search

MxNxPx / flux2-gitops-repo

0 stars 1 forks source link

Update dependency fluxcd/flux2 to v0.33.0 [ci-skip] #3

Closed MxNxPx closed 2 years ago

MxNxPx commented 2 years ago

This PR contains the following updates:

Package Update Change
fluxcd/flux2 minor v0.23.0 -> v0.33.0

Release Notes

fluxcd/flux2 ### [`v0.33.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.33.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.32.0...v0.33.0) #### Highlights Flux v0.33.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience. ##### Features and improvements - [HelmRepository.spec.provider](https://fluxcd.io/docs/components/source/helmrepositories/#provider) Enable contextual login to container registries when pulling Helm charts from Amazon Elastic Container Registry, Azure Container Registry and Google Artifact Registry. - [OCIRepository.spec.layerSelector](https://fluxcd.io/docs/components/source/ocirepositories/#layer-selector) Select which layer contains the Kubernetes configs by specifying a matching OCI media type. - [Bucket.spec.secretRef](https://fluxcd.io/docs/components/source/buckets/#azure-blob-sas-token-example) Authenticate to Azure Blob storage using SAS tokens. - Allow filtering OCI artifacts by semver and regex when listing artifact with `flux list artifacts`. - Allow excluding local files and directories when building and publishing artifacts with `flux push artifact`. - Mitigate denial-of-service on multi-tenant clusters by automatically recovering from panics encountered during reconciliation. - Update controllers to Kubernetes v1.25.0, Kustomize v4.5.7 and Helm v3.9.4. ##### New documentation - [Secrets Management](https://fluxcd.io/docs/security/secrets-management/) - [Contextual Authorization](https://fluxcd.io/docs/security/contextual-authorization/) #### Components changelog - source-controller [v0.27.0](https://togithub.com/fluxcd/source-controller/blob/v0.27.0/CHANGELOG.md) [v0.28.0](https://togithub.com/fluxcd/source-controller/blob/v0.28.0/CHANGELOG.md) - kustomize-controller [v0.27.1](https://togithub.com/fluxcd/kustomize-controller/blob/v0.27.1/CHANGELOG.md) - helm-controller [v0.23.1](https://togithub.com/fluxcd/helm-controller/blob/v0.23.1/CHANGELOG.md) - notification-controller [v0.25.2](https://togithub.com/fluxcd/notification-controller/blob/v0.25.2/CHANGELOG.md) - image-reflector-controller [v0.20.1](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.20.1/CHANGELOG.md) - image-automation-controller [v0.24.2](https://togithub.com/fluxcd/image-automation-controller/blob/v0.24.2/CHANGELOG.md) #### CLI Changelog - PR [#​3049](https://togithub.com/fluxcd/flux2/issues/3049) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update Kubernetes dependencies to v1.25.0 - PR [#​3034](https://togithub.com/fluxcd/flux2/issues/3034) - [@​snebel29](https://togithub.com/snebel29) - Fix broken "edit this page" links in Flux CLI section - PR [#​3028](https://togithub.com/fluxcd/flux2/issues/3028) - [@​snebel29](https://togithub.com/snebel29) - Update tests/azure github.com/hashicorp/terraform-exec to v0.16.1 - PR [#​3025](https://togithub.com/fluxcd/flux2/issues/3025) - [@​stefanprodan](https://togithub.com/stefanprodan) - \[RFC-0002] Add auth specification for Helm OCI - PR [#​3024](https://togithub.com/fluxcd/flux2/issues/3024) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add version validation to install commands - PR [#​3019](https://togithub.com/fluxcd/flux2/issues/3019) - [@​somtochiama](https://togithub.com/somtochiama) - Improve error message in get cmd - PR [#​3014](https://togithub.com/fluxcd/flux2/issues/3014) - [@​stefanprodan](https://togithub.com/stefanprodan) - \[RFC-0003] Select layer by OCI media type - PR [#​2999](https://togithub.com/fluxcd/flux2/issues/2999) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2998](https://togithub.com/fluxcd/flux2/issues/2998) - [@​somtochiama](https://togithub.com/somtochiama) - Add `--filter-semver` and `--filter-regex` flags to `list artifacts` - PR [#​2997](https://togithub.com/fluxcd/flux2/issues/2997) - [@​stefanprodan](https://togithub.com/stefanprodan) - Use ghcr.io in the static manifests - PR [#​2996](https://togithub.com/fluxcd/flux2/issues/2996) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update dependencies - PR [#​2995](https://togithub.com/fluxcd/flux2/issues/2995) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add `--ignore-paths` arg to `flux build|push artifact` - PR [#​2979](https://togithub.com/fluxcd/flux2/issues/2979) - [@​stefanprodan](https://togithub.com/stefanprodan) - Status update for RFC-0002 and RFC-0003 ### [`v0.32.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.32.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.5...v0.32.0) #### Highlights Flux v0.32.0 comes with support for distributing Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts. For more information please see the [Flux OCI documentation](https://fluxcd.io/docs/cheatsheets/oci-artifacts/). ##### New features - New Flux CLI commands `flux push|pull|tag artifact` for publishing OCI Artifacts to container registries. - New source type [OCIRepository](https://fluxcd.io/docs/components/source/ocirepositories/) for fetching OCI artifacts from container registries. - Resolve Helm dependencies from OCI for charts defined in Git. #### Components changelog - source-controller [v0.26.0](https://togithub.com/fluxcd/source-controller/blob/v0.26.0/CHANGELOG.md) [v0.26.1](https://togithub.com/fluxcd/source-controller/blob/v0.26.1/CHANGELOG.md) - kustomize-controller [v0.27.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.27.0/CHANGELOG.md) - notification-controller [v0.25.0](https://togithub.com/fluxcd/notification-controller/blob/v0.25.0/CHANGELOG.md) [v0.25.1](https://togithub.com/fluxcd/notification-controller/blob/v0.25.1/CHANGELOG.md) - image-reflector-controller [v0.20.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.20.0/CHANGELOG.md) - image-automation-controller [v0.24.