This release makes some minor improvements to SecureJoin:
Some changes were made to how lexical components are handled during
resolution. There is no change in behaviour, and both implementations
are safe, however the newer implementation is much easier to reason
about.
The error returned when a symlink loop has been detected will now
reference the correct path. #10
Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.
For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.
This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.
The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.
❤️ Big thanks to all the Flux contributors that helped us with this release!
Kubernetes compatibility
This release is compatible with the following Kubernetes versions:
Kubernetes version
Minimum required
v1.28
>= 1.28.0
v1.29
>= 1.29.0
v1.30
>= 1.30.0
[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.
API changes
HelmRelease v2
The HelmRelease kind was promoted from v2beta2 to v2 (GA).
The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.
Removed fields:
.spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.
.spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.
.spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.
.status.lastAppliedRevision replaced by .status.history.chartVersion.
New fields:
.spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.
.spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.
HelmChart v1
... (truncated)
Commits
896e0fa Merge pull request #4785 from fluxcd/dependabot/github_actions/ci-f6abfb4cf0
8d75df8 build(deps): bump the ci group with 3 updates
dd7ef7d Merge pull request #4766 from fluxcd/reconcile-hr-with-chartref
5feee5c Add support for creating HR with .spec.ChartRef
0d0285a Enable reconciling HelmReleases with ChartRef
86b3581 Merge pull request #4783 from fluxcd/conformance-tests
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
This minor release comes with new features, improvements and bug fixes.
The controller has been updated to Kustomize v5.4, please see the
kubernetes-sigs/kustomizechangelog
for more details.
The Flux Kustomization API gains two optional fields .spec.namePrefix and .spec.nameSuffix
that can be used to specify a prefix and suffix to be added to the names
of all managed resources.
The controller now supports the --feature-gates=StrictPostBuildSubstitutions=true
flag, when enabled the post-build substitutions will fail if a
variable without a default value is declared in files but is
missing from the input vars.
When using variable substitution with values that are numbers or booleans,
it is now possible to covert the values to strings, for more details see the
post-build documentation.
In addition, the controller dependencies have been updated to Kubernetes v1.30
and controller-runtime v0.18. Various other dependencies have also been updated to
their latest version to patch upstream CVEs.
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.
The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.
This minor release promotes the Helm APIs to GA, and comes with new features,
improvements and bug fixes.
HelmRepository
The HelmRepository API has been promoted from v1beta2 to v1 (GA).
The v1 API is backwards compatible with v1beta2.
For HelmRepository of type oci, the .spec.insecure field allows connecting
over HTTP to an insecure non-TLS container registry.
To upgrade from v1beta2, after deploying the new CRD and controller,
set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that
contain HelmRepository definitions.
Bumping the API version in manifests can be done gradually.
It is advised not to delay this procedure as the beta versions will be removed after 6 months.
HelmChart
The HelmChart API have been promoted from v1beta2 to v1 (GA).
The v1 API is backwards compatible with v1beta2, with the exception
of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.
A new optional field .spec.ignoreMissingValuesFiles has been added,
which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.
A new optional field .spec.ref.semverFilter has been added,
which allows the controller to filter the tags based on regular expressions
before applying the semver range. This allows
picking the latest release candidate
instead of the latest stable release.
In addition, the controller has been updated to Kubernetes v1.30.0,
Helm v3.14.4, and various other dependencies to their latest version
to patch upstream CVEs.
... (truncated)
Commits
a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
Bumps the go group with 30 updates:
5.23.0
5.31.1
0.2.4
0.2.5
1.15.0
1.16.0
2.0.0-rc.3
2.3.0
0.18.1-0.20230706132206-211750e8915d
0.20.1
1.1.0
1.3.0
1.1.2
1.5.0
0.11.0
0.19.0
0.8.1
0.19.0
1.3.4
1.11.0
0.28.2
0.39.1
1.1.0
1.3.0
1.4.3
1.4.4
1.3.0
1.4.1
0.0.0-20230713123140-269aa4fb1338
0.4.3
0.9.0
0.12.1
0.4.0
0.6.1
0.4.1
0.8.0
0.16.1
0.19.0
0.7.0
0.9.1
0.11.0
0.13.1
1.1.0-rc5
1.1.0
0.2.0
0.4.0
1.8.0
1.8.1
1.8.4
1.9.0
0.15.0
0.20.0
0.0.0-20230726121419-3b25d923346b
0.0.0-20240310230437-4693a0247e57
2.3.0
2.4.0
0.35.0
0.36.0
0.2.0
0.4.0
Updates
github.com/containers/image/v5
from 5.23.0 to 5.31.1Release notes
Sourced from github.com/containers/image/v5's releases.
