Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deps): update fluxcd/flux2 to v0.28.0 #417

Merged
merged 1 commit into from
Mar 25, 2022
Merged

feat(deps): update fluxcd/flux2 to v0.28.0 #417

merged 1 commit into from
Mar 25, 2022

Conversation

bloopy-boi[bot]
Copy link
Contributor

@bloopy-boi bloopy-boi bot commented Mar 23, 2022

This PR contains the following updates:

Package Update Change
fluxcd/flux2 minor v0.27.4 -> v0.28.0

Release Notes

fluxcd/flux2

v0.28.0

Compare Source

Flux v0.28.0 comes with new reconcilers for Source kinds and graduates the Flux Source API to v1beta2.

Breaking changes

  • From this version on, controllers depending on Source kinds (kustomize-controller, helm-controller and image-automation-controller) do now require the Source v1beta2 Custom Resource Definition to be present on the cluster.

Features and improvements

API specifications in a user-friendly format

The new specifications for the v1beta2 API have been written in a new format with the aim to be more valuable to a user. Featuring separate sections with examples, and information on how to write and work with them.

Artifact now advertises size

The size (in bytes) of a tarball Artifact is now advertised in the Size (.size) field of the Artifact. This can be utilized by users to e.g. quickly see if .sourceignore rules have an effect, or be displayed in a UI.

Azure Blob Storage support for Bucket resources

The .spec.provider of a Bucket resource can now be set to azure to instruct the source-controller to use the Azure Blob Storage SDK while fetching objects. This allows for authenticating using Service Principals, Managed Identities and Shared Keys.

For more information, see the Bucket spec about the Azure provider.

Azure Key Vault multi-tenancy

Kustomization resources making use of SOPS with Azure Key Vault as the backing KMS are now allowed to refer to Azure credentials in the tenant's namespace.

For more information, see the Kustomization spec about Azure Key Vault Secret entries.

Enhanced Kubernetes Conditions

Source API resources will now advertise more explicit Condition types (more about the types in API changes), provide Reconciling and Stalled Conditions where applicable for better integration with kstatus, and record the Observed Generation on the Condition.

For a detailed overview per Source type, refer to the spec:

Enhanced Kubernetes Events (and notifications)

The Kubernetes Events the source-controller emits have been reworked to provide a proper reason, and more informative messages. Users making use of the notification-controller will notice this as well, as this same information is used to compose notifications.

Experimental managed transport for libgit2 Git implementation

The libgit2 Git implementation supports a new experimental transport to improve reliability, adding timeout enforcement for Git network operations. Opt-in by setting the environment variable EXPERIMENTAL_GIT_TRANSPORT to true in the source-controller and/or image-automation-controller their Deployment.

This will result in the low-level transport being handled by the controller, instead of libgit2. It may result in an increased number of timeout messages in the logs, however it will remove the ability of Git operations to make the controllers hang indefinitely.

Manage cluster addons

A new addition (kustomize.toolkit.fluxcd.io/ssa: merge) is available for allowing Flux to patch cluster addons such as CoreDNS without the kustomize-controller removing the kubectl managed fields.

For more information, see the Kustomization spec about reconciliation.

Reuse of HTTP/S transport for Helm repository index and chart downloads

The Helm dependency has been updated to v3.8.1, with a patch applied from https://github.com/helm/helm/pull/10568. Using this patch, the HTTP transports are now managed by the ource-controller, to prevent the clogging of thousands of open TCP connections on some instances.

Update of libgit2 Git implementation to v1.3.x

The libgit2 Git implementation has been updated to v1.3.x, allowing us to provide better error signals for authentication, certificate and transport failures. Effectively, this means that instead of a unable to clone: User error string, a descriptive one is now given.

In addition, NO_PROXY settings are now properly taken into account.

Preparation of support for rsa-ssh2-256/512

The dependency on golang.org/x/crypto has been updated to v0.0.0-20220315160706-3147a52a75dd, as preparation of support for rsa-ssh2-256/512. This should theoretically work out of the box for known_hosts entries and go-git Git provider credentials, but has not been widely tested.

