chore(deps): update dependency fluxcd/flux2 to v0.41.2

[renovate]

This PR contains the following updates:

Package	Update	Change
fluxcd/flux2	minor	v0.27.3 -> v0.41.2

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v0.41.2

Compare Source

Flux v0.41.2 is a patch release which fixes a range of bugs found in the controllers. Please refer to the individual component changelogs for more information.

💡 For more information about other features introduced in v0.41.0, please refer to the changelog for this version.

Components Changelog

• source-controller v0.36.1
• kustomize-controller v0.35.1
• helm-controller v0.31.2
• image-reflector-controller v0.26.1

CLI Changelog

• PR #​3710 - @​hiddeco - tests/azure: update toolkit components
• PR #​3707 - @​fluxcdbot - Update toolkit components
• PR #​3706 - @​hiddeco - build: update actions/setup-go in workflows
• PR #​3704 - @​dependabot[bot] - build(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4
• PR #​3703 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.6 to 2.2.7
• PR #​3701 - @​dependabot[bot] - build(deps): bump actions/checkout from 3.3.0 to 3.4.0
• PR #​3685 - @​dependabot[bot] - build(deps): bump actions/cache from 3.2.6 to 3.3.0
• PR #​3684 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
• PR #​3683 - @​dependabot[bot] - build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0

v0.41.1

Compare Source

Flux v0.41.1 is a patch release which extends the helm-controller's OOM watch feature introduced in v0.41.0 with support for automatic detection of cgroup v1 paths, and flags to configure alternative paths using --oom-watch-max-memory-path and --oom-watch-current-memory-path.

💡 For more information about other features introduced in v0.41.0, please refer to the changelog for this version.

Components changelog

• helm-controller v0.31.1

CLI Changelog

• PR #​3680 - @​fluxcdbot - Update toolkit components
• PR #​3676 - @​stefanprodan - Disable drift detection for kube-prometheus-stack webhooks

v0.41.0

Compare Source

Flux v0.41.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Features and improvements

• Experimental support of drift detection of Helm releases compared to cluster-state.
• Improved handling of SIGTERM signals received by the helm-controller, which will now terminate running Helm install or upgrade actions, instead of potentially leaving them in a pending state.
• Opt-in OOM watcher in helm-controller to handle graceful termination of the controller before it is forcefully killed by Kubernetes' OOM killer.
• Kubernetes client and Custom Resource Definition life-cycle improvements to reduce the memory consumption of the helm-controller, with observed reductions up to 50%.
• Opt-in allowance of DNS lookups during the rendering of Helm templates in the helm-controller via feature gate.
• Optional disabling of the cache of the status poller used to determine the health of the resources applied by the kustomize-controller. This may improve memory usage on large scale clusters at the cost of more direct API calls.
• Changes to the logging of all controllers to ensure Kubernetes components like the discovery client use the configured logging format.
• New flux events command to display Kubernetes events for Flux resources, including the events of a referenced resource.
• Custom annotations can now be set with flux push using --annotations.

New documentation

• Cheatsheet: Enable Helm drift detection
• Cheatsheet: Enable Helm near OOM detection
• Cheatsheet: Allow Helm DNS lookups
• Controller: New helm-controller feature gates and options
• Controller: New kustomize-controller feature gate
• Spec: HelmRelease drift detection

Components changelog

• source-controller v0.36.0
• kustomize-controller v0.35.0
• helm-controller v0.31.0
• notification-controller v0.33.0
• image-reflector-controller v0.26.0
• image-automation-controller v0.31.0

CLI Changelog

• PR #​3628 - @​somtochiama - Add flux events command
• PR #​3674 - @​hiddeco - Update dependencies
• PR #​3673 - @​stefanprodan - ci: Use latest available images of kindest/node
• PR #​3672 - @​hiddeco - tests/azure: update dependencies
• PR #​3670 - @​hiddeco - Update Go to 1.20
• PR #​3669 - @​hiddeco - Update GitHub Action workflows
• PR #​3667 - @​hiddeco - Update helm-controller to v0.31.0
• PR #​3666 - @​fluxcdbot - Update toolkit components
• PR #​3653 - @​stefanprodan - Allow custom annotations to be set when pushing OCI artifacts

v0.40.2

Compare Source

Flux v0.40.2 is a patch release which includes an update of the notification-controller to prevent an issue with the default API version used for ImageRepositories when no specific version is configured on a Receiver. Users are encouraged to upgrade for the best experience.