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.24.1/CHANGELOG.md) #### CLI Changelog - PR [#​2966](https://togithub.com/fluxcd/flux2/issues/2966) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2964](https://togithub.com/fluxcd/flux2/issues/2964) - [@​pjbgf](https://togithub.com/pjbgf) - Add validation to namespace flag - PR [#​2955](https://togithub.com/fluxcd/flux2/issues/2955) - [@​somtochiama](https://togithub.com/somtochiama) - fix log filter and add tests for `flux logs` - PR [#​2951](https://togithub.com/fluxcd/flux2/issues/2951) - [@​stefanprodan](https://togithub.com/stefanprodan) - \[RFC-0003] Add the provider field for OIDC auth - PR [#​2940](https://togithub.com/fluxcd/flux2/issues/2940) - [@​hiddeco](https://togithub.com/hiddeco) - AUR: further solve `.SRCINFO` issues - PR [#​2937](https://togithub.com/fluxcd/flux2/issues/2937) - [@​hiddeco](https://togithub.com/hiddeco) - AUR: ensure `pkgname` is bottom entry in .SRCINFO ### [`v0.31.5`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.5) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.4...v0.31.5) ### Highlights Flux v0.31.5 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience. #### Fixes - Fix ImageRepository public repository scan for unconfigured provider registries #### Improvements - Improve Helm OCI Chart to work with registries that don't support listing tags #### Component changelog - source-controller [v0.25.11](https://togithub.com/fluxcd/source-controller/blob/v0.25.11/CHANGELOG.md) - image-reflector-controller [v0.19.4](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.19.4/CHANGELOG.md) #### CLI Changelog - PR [#​2932](https://togithub.com/fluxcd/flux2/issues/2932) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2917](https://togithub.com/fluxcd/flux2/issues/2917) - [@​morancj](https://togithub.com/morancj) - SRCINFO: fix path ### [`v0.31.4`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.4) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.3...v0.31.4) #### Highlights Flux v0.31.4 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience. ##### Fixes - Fix SIGSEGV when resolving charts dependencies. - Fix Panic when no artifact in source. - decryptor: recover from SOPS store panic. - Fix spelling mistake in `azure/exchanger.go`. ##### Improvements - Retry downloading artifacts on not found errors. #### Components changelog - source-controller [v0.25.10](https://togithub.com/fluxcd/source-controller/blob/v0.25.10/CHANGELOG.md) - kustomize-controller [v0.26.3](https://togithub.com/fluxcd/kustomize-controller/blob/v0.26.3/CHANGELOG.md) - notification-controller [v0.24.1](https://togithub.com/fluxcd/notification-controller/blob/v0.24.1/CHANGELOG.md) - helm-controller [v0.22.2](https://togithub.com/fluxcd/helm-controller/blob/v0.22.2/CHANGELOG.md) - image-automation-controller [v0.23.5](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.5/CHANGELOG.md) - image-reflector-controller [v0.19.3](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.19.3/CHANGELOG.md) #### CLI Changelog - PR [#​2905](https://togithub.com/fluxcd/flux2/issues/2905) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.31.3`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.3) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.2...v0.31.3) #### Highlights Flux v0.31.3 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience. ##### Fixes - Fix for Helm OCI authentication where the credentials were cached instead of being reloaded at each reconciliation - Fix for health checking Kubernetes Jobs when impersonating a service account #### Components changelog - source-controller [v0.25.9](https://togithub.com/fluxcd/source-controller/blob/v0.25.9/CHANGELOG.md) - kustomize-controller [v0.26.2](https://togithub.com/fluxcd/kustomize-controller/blob/v0.26.2/CHANGELOG.md) #### CLI Changelog - PR [#​2881](https://togithub.com/fluxcd/flux2/issues/2881) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2877](https://togithub.com/fluxcd/flux2/issues/2877) - [@​sympatheticmoose](https://togithub.com/sympatheticmoose) - Add the `--branch` arg to the basic auth example ### [`v0.31.2`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.1...v0.31.2) #### Highlights Flux v0.31.2 is a patch release that comes with fixes and small improvements. Users are encouraged to upgrade for the best experience. ##### Fixes and improvements - Fix SSH connection leaks when using `libgit2` managed transport - Improve the `libgit2` error messages when the known hosts check fails - Fix authentication for BitBucket server when using `libgit2` managed transport - Fix `flux logs` when running Flux inside a service mesh - Fix `flux reconcile source helm` when using Helm OCI - Accept multiple values for `flux create hr --values-from` - List the Flux CRDs and assert their statuses when running `flux check` - Add finalizers to `ImageRepository`, `ImagePolicy` and `ImageUpdateAutomation` resources to properly record the metrics for deleted resources #### Components changelog - source-controller [v0.25.8](https://togithub.com/fluxcd/source-controller/blob/v0.25.8/CHANGELOG.md) [v0.25.7](https://togithub.com/fluxcd/source-controller/blob/v0.25.7/CHANGELOG.md) [v0.25.6](https://togithub.com/fluxcd/source-controller/blob/v0.25.6/CHANGELOG.md) - image-reflector-controller [v0.19.2](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.19.2/CHANGELOG.md) - image-automation-controller [v0.23.4](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.4/CHANGELOG.md) [v0.23.3](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.3/CHANGELOG.md) #### CLI Changelog - PR [#​2867](https://togithub.com/fluxcd/flux2/issues/2867) - [@​stefanprodan](https://togithub.com/stefanprodan) - Remove image finalizers on uninstall - PR [#​2862](https://togithub.com/fluxcd/flux2/issues/2862) - [@​bplasmeijer](https://togithub.com/bplasmeijer) - Put the dashboard configmap in the right namespace for monitoring - PR [#​2859](https://togithub.com/fluxcd/flux2/issues/2859) - [@​somtochiama](https://togithub.com/somtochiama) - Return different success message for `oci` type - `reconcile_source_helm` - PR [#​2844](https://togithub.com/fluxcd/flux2/issues/2844) - [@​hiddeco](https://togithub.com/hiddeco) - logs: select manager container when multiple exist - PR [#​2839](https://togithub.com/fluxcd/flux2/issues/2839) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2829](https://togithub.com/fluxcd/flux2/issues/2829) - [@​somtochiama](https://togithub.com/somtochiama) - Accept multiple values for `flux create hr --values-from` - PR [#​2823](https://togithub.com/fluxcd/flux2/issues/2823) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add CRDs to `flux check` command ### [`v0.31.1`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.31.0...v0.31.1) #### Highlights Flux v0.31.1 is a patch release that comes with important fixes and documentation improvements. Users are encouraged to upgrade for the best experience. ##### Fixes - Fix semver sorting for Helm OCI charts (source-controller) - Fix service account impersonation when using target namespace (helm-controller) - Validate that the image name does not contain tags (image-reflector-controller) - Fix `libgit2` SSH host key verification (source-controller & image-automation-controller) - Fix authentication when using Gitlab via HTTP/S (source-controller & image-automation-controller) ##### Documentation improvements - Explain how to [generate image pull secrets from SOPS encrypted `.dockerconfigjson` files](https://fluxcd.io/docs/components/kustomize/kustomization/#kustomize-secretgenerator) - Document all controller flags and their defaults - [source-controller options](https://fluxcd.io/docs/components/source/options/) - [kustomize-controller