Releases: fluxcd/flux2
v0.28.3
Flux v0.28.3 is patch release that comes with a regression bug fix for SOPS Azure Key Vault decryption. In addition, Kustomize has been updated to v4.5.3
to address an issue with YAML anchors. Users are encouraged to upgrade for the best experience.
Note that if you are upgrading from v0.27 you need to follow the Upgrade Flux to the Source v1beta2 API guide.
Components Changelog
CLI Changelog
- PR #2577 - @fluxcdbot - Update toolkit components
- PR #2572 - @stefanprodan - Add the kube client qps and burst to the global args
v0.28.2
Flux v0.28.2 is patch release that comes with a regression bug fix for notification spam. Users are encouraged to upgrade for the best experience.
Note that if you are upgrading from v0.27 you need to follow the Upgrade Flux to the Source v1beta2 API guide.
Components Changelog
- kustomize-controller to v0.22.1
CLI Changelog
- PR #2570 - @fluxcdbot - Update toolkit components
v0.28.1
Flux v0.28.1 is patch release that comes with a regression bug fix for image update automation. Users are encouraged to upgrade for the best experience.
Note that if you are upgrading from v0.27 you need to follow the Upgrade Flux to the Source v1beta2 API guide.
Components Changelog
- helm-controller to v0.18.1
- source-controller to v0.22.2
- notification-controller to v0.23.1
- image-reflector-controller to v0.17.1
- image-automation-controller to v0.21.1
CLI Changelog
- PR #2569 - @fluxcdbot - Update toolkit components
v0.28.0
Flux v0.28.0 comes with new reconcilers for Source kinds and graduates the Flux Source API to v1beta2
.
Breaking changes
- From this version on, controllers depending on Source kinds (kustomize-controller, helm-controller and image-automation-controller) do now require the Source
v1beta2
Custom Resource Definition to be present on the cluster.
Features and improvements
API specifications in a user-friendly format
The new specifications for the v1beta2
API have been written in a new format with the aim to be more valuable to a user. Featuring separate sections with examples, and information on how to write and work with them.
Artifact now advertises size
The size (in bytes) of a tarball Artifact is now advertised in the Size (.size
) field of the Artifact. This can be utilized by users to e.g. quickly see if .sourceignore
rules have an effect, or be displayed in a UI.
Azure Blob Storage support for Bucket
resources
The .spec.provider
of a Bucket
resource can now be set to azure
to instruct the source-controller to use the Azure Blob Storage SDK while fetching objects. This allows for authenticating using Service Principals, Managed Identities and Shared Keys.
For more information, see the Bucket spec about the Azure provider.
Azure Key Vault multi-tenancy
Kustomization resources making use of SOPS with Azure Key Vault as the backing KMS are now allowed to refer to Azure credentials in the tenant's namespace.
For more information, see the Kustomization spec about Azure Key Vault Secret entries.
Enhanced Kubernetes Conditions
Source API resources will now advertise more explicit Condition types (more about the types in API changes), provide Reconciling
and Stalled
Conditions where applicable for better integration with kstatus
, and record the Observed Generation on the Condition.
For a detailed overview per Source type, refer to the spec:
Enhanced Kubernetes Events (and notifications)
The Kubernetes Events the source-controller emits have been reworked to provide a proper reason, and more informative messages. Users making use of the notification-controller will notice this as well, as this same information is used to compose notifications.
Experimental managed transport for libgit2
Git implementation
The libgit2
Git implementation supports a new experimental transport to improve reliability, adding timeout enforcement for Git network operations. Opt-in by setting the environment variable EXPERIMENTAL_GIT_TRANSPORT
to true
in the source-controller and/or image-automation-controller their Deployment.
This will result in the low-level transport being handled by the controller, instead of libgit2
. It may result in an increased number of timeout messages in the logs, however it will remove the ability of Git operations to make the controllers hang indefinitely.
Manage cluster addons
A new annotation (kustomize.toolkit.fluxcd.io/ssa: merge
) is available for allowing Flux to patch cluster addons such as CoreDNS without the kustomize-controller removing the kubectl
managed fields.
