Skip to content
This repository has been archived by the owner on Aug 19, 2023. It is now read-only.

feat(github-release)!: Update flux-installation to v2.0.1 #554

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

iudicael-bot[bot]
Copy link
Contributor

@iudicael-bot iudicael-bot bot commented Jul 5, 2023

This PR contains the following updates:

Package Update Change
flux-installation major v0.34.0 -> v2.0.1

Release Notes

fluxcd/flux2

v2.0.1

Compare Source

Highlights

Flux v2.0.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

💡 For upgrading from Flux v0.x, please see the procedure documented in 2.0.0.

Fixes
  • Fix AWS auth for cross-region ECR repositories (source-controller, image-reflector-controller).
  • Prevent spurious alerts for skipped resources (kustomize-controller).
  • List removed resources for flux diff ks --kustomization-file (flux CLI).
  • Fix SLSA provenance generation for the Flux CLI binaries.

Components changelog

CLI Changelog

New Documentation

v2.0.0

Compare Source

Highlights

This is the first General Availability (GA) release of Flux v2.

Flux v2.0.0 comes with the promotion of the GitOps related APIs to v1 and adds horizontal scaling & sharding capabilities to Flux controllers. The Git bootstrap capabilities provided by the Flux CLI and by Flux Terraform Provider are now considered stable and production ready.

Starting with this version, the build, release and provenance portions of the Flux project supply chain provisionally meet SLSA Build Level 3.

Flux GA is fully integrated with Kubernetes Workload Identity for AWS, Azure and Google Cloud to facilitate passwordless authentication to OCI sources (container images, OCI artifacts, Helm charts).

The Flux alerting capabilities have been extended with PagerDuty and Google Pub/Sub support. The improved Alert v1beta2 API provides better control over events filtering and allows users to enrich the alerts with custom metadata.

Supported versions

Starting with this version, the Flux CLI and the GA components (source-controller, kustomize-controller and notification-controller) follow the release cadence and support pledge documented in the Flux release specification.

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.24 >= 1.24.0
v1.25 >= 1.25.0
v1.26 >= 1.26.0
v1.27 >= 1.27.1

Note that Flux may work on older versions of Kubernetes e.g. 1.19, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

Flux ecosystem support

The following (open-source) extensions & integrations are compatible with this Flux release, starting from the specified minimum version or higher.

Type Project Version
Flux Web UI weave-gitops 0.26.0
Terraform integration tf-controller 0.15.0

API changes

GitRepository v1

The GitRepository kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

  • the deprecated field .spec.gitImplementation was removed
  • the unused field .spec.accessFrom was removed
  • the deprecated field .status.contentConfigChecksum was removed
  • the deprecated field .status.artifact.checksum was removed
  • the .status.url was removed (replaced by .status.artifact.url)
Kustomization v1

The Kustomization kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

A new optional field .spec.commonMetadata was added to the API for setting labels and/or annotations to all resources part of a Kustomization.

The v1 API is backwards compatible with v1beta2, except for the following:

  • the deprecated field .spec.validation was removed
  • the deprecated field .spec.patchesStrategicMerge was removed (replaced by .spec.patches)
  • the deprecated field .spec.patchesJson6902 was removed (replaced by .spec.patches)
Receiver v1

The Receiver kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

  • the deprecated field .status.url was removed (replaced by .status.webhookPath)

Upgrade procedure

Upgrade Flux from v0.x to v2.0.0 either by rerunning bootstrap or by using the Flux GitHub Action.

To upgrade the APIs from v1beta2, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

  1. Remove the deprecated fields from the GitRepository and Kustomization definitions.
  2. Commit, push and reconcile the fields removal changes.
  3. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain GitRepository definitions.
  4. Set apiVersion: kustomize.toolkit.fluxcd.io/v1 in the YAML files that contain Flux Kustomization definitions.
  5. Set apiVersion: notification.toolkit.fluxcd.io/v1 in the YAML files that contain Receiver definitions.
  6. Update the API version of GitRepository and Kustomization objects present in the .spec.resources list of Receiver definitions.
  7. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta versions will be removed after 6 months.

