v0.26.1

Flux v0.26.1 is a patch release that comes with fixes for the flux diff and flux bootstrap commands. Users are encouraged to upgrade for the best experience.

CLI Changelog

• PR #2382 - @somtochiama - Use client.Patch for suspend/resume operations
• PR #2380 - @souleb - Fix panic on bootstrap when orgRef is not retrieved
• PR #2377 - @souleb - Fix flux build/diff when parsing SOPS encrypted secrets
• PR #2376 - @stefanprodan - e2e: Fix Azure image update automation test
• PR #2375 - @souleb - Return exit code 1 when flux diff detects changes
• PR #2368 - @stefanprodan - Update dependencies
• PR #2364 - @robwittman - Add GPG signing to Github/Gitlab/Bitbucket bootstrap

v0.26.0

Highlights

Flux v0.26.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Breaking changes

• The minimum supported version of Kubernetes is now v1.20.6. Note that Flux may work on Kubernetes 1.19, but we don’t recommend running EOL versions in production.
• On multi-tenant clusters, Flux controllers are now using the native Kubernetes impersonation feature. When both spec.kubeConfig and spec.ServiceAccountName are specified in Flux custom resources, the controllers will impersonate the service account on the target cluster, previously the controllers ignored the service account.

Security enhancements

• Platform admins have the option to lock down Flux on multi-tenant clusters and enforce tenant isolation at namespace level without having to use a 3rd party admission controller.
• The Flux installation conforms to the Kubernetes restricted pod security standard and the Seccomp runtime default security profile was enabled for all controllers.
• The container images of all Flux's components are signed with Cosign and GitHub OIDC.
• Flux releases include a Software Bill of Materials (SBOM) that is available for download on the GitHub release page.

New features and improvements

• Preview local changes against live clusters with the flux diff kustomization command.
• Undo changes made directly on clusters (with kubectl server-side apply) to Flux managed objects.
• Native support for Hashicorp Vault token-based authentication when decrypting SOPS encrypted secrets.
• Auto-login to AWS ECR, Azure ACR and Google Cloud GCR for image update automation on EKS, AKS or GKE.
• On single-tenant clusters, image automation can now refer to Git repositories in other namespaces than the ImageImageUpdateAutomation object.

Components changelog

• source-controller v0.21.1 v0.21.0
• kustomize-controller v0.20.0
• helm-controller v0.16.0
• notification-controller v0.21.0
• image-reflector-controller v0.16.0
• image-automation-controller v0.20.0

CLI Changelog

• PR #2167 - @souleb - Preview local changes with flux build/diff kustomization
• PR #2356 - @stefanprodan - Adapt diff test to match Kubernetes 1.23.3 API response
• PR #2348 - @pjbgf - Add pkg-config to arm runners
• PR #2347 - @stealthybox - Fix output usage for flux get <sources|images>
• PR #2345 - @fluxcdbot - Update toolkit components
• PR #2343 - @stefanprodan - Set minimum supported version to Kubernetes 1.20.6
• PR #2342 - @stefanprodan - Run the CLI as non-root
• PR #2336 - @souleb - Upgrade go-git-providers to v0.5.3
• PR #2317 - @souleb - Add license Header to internal/build files
• PR #2316 - @pjbgf - [security] Enable pod security warnings for flux-system

v0.25.3

CLI Changelog

• PR #2305 - @stefanprodan - Update kubectl to 1.23.1 in flux-cli container image
• PR #2304 - @stefanprodan - ci: Fix release notes generator
• PR #2301 - @stefanprodan - Sign the release artifacts checksums and images
• PR #2300 - @stefanprodan - Fix Azure e2e tests and GoReleaser buildx directive
• PR #2296 - @relu - Fix Archlinux PKGBUILD check() run on ARM
• PR #2295 - @stefanprodan - Publish Flux Software Bill of Materials (SBOM)
• PR #2294 - @stefanprodan - Improve the bootstrap e2e test workflow

v0.25.2

Highlights

Flux v0.25.2 is a patch release that comes with a regression bug fix for Kubernetes 1.21 introduced in v0.25.0.

Components changelog

• kustomize-controller v0.19.1

CLI changelog

• PR #2291 - @fluxcdbot - Update kustomize-controller to v0.19.1
• PR #2290 - @stefanprodan - Update dependencies
• PR #2288 - @aryan9600 - Fix makefile envtest setup and usage
• PR #2141 - @schrej - Simplify arguments of flux trace command

Docker images

• docker pull fluxcd/flux-cli:v0.25.2
• docker pull ghcr.io/fluxcd/flux-cli:v0.25.2

v0.25.1

Highlights

Flux v0.25.1 is a patch release that comes with a regression bug fix for self-hosted GitLab bootstrap introduced in v0.25.0.

CLI changelog

• PR #2285 - @souleb - Update go-git-provider to fix GitLab bootstrap regression bug

Docker images

• docker pull fluxcd/flux-cli:v0.25.1
• docker pull ghcr.io/fluxcd/flux-cli:v0.25.1

v0.25.0

Highlights

Flux v0.25.0 comes with various bug fixes and no breaking changes. Users are encouraged to upgrade for the best experience.

This version aligns Flux and its components with the Kubernetes 1.23 release and Helm 3.7.
The Flux CLI and the GitOps Toolkit controllers are now build with Go 1.17 and Alpine 3.15.
In addition, various Go and OS packages were updated to fix known CVEs.