... (truncated)
Commits
57695f8
[release-5.31] Bump to v5.31.1edcf253
Don't abort listing tags when we encounter a digest2281641
Merge pull request #2431 from TomSweeneyRedHat/dev/tsweeney/5.31.1-dev9ac505f
[release-5.31] Bump c/image to v5.31.1-devb5a7587
Bump c/image to v5.31.021ac79b
Merge pull request #2428 from mtrmac/als-toc-fixes45f4f23
Don't completely ignore already-computed image size if we see an ALS layer27516f3
Don't modify a storage.Layer returned by c/storagec2327e4
Don't unnecessarily trust the ALS FUSE server about the TOC digestdb02dee
Merge pull request #2426 from containers/renovate/github.com-containers-stora...Updates
github.com/cyphar/filepath-securejoin
from 0.2.4 to 0.2.5Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Commits
d861a11
VERSION: release v0.2.587bc53a
join: fix ELOOP error pathe9be397
join: don't allow .. and . in working path during resolution75cdbea
gha: update Go versionsb69b737
VERSION: back to developmentUpdates
github.com/fatih/color
from 1.15.0 to 1.16.0Release notes
Sourced from github.com/fatih/color's releases.
Commits
0f9779e
Merge pull request #213 from fatih/dependabot/go_modules/golang.org/x/sys-0.14.00c78604
Bump golang.org/x/sys from 0.13.0 to 0.14.096e0f73
Merge pull request #208 from fatih/dependabot/github_actions/actions/checkout-44c66e32
Bump actions/checkout from 3 to 42fb03d6
Merge pull request #202 from fatih/dependabot/github_actions/actions/setup-go-48ba7bbd
Bump actions/setup-go from 3 to 4e3f97f3
Merge pull request #209 from fatih/dependabot/go_modules/golang.org/x/sys-0.13.0e146575
Bump golang.org/x/sys from 0.10.0 to 0.13.0d2d7a5e
Merge pull request #212 from fatih/dependabot/go_modules/github.com/mattn/go-...f3e45da
Merge branch 'main' into dependabot/go_modules/github.com/mattn/go-isatty-0.0.20Updates
github.com/fluxcd/flux2/v2
from 2.0.0-rc.3 to 2.3.0Release notes
Sourced from github.com/fluxcd/flux2/v2's releases.
... (truncated)
Commits
896e0fa
Merge pull request #4785 from fluxcd/dependabot/github_actions/ci-f6abfb4cf08d75df8
build(deps): bump the ci group with 3 updatesdd7ef7d
Merge pull request #4766 from fluxcd/reconcile-hr-with-chartref5feee5c
Add support for creating HR with .spec.ChartRef0d0285a
Enable reconciling HelmReleases with ChartRef86b3581
Merge pull request #4783 from fluxcd/conformance-tests32804f6
ci: Consolidate conformance tests070fa0f
Merge pull request #4781 from fluxcd/drop-kubernetes-eol9ef9464
Update kubectl to 1.30.0 in flux-cli imaged8e6199
Set Kubernetes 1.28 as min required versionUpdates
github.com/fluxcd/go-git-providers
from 0.18.1-0.20230706132206-211750e8915d to 0.20.1Release notes
Sourced from github.com/fluxcd/go-git-providers's releases.
Commits
Updates
github.com/fluxcd/kustomize-controller/api
from 1.1.0 to 1.3.0Release notes
Sourced from github.com/fluxcd/kustomize-controller/api's releases.
... (truncated)
Changelog
Sourced from github.com/fluxcd/kustomize-controller/api's changelog.