New Documentation

❤️ Big thanks to all the Flux contributors that helped us reach this milestone!
👏 And a special shoutout to the Flux community who supported us over the years!

Components changelog

CLI Changelog

v0.41.2

Compare Source

Flux v0.41.2 is a patch release which fixes a range of bugs found in the controllers. Please refer to the individual component changelogs for more information.

💡 For more information about other features introduced in v0.41.0, please refer to the changelog for this version.

Components Changelog

CLI Changelog

v0.41.1

Compare Source

Flux v0.41.1 is a patch release which extends the helm-controller's OOM watch feature introduced in v0.41.0 with support for automatic detection of cgroup v1 paths, and flags to configure alternative paths using --oom-watch-max-memory-path and --oom-watch-current-memory-path.

💡 For more information about other features introduced in v0.41.0, please refer to the changelog for this version.

Components changelog

CLI Changelog

v0.41.0

Compare Source

Flux v0.41.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Features and improvements

  • Experimental support of drift detection of Helm releases compared to cluster-state.
  • Improved handling of SIGTERM signals received by the helm-controller, which will now terminate running Helm install or upgrade actions, instead of potentially leaving them in a pending state.
  • Opt-in OOM watcher in helm-controller to handle graceful termination of the controller before it is forcefully killed by Kubernetes' OOM killer.
  • Kubernetes client and Custom Resource Definition life-cycle improvements to reduce the memory consumption of the helm-controller, with observed reductions up to 50%.
  • Opt-in allowance of DNS lookups during the rendering of Helm templates in the helm-controller via feature gate.
  • Optional disabling of the cache of the status poller used to determine the health of the resources applied by the kustomize-controller. This may improve memory usage on large scale clusters at the cost of more direct API calls.
  • Changes to the logging of all controllers to ensure Kubernetes components like the discovery client use the configured logging format.
  • New flux events command to display Kubernetes events for Flux resources, including the events of a referenced resource.
  • Custom annotations can now be set with flux push using --annotations.

New documentation

Components changelog

CLI Changelog

v0.40.2

Compare Source

Flux v0.40.2 is a patch release which includes an update of the notification-controller to prevent an issue with the default API version used for ImageRepositories when no specific version is configured on a Receiver. Users are encouraged to upgrade for the best experience.

⚠️ Note that v0.40.0 contained breaking changes, please refer to the changelog for more information.

Components changelog

CLI Changelog

v0.40.1

Compare Source

Flux v0.40.1 is a patch release which includes an update of the source-controller to prevent excessive memory usage while reconciling HelmRepository objects. Users are encouraged to upgrade for the best experience.

⚠️ Note that v0.40.0 contained breaking changes, please refer to the changelog for more information.

Components changelog

CLI Changelog

v0.40.0

Compare Source

Highlights

Flux v0.40.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

Image Automation

The image-reflector-controller autologin flags have been deprecated and are no longer used.
Please see the new API specification and migration instructions in the controller changelog.

Notifications

The source revision format reported by the Flux controllers has changed according to RFC-0005.
The events referring to Git repositories, will report the revision in the format <branch|tag>@&#8203;sha1:<commit> instead of <branch|tag>/<commit>.
For more details please see the source-controller changelog.

OCI artifacts

The OCI artifacts produced with flux push artifact have now custom media types:

  • artifact media type application/vnd.oci.image.manifest.v1+json
  • config media type application/vnd.cncf.flux.config.v1+json
  • content media type application/vnd.cncf.flux.content.v1.tar+gzip
Features and improvements
  • The GitRepository API has a new optional field .spec.ref.name for specifying a Git Reference.
    This allows Flux to reconcile resources from GitHub Pull Requests (refs/pull/<id>/head) and GitLab Merge Requests (refs/merge-requests/<id>/head).
  • The ImageRepository and ImagePolicy APIs have been promoted to v1beta2.
  • Allow specifying the cloud provider contextual login for container registries with ImageRepository.spec.provider.
  • Improve observability of ImageRepository by showing the latest scanned tags under .status.lastScanResult.latestTags.
  • Improve observability of ImagePolicy by reporting the current and previous image tag in status and events.
  • The Kubernetes builtin cluster roles: view, edit and admin have been extended to allow access to Flux custom resources.
  • Print a report of Flux custom resources and the amount of cumulative storage used for each source type with flux stats -A.
New Documentation

Components changelog

CLI Changelog

v0.39.0

Compare Source

Highlights

Flux v0.39.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Starting with this version, the Flux controllers come with SBOMs and SLSA Provenance Attestations embedded in their container images.

