind: XCluster
+kind: Cluster
 metadata:
   name: platform-ref-azure-cluster
+  namespace: default
 spec:
   parameters:
     id: platform-ref-azure-cluster
     region: westus
-    version: "1.31"
+    version: "1.34"
     nodes:
       count: 1
       instanceType: Standard_B2s
@@ -18,6 +19,3 @@ spec:
         interval: 5m0s
         timeout: 60s
         path: /
-  writeConnectionSecretToRef:
-    name: platform-ref-azure-cluster-kubeconfig
-    namespace: default

examples/cluster-claim.yaml

@@ -4,15 +4,15 @@ metadata:
   name: platform-ref-azure-cluster-db-mysql
   namespace: default
 spec:
-  compositionSelector:
-    matchLabels:
-      dbengine: mysql
+  crossplane:
+    compositionSelector:
+      matchLabels:
+        dbengine: mysql
   parameters:
     region: westus
     storageGB: 20 #Minimum value is 20 for MySQL
     version: "8.0"
     passwordSecretRef:
-      namespace: default
       name: mysqlsecret
       key: password
     networkRef:

examples/xr-cluster.yaml examples/cluster-xr.yamlexamples/xr-cluster.yaml renamed to examples/cluster-xr.yaml

@@ -1,7 +1,8 @@
-apiVersion: azure.platformref.upbound.io/v1alpha1
-kind: XNetwork
+apiVersion: azure.platform.upbound.io/v1alpha1
+kind: Network
 metadata:
   name: ref-azure-network
+  namespace: default
 spec:
   parameters:
     id: ref-azure-network-from-xr