chore(deps): update dependency fluxcd/flux2 to v0.33.0 #1451
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate-self-hosted[bot]](https://avatars.githubusercontent.com/u/20387402?s=60&v=4){kind=small}
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.28.5->v0.33.0Release Notes
fluxcd/flux2
v0.33.0Compare Source
Highlights
Flux v0.33.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Features and improvements
flux list artifacts.flux push artifact.New documentation
Components changelog
CLI Changelog
--filter-semverand--filter-regexflags tolist artifacts--ignore-pathsarg toflux build|push artifactv0.32.0Compare Source
Highlights
Flux v0.32.0 comes with support for distributing Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts.
For more information please see the Flux OCI documentation.
New features
flux push|pull|tag artifactfor publishing OCI Artifacts to container registries.Components changelog
CLI Changelog
flux logs.SRCINFOissuespkgnameis bottom entry in .SRCINFOv0.31.5Compare Source
Highlights
Flux v0.31.5 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience.
Fixes
Improvements
Component changelog
CLI Changelog
v0.31.4Compare Source
Highlights
Flux v0.31.4 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience.
Fixes
azure/exchanger.go.Improvements
Components changelog
CLI Changelog
v0.31.3Compare Source
Highlights
Flux v0.31.3 is a patch release that comes with fixes. Users are encouraged to upgrade for the best experience.
Fixes
Components changelog
CLI Changelog
--brancharg to the basic auth examplev0.31.2Compare Source
Highlights
Flux v0.31.2 is a patch release that comes with fixes and small improvements. Users are encouraged to upgrade for the best experience.
Fixes and improvements
libgit2managed transportlibgit2error messages when the known hosts check failslibgit2managed transportflux logswhen running Flux inside a service meshflux reconcile source helmwhen using Helm OCIflux create hr --values-fromflux checkImageRepository,ImagePolicyandImageUpdateAutomationresources to properly record the metrics for deleted resourcesComponents changelog
CLI Changelog
ocitype -reconcile_source_helmflux create hr --values-fromflux checkcommandv0.31.1Compare Source
Highlights
Flux v0.31.1 is a patch release that comes with important fixes and documentation improvements. Users are encouraged to upgrade for the best experience.
Fixes
libgit2SSH host key verification (source-controller & image-automation-controller)Documentation improvements
.dockerconfigjsonfilesComponents changelog
CLI Changelog
v0.31.0Compare Source
Highlights
Flux v0.31.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
Flux is no longer compatible with kubeconfigs using
client.authentication.k8s.io/v1alpha1, this version was deprecated and removed in Kubernetes 1.24. Please follow these instructions on how to update kubeconfig toclient.authentication.k8s.io/v1beta1.New features
type: oci.For more information please see the Helm OCI documentation.
type: githubdispatch.For more information please see the GitHub dispatch provider documentation.
New guides
New improvements and fixes
libgit2managed transport feature has been enabled by default to improve the Azure DevOps and AWS CodeCommit Git operations.Components changelog
CLI Changelog
--kubeconfig-secret-reftoflux create ks|hr--allow-insecure-httptobootstrap gitcreate source helm--ignore-pathsflag toflux create source (git|bucket)v0.30.2Compare Source
Flux v0.30.2 is a patch release with further patches around working with the macOS file-system.
Note that v0.29.0 included breaking changes, and v0.30.0 new features.
CLI Changelog
v0.30.1Compare Source
Flux v0.30.1 is a patch release fixing a regression bug introduced in v0.30.0, which prevented macOS users from upgrading Flux using bootstrap due to FS security constraints.
Note that v0.29.0 included breaking changes, and v0.30.0 new features.
CLI Changelog
v0.30.0Compare Source
Flux v0.30.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Note that v0.29.0 included breaking changes.
Features and improvements
Support for disabling remote bases in Kustomize overlays
This release adds support to the kustomize-controller for disallowing remote bases in Kustomize overlays using
--no-remote-bases=true(default:false). When this flag is enabled on the controller, all resources must refer to local files included in the Source Artifact, meaning only the Flux Sources can affect the cluster-state. Users are advised to enable it on production systems for security and performance reasons.Support for defining a KubeConfig Secret data key
Both
KustomizationandHelmReleaseresources do now accept a.spec.kubeConfig.SecretRef.keydefinition. When the value is specified, the KubeConfig JSON is retrieved from this data key in the referred Secret, instead of the defaults (valueorvalue.yaml).Support for defining a ServiceAccountName in ImageRepository objects
The
ImageRepositoryobject does now accept a.spec.serviceAccountNamedefinition. When specified, the image pull secrets attached to the ServiceAccount are used to authenticate towards the registry.Components Changelog
CLI Changelog
fluxcd/pkgv0.29.5Compare Source
Flux v0.29.5 is patch release which improves the Condition handling of
HelmRepositoryresources, and handling of file formats while decrypting Secret generator entries with SOPS to ensure encrypted files in format A can be decrypted to target format B.In addition, we now recover from Kustomize build panics to guarantee continuity of operations when running into invalid object data.