The Flux Terraform Provider has a new resource for bootstrapping Flux, without depending on third-party Terraform providers, that allows customising the controllers at install time. Users are encouraged to migrate to this new resources and provide feedback.

The Flux CLI is now included in Wolfi OS, the Linux (Un)distro designed for securing the software supply chain. The Chainguard team and Wolfi maintainers are shipping updates for the Flux package on a regular basis.

Features and improvements
  • Recreate immutable resources (e.g. Kubernetes Jobs) by annotating or labeling them with kustomize.toolkit.fluxcd.io/force: enabled.
  • Support for HTTPS bearer token authentication for Git repositories.
  • Improve memory usage by disabling the caching of Secret and ConfigMap resources in all controllers.
  • Better observability with progressive status updates for Sources (Git, OCI, Helm, S3 Buckets).
  • Allow extracting the OCI artifact SHA256 digest for Cosign with flux push artifact -o json.
  • Track CRDs managed by Flux, flux trace and flux tree will show which HelmRelease deployed which CRDs.
  • Allow the Flux GitHub Action to use a GitHub token when checking for updates to avoid rate limiting.
New documentation

Components changelog

CLI Changelog

v0.38.3

Compare Source

Highlights

Flux v0.38.3 is a patch release that comes with fixes and small improvements to the CLI.
Users are encouraged to upgrade for the best experience.

CLI Changelog

v0.38.2

Compare Source

Flux v0.38.2 is a patch release that comes with fixes for the Notification API v1beta1 to v1beta2 upgrade.
In addition, this release improves the handling of the graceful shutdown for helm-controller.
Users are encouraged to update Flux directly to v0.38.2 for the best experience.

Components changelog

CLI Changelog

v0.38.1

Compare Source

Flux v0.38.1 is a patch release that comes with fixes for the Notification API v1beta1 to v1beta2 upgrade.
Users are encouraged to update Flux directly to v0.38.1 for the best experience.

Changelog

v0.38.0

Compare Source

Highlights

Flux v0.38.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Notification API v1beta2

This release graduates the Notification APIs to v1beta2. After upgrading the controllers on your clusters, you need to update the notification Custom Resources in Git by replacing notification.toolkit.fluxcd.io/v1beta1 with notification.toolkit.fluxcd.io/v1beta2 in all YAML manifests.

Breaking changes
  • The Alert.spec.summary has a max length of 255 characters.
  • The Provider.spec.address and Provider.spec.proxy have a max length of 2048 characters.
  • The Receiver.status.url was deprecated in favour of Receiver.status.webhookPath.

For more details about v1beta2 please see the notification-controller chagelog and the API spec documentation.

Features and improvements
  • Support for defining Kustomize components with Kustomization.spec.components.
  • Support for piping multi-doc YAMLs when publishing OCI artifacts with kustomize build . | flux push artifact --path=-.
  • Support for Gitea commit status updates with Provider.spec.type set to gitea.
  • Improve the memory usage of helm-controller by disabling the caching of Secret and ConfigMap resources.
  • Update the Helm SDK to v3.10.3 (fix for Helm CVEs).
  • All code references to libgit2 were removed, and the GitRepository.spec.gitImplementation field is no longer being honored.
Documentation improvements

The official example repository was refactored. The new version comes with the following improvements:

  • Make the example compatible with ARM64 Kubernetes clusters.
  • Add Weave GitOps Helm release to showcase the Flux UI.
  • Replace the ingress-nginx Bitnami chart with the official one that contains multi-arch container images.
  • Add cert-manager Helm release to showcase how to install CRDs and custom resources using dependsOn.
  • Add Let's Encrypt ClusterIssuer to showcase how to patch resources in production with Flux Kustomization.
  • Add the flux-system overlay to showcase how to configure Flux at bootstrap time.