options](https://fluxcd.io/docs/components/kustomize/options/) - [helm-controller options](https://fluxcd.io/docs/components/helm/options/) - [notification-controller options](https://fluxcd.io/docs/components/notification/options/) - [image-automation-controller options](https://fluxcd.io/docs/components/image/options/#image-automation-flags) - [image-reflector-controller options](https://fluxcd.io/docs/components/image/options/#image-reflector-flags) #### Components changelog - source-controller [v0.25.5](https://togithub.com/fluxcd/source-controller/blob/v0.25.5/CHANGELOG.md) [v0.25.4](https://togithub.com/fluxcd/source-controller/blob/v0.25.4/CHANGELOG.md) - kustomize-controller [v0.26.1](https://togithub.com/fluxcd/kustomize-controller/blob/v0.26.1/CHANGELOG.md) - helm-controller [v0.22.1](https://togithub.com/fluxcd/helm-controller/blob/v0.22.1/CHANGELOG.md) - image-reflector-controller [v0.19.1](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.19.1/CHANGELOG.md) - image-automation-controller [v0.23.2](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.2/CHANGELOG.md) [v0.23.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.1/CHANGELOG.md) #### CLI Changelog - PR [#​2820](https://togithub.com/fluxcd/flux2/issues/2820) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update dependencies - PR [#​2814](https://togithub.com/fluxcd/flux2/issues/2814) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2811](https://togithub.com/fluxcd/flux2/issues/2811) - [@​stefanprodan](https://togithub.com/stefanprodan) - \[RFC-0002] Update status and implementation history ### [`v0.31.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.31.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.30.2...v0.31.0) #### Highlights Flux v0.31.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience. ##### Breaking changes Flux is no longer compatible with kubeconfigs using `client.authentication.k8s.io/v1alpha1`, this version was [deprecated and removed](https://togithub.com/kubernetes/kubernetes/pull/108616) in Kubernetes 1.24. Please follow these [instructions](https://togithub.com/fluxcd/flux2/issues/2817) on how to update kubeconfig to `client.authentication.k8s.io/v1beta1`. ##### New features - Pull Helm charts from container registries by configuring Helm repositories with `type: oci`. For more information please see the [Helm OCI documentation](https://fluxcd.io/docs/guides/helmreleases/#helm-oci-repository). - Trigger GitHub Actions workflows from Flux by configuring alerting providers with `type: githubdispatch`. For more information please see the [GitHub dispatch provider documentation](https://fluxcd.io/docs/components/notification/provider/#setting-up-the-github-dispatch-provider). ##### New guides - [Promote Flux Helm Releases with GitHub Actions](https://fluxcd.io/docs/use-cases/gh-actions-helm-promotion/). - [Using Flux on GKE with Google Cloud Source Repositories](https://fluxcd.io/docs/use-cases/gcp-source-repository/). - [Monitoring Flux logs with Loki and Grafana](https://fluxcd.io/docs/guides/monitoring/). ##### New improvements and fixes - Starting with this version, all Flux controllers conform to the Kubernetes API Priority and Fairness. - Add support for configuring the authentication to AWS KMS, Azure Key Vault and Google Cloud KMS on multi-tenant clusters. - The Git reconciliation has been made more efficient by adding support for no-op clones that should reduce the outbound traffic substantially. - The `libgit2` managed transport feature has been enabled by default to improve the Azure DevOps and AWS CodeCommit Git operations. - Fix an issue where the token used for Helm operations would go stale if it was provided using a Bound Service Account Token Volume. - Update the controllers and CLI dependencies to Kubernetes v1.24, Kustomize v4.5.5 and Helm v3.9.0. #### Components changelog - source-controller [v0.25.0](https://togithub.com/fluxcd/source-controller/blob/v0.25.0/CHANGELOG.md) [v0.25.1](https://togithub.com/fluxcd/source-controller/blob/v0.25.1/CHANGELOG.md) [v0.25.3](https://togithub.com/fluxcd/source-controller/blob/v0.25.3/CHANGELOG.md) - kustomize-controller [v0.26.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.26.0/CHANGELOG.md) - helm-controller [v0.22.0](https://togithub.com/fluxcd/helm-controller/blob/v0.22.0/CHANGELOG.md) - notification-controller [v0.24.0](https://togithub.com/fluxcd/notification-controller/blob/v0.24.0/CHANGELOG.md) - image-reflector-controller [v0.19.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.19.0/CHANGELOG.md) - image-automation-controller [v0.23.0](https://togithub.com/fluxcd/image-automation-controller/blob/v0.23.0/CHANGELOG.md) #### CLI Changelog - PR [#​2809](https://togithub.com/fluxcd/flux2/issues/2809) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update source-controller to v0.25.3 - PR [#​2807](https://togithub.com/fluxcd/flux2/issues/2807) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update dependencies - PR [#​2806](https://togithub.com/fluxcd/flux2/issues/2806) - [@​stefanprodan](https://togithub.com/stefanprodan) - monitoring: Add Grafana Loki HR and Flux logs dashboard - PR [#​2802](https://togithub.com/fluxcd/flux2/issues/2802) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add `--kubeconfig-secret-ref` to `flux create ks|hr` - PR [#​2801](https://togithub.com/fluxcd/flux2/issues/2801) - [@​stefanprodan](https://togithub.com/stefanprodan) - e2e: Update ARM64 runners to Kubernetes 1.24 - PR [#​2796](https://togithub.com/fluxcd/flux2/issues/2796) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2792](https://togithub.com/fluxcd/flux2/issues/2792) - [@​SomtochiAma](https://togithub.com/SomtochiAma) - Handle multi-doc yaml for flux build - PR [#​2787](https://togithub.com/fluxcd/flux2/issues/2787) - [@​vipulnewaskar7](https://togithub.com/vipulnewaskar7) - Add `--allow-insecure-http` to `bootstrap git` - PR [#​2782](https://togithub.com/fluxcd/flux2/issues/2782) - [@​stefanprodan](https://togithub.com/stefanprodan) - Refactor Flux Prometheus monitoring stack - PR [#​2781](https://togithub.com/fluxcd/flux2/issues/2781) - [@​makkes](https://togithub.com/makkes) - Add OCI support to `create source helm` - PR [#​2778](https://togithub.com/fluxcd/flux2/issues/2778) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update go-git-providers to v0.6.0 - PR [#​2775](https://togithub.com/fluxcd/flux2/issues/2775) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2773](https://togithub.com/fluxcd/flux2/issues/2773) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update dependencies - PR [#​2769](https://togithub.com/fluxcd/flux2/issues/2769) - [@​stefanprodan](https://togithub.com/stefanprodan) - Update Go to 1.18 in CI - PR [#​2767](https://togithub.com/fluxcd/flux2/issues/2767) - [@​takirala](https://togithub.com/takirala) - Add `--ignore-paths` flag to `flux create source (git|bucket)` - PR [#​2764](https://togithub.com/fluxcd/flux2/issues/2764) - [@​hiddeco](https://togithub.com/hiddeco) - Ensure proper FS root is set while bootstrapping - PR [#​2748](https://togithub.com/fluxcd/flux2/issues/2748) - [@​makkes](https://togithub.com/makkes) - fix e2e tests - PR [#​2747](https://togithub.com/fluxcd/flux2/issues/2747) - [@​dholbach](https://togithub.com/dholbach) - Move MAINTAINERS to f/community - PR [#​2727](https://togithub.com/fluxcd/flux2/issues/2727) - [@​cr1cr1](https://togithub.com/cr1cr1) - grafana: display exported ns, slight resizing, default sorting by state ### [`v0.30.2`](https://togithub.com/fluxcd/flux2/releases/tag/v0.30.