fluxcd/flux2 (fluxcd/flux2)
### [`v2.1.2`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.2)
[Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.1.1...v2.1.2)
##### Highlights
Flux `v2.1.2` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.
##### Fixes
- Ensures faster recovery of `Kustomization` and `HelmRelease` resources when the source-controller has restarted and is working on restoring the storage.
- Prevent source-controller from failing to reconcile `OCIRepositories` when artifacts contain symlinks.
- Addresses issue with helm-controller miss-labeling Custom Resource Definitions.
- Detect immutable field errors in Google Cloud resources managed by Flux `Kustomizations`.
- Better error reporting for `flux bootstrap` when the owner doesn't match the identity associated with the given token.
- Allow `flux pull artifact` to fetch OCI artifacts produced by other tools.
##### Components changelog
- source-controller [v1.1.2](https://togithub.com/fluxcd/source-controller/blob/v1.1.2/CHANGELOG.md)
- kustomize-controller [v1.1.1](https://togithub.com/fluxcd/kustomize-controller/blob/v1.1.1/CHANGELOG.md)
- helm-controller [v0.36.2](https://togithub.com/fluxcd/helm-controller/blob/v0.36.2/CHANGELOG.md)
##### CLI Changelog
- PR [#4324](https://togithub.com/fluxcd/flux2/issues/4324) - [@somtochiama](https://togithub.com/somtochiama) - bootstrap: Fix error msg when the Git token doesn't match the repo owner
- PR [#4323](https://togithub.com/fluxcd/flux2/issues/4323) - [@stefanprodan](https://togithub.com/stefanprodan) - e2e: Update Go dependencies
- PR [#4313](https://togithub.com/fluxcd/flux2/issues/4313) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components
- PR [#4296](https://togithub.com/fluxcd/flux2/issues/4296) - [@Skarlso](https://togithub.com/Skarlso) - fix: only wait for changeset if the result is not empty
- PR [#4285](https://togithub.com/fluxcd/flux2/issues/4285) - [@matheuscscp](https://togithub.com/matheuscscp) - Add badge for SLSA Level 3
- PR [#4284](https://togithub.com/fluxcd/flux2/issues/4284) - [@errordeveloper](https://togithub.com/errordeveloper) - Make `flux pull` work for OCI artifacts produced by other tools
### [`v2.1.1`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.1)
[Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.1.0...v2.1.1)
#### Highlights
Flux `v2.1.1` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.
##### Fixes
- Use auto lookup strategy for Buckets to widen support for S3-compatible object storage services (`source-controller`).
- Fix Secret type check for HelmRepositories TLS certs referred in `.spec.secretRef` (`source-controller`).
- Fix the branch name reporting when the push branch is the same as the checkout branch (`image-automation-controller`).
- Restore Helm logs inclusion in failure events (`helm-controller`).
- Fix the impersonation of the default service account when diffing HelmReleases (`helm-controller`).
- Check source for `nil` artifact before loading Helm charts (`helm-controller`).
- Update the description of Kubernetes specific flag to distinguish them from Flux bootstrap flags (`flux` CLI).
#### Components changelog
- source-controller [v1.1.1](https://togithub.com/fluxcd/source-controller/blob/v1.1.1/CHANGELOG.md)
- helm-controller [v0.36.1](https://togithub.com/fluxcd/helm-controller/blob/v0.36.1/CHANGELOG.md)
- image-automation-controller [v0.36.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.36.1/CHANGELOG.md)
#### CLI Changelog
- PR [#4255](https://togithub.com/fluxcd/flux2/issues/4255) - [@hiddeco](https://togithub.com/hiddeco) - tests/azure: update controller dependencies
- PR [#4251](https://togithub.com/fluxcd/flux2/issues/4251) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components
- PR [#4246](https://togithub.com/fluxcd/flux2/issues/4246) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates
- PR [#4238](https://togithub.com/fluxcd/flux2/issues/4238) - [@makkes](https://togithub.com/makkes) - Upgrade github.com/fluxcd/pkg/{git,git/gogit}
- PR [#4233](https://togithub.com/fluxcd/flux2/issues/4233) - [@sonbui00](https://togithub.com/sonbui00) - chore: remove support armv6h for aur package
- PR [#4228](https://togithub.com/fluxcd/flux2/issues/4228) - [@sonbui00](https://togithub.com/sonbui00) - Improve AUR package templates
- PR [#4227](https://togithub.com/fluxcd/flux2/issues/4227) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 3 updates
- PR [#4226](https://togithub.com/fluxcd/flux2/issues/4226) - [@somtochiama](https://togithub.com/somtochiama) - Update description of kubeconfig specific flag
- PR [#4222](https://togithub.com/fluxcd/flux2/issues/4222) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration
- PR [#4221](https://togithub.com/fluxcd/flux2/issues/4221) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/azure
- PR [#4215](https://togithub.com/fluxcd/flux2/issues/4215) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates
- PR [#4213](https://togithub.com/fluxcd/flux2/issues/4213) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /tests/integration
- PR [#4212](https://togithub.com/fluxcd/flux2/issues/4212) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /tests/integration
- PR [#4198](https://togithub.com/fluxcd/flux2/issues/4198) - [@makkes](https://togithub.com/makkes) - Add 2.1.x backport label
- PR [#4197](https://togithub.com/fluxcd/flux2/issues/4197) - [@stefanprodan](https://togithub.com/stefanprodan) - Fix links to fluxcd.io
- PR [#4195](https://togithub.com/fluxcd/flux2/issues/4195) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates
### [`v2.1.0`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.0)
[Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.0.1...v2.1.0)
##### Highlights
Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience.