⚠️ Note that v0.40.0 contained breaking changes, please refer to the changelog for more information.

Components changelog

• notification-controller v0.32.1

CLI Changelog

• PR #​3645 - @​hiddeco - Update dependencies
• PR #​3644 - @​fluxcdbot - Update toolkit components
• PR #​3638 - @​dependabot[bot] - build(deps): bump actions/cache from 3.2.5 to 3.2.6
• PR #​3637 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.4 to 2.2.5

v0.40.1

Compare Source

Flux v0.40.1 is a patch release which includes an update of the source-controller to prevent excessive memory usage while reconciling HelmRepository objects. Users are encouraged to upgrade for the best experience.

⚠️ Note that v0.40.0 contained breaking changes, please refer to the changelog for more information.

Components changelog

• source-controller v0.35.2

CLI Changelog

• PR #​3626 - @​hiddeco - Update dependencies
• PR #​3624 - @​fluxcdbot - Update toolkit components
• PR #​3615 - @​stefanprodan - Update implementation history of RFC-0003 and RFC-0005

v0.40.0

Compare Source

Highlights

Flux v0.40.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

Image Automation

The image-reflector-controller autologin flags have been deprecated and are no longer used.
Please see the new API specification and migration instructions in the controller changelog.

Notifications

The source revision format reported by the Flux controllers has changed according to RFC-0005.
The events referring to Git repositories, will report the revision in the format <branch|tag>@&#8203;sha1:<commit> instead of <branch|tag>/<commit>.
For more details please see the source-controller changelog.

OCI artifacts

The OCI artifacts produced with flux push artifact have now custom media types:

• artifact media type application/vnd.oci.image.manifest.v1+json
• config media type application/vnd.cncf.flux.config.v1+json
• content media type application/vnd.cncf.flux.content.v1.tar+gzip

Features and improvements

• The GitRepository API has a new optional field .spec.ref.name for specifying a Git Reference.
  This allows Flux to reconcile resources from GitHub Pull Requests (refs/pull/<id>/head) and GitLab Merge Requests (refs/merge-requests/<id>/head).
• The ImageRepository and ImagePolicy APIs have been promoted to v1beta2.
• Allow specifying the cloud provider contextual login for container registries with ImageRepository.spec.provider.
• Improve observability of ImageRepository by showing the latest scanned tags under .status.lastScanResult.latestTags.
• Improve observability of ImagePolicy by reporting the current and previous image tag in status and events.
• The Kubernetes builtin cluster roles: view, edit and admin have been extended to allow access to Flux custom resources.
• Print a report of Flux custom resources and the amount of cumulative storage used for each source type with flux stats -A.

New Documentation

• API: ImageRepository v1beta2
• API: ImagePolicy v1beta2
• Security: Aggregated cluster roles
• Bootstrap: Disable Kubernetes cluster role aggregations
• Blog: How Flux and Pulumi give each other superpowers

Components changelog

• source-controller v0.35.1 v0.35.0
• kustomize-controller v0.34.0
• helm-controller v0.30.0
• notification-controller v0.32.0
• image-reflector-controller v0.25.0
• image-automation-controller v0.30.0

CLI Changelog

• PR #​3612 - @​dependabot[bot] - build(deps): bump fossa-contrib/fossa-action from 1.2.0 to 2.0.0
• PR #​3610 - @​hiddeco - Update dependencies
• PR #​3606 - @​hiddeco - build: further solve issue release workflow
• PR #​3605 - @​hiddeco - build: ensure newlines work with $GITHUB_OUTPUT
• PR #​3604 - @​hiddeco - build: convert ::set-output to $GITHUB_OUTPUT
• PR #​3603 - @​stefanprodan - Remove deprecated flags
• PR #​3602 - @​hiddeco - Update source-controller to v0.35.1
• PR #​3601 - @​stefanprodan - ci: Fix Snyk Go build VCS stamping error
• PR #​3598 - @​fluxcdbot - Update toolkit components
• PR #​3592 - @​hiddeco - tests: only provide template values when used
• PR #​3587 - @​hiddeco - Support shortening of revision with digest
• PR #​3585 - @​darkowlzz - Update image-reflector API to v1beta2
• PR #​3584 - @​dependabot[bot] - build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1
• PR #​3583 - @​dependabot[bot] - build(deps): bump snyk/actions from e25b2e6 to 8061827
• PR #​3582 - @​dependabot[bot] - build(deps): bump actions/cache from 3.2.4 to 3.2.5
• PR #​3581 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
• PR #​3578 - @​stefanprodan - Add flux stats command to print the reconcilers status
• PR #​3575 - @​stefanprodan - RFC-0003: Introduce Flux OCI media type
• PR #​3566 - @​stefanprodan - rbac: Add view and edit aggregated cluster roles
• PR #​3563 - @​dependabot[bot] - build(deps): bump actions/cache from 3.2.3 to 3.2.4
• PR #​3562 - @​dependabot[bot] - build(deps): bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0
• PR #​3560 - @​stefanprodan - docs: Add permissions to update workflow