Note that v0.29.0 includes breaking changes.
Components Changelog
CLI Changelog
v0.29.4Compare Source
Flux v0.29.4 is patch release with memory consumption improvements for the reconciliation of
HelmRepositoryresources.Note that v0.29.0 includes breaking changes.
Components Changelog
CLI Changelog
v0.29.3Compare Source
Flux v0.29.3 is patch release which fixes a regression bug where the source-controller would panic in further to be identified edge-case scenarios in which a
HelmRepositoryArtifact would not have a Size.In addition, the flags for configuring the exponential back-off retry have been made available in the kustomize-controller.
Note that v0.29.0 includes breaking changes.
Components Changelog
CLI Changelog
v0.29.2Compare Source
Flux v0.29.2 is patch release that comes with dependency updates to please static security analyzers.
Note that v0.29.0 includes breaking changes.
Components Changelog
CLI Changelog
v0.29.1Compare Source
Flux v0.29.1 is patch release that comes with a regression bug fix for Kustomizations files that contain remote references.
Note that v0.29.0 includes breaking changes.
Components Changelog
CLI Changelog
v0.29.0Compare Source
Flux v0.29.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
source-controller
RUNTIME_NAMESPACEenvironment variable is no longer taken into account to configure the advertised HTTP/Saddress of the storage. Instead, variable substitution must be used, as described in the changelog entry for
v0.5.2.TLSClientConfig.CAFile,TLSClientConfig.KeyFile,TLSClientConfig.CertFileandBearerTokenFile). The drive behind the change was to discourage insecure practices of mounting Kubernetes tokens inside the controller's container file system.TLSClientConfig.Insecurein KubeConfig file is disabled by default, but can be enabled at controller level with the flag--insecure-kubeconfig-tls.ExecProviderin KubeConfig file is now disabled by default, but can be enabled at controller level with the flag--insecure-kubeconfig-exec.Features and improvements
Notification Improvements
A new notification is now emitted to identify recovery from failures. It is triggered when a failed reconciliation is followed by a successful one, and the notification message is the same that's sent in usual successful source reconciliation message about the stored artifact.
In-memory cache for HelmRepository
The opt-in in-memory cache for
HelmRepositoryaddresses issues where the index file is loaded and unmarshalled in concurrent reconciliation resulting in a heavy memory footprint. It can be configured using the flags:--helm-cache-max-size,--helm-cache-ttl,--helm-cache-purge-interval.Configurable retention of Source Artifacts
Garbage Collection is enabled by default, and now its retention options are configurable with the flags:
--artifact-retention-ttl(default:60s) and--artifact-retention-records(default:2). They define the minimum time to live and the maximum amount of artifacts to survive a collection.Configurable Key Exchange Algorithms for SSH connections
The Key Exchange Algorithms used when establishing SSH connections are based on the defaults configured upstream in
go-gitandgolang.org/x/crypto. Now this can be overriden with the flag--ssh-kex-algos. Note this applies to thego-gitgitImplementation or thelibgit2gitImplementation but only when Managed Transport is being used.Configurable Exponential Back-off retry settings
The exponential back-off retry can be configured with the new flags:
--min-retry-delay(default:750ms) and--max-retry-delay(default:15min). Previously the defaults were set to5msand1000s, which in some cases impaired the controller's ability to self-heal (e.g. retrying failing SSH connections).Experimental managed transport for libgit2 Git implementation
Managed Transport for
libgit2now introduces self-healing capabilities, to recover from failure when long-running connections become stale.SOPS refactored and optimized
SOPS implementation was refactored to include various improvements and extended code coverage. Age identities are now imported once and reused multiple times, optimizing CPU and memory usage between decryption operations.
Helm chart directory loader improvements
Introduction of a secure directory loader which improves the handling of Helm charts paths.
Components Changelog
Other changes since last minor release:
CLI Changelog
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.