The [Flux APIs](#api-changes) were extended with new opt-in features in a backwards-compatible manner.
The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies.
The Flux alerting capabilities have been extended with [Datadog](https://fluxcd.io/flux/components/notification/provider/#pagerduity) support.
The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes.
:heart: Big thanks to all the Flux contributors that helped us with this release!
##### Deprecations
Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of `caFile`, `keyFile` and `certFile` keys.
For more details about the TLS changes please see the [Kubernetes TLS Secrets section](#kubernetes-tls-secrets).
Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the `kube-state-metrics` CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The `gotk_reconcile_condition` metrics was deprecated in favor of the `gotk_resource_info`.
For more details about the new monitoring stack please see the [Flux Prometheus metrics documentation](https://fluxcd.io/flux/monitoring/metrics) and the [flux2-monitoring-example repository](https://togithub.com/fluxcd/flux2-monitoring-example).
##### API changes
##### GitRepository v1
The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) API was extended with the following fields:
- `.spec.proxySecretRef.name` is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings.
- `.spec.verify.mode` now support one of the following values `HEAD`, `Tag`, `TagAndHEAD`.
##### Kustomization v1
The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) API was extended with two apply policies `IfNotPresent` and `Ignore`.
Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations:
| Annotation | Default | Values | Role |
|-------------------------------------|------------|----------------------------------------------------------------|-----------------|
| `kustomize.toolkit.fluxcd.io/ssa` | `Override` | - `Override` - `Merge` - `IfNotPresent` - `Ignore` | Apply policy |
| `kustomize.toolkit.fluxcd.io/force` | `Disabled` | - `Enabled` - `Disabled` | Recreate policy |
| `kustomize.toolkit.fluxcd.io/prune` | `Enabled` | - `Enabled` - `Disabled` | Delete policy |
The `IfNotPresent` policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.
This policy can be used for Kubernetes `Secrets` and `ValidatingWebhookConfigurations` managed by cert-manager,
where Flux creates the resources with fields that are later on mutated by other controllers.
##### ImageUpdateAutomation v1beta1
The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) was extended with the following fields:
- `.spec.git.push.refspec` is an optional field used to specify a Git refspec used when pushing commits upstream.
- `.spec.git.push.options` is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream.
##### Kubernetes TLS Secrets
All the Flux APIs that accept TLS data have been modified to adopt Secrets of type
`kubernetes.io/tls`. This includes:
- **HelmRepository**: The field `.spec.secretRef` has been deprecated in favor of a new field [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference).
- **OCIRepository**: Support for the `caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/ocirepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`.
- **ImageRepository**: Support for the`caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/imagerepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`.
- **GitRepository**: CA certificate can now be provided in the Secret specified in `.spec.secretRef` using the `ca.crt` key, which takes precedence over the `caFile` key.
##### Upgrade procedure
Upgrade Flux from `v2.0.x` to `v2.1.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://togithub.com/fluxcd/flux2/tree/main/action).
To upgrade Flux from `v0.x` to `v2.1.0` please follow the [Flux GA upgrade procedure](https://togithub.com/fluxcd/flux2/releases/tag/v2.0.0#upgrade).
##### Kubernetes compatibility
This release is compatible with the following Kubernetes versions:
| Kubernetes version | Minimum required |
|--------------------|------------------|
| `v1.25` | `>= 1.25.0` |
| `v1.26` | `>= 1.26.0` |
| `v1.27` | `>= 1.27.1` |
| `v1.28` | `>= 1.28.0` |
Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.
##### New Documentation
- [Flux installation](https://fluxcd.io/flux/installation/)
- [Flux bootstrap](https://fluxcd.io/flux/installation/bootstrap/)
- [Flux configuration](https://fluxcd.io/flux/installation/configuration/)
- [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/)
- [Flux custom Prometheus metrics](https://fluxcd.io/flux/monitoring/custom-metrics/)
- [Flux logs](https://fluxcd.io/flux/monitoring/logs/)
- [Flux events](https://fluxcd.io/flux/monitoring/events/)
##### Components changelog
- source-controller [v1.1.0](https://togithub.com/fluxcd/source-controller/blob/v1.1.0/CHANGELOG.md)
- kustomize-controller [v1.1.0](https://togithub.com/fluxcd/kustomize-controller/blob/v1.1.0/CHANGELOG.md)
- notification-controller [v1.1.0](https://togithub.com/fluxcd/notification-controller/blob/v1.1.0/CHANGELOG.md)
- helm-controller [v0.36.0](https://togithub.com/fluxcd/helm-controller/blob/v0.36.0/CHANGELOG.md)
- image-reflector-controller [v0.30.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.30.0/CHANGELOG.md)
- image-automation-controller [v0.36.0](https://togithub.com/fluxcd/image-automation-controller/blob/v0.36.0/CHANGELOG.md)
##### CLI Changelog
- PR [#4189](https://togithub.com/fluxcd/flux2/issues/4189) - [@hiddeco](https://togithub.com/hiddeco) - Update dependencies
- PR [#4186](https://togithub.com/fluxcd/flux2/issues/4186) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components
- PR [#4183](https://togithub.com/fluxcd/flux2/issues/4183) - [@somtochiama](https://togithub.com/somtochiama) - Fix autocompletion for helm chart
- PR [#4182](https://togithub.com/fluxcd/flux2/issues/4182) - [@hiddeco](https://togithub.com/hiddeco) - manifestgen/install: use clean default HTTP client
- PR [#4181](https://togithub.com/fluxcd/flux2/issues/4181) - [@hiddeco](https://togithub.com/hiddeco) - cmd/events: handle error value
- PR [#4180](https://togithub.com/fluxcd/flux2/issues/4180) - [@stefanprodan](https://togithub.com/stefanprodan) - Fix controller version info
- PR [#4177](https://togithub.com/fluxcd/flux2/issues/4177) - [@stefanprodan](https://togithub.com/stefanprodan) - Set min value for the `--ssh-rsa-bits` flag
- PR [#4176](https://togithub.com/fluxcd/flux2/issues/4176) - [@hiddeco](https://togithub.com/hiddeco) - ci: disable fail-fast for ARM end-to-end
- PR [#4175](https://togithub.com/fluxcd/flux2/issues/4175) - [@hiddeco](https://togithub.com/hiddeco) - build: update securejoin dependency
- PR [#4169](https://togithub.com/fluxcd/flux2/issues/4169) - [@darkowlzz](https://togithub.com/darkowlzz) - Add monitoring configuration deprecation notice
- PR [#4167](https://togithub.com/fluxcd/flux2/issues/4167) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates
- PR [#4166](https://togithub.com/fluxcd/flux2/issues/4166) - [@stefanprodan](https://togithub.com/stefanprodan) - e2e: Add Kubernetes v1.28.0 to conformance tests
- PR [#4151](https://togithub.com/fluxcd/flux2/issues/4151) - [@hiddeco](https://togithub.com/hiddeco) - ci: enable security-and-quality CodeQL query
- PR [#4147](https://togithub.com/fluxcd/flux2/issues/4147) - [@aryan9600](https://togithub.com/aryan9600) - Adopt Kubernetes style TLS Secrets and add relevant flags
- PR [#4142](https://togithub.com/fluxcd/flux2/issues/4142) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates
- PR [#4140](https://togithub.com/fluxcd/flux2/issues/4140) - [@somtochiama](https://togithub.com/somtochiama) - Disable azure e2e test
- PR [#4134](https://togithub.com/fluxcd/flux2/issues/4134) - [@sestegra](https://togithub.com/sestegra) - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard
- PR [#4131](https://togithub.com/fluxcd/flux2/issues/4131) - [@mraerino](https://togithub.com/mraerino) - Fix selection of kustomization resource from multi doc yaml
- PR [#4126](https://togithub.com/fluxcd/flux2/issues/4126) - [@stefanprodan](https://togithub.com/stefanprodan) - Set Kubernetes min version to 1.25
