ImageUpdateAutomation v1beta2 API with refactored controller

[darkowlzz]

This change refactors image-automation-controller to implement the new unified standards of flux controllers.

See https://github.com/fluxcd/image-automation-controller/issues/643 for some overview of the new changes.

Following are some highlights of the changes:

• Introduce v1beta2 API which introduces new status fields .observedPolicies and .observedSourceRevision required for the new reconciliation model, and a spec field .policySelector for selecting the policies to consider in the update operation.
• Refactor the ImageUpdateAutomationReconciler to align with other flux controllers in the way we report the status and send notifications.
• When the checkout and push branch of the source are the same, the controller now returns early when there's no change in the policies and the remote source. This would help avoid full reconciliations when nothing has changed. When the push branch is different from checkout branch or a refspec is provided, full reconciliation will always be performed.
• The controller/reconciler e2e tests have been refactored to simplify the tests and expand what's tested. Some tests involving the remote git state changes have been moved to the tests in internal/source package tests.
• Introduce internal/source package which provides all the source management API. These source management operations are tested in detail independent of the reconciler.
• The commit template values now has a new update ResultV2 (introduced in https://github.com/fluxcd/image-automation-controller/pull/642) which includes the old and new value of the changes made to the objects in files. This is accessible under .Changed. The previous update Result remains available under .Updated but is deprecated. ResultV2 contains all the updates, even if the update wasn't a complete image but part of an image.
• The policy applying code has been moved to internal/policy package to be maintained and tested independent of the reconciler and can be used reconciler and source manager tests as needed.
• Use the ResultV2 based commit template description and examples in the v1beta2 API spec docs.
• Remove the deprecated suspend and readiness reconciliation metrics.

Example ImageUpdateAutomation status with the new fields:

status:
  conditions:
  - lastTransitionTime: "2024-03-18T20:01:57Z"
    message: repository up-to-date
    observedGeneration: 8
    reason: Succeeded
    status: "True"
    type: Ready
  lastAutomationRunTime: "2024-03-18T21:02:30Z"
  lastHandledReconcileAt: "1710791381"
  lastPushCommit: 8084f1bb180ac259c6698cd027064b7dce86a72a
  lastPushTime: "2024-03-18T18:53:04Z"
  observedGeneration: 8
  observedPolicies:
    podinfo-policy:
      name: ghcr.io/stefanprodan/podinfo
      tag: 4.0.6
    myapp1:
      name: ghcr.io/fluxcd/myapp1
      tag: 4.0.0
    myapp2:
      name: ghcr.io/fluxcd/myapp2
      tag: 2.0.0
  observedSourceRevision: main@sha1:8084f1bb180ac259c6698cd027064b7dce86a72a

Example rendered commit template with before and after update values per file and per object:

Automation: default/test-update-auto

- File: foo-deployment.yaml
  - Object: Deployment/default/foo
    Changes:
    - 2.2.2 -> 5.0.3

- File: podinfo-deployment.yaml
  - Object: Deployment/default/infopod
    Changes:
    - v1.0 -> 5.0.3
  - Object: Deployment/default/podinfo
    Changes:
    - ghcr.io/stefanprodan/podinfo:4.0.6 -> ghcr.io/stefanprodan/podinfo:5.0.3
    - bar -> ghcr.io/stefanprodan/podinfo
    - 4.0.6 -> 5.0.3

Instructions for testing

To test this, checkout this branch and build the container image with make docker-build IMG=<image-name> TAG=<tag>. Before deploying the container image, update/install the CRDs to v1beta2 API with make install or apply the CRD manifests in config/crd/bases. Create git repository, image repository, policy and update automation object and test.

Fixes #437

[darkowlzz]

@tun0 you may be interesting in trying this. It addresses your feature request in https://github.com/fluxcd/flux2/discussions/3027 . There's a new commit template data field which provides a new update result that include the old and new values. See the new docs for examples of the template that have old and new values after update.

[tun0]

@tun0 you may be interesting in trying this. It addresses your feature request in https://github.com/fluxcd/flux2/discussions/3027 . There's a new commit template data field which provides a new update result that include the old and new values. See the new docs for examples of the template that have old and new values after update.

Looks promising! Will add it to my list of things I still need to do 😬

[darkowlzz]

Sharing results of an upgrade test from v1beta1 to v1beta2 API.