For more information, see the Kustomization spec about reconciliation.
Reuse of HTTP/S transport for Helm repository index and chart downloads
The Helm dependency has been updated to v3.8.1
, with a patch applied from helm/helm#10568. Using this patch, the HTTP transports are now managed by the source-controller, to prevent the clogging of thousands of open TCP connections on some instances.
Update of libgit2
Git implementation to v1.3.x
The libgit2
Git implementation has been updated to v1.3.x
, allowing us to provide better error signals for authentication, certificate and transport failures. Effectively, this means that instead of a unable to clone: User
error string, a descriptive one is now given.
In addition, NO_PROXY
settings are now properly taken into account.
Preparation of support for rsa-ssh2-256/512
The dependency on golang.org/x/crypto
has been updated to v0.0.0-20220315160706-3147a52a75dd
, as preparation of support for rsa-ssh2-256/512
. This should theoretically work out of the box for known_hosts
entries and go-git
Git provider credentials, but has not been widely tested.
API changes
The source.toolkit.fluxcd.io/v1beta2
API is backwards compatible with v1beta1
.
- Introduction of
Reconciling
andStalled
Condition types for better integration withkstatus
. - Introduction of new Condition types to provide better signals and failure indications:
ArtifactOutdated
: indicates the current Artifact of the Source is outdated.SourceVerified
: indicates the integrity of the Source has been verified.FetchFailed
: indicates a transient or persistent fetch failure of the upstream Source.BuildFailed
: indicates a transient or persistent build failure of a Source's Artifact.StorageOperationFailed
: indicates a transient or persistent failure related to storage.IncludeUnavailable
: indicates an include is not available. For example, because it does not exist, or does not have an Artifact.
- Introduction of a Size (in bytes) field (
.status.artifact.size
) in the Artifact object. - Introduction of
ObservedChartName
(.status.observedChartName
) andObservedSourceArtifactRevision
(.status.observedSourceArtifactRevision
) fields in theHelmChart
Status. - Introduction of
azure
provider implementation forBucket
.
Upgrade procedure
To upgrade your cluster, download the Flux CLI binary from the release page and rerun the flux bootstrap
command. This will upgrade the Flux components on your cluster to the latest version. Other upgrade options can be found on the docs website.
ℹ️ Note that updating the manifests in Git from source.toolkit.fluxcd.io/v1beta1
to source.toolkit.fluxcd.io/v1beta2
can be done at any time after the Flux components upgrade. All users are encouraged to update the manifests as any deprecated fields will be removed when the next API version will be released. For more information, see post upgrade.
Terrafrom upgrade
When using the Terraform provider for Flux, you have to manually remove the v1beta2
GitRepository from the TF state:
terraform state rm 'kubectl_manifest.sync["source.toolkit.fluxcd.io/v1beta1/gitrepository/flux-system/flux-system"]'
Other upgrade methods
When upgrading without the CLI or Terraform (using e.g. GitHub Actions or RenovateBot), we recommend to bump the GitRepository
API version in gotk-sync.yaml
to v1beta2
.
Post upgrade
After rolling out the upgrade, and when you have confirmed things to be working as expected. Resources in Git which refer to source.toolkit.fluxcd.io/v1beta1
can be updated to refer to source.toolkit.fluxcd.io/v1beta2
:
@@ -1,4 +1,4 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: gitrepository-sample
Components Changelog
- helm-controller to v0.18.0
- kustomize-controller to v0.22.0
- source-controller to v0.22.1
- notification-controller to v0.23.0
- image-reflector-controller to v0.17.0
- image-automation-controller to v0.21.0
CLI Changelog
- PR #2566 - @stefanprodan - Fix resume source bucket panic
- PR #2565 - @hiddeco - fix: wait for Source objects observed generation
- PR #2564 - @stefanprodan - Use absolute domain name for the events address
- PR #2561 - @hiddeco - Update toolkit components
- PR #2559 - @stefanprodan - Retry bootstrap operations on Git conflict errors
- PR #2542 - @fluxcdbot - Update toolkit components
- PR #2530 - @stefanprodan - Add components-extra example usage to CLI help
- PR #2512 - @souleb - Introduce a printer interface for flux resources
- PR #2484 - @cuishuang - all: fix some typos
- PR #2483 - @fluxcdbot - Update toolkit components
- PR #2467 - @darkowlzz - Update
get
subcommand column order
v0.27.4
Flux v0.27.4 is a patch release that comes with patches to the Deployment manifest of helm-controller and the-notification controller, to set the .spec.securityContext.fsGroup
, which may be required for some EKS setups as reported in #2537. Users are encouraged to upgrade for the best experience.