- PR [#4077](https://togithub.com/fluxcd/flux2/issues/4077) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates
- PR [#4068](https://togithub.com/fluxcd/flux2/issues/4068) - [@stefanprodan](https://togithub.com/stefanprodan) - Update dependencies
- PR [#4065](https://togithub.com/fluxcd/flux2/issues/4065) - [@hiddeco](https://togithub.com/hiddeco) - action: support `openssl` and `sha256sum`
- PR [#4062](https://togithub.com/fluxcd/flux2/issues/4062) - [@souleb](https://togithub.com/souleb) - diff: Take into account the server-side inventory for local Flux Kustomizations
- PR [#4061](https://togithub.com/fluxcd/flux2/issues/4061) - [@hiddeco](https://togithub.com/hiddeco) - action: re-allow configuration of non-default token
- PR [#4057](https://togithub.com/fluxcd/flux2/issues/4057) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components
- PR [#4052](https://togithub.com/fluxcd/flux2/issues/4052) - [@stefanprodan](https://togithub.com/stefanprodan) - docs: Link to the Flux GitHub Action documentation
- PR [#4051](https://togithub.com/fluxcd/flux2/issues/4051) - [@hiddeco](https://togithub.com/hiddeco) - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum
- PR [#4046](https://togithub.com/fluxcd/flux2/issues/4046) - [@stefanprodan](https://togithub.com/stefanprodan) - ci: backport: set write permissions
- PR [#4043](https://togithub.com/fluxcd/flux2/issues/4043) - [@stefanprodan](https://togithub.com/stefanprodan) - ci: release: extract the image tag from GITHUB_REF
- PR [#4041](https://togithub.com/fluxcd/flux2/issues/4041) - [@hiddeco](https://togithub.com/hiddeco) - ci: release: disable interpretation backslash esc
Configuration
📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.0.1->v2.1.2v2.0.1->v2.1.2Release Notes
fluxcd/flux2 (fluxcd/flux2)
### [`v2.1.2`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.1.1...v2.1.2) ##### Highlights Flux `v2.1.2` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. ##### Fixes - Ensures faster recovery of `Kustomization` and `HelmRelease` resources when the source-controller has restarted and is working on restoring the storage. - Prevent source-controller from failing to reconcile `OCIRepositories` when artifacts contain symlinks. - Addresses issue with helm-controller miss-labeling Custom Resource Definitions. - Detect immutable field errors in Google Cloud resources managed by Flux `Kustomizations`. - Better error reporting for `flux bootstrap` when the owner doesn't match the identity associated with the given token. - Allow `flux pull artifact` to fetch OCI artifacts produced by other tools. ##### Components changelog - source-controller [v1.1.2](https://togithub.com/fluxcd/source-controller/blob/v1.1.2/CHANGELOG.md) - kustomize-controller [v1.1.1](https://togithub.com/fluxcd/kustomize-controller/blob/v1.1.1/CHANGELOG.md) - helm-controller [v0.36.2](https://togithub.com/fluxcd/helm-controller/blob/v0.36.2/CHANGELOG.md) ##### CLI Changelog - PR [#4324](https://togithub.com/fluxcd/flux2/issues/4324) - [@somtochiama](https://togithub.com/somtochiama) - bootstrap: Fix error msg when the Git token doesn't match the repo owner - PR [#4323](https://togithub.com/fluxcd/flux2/issues/4323) - [@stefanprodan](https://togithub.com/stefanprodan) - e2e: Update Go dependencies - PR [#4313](https://togithub.com/fluxcd/flux2/issues/4313) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#4296](https://togithub.com/fluxcd/flux2/issues/4296) - [@Skarlso](https://togithub.com/Skarlso) - fix: only wait for changeset if the result is not empty - PR [#4285](https://togithub.com/fluxcd/flux2/issues/4285) - [@matheuscscp](https://togithub.com/matheuscscp) - Add badge for SLSA Level 3 - PR [#4284](https://togithub.com/fluxcd/flux2/issues/4284) - [@errordeveloper](https://togithub.com/errordeveloper) - Make `flux pull` work for OCI artifacts produced by other tools ### [`v2.1.1`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.1.0...v2.1.1) #### Highlights Flux `v2.1.1` is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. ##### Fixes - Use auto lookup strategy for Buckets to widen support for S3-compatible object storage services (`source-controller`). - Fix Secret type check for HelmRepositories TLS certs referred in `.spec.secretRef` (`source-controller`). - Fix the branch name reporting