Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(flux-group): update flux2 (minor) #2981

Merged
merged 1 commit into from
May 24, 2024
Merged

feat(flux-group): update flux2 (minor) #2981

merged 1 commit into from
May 24, 2024

Conversation

tyriis-automation[bot]
Copy link
Contributor

@tyriis-automation tyriis-automation bot commented May 13, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
fluxcd/flux2 Kustomization minor v2.2.3 -> v2.3.0 OpenSSF Scorecard
fluxcd/flux2 minor v2.2.3 -> v2.3.0 OpenSSF Scorecard
ghcr.io/fluxcd/flux-manifests digest 187f6a4 -> 5870003
ghcr.io/fluxcd/flux-manifests minor v2.2.3 -> v2.3.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.3.0

Compare Source

Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.

The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.28 >= 1.28.0
v1.29 >= 1.29.0
v1.30 >= 1.30.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

API changes
HelmRelease v2

The HelmRelease kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

  • .spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.
  • .spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.
  • .spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.
  • .status.lastAppliedRevision replaced by .status.history.chartVersion.

New fields:

  • .spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.
  • .spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.
HelmChart v1

The HelmChart kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

  • .spec.valuesFile replaced by .spec.chart.valuesFiles.

New fields:

  • .spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.
  • .spec.verify.provider: notation verify the signature of a Helm OCI artifacts using Notation trust policy and CA certificate.
HelmRepository v1

The HelmRepository kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2.

OCIRepository v1beta2

The OCIRepository kind gains new optional fields with no breaking changes.

New fields:

  • .spec.ref.semverFilter allows filtering the tags based on regular expressions before applying the semver range.
  • .spec.verify.provider: notation verify the signature of OCI artifacts using Notation trust policy and CA certificate.
Kustomization v1

The Flux Kustomization kind gains new optional fields with no breaking changes.

New fields:

  • .spec.namePrefix allows setting a name prefix for the generated resources.
  • .spec.nameSuffix allows setting a name suffix for the generated resources.
ImageUpdateAutomation v1beta2

The ImageUpdateAutomation kind was promoted from v1beta1 to v1beta2.

The v1beta2 API is backwards compatible with v1beta1.

Deprecated fields:

  • Updated template data has been deprecated in favour of Changed that is designed to accommodate for all the types of updates made.

New fields:

  • .spec.policySelector allows filtering ImagePolicy based on labels.
Receiver v1

The Receiver kind gains new optional fields with no breaking changes.

New fields:

  • .spec.type: cdevents allows receiving, validating and filtering of CDEvents.
Upgrade procedure

Upgrade Flux from v2.x to v2.3.0 either by rerunning bootstrap or by using the Flux GitHub Action.

For more details, please refer to the upgrade guide from the Announcing Flux 2.3 GA blog post.

Components changelog
New Documentation
CLI Changelog

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@tyriis-automation
Copy link
Contributor Author 

--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync ClusterRole: flux-system/crd-controller-flux-system

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync ClusterRole: flux-system/crd-controller-flux-system

@@ -86,7 +86,11 @@

   - list
   - watch
   - create
   - update
   - patch
   - delete
+- nonResourceURLs:
+  - /livez/ping
+  verbs:
+  - head
 
--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/source-controller

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/source-controller

@@ -43,13 +43,23 @@

         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         - name: TUF_ROOT
           value: /tmp/.sigstore
-        image: ghcr.io/fluxcd/source-controller:v1.2.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/source-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/kustomize-controller

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/kustomize-controller

@@ -37,13 +37,23 @@

         - --requeue-dependency=5s
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/kustomize-controller:v1.2.2
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/kustomize-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/helm-controller

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/helm-controller

@@ -41,13 +41,23 @@

         - --oom-watch-interval=500ms
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/helm-controller:v0.37.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/helm-controller:v1.0.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/notification-controller

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync Deployment: flux-system/notification-controller

@@ -32,13 +32,23 @@

         - --enable-leader-election
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/notification-controller:v1.2.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/notification-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync OCIRepository: flux-system/flux-manifests