Components changelog

CLI Changelog

v0.37.0

Compare Source

Highlights

Flux v0.37.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes
Deprecation of gitImplementation

The interpretation of the gitImplementation field of GitRepository by source-controller and image-automation-controller has been deprecated, and will effectively always use go-git. This now supports all Git servers, including Azure DevOps and AWS CodeCommit, which previously were only supported by libgit2.

To opt-out from this behaviour, and get the controller to honour the field .spec.gitImplementation, start the controller with: --feature-gates=ForceGoGitImplementation=false.

For more information on this change, refer to the controllers's respective changelogs listed below.

Automatic force-push of ImageUpdateAutomation

Starting from this version, ImageUpdateAutomation objects with a .spec.PushBranch specified will have the push branch refreshed automatically via force push. To opt-out from this behaviour, start the controller with: --feature-gates=GitForcePushBranch=false.

Features and improvements
  • Support for bootstrapping Azure DevOps and AWS CodeCommit repositories using flux bootstrap git.
  • Support cloning of Git v2 protocol (Azure DevOps and AWS CodeCommit) for go-git Git provider.
  • Support force-pushing ImageUpdateAutomation repositories.
  • Allow a dry-run of flux build kustomization with --dry-run and --kustomization-file ./path/to/local/my-app.yaml. Using these flags, variable substitutions from Secrets and ConfigMaps are skipped, and no connection to the cluster is made.
  • Use signed OCI Helm chart for kube-prometheus-stack.
New documentation

Components changelog

CLI Changelog

v0.36.0

Compare Source

Highlights

Flux v0.36.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Features and improvements
  • Verify OCI Helm charts signed by Cosign (including keyless) with HelmChart.spec.verify.
  • Allow publishing a single YAML file to OCI with flux push artifact <URL> --path=deploy/install.yaml.
  • Detect changes to local files before pushing to OCI with flux diff artifact <URL> --path=<local files>.
  • New Alert Provider type named generic-hmac for authenticating the webhook requests coming from notification-controller.
  • The Kustomization.status.conditions have been aligned with Kubernetes standard conditions and kstatus.
  • The kustomize-controller memory usage was reduced by 90% when performing artifact operations.
New documentation

Components changelog

CLI Changelog


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@iudicael-bot iudicael-bot bot requested a review from Iudicael as a code owner July 5, 2023 14:19
@iudicael-bot iudicael-bot bot added renovate/github-release type/major size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. area/cluster Changes made in the cluster directory labels Jul 5, 2023
@iudicael-bot
Copy link
Contributor Author

iudicael-bot bot commented Jul 5, 2023

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ COPYPASTE jscpd yes no 1.08s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY secretlint yes no 1.24s
✅ YAML prettier 1 0 0.45s
✅ YAML yamllint 1 0 0.22s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@iudicael-bot iudicael-bot bot changed the title feat(github-release)!: Update flux-installation to v2.0.0 feat(github-release)!: Update flux-installation to v2.0.1 Jul 5, 2023
@iudicael-bot iudicael-bot bot force-pushed the renovate/flux-installation-2.x branch from 9f5b964 to eda776f Compare July 5, 2023 15:54
@iudicael-bot iudicael-bot bot changed the title feat(github-release)!: Update flux-installation to v2.0.1 feat(github-release)!: Update flux-installation to v2.0.0 Jul 5, 2023
@iudicael-bot iudicael-bot bot force-pushed the renovate/flux-installation-2.x branch from eda776f to b618647 Compare July 5, 2023 16:26
| datasource  | package      | from    | to     |
| ----------- | ------------ | ------- | ------ |
| github-tags | fluxcd/flux2 | v0.34.0 | v2.0.1 |
@iudicael-bot iudicael-bot bot changed the title feat(github-release)!: Update flux-installation to v2.0.0 feat(github-release)!: Update flux-installation to v2.0.1 Jul 11, 2023
@iudicael-bot iudicael-bot bot force-pushed the renovate/flux-installation-2.x branch from b618647 to 1e301f4 Compare July 11, 2023 12:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area/cluster Changes made in the cluster directory renovate/github-release size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/major
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants