Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update dependency fluxcd/flux2 to v2.1.0 (#58)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [fluxcd/flux2](https://github.com/fluxcd/flux2) | Kustomization | minor | `v2.0.1` -> `v2.1.0` | --- ### Release Notes <details> <summary>fluxcd/flux2 (fluxcd/flux2)</summary> ### [`v2.1.0`](https://github.com/fluxcd/flux2/releases/tag/v2.1.0) [Compare Source](fluxcd/flux2@v2.0.1...v2.1.0) #### Highlights Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience. The [Flux APIs](#api-changes) were extended with new opt-in features in a backwards-compatible manner. The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies. The Flux alerting capabilities have been extended with [Datadog](https://fluxcd.io/flux/components/notification/provider/#pagerduity) support. The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes. :heart: Big thanks to all the Flux contributors that helped us with this release! #### Deprecations Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of `caFile`, `keyFile` and `certFile` keys. For more details about the TLS changes please see the [Kubernetes TLS Secrets section](#kubernetes-tls-secrets). Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the `kube-state-metrics` CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The `gotk_reconcile_condition` metrics was deprecated in favor of the `gotk_resource_info`. For more details about the new monitoring stack please see the [Flux Prometheus metrics documentation](https://fluxcd.io/flux/monitoring/metrics) and the [flux2-monitoring-example repository](https://github.com/fluxcd/flux2-monitoring-example). #### API changes ##### GitRepository v1 The [GitRepository](https://fluxcd.io/flux/components/source/gitrepositories/) API was extended with the following fields: - `.spec.proxySecretRef.name` is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings. - `.spec.verify.mode` now support one of the following values `HEAD`, `Tag`, `TagAndHEAD`. ##### Kustomization v1 The [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomization/) API was extended with two apply policies `IfNotPresent` and `Ignore`. Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations: | Annotation | Default | Values | Role | |-------------------------------------|------------|----------------------------------------------------------------|-----------------| | `kustomize.toolkit.fluxcd.io/ssa` | `Override` | - `Override`<br/>- `Merge`<br/>- `IfNotPresent`<br/>- `Ignore` | Apply policy | | `kustomize.toolkit.fluxcd.io/force` | `Disabled` | - `Enabled`<br/>- `Disabled` | Recreate policy | | `kustomize.toolkit.fluxcd.io/prune` | `Enabled` | - `Enabled`<br/>- `Disabled` | Delete policy | The `IfNotPresent` policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster. This policy can be used for Kubernetes `Secrets` and `ValidatingWebhookConfigurations` managed by cert-manager, where Flux creates the resources with fields that are later on mutated by other controllers. ##### ImageUpdateAutomation v1beta1 The [ImageUpdateAutomation](https://fluxcd.io/flux/components/image/imageupdateautomations/) was extended with the following fields: - `.spec.git.push.refspec` is an optional field used to specify a Git refspec used when pushing commits upstream. - `.spec.git.push.options` is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream. ##### Kubernetes TLS Secrets All the Flux APIs that accept TLS data have been modified to adopt Secrets of type `kubernetes.io/tls`. This includes: - **HelmRepository**: The field `.spec.secretRef` has been deprecated in favor of a new field [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/helmrepositories/#cert-secret-reference). - **OCIRepository**: Support for the `caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/ocirepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **ImageRepository**: Support for the`caFile`, `keyFile` and `certFile` keys in the Secret specified in [`.spec.certSecretRef`](https://fluxcd.io/flux/components/source/imagerepositories/#cert-secret-reference) have been deprecated in favor of `ca.crt`, `tls.key` and `tls.crt`. - **GitRepository**: CA certificate can now be provided in the Secret specified in `.spec.secretRef` using the `ca.crt` key, which takes precedence over the `caFile` key. #### Upgrade procedure Upgrade Flux from `v2.0.x` to `v2.1.0` either by [rerunning bootstrap](https://fluxcd.io/flux/installation/#bootstrap-upgrade) or by using the [Flux GitHub Action](https://github.com/fluxcd/flux2/tree/main/action). To upgrade Flux from `v0.x` to `v2.1.0` please follow the [Flux GA upgrade procedure](https://github.com/fluxcd/flux2/releases/tag/v2.0.0#upgrade). #### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | |--------------------|------------------| | `v1.25` | `>= 1.25.0` | | `v1.26` | `>= 1.26.0` | | `v1.27` | `>= 1.27.1` | | `v1.28` | `>= 1.28.0` | Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions. #### New