when the push branch is the same as the checkout branch (`image-automation-controller`). - Restore Helm logs inclusion in failure events (`helm-controller`). - Fix the impersonation of the default service account when diffing HelmReleases (`helm-controller`). - Check source for `nil` artifact before loading Helm charts (`helm-controller`). - Update the description of Kubernetes specific flag to distinguish them from Flux bootstrap flags (`flux` CLI). #### Components changelog - source-controller [v1.1.1](https://togithub.com/fluxcd/source-controller/blob/v1.1.1/CHANGELOG.md) - helm-controller [v0.36.1](https://togithub.com/fluxcd/helm-controller/blob/v0.36.1/CHANGELOG.md) - image-automation-controller [v0.36.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.36.1/CHANGELOG.md) #### CLI Changelog - PR [#4255](https://togithub.com/fluxcd/flux2/issues/4255) - [@hiddeco](https://togithub.com/hiddeco) - tests/azure: update controller dependencies - PR [#4251](https://togithub.com/fluxcd/flux2/issues/4251) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#4246](https://togithub.com/fluxcd/flux2/issues/4246) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates - PR [#4238](https://togithub.com/fluxcd/flux2/issues/4238) - [@makkes](https://togithub.com/makkes) - Upgrade github.com/fluxcd/pkg/{git,git/gogit} - PR [#4233](https://togithub.com/fluxcd/flux2/issues/4233) - [@sonbui00](https://togithub.com/sonbui00) - chore: remove support armv6h for aur package - PR [#4228](https://togithub.com/fluxcd/flux2/issues/4228) - [@sonbui00](https://togithub.com/sonbui00) - Improve AUR package templates - PR [#4227](https://togithub.com/fluxcd/flux2/issues/4227) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 3 updates - PR [#4226](https://togithub.com/fluxcd/flux2/issues/4226) - [@somtochiama](https://togithub.com/somtochiama) - Update description of kubeconfig specific flag - PR [#4222](https://togithub.com/fluxcd/flux2/issues/4222) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration - PR [#4221](https://togithub.com/fluxcd/flux2/issues/4221) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/azure - PR [#4215](https://togithub.com/fluxcd/flux2/issues/4215) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 4 updates - PR [#4213](https://togithub.com/fluxcd/flux2/issues/4213) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /tests/integration - PR [#4212](https://togithub.com/fluxcd/flux2/issues/4212) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /tests/integration - PR [#4198](https://togithub.com/fluxcd/flux2/issues/4198) - [@makkes](https://togithub.com/makkes) - Add 2.1.x backport label - PR [#4197](https://togithub.com/fluxcd/flux2/issues/4197) - [@stefanprodan](https://togithub.com/stefanprodan) - Fix links to fluxcd.io - PR [#4195](https://togithub.com/fluxcd/flux2/issues/4195) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates ### [`v2.1.0`](https://togithub.com/fluxcd/flux2/releases/tag/v2.1.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v2.0.1...v2.1.0) ##### Highlights Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience. The [Flux APIs](#api-changes) were extended with new opt-in features in a backwards-compatible manner. The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies. The Flux alerting capabilities have been extended with [Datadog](https://fluxcd.io/flux/components/notification/provider/#pagerduity) support. The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes. :heart: Big thanks to all the Flux contributors that helped us with this release! ##### Deprecations Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of `caFile`, `keyFile` and `certFile` keys. For more details about the TLS changes please see the [Kubernetes TLS Secrets section](#kubernetes-tls-secrets). Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the `kube-state-metrics` CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The `gotk_reconcile_condition` metrics was deprecated in favor of the `gotk_resource_info`. For more details about the new monitoring stack please see the [Flux Prometheus metrics documentation](https://fluxcd.io/flux/monitoring/metrics) and the [flux2-monitoring-example repository](https://togithub.com/fluxcd/flux2-monitoring-example). ##### API changes ##### GitRepository v1 The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) API was extended with the following fields: - `.spec.proxySecretRef.name` is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings. - `.spec.verify.mode` now support one of the following values `HEAD`, `Tag`, `TagAndHEAD`. ##### Kustomization v1 The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) API was extended with two apply policies `IfNotPresent` and `Ignore`. Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations: | Annotation | Default | Values | Role | |-------------------------------------|------------|----------------------------------------------------------------|-----------------| | `kustomize.toolkit.fluxcd.io/ssa` | `Override` | - `Override`- `Merge`
- `IfNotPresent`
- `Ignore` | Apply policy | | `kustomize.toolkit.fluxcd.io/force` | `Disabled` | - `Enabled`
- `Disabled` | Recreate policy | | `kustomize.toolkit.fluxcd.io/prune` | `Enabled` | - `Enabled`
- `Disabled` | Delete policy | The `IfNotPresent` policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster. This policy can be used for Kubernetes `Secrets` and `ValidatingWebhookConfigurations` managed by cert-manager, where Flux creates the resources with fields that are later on mutated by other controllers. ##### ImageUpdateAutomation v1beta1 The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) was extended with the following fields: - `.spec.git.push.refspec` is an optional field used to specify a Git refspec used when pushing commits upstream. - `.spec.git.push.options` is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream. ##### Kubernetes TLS Secrets All the Flux APIs that accept TLS data have been modified to adopt Secrets of type `kubernetes.io/tls`. This includes: - **HelmRepository**: The field `.spec.secretRef` has been deprecated in favor of a new field [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference). - **OCIRepository**: Support for the `caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/ocirepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **ImageRepository**: Support for the`caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/imagerepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **GitRepository**: CA certificate can now be provided in the Secret specified in `.spec.secretRef` using the `ca.crt` key, which takes precedence over the `caFile` key. ##### Upgrade procedure Upgrade Flux from `v2.0.x` to `v2.1.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://togithub.com/fluxcd/flux2/tree/main/action). To upgrade Flux from `v0.x` to `v2.1.0` please follow the [Flux GA upgrade procedure](https://togithub.com/fluxcd/flux2/releases/tag/v2.0.0#upgrade). ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | |--------------------|------------------| | `v1.25` | `>= 1.25.0` | | `v1.26` | `>= 1.26.0` | | `v1.27` | `>= 1.27.1` | | `v1.28` | `>= 1.28.0` | Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions. ##### New Documentation - [Flux installation](https://fluxcd.io/flux/installation/) - [Flux bootstrap](https://fluxcd.io/flux/installation/bootstrap/) - [Flux configuration](https://fluxcd.io/flux/installation/configuration/) - [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/) - [Flux custom Prometheus metrics](https://fluxcd.io/flux/monitoring/custom-metrics/) - [Flux logs](https://fluxcd.io/flux/monitoring/logs/) - [Flux events](https://fluxcd.io/flux/monitoring/events/) ##### Components changelog - source-controller [v1.1.0](https://togithub.com/fluxcd/source-controller/blob/v1.1.0/CHANGELOG.md) - kustomize-controller [v1.1.0](https://togithub.com/fluxcd/kustomize-controller/blob/v1.1.0/CHANGELOG.md) - notification-controller [v1.1.0](https://togithub.com/fluxcd/notification-controller/blob/v1.1.0/CHANGELOG.md) - helm-controller [v0.36.0](https://togithub.com/fluxcd/helm-controller/blob/v0.36.0/CHANGELOG.md) - image-reflector-controller [v0.30.