API changes

The source.toolkit.fluxcd.io/v1beta2 API is backwards compatible with v1beta1.

  • Introduction of Reconciling and Stalled Condition types for better integration with kstatus.
  • Introduction of new Condition types to provide better signals and failure indications:
    • ArtifactOutdated: indicates the current Artifact of the Source is outdated.
    • SourceVerified: indicates the integrity of the Source has been verified.
    • FetchFailed: indicates a transient or persistent fetch failure of the upstream Source.
    • BuildFailed: indicates a transient or persistent build failure of a Source's Artifact.
    • StorageOperationFailed: indicates a transient or persistent failure related to storage.
    • IncludeUnavailable: indicates an include is not available. For example, because it does not exist, or does not have an Artifact.
  • Introduction of a Size (in bytes) field (.status.artifact.size) in the Artifact object.
  • Introduction of ObservedChartName (.status.observedChartName) and ObservedSourceArtifactRevision (.status.observedSourceArtifactRevision) fields in the HelmChart Status.
  • Introduction of azure provider implementation for Bucket.

Upgrade procedure

To upgrade your cluster, download the Flux CLI binary from the release page and rerun the flux bootstrap command. This will upgrade the Flux components on your cluster to the latest version. Other upgrade options can be found on the docs website.

ℹ️ Note that updating the manifests in Git from source.toolkit.fluxcd.io/v1beta1 to source.toolkit.fluxcd.io/v1beta2 can be done at any time after the Flux components upgrade. All users are encouraged to update the manifests as any deprecated fields will be removed when the next API version will be released. For more information, see post upgrade.

Terrafrom upgrade

When using the Terraform provider for Flux, you have to manually remove the v1beta2 GitRepository from the TF state:

terraform state rm 'kubectl_manifest.sync["source.toolkit.fluxcd.io/v1beta1/gitrepository/flux-system/flux-system"]'
Other upgrade methods

When upgrading without the CLI or Terraform (using e.g. GitHub Actions or RenovateBot), we recommend to bump the GitRepository API version in gotk-sync.yaml to v1beta2.

Post upgrade

After rolling out the upgrade, and when you have confirmed things to be working as expected. Resources in Git which refer to source.toolkit.fluxcd.io/v1beta1 can be updated to refer to source.toolkit.fluxcd.io/v1beta2:

@​@​ -1,4 +1,4 @​@​
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: GitRepository
 metadata:
   name: gitrepository-sample

Components Changelog

CLI Changelog

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

@bloopy-boi bloopy-boi bot requested a review from h3mmy as a code owner March 23, 2022 14:21
@bloopy-boi bloopy-boi bot added type/minor size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. area/cluster Changes made in the cluster directory labels Mar 23, 2022
@bloopy-boi bloopy-boi bot force-pushed the renovate/fluxcd-flux2-0.x branch from 47ab795 to 22b24d6 Compare March 23, 2022 21:17
@renovate renovate bot force-pushed the renovate/fluxcd-flux2-0.x branch from 22b24d6 to af152d1 Compare March 23, 2022 21:18
@bloopy-boi bloopy-boi bot force-pushed the renovate/fluxcd-flux2-0.x branch from af152d1 to adc3118 Compare March 23, 2022 22:22
@bloopy-boi bloopy-boi bot force-pushed the renovate/fluxcd-flux2-0.x branch from adc3118 to 4b73ac6 Compare March 24, 2022 08:26
h3mmy
h3mmy approved these changes Mar 25, 2022
View reviewed changes
Copy link
Owner

@h3mmy h3mmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should update HelmRepository APIs before next update

@h3mmy h3mmy merged commit a331915 into main Mar 25, 2022
@h3mmy h3mmy deleted the renovate/fluxcd-flux2-0.x branch March 25, 2022 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3mmy h3mmy h3mmy approved these changes

Assignees
No one assigned
Labels
area/cluster Changes made in the cluster directory size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@h3mmy