Note that Kubernetes 1.19 has reached end-of-life in November 2021. This is the last Flux release where Kubernetes 1.19 is supported.

Components changelog

• source-controller v0.20.1 v0.20.0
• kustomize-controller v0.19.0
• helm-controller v0.15.0
• notification-controller v0.20.1 v0.20.0
• image-reflector-controller v0.15.0
• image-automation-controller v0.19.0

CLI changelog

• PR #2281 - @Skarlso - Add optional bindir input to Flux GitHub Action
• PR #2280 - @stefanprodan - Update Git providers
• PR #2278 - @fluxcdbot - Update notification-controller to v0.20.1
• PR #2272 - @hiddeco - Update golang.org/x/crypto to latest main
• PR #2271 - @stefanprodan - Update toolkit components and packages
• PR #2259 - @fluxcdbot - Update toolkit components
• PR #2234 - @souleb - Use provided SSH hostname to sync with SSH
• PR #2223 - @stefanprodan - Add the Helm CLI to the GitHub ARM64 runners setup
• PR #2213 - @relu - Fix ./manifests/scripts/bundle.sh path resolution
• PR #2212 - @squaremo - [RFC-0001] Memorandum on the authorization model
• PR #2208 - @grafjo - Update kube-prometheus-stack to 23.2.0

Docker images

• docker pull fluxcd/flux-cli:v0.25.0
• docker pull ghcr.io/fluxcd/flux-cli:v0.25.0

v0.24.1

Highlights

This version comes with a change to the length of the SHA hex added to the SemVer metadata composed for a HelmChart from GitRepository and Bucket resources with a Revision reconcile strategy. Refer to the source-controller changelog for more information.

Components changelog

• source-controller v0.19.2
• kustomize-controller v0.18.2
• helm-controller v0.14.1

CLI changelog

• PR #2195 - @Nalum - Removing Kubernetes API Request Duration Graph
• PR #2194 - @kingdonb - monitoring: Pin kube-prometheus-stack to v19.3.0
• PR #2191 - @stefanprodan - Run the ARM64 e2e tests on Equinix hardware
• PR #2178 - @fluxcdbot - Update toolkit components
• PR #2159 - @hiddeco - cmd: start trace short description with T
• PR #2153 - @stefanprodan - e2e: Update Calico to v3.20

Docker images

• docker pull fluxcd/flux-cli:v0.24.1
• docker pull ghcr.io/fluxcd/flux-cli:v0.24.1

v0.24.0

Highlights

This version comes with a new command for bootstrapping Flux with BitBucket Server and Data Center repositories.
Please see the BitBucket documentation for more details.

It also contains breaking behavioral changes to HelmRepository and HelmChart resources:

• Helm repository index files and/or charts must not exceed the new declared runtime default limits to avoid out-of-memory crashes, overwriting the default configuration is possible.

  Type	Default max size (in MiB)	Option flag to overwrite
  Helm repository index	50MiB	--helm-index-max-size=<bytes>
  Helm chart	10MiB	--helm-chart-max-size=<bytes>
  Singe file from Helm chart	5MiB	--helm-chart-file-max-size=<bytes>

• Using ValuesFiles in a HelmChart will now append a .<Generation> to the SemVer metadata of the packaged chart and the revision of the Artifact. For example, v1.2.3+.5 for a HelmChart resource with generation 5. This ensures consumers of the chart are able to notice changes to the merged values without the underlying chart source (revision) changing.

Components changelog

• source-controller v0.19.0
• kustomize-controller v0.18.1
• helm-controller v0.14.0
• notification-controller v0.19.0
• image-automation-controller v0.18.0
• image-reflector-controller v0.14.0

CLI changelog

• PR #2070 - @souleb - bootstrap: add BitBucket Server (previously known as Stash) support
• PR #2123 - @somtochiama - Fix GitHub bootstrap when using custom TLS CA
• PR #2121 - @somtochiama - bootstrap: Add support for self-signed TLS certs by supplying a custom CA
• PR #2120 - @fluxcdbot - Update toolkit components
• PR #2113 - @stefanprodan - Remove deprecated io/ioutil from flux tree
• PR #2101 - @somtochiama - Update test files to use ecdsa key
• PR #2096 - @stefanprodan - Add e2e test for image automation
• PR #2091 - @vespian - Update Alpine to v3.14

Docker images

• docker pull fluxcd/flux-cli:v0.24.0
• docker pull ghcr.io/fluxcd/flux-cli:v0.24.0

v0.23.0

Highlights

This version comes with artifact integrity verification based on SHA-2 and fixes for image automation.

Components changelog

• source-controller v0.18.0
• kustomize-controller v0.18.0
• helm-controller v0.13.0
• image-reflector-controller v0.13.2

CLI changelog

• PR #2080 - @fluxcdbot - Update toolkit components

Docker images

• docker pull fluxcd/flux-cli:v0.23.0
• docker pull ghcr.io/fluxcd/flux-cli:v0.23.0

v0.22.1

Components changelog

• helm-controller v0.12.2
• image-reflector-controller v0.13.1
• image-automation-controller to v0.17.1

CLI changelog

• PR #2076 - @fluxcdbot - Update toolkit components
• PR #2075 - @jack-evans - Remove trailing --- for flux install to match flux bootstrap generated YAML

Docker images

• docker pull fluxcd/flux-cli:v0.22.1
• docker pull ghcr.io/fluxcd/flux-cli:v0.22.1