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.30.0/CHANGELOG.md) - image-automation-controller [v0.36.0](https://togithub.com/fluxcd/image-automation-controller/blob/v0.36.0/CHANGELOG.md) ##### CLI Changelog - PR [#4189](https://togithub.com/fluxcd/flux2/issues/4189) - [@hiddeco](https://togithub.com/hiddeco) - Update dependencies - PR [#4186](https://togithub.com/fluxcd/flux2/issues/4186) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#4183](https://togithub.com/fluxcd/flux2/issues/4183) - [@somtochiama](https://togithub.com/somtochiama) - Fix autocompletion for helm chart - PR [#4182](https://togithub.com/fluxcd/flux2/issues/4182) - [@hiddeco](https://togithub.com/hiddeco) - manifestgen/install: use clean default HTTP client - PR [#4181](https://togithub.com/fluxcd/flux2/issues/4181) - [@hiddeco](https://togithub.com/hiddeco) - cmd/events: handle error value - PR [#4180](https://togithub.com/fluxcd/flux2/issues/4180) - [@stefanprodan](https://togithub.com/stefanprodan) - Fix controller version info - PR [#4177](https://togithub.com/fluxcd/flux2/issues/4177) - [@stefanprodan](https://togithub.com/stefanprodan) - Set min value for the `--ssh-rsa-bits` flag - PR [#4176](https://togithub.com/fluxcd/flux2/issues/4176) - [@hiddeco](https://togithub.com/hiddeco) - ci: disable fail-fast for ARM end-to-end - PR [#4175](https://togithub.com/fluxcd/flux2/issues/4175) - [@hiddeco](https://togithub.com/hiddeco) - build: update securejoin dependency - PR [#4169](https://togithub.com/fluxcd/flux2/issues/4169) - [@darkowlzz](https://togithub.com/darkowlzz) - Add monitoring configuration deprecation notice - PR [#4167](https://togithub.com/fluxcd/flux2/issues/4167) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#4166](https://togithub.com/fluxcd/flux2/issues/4166) - [@stefanprodan](https://togithub.com/stefanprodan) - e2e: Add Kubernetes v1.28.0 to conformance tests - PR [#4151](https://togithub.com/fluxcd/flux2/issues/4151) - [@hiddeco](https://togithub.com/hiddeco) - ci: enable security-and-quality CodeQL query - PR [#4147](https://togithub.com/fluxcd/flux2/issues/4147) - [@aryan9600](https://togithub.com/aryan9600) - Adopt Kubernetes style TLS Secrets and add relevant flags - PR [#4142](https://togithub.com/fluxcd/flux2/issues/4142) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#4140](https://togithub.com/fluxcd/flux2/issues/4140) - [@somtochiama](https://togithub.com/somtochiama) - Disable azure e2e test - PR [#4134](https://togithub.com/fluxcd/flux2/issues/4134) - [@sestegra](https://togithub.com/sestegra) - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard - PR [#4131](https://togithub.com/fluxcd/flux2/issues/4131) - [@mraerino](https://togithub.com/mraerino) - Fix selection of kustomization resource from multi doc yaml - PR [#4126](https://togithub.com/fluxcd/flux2/issues/4126) - [@stefanprodan](https://togithub.com/stefanprodan) - Set Kubernetes min version to 1.25 - PR [#4077](https://togithub.com/fluxcd/flux2/issues/4077) - [@dependabot](https://togithub.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#4068](https://togithub.com/fluxcd/flux2/issues/4068) - [@stefanprodan](https://togithub.com/stefanprodan) - Update dependencies - PR [#4065](https://togithub.com/fluxcd/flux2/issues/4065) - [@hiddeco](https://togithub.com/hiddeco) - action: support `openssl` and `sha256sum` - PR [#4062](https://togithub.com/fluxcd/flux2/issues/4062) - [@souleb](https://togithub.com/souleb) - diff: Take into account the server-side inventory for local Flux Kustomizations - PR [#4061](https://togithub.com/fluxcd/flux2/issues/4061) - [@hiddeco](https://togithub.com/hiddeco) - action: re-allow configuration of non-default token - PR [#4057](https://togithub.com/fluxcd/flux2/issues/4057) - [@fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#4052](https://togithub.com/fluxcd/flux2/issues/4052) - [@stefanprodan](https://togithub.com/stefanprodan) - docs: Link to the Flux GitHub Action documentation - PR [#4051](https://togithub.com/fluxcd/flux2/issues/4051) - [@hiddeco](https://togithub.com/hiddeco) - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum - PR [#4046](https://togithub.com/fluxcd/flux2/issues/4046) - [@stefanprodan](https://togithub.com/stefanprodan) - ci: backport: set write permissions - PR [#4043](https://togithub.com/fluxcd/flux2/issues/4043) - [@stefanprodan](https://togithub.com/stefanprodan) - ci: release: extract the image tag from GITHUB_REF - PR [#4041](https://togithub.com/fluxcd/flux2/issues/4041) - [@hiddeco](https://togithub.com/hiddeco) - ci: release: disable interpretation backslash esc
Configuration
📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.