v0.39.0

Compare Source

Highlights

Flux v0.39.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Starting with this version, the Flux controllers come with SBOMs and SLSA Provenance Attestations embedded in their container images.

The Flux Terraform Provider has a new resource for bootstrapping Flux, without depending on third-party Terraform providers, that allows customising the controllers at install time. Users are encouraged to migrate to this new resources and provide feedback.

The Flux CLI is now included in Wolfi OS, the Linux (Un)distro designed for securing the software supply chain. The Chainguard team and Wolfi maintainers are shipping updates for the Flux package on a regular basis.

Features and improvements

• Recreate immutable resources (e.g. Kubernetes Jobs) by annotating or labeling them with kustomize.toolkit.fluxcd.io/force: enabled.
• Support for HTTPS bearer token authentication for Git repositories.
• Improve memory usage by disabling the caching of Secret and ConfigMap resources in all controllers.
• Better observability with progressive status updates for Sources (Git, OCI, Helm, S3 Buckets).
• Allow extracting the OCI artifact SHA256 digest for Cosign with flux push artifact -o json.
• Track CRDs managed by Flux, flux trace and flux tree will show which HelmRelease deployed which CRDs.
• Allow the Flux GitHub Action to use a GitHub token when checking for updates to avoid rate limiting.

New documentation

• Security: Software Bill of Materials
• Security: SLSA Provenance Attestations
• Security: Scanning Flux images for CVEs

Components changelog

• source-controller v0.34.0
• kustomize-controller v0.33.0
• helm-controller v0.29.0
• notification-controller v0.31.0
• image-reflector-controller v0.24.0
• image-automation-controller v0.29.0

CLI Changelog

• PR #​3550 - @​stefanprodan - flux tree: Set CRDs GroupKind in output
• PR #​3549 - @​stefanprodan - flux tree: Track CRDs managed by HelmReleases
• PR #​3545 - @​fluxcdbot - Update toolkit components
• PR #​3542 - @​stefanprodan - flux tree: Add namespaces to objects reconciled from HRs
• PR #​3540 - @​stefanprodan - Add json/yaml output to flux push artifact
• PR #​3537 - @​stefanprodan - Update dependencies to Kubernetes v1.26.1
• PR #​3532 - @​stefanprodan - Update Alpine to v3.17 and kubectl to v1.26.1 in flux-cli image
• PR #​3531 - @​makkes - fix misleading messaging when using -A flag
• PR #​3529 - @​dependabot[bot] - build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0
• PR #​3526 - @​dependabot[bot] - Bump anchore/sbom-action from 0.13.1 to 0.13.3
• PR #​3525 - @​dependabot[bot] - Bump github/codeql-action from 2.1.38 to 2.2.1
• PR #​3524 - @​dependabot[bot] - Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1
• PR #​3517 - @​jooooel - Fix broken GitHub Action and handle case where VERSION is provided as an input
• PR #​3507 - @​thezanke - Update prometheus-community helm repo due to the suspension of OCI builds
• PR #​3501 - @​kingdonb - Add GITHUB_TOKEN to Flux GitHub Action
• PR #​3488 - @​dependabot[bot] - Bump snyk/actions from 1cc9026 to e25b2e6
• PR #​3487 - @​dependabot[bot] - Bump actions/cache from 3.2.2 to 3.2.3
• PR #​3486 - @​dependabot[bot] - Bump github/codeql-action from 2.1.37 to 2.1.38
• PR #​3477 - @​raffis - fix(install-script): support $GITHUB_TOKEN

v0.38.3

Compare Source

Highlights

Flux v0.38.3 is a patch release that comes with fixes and small improvements to the CLI.
Users are encouraged to upgrade for the best experience.