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.30.1...v0.30.2) Flux v0.30.2 is a patch release with further patches around working with the macOS file-system. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.0) included breaking changes, and [v0.30.0](https://togithub.com/fluxcd/flux2/releases/tag/v0.30.0) new features. #### CLI Changelog - PR [#​2703](https://togithub.com/fluxcd/flux2/issues/2703) - [@​aryan9600](https://togithub.com/aryan9600) - Modify tmp dir generation to be absolute on all OSes - PR [#​2701](https://togithub.com/fluxcd/flux2/issues/2701) - [@​stefanprodan](https://togithub.com/stefanprodan) - Grant service account read-only access to controllers ### [`v0.30.1`](https://togithub.com/fluxcd/flux2/releases/tag/v0.30.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.30.0...v0.30.1) Flux v0.30.1 is a patch release fixing a regression bug introduced in v0.30.0, which prevented macOS users from upgrading Flux using bootstrap due to FS security constraints. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.0) included breaking changes, and [v0.30.0](https://togithub.com/fluxcd/flux2/releases/tag/v0.30.0) new features. #### CLI Changelog - PR [#​2700](https://togithub.com/fluxcd/flux2/issues/2700) - [@​stefanprodan](https://togithub.com/stefanprodan) - MacOS: fix bootstrap manifest generation ### [`v0.30.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.30.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.5...v0.30.0) Flux v0.30.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.0) included breaking changes. ##### Features and improvements ##### Support for disabling remote bases in Kustomize overlays This release adds support to the kustomize-controller for disallowing remote bases in Kustomize overlays using `--no-remote-bases=true` (default: `false`). When this flag is enabled on the controller, all resources must refer to local files included in the Source Artifact, meaning only the Flux Sources can affect the cluster-state. Users are advised to enable it on production systems for security and performance reasons. ##### Support for defining a KubeConfig Secret data key Both `Kustomization` and `HelmRelease` resources do now accept a `.spec.kubeConfig.SecretRef.key` definition. When the value is specified, the KubeConfig JSON is retrieved from this data key in the referred Secret, instead of the defaults (`value` or `value.yaml`). ##### Support for defining a ServiceAccountName in ImageRepository objects The `ImageRepository` object does now accept a `.spec.serviceAccountName` definition. When specified, the image pull secrets attached to the ServiceAccount are used to authenticate towards the registry. ##### Components Changelog - kustomize-controller to [v0.25.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.25.0/CHANGELOG.md) - helm-controller to [v0.21.0](https://togithub.com/fluxcd/helm-controller/blob/v0.21.0/CHANGELOG.md) - image-reflector-controller to [v0.18.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.18.0/CHANGELOG.md) - source-controller to [v0.24.4](https://togithub.com/fluxcd/source-controller/blob/v0.24.4/CHANGELOG.md) - notification-controller to [v0.23.5](https://togithub.com/fluxcd/notification-controller/blob/v0.23.5/CHANGELOG.md) - image-automation-controller to [v0.22.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.22.1/CHANGELOG.md) #### CLI Changelog - PR [#​2651](https://togithub.com/fluxcd/flux2/issues/2651) - [@​hiddeco](https://togithub.com/hiddeco) - kustomize: use FS from `fluxcd/pkg` - PR [#​2698](https://togithub.com/fluxcd/flux2/issues/2698) - [@​hiddeco](https://togithub.com/hiddeco) - Update dependencies - PR [#​2695](https://togithub.com/fluxcd/flux2/issues/2695) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.29.5`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.5) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.4...v0.29.5) Flux v0.29.5 is patch release which improves the Condition handling of `HelmRepository` resources, and handling of file formats while decrypting Secret generator entries with SOPS to ensure encrypted files in format A can be decrypted to target format B. In addition, we now recover from Kustomize build panics to guarantee continuity of operations when running into invalid object data. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/v0.29.0) includes breaking changes. #### Components Changelog - source-controller to [v0.24.3](https://togithub.com/fluxcd/source-controller/blob/v0.24.3/CHANGELOG.md) - kustomize-controller to [v0.24.4](https://togithub.com/fluxcd/kustomize-controller/blob/v0.24.4/CHANGELOG.md) #### CLI Changelog - PR [#​2686](https://togithub.com/fluxcd/flux2/issues/2686) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.29.4`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.4) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.3...v0.29.4) Flux v0.29.4 is patch release with memory consumption improvements for the reconciliation of `HelmRepository` resources. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/v0.29.0) includes breaking changes. #### Components Changelog - source-controller to [v0.24.2](https://togithub.com/fluxcd/source-controller/blob/v0.24.2/CHANGELOG.md) #### CLI Changelog - PR [#​2679](https://togithub.com/fluxcd/flux2/issues/2679) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.29.3`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.3) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.2...v0.29.3) Flux v0.29.3 is patch release which fixes a regression bug where the source-controller would panic in further to be identified edge-case scenarios in which a `HelmRepository` Artifact would not have a Size. In addition, the flags for configuring the exponential back-off retry have been made available in the kustomize-controller. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/v0.29.0) includes breaking changes. #### Components Changelog - source-controller to [v0.24.1](https://togithub.com/fluxcd/source-controller/blob/v0.24.1/CHANGELOG.md) - kustomize-controller to [v0.24.3](https://togithub.com/fluxcd/kustomize-controller/blob/v0.24.3/CHANGELOG.md) #### CLI Changelog - PR [#​2668](https://togithub.com/fluxcd/flux2/issues/2668) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.29.2`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.1...v0.29.2) Flux v0.29.2 is patch release that comes with dependency updates to please static security analyzers. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/v0.29.0) includes breaking changes. #### Components Changelog - kustomize-controller to [v0.24.2](https://togithub.com/fluxcd/kustomize-controller/blob/v0.24.2/CHANGELOG.md) - notification-controller to [v0.23.4](https://togithub.com/fluxcd/notification-controller/blob/v0.23.4/CHANGELOG.md) #### CLI Changelog - PR [#​2662](https://togithub.com/fluxcd/flux2/issues/2662) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.29.1`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.29.0...v0.29.1) Flux v0.29.1 is patch release that comes with a regression bug fix for Kustomizations files that contain remote references. **Note** that [v0.29.0](https://togithub.com/fluxcd/flux2/releases/v0.29.0) includes breaking changes. #### Components Changelog - kustomize-controller to [v0.24.1](https://togithub.com/fluxcd/kustomize-controller/blob/v0.24.1/CHANGELOG.md) #### CLI Changelog - PR [#​2657](https://togithub.com/fluxcd/flux2/issues/2657) - [@​hiddeco](https://togithub.com/hiddeco) - Update kustomize-controller to v0.24.1 ### [`v0.29.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.29.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.5...v0.29.0) Flux v0.29.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience. ##### Breaking changes ##### source-controller - From this release on, the `RUNTIME_NAMESPACE` environment variable is no longer taken into account to configure the advertised HTTP/S address of the storage. Instead, [variable substitution](https://kubernetes.io/docs/tasks/inject-data-application/define-interdependent-environment-variables/#define-an-environment-dependent-variable-for-a-container) must be used, as described in [the changelog entry for `v0.5.2`](https://togithub.com/fluxcd/source-controller/blob/v0.24.0/CHANGELOG.md#​052). - Use of file-based KubeConfig options are now permanently disabled (e.g. `TLSClientConfig.CAFile`, `TLSClientConfig.KeyFile`, `TLSClientConfig.CertFile` and `BearerTokenFile`). The drive behind the change was to discourage insecure practices of mounting Kubernetes tokens inside the controller's container file system. - Use of `TLSClientConfig.Insecure` in KubeConfig file is disabled by default, but can be enabled at controller level with the flag `--insecure-kubeconfig-tls`. - Use of `ExecProvider` in KubeConfig file is now disabled by default, but can be enabled at controller level with the flag `--insecure-kubeconfig-exec`. ##### Features and improvements ##### Notification Improvements A new notification is now emitted to identify recovery from failures. It is triggered when a failed reconciliation is followed by a successful one, and the notification message is the same that's sent in usual successful source reconciliation message about the stored artifact. ##### In-memory cache for HelmRepository The opt-in in-memory cache for `HelmRepository` addresses issues where the index file is loaded and unmarshalled in concurrent reconciliation resulting in a heavy memory footprint. It can be configured using the flags: `--helm-cache-max-size`, `--helm-cache-ttl`, `--helm-cache-purge-interval`. ##### Configurable retention of Source Artifacts Garbage Collection is enabled by default, and now its retention options are configurable with the flags: `--artifact-retention-ttl` (default: `60s`) and `--artifact-retention-records` (default: `2`). They define the minimum time to live and the maximum amount of artifacts to survive a collection. ##### Configurable Key Exchange Algorithms for SSH connections The Key Exchange Algorithms used when establishing SSH connections are based on the defaults configured upstream in `go-git` and `golang.org/x/crypto`. Now this can be overriden with the flag `--ssh-kex-algos`. Note this applies to the `go-git` gitImplementation or the `libgit2` gitImplementation but *only* when Managed Transport is being used. ##### Configurable Exponential Back-off retry settings The exponential back-off retry can be configured with the new flags: `--min-retry-delay` (default: `750ms`) and `--max-retry-delay` (default: `15min`). Previously the defaults were set to `5ms` and `1000s`, which in some cases impaired the controller's ability to self-heal (e.g. retrying failing SSH connections). ##### Experimental managed transport for libgit2 Git implementation Managed Transport for `libgit2` now introduces self-healing capabilities, to recover from failure when long-running connections become stale. ##### SOPS refactored and optimized SOPS implementation was refactored to include various improvements and extended code coverage. Age identities are now imported once and reused multiple times, optimizing CPU and memory usage between decryption operations. ##### Helm chart directory loader improvements Introduction of a secure directory loader which improves the handling of Helm charts paths. ##### Components Changelog - helm-controller to [v0.20.1](https://togithub.com/fluxcd/helm-controller/blob/v0.20.1/CHANGELOG.md) - kustomize-controller to [v0.24.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.24.0/CHANGELOG.md) - source-controller to [v0.24.0](https://togithub.com/fluxcd/source-controller/blob/v0.24.0/CHANGELOG.md) - notification-controller to [v0.23.3](https://togithub.com/fluxcd/notification-controller/blob/v0.23.3/CHANGELOG.md) - image-reflector-controller to [v0.17.2](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.17.2/CHANGELOG.md) - image-automation-controller to [v0.22.0](https://togithub.com/fluxcd/image-automation-controller/blob/v0.22.0/CHANGELOG.md) Other changes since last minor release: - helm-controller to [v0.19.0](https://togithub.com/fluxcd/helm-controller/blob/v0.19.0/CHANGELOG.md) - kustomize-controller to [v0.23.