Skip to main content

Process automation

You're automating a long-running process inside your organization. To ship, an application has to pass a security review: several departments each run their own check, each exposes an API endpoint that flips when its check passes, and the application can't move to the next stage until the previous one is green. You want Crossplane to drive the whole thing — poll the endpoints, advance through stages, surface progress, and report done.

What you're building

An XR — call it XSecurityReview (X prefix per the naming convention) — that represents one application going through the review process. Underneath, a set of provider-http DisposableRequests poll each department's endpoint until it returns the expected condition. The Composition advances the review stage by stage and emits a single Ready=True when every check has passed.

Suggested steps

  1. Define the XSecurityReview XRD. One spec input (application ID), one status field per check, one overall phase. The pattern from Define an Application translates directly — same XRD shape, different composed kinds.
  2. Install provider-http. Each department's check becomes a DisposableRequest MR: GET the endpoint, parse the response, succeed when the condition matches.
  3. Compose the DisposableRequests behind the XSecurityReview XR. Each request reads its target URL from the XR's spec; each request's outcome lands on a dedicated status field.
  4. Surface multi-step status with function-status-transformer. Map each composed-request condition to a meaningful condition on the XR (SecurityCheckPassed, LegalCheckPassed, etc.) so kubectl describe xsecurityreview reads like a checklist.
  5. Derive overall readiness with function-auto-ready. The XR is Ready=True only once every composed DisposableRequest is ready.
  6. Drive sequencing with Crossplane Operations. A WatchOperation on the XSecurityReview advances the stage when the previous check goes green; a CronOperation re-polls stuck checks on a cadence.

Stretch goals

  • Gate a downstream action on the review passing. Compose a provider-github Repository release that only reconciles once the XSecurityReview is Ready.
  • Validate the Composition pipeline locally with the Crossplane CLI render before each change — much faster than a round-trip through the cluster.
  • Persist a full audit trail by emitting per-stage Events from the Composition; kubectl events then reads as a timeline.

References