CLI Changelog

• PR #​3476 - @​aryan9600 - Update git/gogit to v0.4.1
• PR #​3469 - @​dependabot[bot] - Bump actions/checkout from 3.2.0 to 3.3.0
• PR #​3465 - @​kingdonb - Fix fluxcd/website#1347
• PR #​3457 - @​dependabot[bot] - Bump actions/cache from 3.0.11 to 3.2.2
• PR #​3441 - @​stefanprodan - check: Show the latest stored version of CRDs

v0.38.2

Compare Source

Flux v0.38.2 is a patch release that comes with fixes for the Notification API v1beta1 to v1beta2 upgrade.
In addition, this release improves the handling of the graceful shutdown for helm-controller.
Users are encouraged to update Flux directly to v0.38.2 for the best experience.

Components changelog

• notification-controller v0.30.2
• helm-controller v0.28.1

CLI Changelog

• PR #​3437 - @​fluxcdbot - Update toolkit components

v0.38.1

Compare Source

Flux v0.38.1 is a patch release that comes with fixes for the Notification API v1beta1 to v1beta2 upgrade.
Users are encouraged to update Flux directly to v0.38.1 for the best experience.

Changelog

• PR #​3429 - @​stefanprodan - Update CLI commands to Notification API v1beta2
• PR #​3428 - @​fluxcdbot - Update notification-controller to v0.30.1

v0.38.0

Compare Source

Highlights

Flux v0.38.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Notification API v1beta2

This release graduates the Notification APIs to v1beta2. After upgrading the controllers on your clusters, you need to update the notification Custom Resources in Git by replacing notification.toolkit.fluxcd.io/v1beta1 with notification.toolkit.fluxcd.io/v1beta2 in all YAML manifests.

Breaking changes

• The Alert.spec.summary has a max length of 255 characters.
• The Provider.spec.address and Provider.spec.proxy have a max length of 2048 characters.
• The Receiver.status.url was deprecated in favour of Receiver.status.webhookPath.

For more details about v1beta2 please see the notification-controller chagelog and the API spec documentation.

Features and improvements

• Support for defining Kustomize components with Kustomization.spec.components.
• Support for piping multi-doc YAMLs when publishing OCI artifacts with kustomize build . | flux push artifact --path=-.
• Support for Gitea commit status updates with Provider.spec.type set to gitea.
• Improve the memory usage of helm-controller by disabling the caching of Secret and ConfigMap resources.
• Update the Helm SDK to v3.10.3 (fix for Helm CVEs).
• All code references to libgit2 were removed, and the GitRepository.spec.gitImplementation field is no longer being honored.

Documentation improvements

The official example repository was refactored. The new version comes with the following improvements:

• Make the example compatible with ARM64 Kubernetes clusters.
• Add Weave GitOps Helm release to showcase the Flux UI.
• Replace the ingress-nginx Bitnami chart with the official one that contains multi-arch container images.
• Add cert-manager Helm release to showcase how to install CRDs and custom resources using dependsOn.
• Add Let's Encrypt ClusterIssuer to showcase how to patch resources in production with Flux Kustomization.
• Add the flux-system overlay to showcase how to configure Flux at bootstrap time.

Components changelog

• source-controller v0.33.0
• kustomize-controller v0.32.0
• helm-controller v0.28.0
• notification-controller v0.30.0
• image-reflector-controller v0.23.1
• image-automation-controller v0.28.0