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.23.0/CHANGELOG.md) - source-controller to [v0.23.0](https://togithub.com/fluxcd/source-controller/blob/v0.23.0/CHANGELOG.md) #### CLI Changelog - PR [#​2652](https://togithub.com/fluxcd/flux2/issues/2652) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2649](https://togithub.com/fluxcd/flux2/issues/2649) - [@​hiddeco](https://togithub.com/hiddeco) - Update dependencies - PR [#​2646](https://togithub.com/fluxcd/flux2/issues/2646) - [@​aryan9600](https://togithub.com/aryan9600) - Handle secret types properly while masking sops data - PR [#​2631](https://togithub.com/fluxcd/flux2/issues/2631) - [@​canidam](https://togithub.com/canidam) - bootstrap git: Allow the password to be specified with GIT_PASSWORD env var - PR [#​2624](https://togithub.com/fluxcd/flux2/issues/2624) - [@​kingdonb](https://togithub.com/kingdonb) - Add detail to delete docs - PR [#​2617](https://togithub.com/fluxcd/flux2/issues/2617) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2616](https://togithub.com/fluxcd/flux2/issues/2616) - [@​SomtochiAma](https://togithub.com/SomtochiAma) - Add cli flags for chart interval and reconcile strategy - PR [#​2611](https://togithub.com/fluxcd/flux2/issues/2611) - [@​souleb](https://togithub.com/souleb) - Add an option to diff with a local Flux Kustomization file - PR [#​2609](https://togithub.com/fluxcd/flux2/issues/2609) - [@​darkowlzz](https://togithub.com/darkowlzz) - monitoring-config: set grafana dashboards labelValues - PR [#​2607](https://togithub.com/fluxcd/flux2/issues/2607) - [@​souleb](https://togithub.com/souleb) - \[Diff] Update pkg/kustomize to v0.1.0 - PR [#​2597](https://togithub.com/fluxcd/flux2/issues/2597) - [@​stefanprodan](https://togithub.com/stefanprodan) - \[RFC-0002] Flux OCI support for Helm ### [`v0.28.5`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.5) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.4...v0.28.5) Flux v0.28.5 is a patch release that comes with various improvements and dependency updates to the controller components. Please consult the changelogs from the list below for a precise overview of changes. Users are (as always) encouraged to upgrade for the best experience. **Note** that if you are upgrading from v0.27 you need to follow the [Upgrade Flux to the Source v1beta2 API guide](https://togithub.com/fluxcd/flux2/discussions/2567). #### Components Changelog - kustomize-controller to [v0.22.3](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.3/CHANGELOG.md) - source-controller to [v0.22.5](https://togithub.com/fluxcd/source-controller/blob/v0.22.5/CHANGELOG.md) - image-automation-controller to [v0.21.3](https://togithub.com/fluxcd/image-automation-controller/blob/v0.21.3/CHANGELOG.md) - notification-controller to [v0.23.2](https://togithub.com/fluxcd/notification-controller/blob/v0.23.2/CHANGELOG.md) #### CLI Changelog - PR [#​2594](https://togithub.com/fluxcd/flux2/issues/2594) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2584](https://togithub.com/fluxcd/flux2/issues/2584) - [@​souleb](https://togithub.com/souleb) - Diff: Update homeport/Dyff to v1.5.2 ### [`v0.28.4`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.4) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.3...v0.28.4) Flux v0.28.4 is a patch release that comes with improvements to the experimental managed transport's overall stability. Users are encouraged to upgrade for the best experience. **Note** that if you are upgrading from v0.27 you need to follow the [Upgrade Flux to the Source v1beta2 API guide](https://togithub.com/fluxcd/flux2/discussions/2567). #### Components Changelog - source-controller to [v0.22.4](https://togithub.com/fluxcd/source-controller/blob/v0.22.4/CHANGELOG.md) - image-automation-controller to [v0.21.2](https://togithub.com/fluxcd/image-automation-controller/blob/v0.21.2/CHANGELOG.md) #### CLI Changelog - PR [#​2583](https://togithub.com/fluxcd/flux2/issues/2583) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.28.3`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.3) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.2...v0.28.3) Flux v0.28.3 is patch release that comes with a regression bug fix for SOPS Azure Key Vault decryption. In addition, Kustomize has been updated to `v4.5.3` to address an issue with YAML anchors. Users are encouraged to upgrade for the best experience. **Note** that if you are upgrading from v0.27 you need to follow the [Upgrade Flux to the Source v1beta2 API guide](https://togithub.com/fluxcd/flux2/discussions/2567). #### Components Changelog - source-controller to [v0.22.3](https://togithub.com/fluxcd/source-controller/blob/v0.22.3/CHANGELOG.md) - kustomize-controller to [v0.22.2](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.2/CHANGELOG.md) - helm-controller to [v0.18.2](https://togithub.com/fluxcd/helm-controller/blob/v0.18.2/CHANGELOG.md) #### CLI Changelog - PR [#​2577](https://togithub.com/fluxcd/flux2/issues/2577) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2572](https://togithub.com/fluxcd/flux2/issues/2572) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add the kube client qps and burst to the global args ### [`v0.28.2`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.1...v0.28.2) Flux v0.28.2 is patch release that comes with a regression bug fix for notification spam. Users are encouraged to upgrade for the best experience. **Note** that if you are upgrading from v0.27 you need to follow the [Upgrade Flux to the Source v1beta2 API guide](https://togithub.com/fluxcd/flux2/discussions/2567). #### Components Changelog - kustomize-controller to [v0.22.1](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.1/CANGELOG.md) #### CLI Changelog - PR [#​2570](https://togithub.com/fluxcd/flux2/issues/2570) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.28.1`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.28.0...v0.28.1) Flux v0.28.1 is patch release that comes with a regression bug fix for image update automation. Users are encouraged to upgrade for the best experience. **Note** that if you are upgrading from v0.27 you need to follow the [Upgrade Flux to the Source v1beta2 API guide](https://togithub.com/fluxcd/flux2/discussions/2567). #### Components Changelog - helm-controller to [v0.18.1](https://togithub.com/fluxcd/helm-controller/blob/v0.18.1/CANGELOG.md) - source-controller to [v0.22.2](https://togithub.com/fluxcd/source-controller/blob/v0.22.2/CHANGELOG.md) - notification-controller to [v0.23.1](https://togithub.com/fluxcd/notification-controller/blob/v0.23.1/CHANGELOG.md) - image-reflector-controller to [v0.17.1](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.17.1/CHANGELOG.md) - image-automation-controller to [v0.21.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.21.1/CHANGELOG.md) #### CLI Changelog - PR [#​2569](https://togithub.com/fluxcd/flux2/issues/2569) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components ### [`v0.28.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.28.