Documentation - [Flux installation](https://fluxcd.io/flux/installation/) - [Flux bootstrap](https://fluxcd.io/flux/installation/bootstrap/) - [Flux configuration](https://fluxcd.io/flux/installation/configuration/) - [Flux Prometheus metrics](https://fluxcd.io/flux/monitoring/metrics/) - [Flux custom Prometheus metrics](https://fluxcd.io/flux/monitoring/custom-metrics/) - [Flux logs](https://fluxcd.io/flux/monitoring/logs/) - [Flux events](https://fluxcd.io/flux/monitoring/events/) #### Components changelog - source-controller [v1.1.0](https://github.com/fluxcd/source-controller/blob/v1.1.0/CHANGELOG.md) - kustomize-controller [v1.1.0](https://github.com/fluxcd/kustomize-controller/blob/v1.1.0/CHANGELOG.md) - notification-controller [v1.1.0](https://github.com/fluxcd/notification-controller/blob/v1.1.0/CHANGELOG.md) - helm-controller [v0.36.0](https://github.com/fluxcd/helm-controller/blob/v0.36.0/CHANGELOG.md) - image-reflector-controller [v0.30.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.30.0/CHANGELOG.md) - image-automation-controller [v0.36.0](https://github.com/fluxcd/image-automation-controller/blob/v0.36.0/CHANGELOG.md) #### CLI Changelog - PR [#​4189](fluxcd/flux2#4189) - [@​hiddeco](https://github.com/hiddeco) - Update dependencies - PR [#​4186](fluxcd/flux2#4186) - [@​fluxcdbot](https://github.com/fluxcdbot) - Update toolkit components - PR [#​4183](fluxcd/flux2#4183) - [@​somtochiama](https://github.com/somtochiama) - Fix autocompletion for helm chart - PR [#​4182](fluxcd/flux2#4182) - [@​hiddeco](https://github.com/hiddeco) - manifestgen/install: use clean default HTTP client - PR [#​4181](fluxcd/flux2#4181) - [@​hiddeco](https://github.com/hiddeco) - cmd/events: handle error value - PR [#​4180](fluxcd/flux2#4180) - [@​stefanprodan](https://github.com/stefanprodan) - Fix controller version info - PR [#​4177](fluxcd/flux2#4177) - [@​stefanprodan](https://github.com/stefanprodan) - Set min value for the `--ssh-rsa-bits` flag - PR [#​4176](fluxcd/flux2#4176) - [@​hiddeco](https://github.com/hiddeco) - ci: disable fail-fast for ARM end-to-end - PR [#​4175](fluxcd/flux2#4175) - [@​hiddeco](https://github.com/hiddeco) - build: update securejoin dependency - PR [#​4169](fluxcd/flux2#4169) - [@​darkowlzz](https://github.com/darkowlzz) - Add monitoring configuration deprecation notice - PR [#​4167](fluxcd/flux2#4167) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4166](fluxcd/flux2#4166) - [@​stefanprodan](https://github.com/stefanprodan) - e2e: Add Kubernetes v1.28.0 to conformance tests - PR [#​4151](fluxcd/flux2#4151) - [@​hiddeco](https://github.com/hiddeco) - ci: enable security-and-quality CodeQL query - PR [#​4147](fluxcd/flux2#4147) - [@​aryan9600](https://github.com/aryan9600) - Adopt Kubernetes style TLS Secrets and add relevant flags - PR [#​4142](fluxcd/flux2#4142) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4140](fluxcd/flux2#4140) - [@​somtochiama](https://github.com/somtochiama) - Disable azure e2e test - PR [#​4134](fluxcd/flux2#4134) - [@​sestegra](https://github.com/sestegra) - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard - PR [#​4131](fluxcd/flux2#4131) - [@​mraerino](https://github.com/mraerino) - Fix selection of kustomization resource from multi doc yaml - PR [#​4126](fluxcd/flux2#4126) - [@​stefanprodan](https://github.com/stefanprodan) - Set Kubernetes min version to 1.25 - PR [#​4077](fluxcd/flux2#4077) - [@​dependabot](https://github.com/dependabot)\[bot] - build(deps): bump the ci group with 2 updates - PR [#​4068](fluxcd/flux2#4068) - [@​stefanprodan](https://github.com/stefanprodan) - Update dependencies - PR [#​4065](fluxcd/flux2#4065) - [@​hiddeco](https://github.com/hiddeco) - action: support `openssl` and `sha256sum` - PR [#​4062](fluxcd/flux2#4062) - [@​souleb](https://github.com/souleb) - diff: Take into account the server-side inventory for local Flux Kustomizations - PR [#​4061](fluxcd/flux2#4061) - [@​hiddeco](https://github.com/hiddeco) - action: re-allow configuration of non-default token - PR [#​4057](fluxcd/flux2#4057) - [@​fluxcdbot](https://github.com/fluxcdbot) - Update toolkit components - PR [#​4052](fluxcd/flux2#4052) - [@​stefanprodan](https://github.com/stefanprodan) - docs: Link to the Flux GitHub Action documentation - PR [#​4051](fluxcd/flux2#4051) - [@​hiddeco](https://github.com/hiddeco) - action: use `$RUNNER_TOOL_CACHE`, support MacOS and Windows, validate checksum - PR [#​4046](fluxcd/flux2#4046) - [@​stefanprodan](https://github.com/stefanprodan) - ci: backport: set write permissions - PR [#​4043](fluxcd/flux2#4043) - [@​stefanprodan](https://github.com/stefanprodan) - ci: release: extract the image tag from GITHUB_REF - PR [#​4041](fluxcd/flux2#4041) - [@​hiddeco](https://github.com/hiddeco) - ci: release: disable interpretation backslash esc </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/58 Co-authored-by: Renovate <renovate@ptinem.io> Co-committed-by: Renovate <renovate@ptinem.io>
- Loading branch information