CLI Changelog

• PR #​3427 - @​hiddeco - Update dependencies
• PR #​3424 - @​pjbgf - build: Revert sigstore/cosign-installer to v2.8.1
• PR #​3423 - @​dependabot[bot] - Bump github/codeql-action from 2.1.36 to 2.1.37
• PR #​3422 - @​dependabot[bot] - Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0
• PR #​3421 - @​dependabot[bot] - Bump actions/setup-go from 3.4.0 to 3.5.0
• PR #​3420 - @​dependabot[bot] - Bump actions/checkout from 3.1.0 to 3.2.0
• PR #​3418 - @​somtochiama - Fix path on flux push
• PR #​3415 - @​souleb - Fix dry-run still loading kubeconfig issue
• PR #​3413 - @​aryan9600 - Update dependencies
• PR #​3408 - @​souleb - Update fluxcd/pkg/kustomize dependency
• PR #​3404 - @​stefanprodan - e2e: Fix Azure test suite
• PR #​3394 - @​dependabot[bot] - Update sigstore/cosign-installer requirement to b6757d8
• PR #​3393 - @​dependabot[bot] - Bump github/codeql-action from 2.1.35 to 2.1.36
• PR #​3389 - @​somtochiama - Push/Build artifacts from stdin
• PR #​3377 - @​aryan9600 - bootstrap: fallback to default known_hosts
• PR #​3372 - @​dependabot[bot] - Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3
• PR #​3371 - @​dependabot[bot] - Bump snyk/actions from a8dd587 to 1cc9026
• PR #​3370 - @​dependabot[bot] - Bump actions/setup-go from 3.3.1 to 3.4.0
• PR #​3369 - @​dependabot[bot] - Bump github/codeql-action from 2.1.33 to 2.1.35
• PR #​3360 - @​fluxcdbot - Update toolkit components
• PR #​3352 - @​dependabot[bot] - Bump peter-evans/create-pull-request from 4.2.0 to 4.2.2
• PR #​3350 - @​stefanprodan - Set notification-controller container image to GHCR
• PR #​3345 - @​stefanprodan - e2e: Refactor Azure test suite to use go-git

v0.37.0

Compare Source

Highlights

Flux v0.37.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

Deprecation of gitImplementation

The interpretation of the gitImplementation field of GitRepository by source-controller and image-automation-controller has been deprecated, and will effectively always use go-git. This now supports all Git servers, including Azure DevOps and AWS CodeCommit, which previously were only supported by libgit2.

To opt-out from this behaviour, and get the controller to honour the field .spec.gitImplementation, start the controller with: --feature-gates=ForceGoGitImplementation=false.

For more information on this change, refer to the controllers's respective changelogs listed below.

Automatic force-push of ImageUpdateAutomation

Starting from this version, ImageUpdateAutomation objects with a .spec.PushBranch specified will have the push branch refreshed automatically via force push. To opt-out from this behaviour, start the controller with: --feature-gates=GitForcePushBranch=false.

Features and improvements

• Support for bootstrapping Azure DevOps and AWS CodeCommit repositories using flux bootstrap git.
• Support cloning of Git v2 protocol (Azure DevOps and AWS CodeCommit) for go-git Git provider.
• Support force-pushing ImageUpdateAutomation repositories.
• Allow a dry-run of flux build kustomization with --dry-run and --kustomization-file ./path/to/local/my-app.yaml. Using these flags, variable substitutions from Secrets and ConfigMaps are skipped, and no connection to the cluster is made.
• Use signed OCI Helm chart for kube-prometheus-stack.

New documentation

• Guide: AWS CodeCommit bootstrap
• Guide: Azure DevOps bootstrap

Components changelog

• source-controller v0.32.1
• kustomize-controller v0.31.0
• helm-controller v0.27.0
• notification-controller v0.29.0
• image-reflector-controller v0.23.0
• image-automation-controller v0.27.0

CLI Changelog

• PR #​3339 - @​hiddeco - Update dependencies
• PR #​3326 - @​fluxcdbot - Update toolkit components
• PR #​3324 - @​stefanprodan - Update kubectl and remove nsswitch.conf in flux-cli image
• PR #​3323 - @​pjbgf - build: Pin GitHub Actions
• PR #​3317 - @​souleb - Add a dry-run mode to flux build kustomization
• PR #​3303 - @​stefanprodan - monitoring: Use kube-prometheus-stack signed OCI Helm chart
• PR #​3299 - @​aryan9600 - Refactor bootstrap process to use fluxcd/pkg/git
• PR #​3294 - @​phillebaba - Aggregate errors in uninstall functions
• PR #​3288 - @​dependabot[bot] - Bump hashicorp/setup-terraform from 2.0.2 to 2.0.3
• PR #​3281 - @​stefanprodan - Refactor ARM64 e2e test suite
• PR #​3269 - @​dependabot[bot] - Bump actions/setup-go from 2 to 3
• PR #​3249 - @​phillebaba - Remove file reading from bootstrap package

v0.36.0

Compare Source

Highlights

Flux v0.36.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Features and improvements

• Verify OCI Helm charts signed by Cosign (including keyless) with HelmChart.spec.verify.
• Allow publishing a single YAML file to OCI with flux push artifact <URL> --path=deploy/install.yaml.
• Detect changes to local files before pushing to OCI with flux diff artifact <URL> --path=<local files>.
• New Alert Provider type named generic-hmac for authenticating the webhook requests coming from notification-controller.
• The Kustomization.status.conditions have been aligned with Kubernetes standard conditions and kstatus.
• The kustomize-controller memory usage was reduced by 90% when performing artifact operations.

New documentation

• Guide: How to deploy Flagger with Flux using signed Helm charts and OCI artifacts
• FAQ: Should I be using Kustomize remote bases?
• FAQ: Should I be using Kustomize Helm chart plugin?

Components changelog

• source-controller v0.31.0
• kustomize-controller v0.30.0
• helm-controller v0.26.0
• notification-controller v0.28.0
• image-reflector-controller v0.22.1
• image-automation-controller v0.26.1

CLI Changelog

• PR #​3242 - @​stefanprodan - Update dependencies
• PR #​3237 - @​phillebaba - Move bootstrap package from internal to pkg
• PR #​3236 - @​stefanprodan - ci: Refactor GitHub workflows
• PR #​3232 - @​eddie-knight - Additional workflow permissions tweaks
• PR #​3231 - @​eddie-knight - Adjusted workflow permissions
• PR #​3229 - @​stefanprodan - RFC-0002: Add Cosign verification for Helm OCI charts
• PR #​3224 - @​developer-guy - Add diff artifact command
• PR #​3220 - @​stefanprodan - Only run e2e tests for Dependabot PRs
• PR #​3219 - @​dependabot[bot] - Bump github/codeql-action from 1 to 2
• PR #​3218 - @​dependabot[bot] - Bump peter-evans/create-pull-request from 3 to 4
• PR #​3217 - @​dependabot[bot] - Bump hashicorp/setup-terraform from 1 to 2.0.2
• PR #​3216 - @​stefanprodan - Enable Dependabot for GitHub Actions
• PR #​3214 - @​eddie-knight - Added ArtifactHub badge
• PR #​3213 - @​stefanprodan - Add FOSSA license scanning badge
• PR #​3198 - @​phillebaba - Add nop logger
• PR #​3197 - @​phillebaba - Move uninstall code to pkg
• PR #​3190 - @​developer-guy - Accept a file path as input for flux build|push artifact
• PR #​3187 - @​fluxcdbot - Update toolkit components
• PR #​3174 - @​phillebaba - Update libgit2 version in Azure e2e tests
• PR #​3162 - @​somtochiama - Update golden file for get source oci
• PR #​3161 - @​stefanprodan - Update RFC-0003 implementation history

v0.35.0

Compare Source

Highlights

Flux v0.35.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

Strict validation rules have been put in place for API fields which define a time duration, such as .spec.interval. Effectively, this means values without a time unit (e.g. ms, s, m, h) will now be rejected by the API server.

Features and improvements

• Verify OCI artifacts signed by Cosign (including keyless) with OCIRepository.spec.verify.
• Allow pulling Helm charts dependencies from HTTPS repositories with mixed self-signed TLS and public CAs.
• Allow pulling Helm charts from OCI artifacts stored at the root of AWS ECR.
• Allow running bootstrap for insecure HTTP Git servers with flux bootstrap git --allow-insecure-http --token-auth.
• Improve health checking for global objects such as ClusterClass, GatewayClass, StorageClass, etc.
• The controllers and the Flux CLI are now built with Go 1.19.

For more information on OCI and Cosign support please see the Flux documentation.