Before upgrade, I had the following object:

apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
  creationTimestamp: "2024-03-21T16:31:40Z"
  finalizers:
  - finalizers.fluxcd.io
  generation: 1
  name: podinfo-update
  namespace: default
  resourceVersion: "3055784"
  uid: 25d426d7-b7b4-4b4d-8b31-0522aa8d5f6e
spec:
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        email: fluxcdbot@users.noreply.github.com
        name: fluxcdbot
  interval: 30m
  sourceRef:
    kind: GitRepository
    name: podinfo
  update:
    strategy: Setters
status:
  conditions:
  - lastTransitionTime: "2024-03-21T16:31:40Z"
    message: no updates made; last commit 62b92bf at 2024-03-21T22:01:42+05:30
    reason: ReconciliationSucceeded
    status: "True"
    type: Ready
  lastAutomationRunTime: "2024-03-21T16:31:42Z"
  lastPushCommit: 62b92bfe37b7dfa97d3870b29db211f2145917fd
  lastPushTime: "2024-03-21T16:31:42Z"
  observedGeneration: 1

After installing the new CRD for v1beta2 API and running the new controller, the object becomes:

apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageUpdateAutomation
metadata:
  creationTimestamp: "2024-03-21T16:31:40Z"
  finalizers:
  - finalizers.fluxcd.io
  generation: 1
  name: podinfo-update
  namespace: default
  resourceVersion: "3055965"
  uid: 25d426d7-b7b4-4b4d-8b31-0522aa8d5f6e
spec:
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        email: fluxcdbot@users.noreply.github.com
        name: fluxcdbot
  interval: 30m
  sourceRef:
    kind: GitRepository
    name: podinfo
  update:
    strategy: Setters
status:
  conditions:
  - lastTransitionTime: "2024-03-21T16:33:00Z"
    message: repository up-to-date
    observedGeneration: 1
    reason: Succeeded
    status: "True"
    type: Ready
  lastAutomationRunTime: "2024-03-21T16:33:00Z"
  lastPushCommit: 62b92bfe37b7dfa97d3870b29db211f2145917fd
  lastPushTime: "2024-03-21T16:31:42Z"
  observedGeneration: 1
  observedPolicies:
    podinfo-policy:
      name: ghcr.io/stefanprodan/podinfo
      tag: 4.0.6
    podinfo-test:
      name: ghcr.io/stefanprodan/podinfo
      tag: 4.0.0
    podinfo-test-1:
      name: ghcr.io/stefanprodan/podinfo
      tag: 4.0.6
  observedSourceRevision: main@sha1:62b92bfe37b7dfa97d3870b29db211f2145917fd

Just the status gets updated with new information.

[souleb]

Tested it manually in a kind cluster with various scenarios:

• migration from v1beta1 to v1beta1
• use Result
• use ResultV2
• use policySelector

Status:
  Conditions:
    Last Transition Time:     2024-03-28T09:08:22Z
    Message:                  repository up-to-date
    Observed Generation:      2
    Reason:                   Succeeded
    Status:                   True
    Type:                     Ready
  Last Automation Run Time:   2024-03-28T10:08:23Z
  Last Handled Reconcile At:  2024-03-28T10:58:14.243605+01:00
  Last Push Commit:           f5167f60f1d90eb81ed30eabc7b0e562280cb2ef
  Last Push Time:             2024-03-28T10:07:39Z
  Observed Generation:        2
  Observed Policies:
    Backend - Memcached:
      Name:  registry-1.docker.io/bitnamicharts/memcached
      Tag:   7.0.3
    Backend - Redis:
      Name:  registry-1.docker.io/bitnamicharts/redis
      Tag:   19.0.1
    Frontend - Podinfo:
      Name:                  ghcr.io/stefanprodan/charts/podinfo
      Tag:                   6.6.1
  Observed Source Revision:  main@sha1:f5167f60f1d90eb81ed30eabc7b0e562280cb2ef
Events:
  Type    Reason     Age   From                         Message
  ----    ------     ----  ----                         -------
  Normal  Succeeded  11m (x5 over 60m)  image-automation-controller  repository up-to-date
  Normal  Succeeded  97s                image-automation-controller  pushed commit 'be01557' to branch 'main'
Automated image update

Automation name: apps-update/flux-apps

Files:
- backend/base/memcached.yaml
Objects:
- HelmRelease memcached
  Changes:
    - 7.0.2 -> 7.0.3
  Normal  Succeeded  96s  image-automation-controller  pushed commit 'f5167f6' to branch 'main'
Automated image update

Automation name: apps-update/flux-apps

Files:
- frontend/base/podinfo.yaml
Objects:
- HelmRelease podinfo
  Changes:
    - 6.6.0 -> 6.6.1
  Normal  Succeeded  51s (x3 over 32m)  image-automation-controller  no change since last reconciliation