Components changelog
v0.27.3
Flux v0.27.3 is a patch release that comes with improvements to the libgit2 OpenSSL build dependency in image-automation-controller, which fixes some issues related to git server connection leaks. Users are encouraged to upgrade for the best experience.
Components changelog
- image-automation-controller v0.20.1
v0.27.2
Flux v0.27.2 is a patch release that comes with altering improvements. Users are encouraged to upgrade for the best experience.
Improvements:
- Add support for using basic auth when sending alerts to Grafana annotations API
- Allow the proxy address to specified in the Kubernetes Secret referenced in Flux Alerts
Components changelog
v0.27.1
Highlights
Flux v0.27.1 is a patch release that comes with fixes and no breaking changes. Users are encouraged to upgrade for the best experience.
Fixes:
- Convert
stringData
todata
before diffing and applying Secrets (workaround for upstream Kubernetes bug) - Set QPS and Burst when impersonating service account in helm-controller (avoid client-side throttling when upgrading Helm releases containing hundreds of resources)
Components changelog
CLI changelog
- PR #2460 - @fluxcdbot - Update toolkit components
- PR #2452 - @souleb - Diff: fix stringData Secret issue
- PR #2450 - @somtochiama - Add
--wait
flag to fluxresume
cmd - PR #2448 - @somtochiama - Use
metadata.Client
for reconcile operations
v0.27.0
Highlights
Flux v0.27.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
- Flux custom resources require their names to follow the DNS label standard as defined in RFC 1123. The
metadata.name
can only contain lowercase alphanumeric characters or-
and must contain at most 63 characters. - This version introduces a breaking change to the Helm uninstall behavior, as the
--wait
flag is now enabled by default. Resulting in helm-controller to wait for resources to be deleted while uninstalling a release. Disabling this behavior is possible by settingspec.uninstall.disableWait: true
inHelmRelease
manifests.
New features and improvements
- Add support to notification-controller for sending events to Grafana annotations API.
- Allow selecting event sources based on labels using the Alert API
spec.eventSources[].matchLabels
field. - Add support to kustomize-controller for making the Kubernetes Secrets and ConfigMaps referenced in
postBuild.substituteFrom
optional. - Allow dot-prefixed paths to be used for bootstrap e.g.
flux bootstrap --path=".flux/clusters/my-cluster"
. - All Flux controllers and libraries are now tested by Google's continuous fuzzing for open source software.
Components changelog
CLI Changelog
- PR #2444 - @fluxcdbot - Update toolkit components
- PR #2443 - @somtochiama - Validate that object name adheres to RFC 1123 for
flux create
commands - PR #2439 - @somtochiama - Use text/template library instead of html/template for logs
- PR #2427 - @souleb - Bootstrap bitbucket-server: Make sure we retrieve the right project
- PR #2426 - @foot - Add support for Kustomizations with dot-prefixed paths
- PR #2425 - @souleb - Add a simple spinner when running flux diff kustomization
v0.26.3
Highlights
Flux v0.26.3 is a patch release that comes with fixes to bootstrap. Users are encouraged to upgrade for the best experience.
In addition, kustomize-controller was update to be on par with Kustomize v4.5.2 release.
Components changelog
- kustomize-controller v0.20.2
CLI changelog
- PR #2418 - @stefanprodan - Fix bootstrap: Reset schema cache after applying CRDs
- PR #2416 - @fluxcdbot - Update kustomize-controller to v0.20.2
- PR #2415 - @stefanprodan - Add GitRepository namespace arg to
flux create image update