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.27.4...v0.28.0) Flux v0.28.0 comes with [new reconcilers for Source kinds](https://togithub.com/fluxcd/source-controller/pull/586) and graduates the Flux Source API to `v1beta2`. #### Breaking changes - From this version on, controllers depending on Source kinds (kustomize-controller, helm-controller and image-automation-controller) do now require the Source `v1beta2` Custom Resource Definition to be present on the cluster. #### Features and improvements ##### API specifications in a user-friendly format [The new specifications for the `v1beta2` API](https://togithub.com/fluxcd/source-controller/tree/v0.22.0/docs/spec/v1beta2) have been written in a new format with the aim to be more valuable to a user. Featuring separate sections with examples, and information on how to write and work with them. ##### Artifact now advertises size The size (in bytes) of a tarball Artifact is now advertised in the Size (`.size`) field of the Artifact. This can be utilized by users to e.g. quickly see if `.sourceignore` rules have an effect, or be displayed in a UI. ##### Azure Blob Storage support for `Bucket` resources The `.spec.provider` of a `Bucket` resource can now be set to `azure` to instruct the source-controller to use the [Azure Blob Storage SDK](https://togithub.com/Azure/azure-sdk-for-go/tree/main/sdk/storage/azblob#readme) while fetching objects. This allows for authenticating using Service Principals, Managed Identities and Shared Keys. For more information, see the [Bucket spec about the Azure provider](https://togithub.com/fluxcd/source-controller/blob/v0.22.0/docs/spec/v1beta2/buckets.md#azure). ##### Azure Key Vault multi-tenancy Kustomization resources making use of SOPS with Azure Key Vault as the backing KMS are now allowed to refer to Azure credentials in the tenant's namespace. For more information, see the [Kustomization spec about Azure Key Vault Secret entries](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.0/docs/spec/v1beta2/kustomization.md#azure-key-vault-secret-entry). ##### Enhanced Kubernetes Conditions Source API resources will now advertise more explicit Condition types (more about the types in [API changes](#api-changes)), provide `Reconciling` and `Stalled` Conditions where applicable for [better integration with `kstatus`](https://togithub.com/kubernetes-sigs/cli-utils/blob/master/pkg/kstatus/README.md#conditions), and record the Observed Generation on the Condition. For a detailed overview per Source type, refer to the spec: - [GitRepository](https://togithub.com/fluxcd/source-controller/blob/v0.22.0/docs/spec/v1beta2/gitrepositories.md#conditions) - [HelmRepository](https://togithub.com/fluxcd/source-controller/blob/v0.22.0/docs/spec/v1beta2/helmrepositories.md#conditions) - [HelmChart](https://togithub.com/fluxcd/source-controller/blob/v0.22.0/docs/spec/v1beta2/helmcharts.md#conditions) - [Bucket](https://togithub.com/fluxcd/source-controller/blob/v0.22.0/docs/spec/v1beta2/buckets.md#conditions) ##### Enhanced Kubernetes Events (and notifications) The Kubernetes Events the source-controller emits have been reworked to provide a proper reason, and more informative messages. Users making use of the notification-controller will notice this as well, as this same information is used to compose notifications. ##### Experimental managed transport for `libgit2` Git implementation The `libgit2` Git implementation supports a new experimental transport to improve reliability, adding timeout enforcement for Git network operations. Opt-in by setting the environment variable `EXPERIMENTAL_GIT_TRANSPORT` to `true` in the source-controller and/or image-automation-controller their Deployment. This will result in the low-level transport being handled by the controller, instead of `libgit2`. It may result in an increased number of timeout messages in the logs, however it will remove the ability of Git operations to make the controllers hang indefinitely. ##### Manage cluster addons A new annotation (`kustomize.toolkit.fluxcd.io/ssa: merge`) is available for allowing Flux to patch cluster addons such as CoreDNS without the kustomize-controller removing the `kubectl` managed fields. For more information, see the [Kustomization spec about reconciliation](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.0/docs/spec/v1beta2/kustomization.md#reconciliation). ##### Reuse of HTTP/S transport for Helm repository index and chart downloads The Helm dependency has been updated to `v3.8.1`, with a patch applied from [https://github.com/helm/helm/pull/10568](https://togithub.com/helm/helm/pull/10568). Using this patch, the HTTP transports are now managed by the source-controller, to prevent the clogging of thousands of open TCP connections on some instances. ##### Update of `libgit2` Git implementation to `v1.3.x` The `libgit2` Git implementation has been updated to `v1.3.x`, allowing us to provide better error signals for authentication, certificate and transport failures. Effectively, this means that instead of a `unable to clone: User` error string, a descriptive one is now given. In addition, `NO_PROXY` settings are now properly taken into account. ##### Preparation of support for `rsa-ssh2-256/512` The dependency on `golang.org/x/crypto` has been updated to `v0.0.0-20220315160706-3147a52a75dd`, as preparation of support for `rsa-ssh2-256/512`. This should theoretically work out of the box for `known_hosts` entries and `go-git` Git provider credentials, but has not been widely tested. #### API changes The `source.toolkit.fluxcd.io/v1beta2` API is backwards compatible with `v1beta1`. - Introduction of `Reconciling` and `Stalled` Condition types for [better integration with `kstatus`](https://togithub.com/kubernetes-sigs/cli-utils/blob/master/pkg/kstatus/README.md#conditions). - Introduction of new Condition types to provide better signals and failure indications: - `ArtifactOutdated`: indicates the current Artifact of the Source is outdated. - `SourceVerified`: indicates the integrity of the Source has been verified. - `FetchFailed`: indicates a transient or persistent fetch failure of the upstream Source. - `BuildFailed`: indicates a transient or persistent build failure of a Source's Artifact. - `StorageOperationFailed`: indicates a transient or persistent failure related to storage. - `IncludeUnavailable`: indicates an include is not available. For example, because it does not exist, or does not have an Artifact. - Introduction of a Size (in bytes) field (`.status.artifact.size`) in the Artifact object. - Introduction of `ObservedChartName` (`.status.observedChartName`) and `ObservedSourceArtifactRevision` (`.status.observedSourceArtifactRevision`) fields in the `HelmChart` Status. - Introduction of `azure` provider implementation for `Bucket`. #### Upgrade procedure To upgrade your cluster, download the Flux CLI binary from the release page and rerun the `flux bootstrap` command. This will upgrade the Flux components on your cluster to the latest version. Other upgrade options can be found on the [docs website](https://fluxcd.io/docs/installation/#upgrade). ℹ️ Note that updating the manifests in Git from `source.toolkit.fluxcd.io/v1beta1` to `source.toolkit.fluxcd.io/v1beta2` can be done at any time after the Flux components upgrade. All users are encouraged to update the manifests as any deprecated fields will be removed when the next API version will be released. For more information, see [post upgrade](#post-upgrade). ##### Terrafrom upgrade When using the [Terraform provider for Flux](https://togithub.com/fluxcd/terraform-provider-flux), you have to manually remove the `v1beta2` GitRepository from the TF state: terraform state rm 'kubectl_manifest.sync["source.toolkit.fluxcd.io/v1beta1/gitrepository/flux-system/flux-system"]' ##### Other upgrade methods When upgrading without the CLI or Terraform (using e.g. GitHub Actions or RenovateBot), we recommend to bump the `GitRepository` API version in `gotk-sync.yaml` to `v1beta2`. ##### Post upgrade After rolling out the upgrade, and when you have confirmed things to be working as expected. Resources in Git which refer to `source.toolkit.fluxcd.io/v1beta1` can be updated to refer to `source.toolkit.fluxcd.io/v1beta2`: ```diff @​@​ -1,4 +1,4 @​@​ -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: name: gitrepository-sample ``` #### Components Changelog - helm-controller to [v0.18.0](https://togithub.com/fluxcd/helm-controller/blob/v0.18.0/CHANGELOG.md) - kustomize-controller to [v0.22.0](https://togithub.com/fluxcd/kustomize-controller/blob/v0.22.0/CHANGELOG.md) - source-controller to [v0.22.1](https://togithub.com/fluxcd/source-controller/blob/v0.22.1/CHANGELOG.md) - notification-controller to [v0.23.0](https://togithub.com/fluxcd/notification-controller/blob/v0.23.0/CHANGELOG.md) - image-reflector-controller to [v0.17.0](https://togithub.com/fluxcd/image-reflector-controller/blob/v0.17.0/CHANGELOG.md) - image-automation-controller to [v0.21.0](https://togithub.com/fluxcd/image-automation-controller/blob/v0.21.0/CHANGELOG.md) #### CLI Changelog - PR [#​2566](https://togithub.com/fluxcd/flux2/issues/2566) - [@​stefanprodan](https://togithub.com/stefanprodan) - Fix resume source bucket panic - PR [#​2565](https://togithub.com/fluxcd/flux2/issues/2565) - [@​hiddeco](https://togithub.com/hiddeco) - fix: wait for Source objects observed generation - PR [#​2564](https://togithub.com/fluxcd/flux2/issues/2564) - [@​stefanprodan](https://togithub.com/stefanprodan) - Use absolute domain name for the events address - PR [#​2561](https://togithub.com/fluxcd/flux2/issues/2561) - [@​hiddeco](https://togithub.com/hiddeco) - Update toolkit components - PR [#​2559](https://togithub.com/fluxcd/flux2/issues/2559) - [@​stefanprodan](https://togithub.com/stefanprodan) - Retry bootstrap operations on Git conflict errors - PR [#​2542](https://togithub.com/fluxcd/flux2/issues/2542) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2530](https://togithub.com/fluxcd/flux2/issues/2530) - [@​stefanprodan](https://togithub.com/stefanprodan) - Add components-extra example usage to CLI help - PR [#​2512](https://togithub.com/fluxcd/flux2/issues/2512) - [@​souleb](https://togithub.com/souleb) - Introduce a printer interface for flux resources - PR [#​2484](https://togithub.com/fluxcd/flux2/issues/2484) - [@​cuishuang](https://togithub.com/cuishuang) - all: fix some typos - PR [#​2483](https://togithub.com/fluxcd/flux2/issues/2483) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2467](https://togithub.com/fluxcd/flux2/issues/2467) - [@​darkowlzz](https://togithub.com/darkowlzz) - Update `get` subcommand column order ### [`v0.27.4`](https://togithub.com/fluxcd/flux2/releases/tag/v0.27.4) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.27.3...v0.27.4) Flux v0.27.4 is a patch release that comes with patches to the Deployment manifest of helm-controller and the-notification controller, to set the `.spec.securityContext.fsGroup`, which may be required for some EKS setups as reported in [https://github.com/fluxcd/flux2/issues/2537](https://togithub.com/fluxcd/flux2/issues/2537). Users are encouraged to upgrade for the best experience. #### Components changelog - helm-controller [v0.17.2](https://togithub.com/fluxcd/helm-controller/blob/v0.17.2/CHANGELOG.md) - notification-controller [v0.22.3](https://togithub.com/fluxcd/notification-controller/blob/v0.22.3/CHANGELOG.md) ### [`v0.27.3`](https://togithub.com/fluxcd/flux2/releases/tag/v0.27.3) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.27.2...v0.27.3) Flux v0.27.3 is a patch release that comes with improvements to the libgit2 OpenSSL build dependency in image-automation-controller, which fixes some issues related to git server connection leaks. Users are encouraged to upgrade for the best experience. #### Components changelog - image-automation-controller [v0.20.1](https://togithub.com/fluxcd/image-automation-controller/blob/v0.20.1/CHANGELOG.md) ### [`v0.27.2`](https://togithub.com/fluxcd/flux2/releases/tag/v0.27.2) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.27.1...v0.27.2) Flux v0.27.2 is a patch release that comes with altering improvements. Users are encouraged to upgrade for the best experience. Improvements: - Add support for using basic auth when sending alerts to Grafana annotations API - Allow the proxy address to specified in the Kubernetes Secret referenced in Flux Alerts #### Components changelog - notification-controller [v0.22.1](https://togithub.com/fluxcd/notification-controller/blob/v0.22.1/CHANGELOG.md) [v0.22.2](https://togithub.com/fluxcd/notification-controller/blob/v0.22.1/CHANGELOG.md) ### [`v0.27.1`](https://togithub.com/fluxcd/flux2/releases/tag/v0.27.1) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.27.0...v0.27.1) #### Highlights Flux v0.27.1 is a patch release that comes with fixes and no breaking changes. Users are encouraged to upgrade for the best experience. Fixes: - Convert `stringData` to `data` before diffing and applying Secrets (workaround for upstream [Kubernetes bug](https://togithub.com/kubernetes/kubernetes/issues/108008)) - Set QPS and Burst when impersonating service account in helm-controller (avoid client-side throttling when upgrading Helm releases containing hundreds of resources) #### Components changelog - kustomize-controller [v0.21.1](https://togithub.com/fluxcd/kustomize-controller/blob/v0.21.1/CHANGELOG.md) - helm-controller [v0.17.1](https://togithub.com/fluxcd/helm-controller/blob/v0.17.1/CHANGELOG.md) #### CLI changelog - PR [#​2460](https://togithub.com/fluxcd/flux2/issues/2460) - [@​fluxcdbot](https://togithub.com/fluxcdbot) - Update toolkit components - PR [#​2452](https://togithub.com/fluxcd/flux2/issues/2452) - [@​souleb](https://togithub.com/souleb) - Diff: fix stringData Secret issue - PR [#​2450](https://togithub.com/fluxcd/flux2/issues/2450) - [@​SomtochiAma](https://togithub.com/SomtochiAma) - Add `--wait` flag to flux `resume` cmd - PR [#​2448](https://togithub.com/fluxcd/flux2/issues/2448) - [@​SomtochiAma](https://togithub.com/SomtochiAma) - Use `metadata.Client` for reconcile operations ### [`v0.27.0`](https://togithub.com/fluxcd/flux2/releases/tag/v0.27.0) [Compare Source](https://togithub.com/fluxcd/flux2/compare/v0.26.3...v0.27.0) #### Highlights Flux v0.27.0 comes with new features and improvements. Use

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.