... (truncated)
Commits
83fbfee
Merge pull request #1157 from fluxcd/release-v1.3.0458d7e2
Release v1.3.04a02b3f
Add changelog entry for v1.3.0882f6a7
Merge pull request #1154 from fluxcd/dependabot/github_actions/ci-b23e0286c6dfcd4ed
Merge pull request #1155 from fluxcd/source-controller-1.3.0e81120a
build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group780954f
Update source-controller API to v1.3.099792de
Merge pull request #1152 from dipti-pai/remove-deprecated-aad-podidentity-reffc663de
Remove references aad pod identityf0f9b03
Merge pull request #1149 from fluxcd/dependabot/github_actions/ci-cfa2b75493Updates
github.com/fluxcd/pkg/apis/meta
from 1.1.2 to 1.5.0Commits
e32ccc2
Merge pull request #763 from fluxcd/kubernetes-1.302b974af
Update sigs.k8s.io/controller-tools to v0.15.052c1fc5
Update sigs.k8s.io/controller-runtime to v0.18.0c906252
Update dependencies to Kubernetes 1.3092c1348
Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560ccb916a
build(deps): bump the ci group with 3 updates6081556
Merge pull request #761 from fluxcd/kustomize-name-prefix-suffixabf5675
kustomize: Add support fornamePrefix
andnameSuffix
98d2522
Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6defcd824
build(deps): bump docker/setup-buildx-action in the ci groupUpdates
github.com/fluxcd/pkg/git
from 0.11.0 to 0.19.0Commits
e32ccc2
Merge pull request #763 from fluxcd/kubernetes-1.302b974af
Update sigs.k8s.io/controller-tools to v0.15.052c1fc5
Update sigs.k8s.io/controller-runtime to v0.18.0c906252
Update dependencies to Kubernetes 1.3092c1348
Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560ccb916a
build(deps): bump the ci group with 3 updates6081556
Merge pull request #761 from fluxcd/kustomize-name-prefix-suffixabf5675
kustomize: Add support fornamePrefix
andnameSuffix
98d2522
Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6defcd824
build(deps): bump docker/setup-buildx-action in the ci groupUpdates
github.com/fluxcd/pkg/git/gogit
from 0.8.1 to 0.19.0Commits
e32ccc2
Merge pull request #763 from fluxcd/kubernetes-1.302b974af
Update sigs.k8s.io/controller-tools to v0.15.052c1fc5
Update sigs.k8s.io/controller-runtime to v0.18.0c906252
Update dependencies to Kubernetes 1.3092c1348
Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560ccb916a
build(deps): bump the ci group with 3 updates6081556
Merge pull request #761 from fluxcd/kustomize-name-prefix-suffixabf5675
kustomize: Add support fornamePrefix
andnameSuffix
98d2522
Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6defcd824
build(deps): bump docker/setup-buildx-action in the ci groupUpdates
github.com/fluxcd/pkg/kustomize
from 1.3.4 to 1.11.0Commits
3790516
Merge pull request #767 from fluxcd/up-internal-deps37ea30c
Update internal dependenciese32ccc2
Merge pull request #763 from fluxcd/kubernetes-1.302b974af
Update sigs.k8s.io/controller-tools to v0.15.052c1fc5
Update sigs.k8s.io/controller-runtime to v0.18.0c906252
Update dependencies to Kubernetes 1.3092c1348
Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560ccb916a
build(deps): bump the ci group with 3 updates6081556
Merge pull request #761 from fluxcd/kustomize-name-prefix-suffixabf5675
kustomize: Add support fornamePrefix
andnameSuffix
Updates
github.com/fluxcd/pkg/ssa
from 0.28.2 to 0.39.1Commits
adcfcbe
Merge pull request #769 from fluxcd/controller-runtime-v0.18.10e74a82
Update runtime pkg docsb329d92
Update dependencies to controller-runtime v0.18.1d0bf8ed
Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb14f05d7
build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group3790516
Merge pull request #767 from fluxcd/up-internal-deps37ea30c
Update internal dependenciese32ccc2
Merge pull request #763 from fluxcd/kubernetes-1.302b974af
Update sigs.k8s.io/controller-tools to v0.15.052c1fc5
Update sigs.k8s.io/controller-runtime to v0.18.0Updates
github.com/fluxcd/source-controller/api
from 1.1.0 to 1.3.0Release notes
Sourced from github.com/fluxcd/source-controller/api's releases.
... (truncated)
Changelog
Sourced from github.com/fluxcd/source-controller/api's changelog.
... (truncated)
Commits
a80a99b
Merge pull request #1472 from fluxcd/release-v1.3.070901f8
Release v1.3.005ab8b1
Add changelog entry for v1.3.0c9bf167
Merge pull request #1298 from fluxcd/phony-buildcc3d495
ci: Print controller logs after e2e run0bd5b95
Rename make targetbuild
tomanager
edccfe9
Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c69ce2d61
build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group16eeeef
Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc338598b8d
build(deps): bump google.golang.org/apiUpdates
github.com/gabriel-vasile/mimetype
from 1.4.3 to 1.4.4Release notes
Sourced from github.com/gabriel-vasile/mimetype's releases.
Commits
43192c8
Bump the github-actions group across 1 directory with 3 updates (#534)07821d3
Using io.ReadAll instead of ioutil.ReadAll (#525)9bd6023
github actions & readme: remove codecov badge (#533)ff4d3d0
improve performance for text detection (#532)Mend Scan Summary: :x:
Repository: open-component-model/MPAS
Detailed Logs: mend-scan-> Generate Report Mend UI
Superseded by #226.