+++ kubernetes/kube-nas/flux Kustomization: flux-system/flux-sync OCIRepository: flux-system/flux-manifests

@@ -7,9 +7,9 @@

     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: flux-manifests
   namespace: flux-system
 spec:
   interval: 24h
   ref:
-    tag: v2.2.3@sha256:187f6a409354d1a6156bb9ede0c81da13e1daccef421203575d23679ccc9b320
+    tag: v2.3.0@sha256:5870003e3c4fe4b946759f3fbf5a4a684b1bcc44ee8872f6764745cdde838e69
   url: oci://ghcr.io/fluxcd/flux-manifests

@tyriis-automation
Copy link
Contributor Author 

--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync ClusterRole: flux-system/crd-controller-flux-system

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync ClusterRole: flux-system/crd-controller-flux-system

@@ -86,7 +86,11 @@

   - list
   - watch
   - create
   - update
   - patch
   - delete
+- nonResourceURLs:
+  - /livez/ping
+  verbs:
+  - head
 
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/source-controller

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/source-controller

@@ -43,13 +43,23 @@

         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         - name: TUF_ROOT
           value: /tmp/.sigstore
-        image: ghcr.io/fluxcd/source-controller:v1.2.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/source-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/kustomize-controller

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/kustomize-controller

@@ -37,13 +37,23 @@

         - --requeue-dependency=5s
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/kustomize-controller:v1.2.2
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/kustomize-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/helm-controller

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/helm-controller

@@ -40,13 +40,23 @@

         - --oom-watch-interval=500ms
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/helm-controller:v0.37.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/helm-controller:v1.0.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/notification-controller

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync Deployment: flux-system/notification-controller

@@ -32,13 +32,23 @@

         - --enable-leader-election
         env:
         - name: RUNTIME_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/fluxcd/notification-controller:v1.2.4
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              containerName: manager
+              resource: limits.memory
+        image: ghcr.io/fluxcd/notification-controller:v1.3.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
             port: healthz
         name: manager
--- kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync OCIRepository: flux-system/flux-manifests

+++ kubernetes/talos-flux/flux Kustomization: flux-system/flux-sync OCIRepository: flux-system/flux-manifests

@@ -7,10 +7,10 @@

     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: flux-manifests
   namespace: flux-system
 spec:
   interval: 10m
   ref:
-    digest: sha256:187f6a409354d1a6156bb9ede0c81da13e1daccef421203575d23679ccc9b320
+    digest: sha256:5870003e3c4fe4b946759f3fbf5a4a684b1bcc44ee8872f6764745cdde838e69
     tag: v2.2.1
   url: oci://ghcr.io/fluxcd/flux-manifests

@tyriis-automation
Copy link
Contributor Author

tyriis-automation bot commented May 13, 2024
edited
Loading

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
❌ EDITORCONFIG editorconfig-checker 5 1 1.1s
✅ REPOSITORY gitleaks yes no 2.73s
✅ YAML prettier 3 0 0.7s
✅ YAML yamllint 5 0 0.43s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@tyriis
Copy link
Owner

tyriis commented May 21, 2024

updates of api resources, test if this will work by enabling kubernetes API in renovate (anyway the yaml-language-server annotations need to be adjusted

@jazzlyn
Copy link
Collaborator

jazzlyn commented May 22, 2024
edited
Loading

@tyriis can confirm
https://github.com/jazzlyn/kind-flux-demo/pull/14/files
https://github.com/jazzlyn/kind-flux-demo/pull/13/files
see config https://github.com/jazzlyn/kind-flux-demo/blob/main/.github/renovate.json5#L11

should be grouped either with flux changes or separate to flux-api with automerge disabled.

@tyriis tyriis merged commit 7055637 into main May 24, 2024
15 of 17 checks passed
@tyriis tyriis deleted the renovate/flux2 branch May 24, 2024 20:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes cluster/kube-nas cluster/talos-flux renovate/docker renovate docker datasource renovate/flux renovate flux manager renovate/github-release renovate/github-tag renovate/kustomize type/digest a digest update type/minor a minor update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tyriis @jazzlyn