Components changelog

• source-controller v0.30.0
• kustomize-controller v0.29.0
• helm-controller v0.25.0
• notification-controller v0.27.0
• image-reflector-controller v0.22.0
• image-automation-controller v0.26.0

CLI Changelog

• PR #​3154 - @​stefanprodan - [RFC-0003] Add Cosign keyless specification
• PR #​3153 - @​stefanprodan - Build with Go 1.19
• PR #​3149 - @​fluxcdbot - Update toolkit components
• PR #​3145 - @​stefanprodan - Add component label for controllers and their CRDs
• PR #​3117 - @​carlosonunez-vmw - Maintain original scheme when using --token-auth
• PR #​3098 - @​Santosh1176 - [Grafana] Use container_memory_working_set_bytes to report memory consumption

v0.34.0

Compare Source

Highlights

Flux v0.34.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

The Flux controller logs have been aligned with the Kubernetes structured logging.
For more details on the new logging structure please see: fluxcd/flux2#3051.

Features and improvements

• OCIRepository.spec.insecure Allow pulling artifacts from an in-cluster Docker Registry over plain HTTP.
• Allow defining OCI sources for non-TLS container registries with flux create source oci --insecure.
• Enable contextual login when publishing OCI artifacts from a Cloud VM using flux push artifact --provider=aws|azure|gcp.
• Prioritise static credentials over OIDC providers when pulling OCI artifacts from container registries on multi-tenant cluster.
• Reconcile Kubernetes Class types (ClusterClass, GatewayClass, StorageClass, etc) in a dedicated stage before any other custom resources like Clusters, Gateways, Volumes, etc.
• When multiple SOPS providers are available, run the offline decryption methods first to avoid failures due to KMS unavailability.
• Add finalizers to the notification API to properly record the reconciliation metrics for deleted resources.
• Publish the Flux install manifests as OCI artifacts on GitHub and DockerHub container registries under fluxcd/flux-manifests.

Components Changelog

• source-controller v0.29.0
• kustomize-controller v0.28.0
• helm-controller v0.24.0
• notification-controller v0.26.0
• image-reflector-controller v0.21.0
• image-automation-controller v0.25.0

CLI Changelog

• PR #​3097 - @​stefanprodan - Add --insecure flag to flux create source oci
• PR #​3091 - @​fluxcdbot - Update toolkit components
• PR #​3088 - @​stefanprodan - Publish the install manifests to GHCR and DockerHub as OCI artifacts
• PR #​3087 - @​somtochiama - Remove finalizers for notification CRs on uninstall
• PR #​3085 - @​souleb - [bootstrap] Make sure we reconcile with the right reconciliation method
• PR #​3082 - @​stefanprodan - Remove finalizers for OCI repositories on uninstall
• PR #​3079 - @​adrien-f - Support autologin when pushing OCI artifacts
• PR #​3073 - @​acondrat - Filter out non-running pods in Prometheus
• PR #​3063 - @​somtochiama - Update flux logs to accomodate the new format
• PR #​3053 - @​dholbach - Revert "Fix broken "edit this page" links in Flux CLI section"
• PR #​3052 - @​dholbach - update to new doc links structure
• PR #​3050 - @​stefanprodan - Status update for RFC-0002 and RFC-0003

v0.33.0

Compare Source

Highlights

Flux v0.33.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Features and improvements

• HelmRepository.spec.provider Enable contextual login to container registries when pulling Helm charts from Amazon Elastic Container Registry, Azure Container Registry and Google Artifact Registry.
• OCIRepository.spec.layerSelector Select which layer contains the Kubernetes configs by specifying a matching OCI media type.
• Bucket.spec.secretRef Authenticate to Azure Blob storage using SAS tokens.
• Allow filtering OCI artifacts by semver and regex when listing artifact with flux list artifacts.
• Allow excluding local files and directories when building and publishing artifacts with flux push artifact.
• Mitigate denial-of-service on multi-tenant clusters by automatically recovering from panics encountered during reconciliation.
• Update controllers to Kubernetes v1.25.0, Kustomize v4.5.7 and Helm v3.9.4.

New documentation

• Secrets Management
• Contextual Authorization

Components changelog

• source-controller v0.27.0 v0.28.0
• kustomize-controller v0.27.1
• helm-controller v0.23.1
• notification-controller v0.25.2
• image-reflector-controller v0.20.1
• image-automation-controller v0.24.2

CLI Changelog

• PR [#​3049](https://

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[guardrails]

All previously detected findings have been fixed. Good job! 👍🎉

We will keep this comment up-to-date as you go along and notify you of any security issues that we identify.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: cluster/base/flux-system/gotk-components.yaml

Command failed: docker pull docker.io/containerbase/sidecar
Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit