Releases: fluxcd/flux2
v0.26.1
Flux v0.26.1 is a patch release that comes with fixes for the flux diff
and flux bootstrap
commands. Users are encouraged to upgrade for the best experience.
CLI Changelog
- PR #2382 - @somtochiama - Use
client.Patch
for suspend/resume operations - PR #2380 - @souleb - Fix panic on bootstrap when orgRef is not retrieved
- PR #2377 - @souleb - Fix
flux build/diff
when parsing SOPS encrypted secrets - PR #2376 - @stefanprodan - e2e: Fix Azure image update automation test
- PR #2375 - @souleb - Return exit code 1 when
flux diff
detects changes - PR #2368 - @stefanprodan - Update dependencies
- PR #2364 - @robwittman - Add GPG signing to Github/Gitlab/Bitbucket bootstrap
v0.26.0
Highlights
Flux v0.26.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
- The minimum supported version of Kubernetes is now v1.20.6. Note that Flux may work on Kubernetes 1.19, but we don’t recommend running EOL versions in production.
- On multi-tenant clusters, Flux controllers are now using the native Kubernetes impersonation feature. When both
spec.kubeConfig
andspec.ServiceAccountName
are specified in Flux custom resources, the controllers will impersonate the service account on the target cluster, previously the controllers ignored the service account.
Security enhancements
- Platform admins have the option to lock down Flux on multi-tenant clusters and enforce tenant isolation at namespace level without having to use a 3rd party admission controller.
- The Flux installation conforms to the Kubernetes restricted pod security standard and the Seccomp runtime default security profile was enabled for all controllers.
- The container images of all Flux's components are signed with Cosign and GitHub OIDC.
- Flux releases include a Software Bill of Materials (SBOM) that is available for download on the GitHub release page.
New features and improvements
- Preview local changes against live clusters with the
flux diff kustomization
command. - Undo changes made directly on clusters (with kubectl server-side apply) to Flux managed objects.
- Native support for Hashicorp Vault token-based authentication when decrypting SOPS encrypted secrets.
- Auto-login to AWS ECR, Azure ACR and Google Cloud GCR for image update automation on EKS, AKS or GKE.
- On single-tenant clusters, image automation can now refer to Git repositories in other namespaces than the
ImageImageUpdateAutomation
object.
Components changelog
- source-controller v0.21.1 v0.21.0
- kustomize-controller v0.20.0
- helm-controller v0.16.0
- notification-controller v0.21.0
- image-reflector-controller v0.16.0
- image-automation-controller v0.20.0
CLI Changelog
- PR #2167 - @souleb - Preview local changes with flux build/diff kustomization
- PR #2356 - @stefanprodan - Adapt diff test to match Kubernetes 1.23.3 API response
- PR #2348 - @pjbgf - Add pkg-config to arm runners
- PR #2347 - @stealthybox - Fix output usage for
flux get <sources|images>
- PR #2345 - @fluxcdbot - Update toolkit components
- PR #2343 - @stefanprodan - Set minimum supported version to Kubernetes 1.20.6
- PR #2342 - @stefanprodan - Run the CLI as non-root
- PR #2336 - @souleb - Upgrade go-git-providers to v0.5.3
- PR #2317 - @souleb - Add license Header to internal/build files
- PR #2316 - @pjbgf - [security] Enable pod security warnings for flux-system
v0.25.3
CLI Changelog
- PR #2305 - @stefanprodan - Update kubectl to 1.23.1 in flux-cli container image
- PR #2304 - @stefanprodan - ci: Fix release notes generator
- PR #2301 - @stefanprodan - Sign the release artifacts checksums and images
- PR #2300 - @stefanprodan - Fix Azure e2e tests and GoReleaser buildx directive
- PR #2296 - @relu - Fix Archlinux PKGBUILD check() run on ARM
- PR #2295 - @stefanprodan - Publish Flux Software Bill of Materials (SBOM)
- PR #2294 - @stefanprodan - Improve the bootstrap e2e test workflow
v0.25.2
Highlights
Flux v0.25.2 is a patch release that comes with a regression bug fix for Kubernetes 1.21 introduced in v0.25.0.
Components changelog
- kustomize-controller v0.19.1
CLI changelog
- PR #2291 - @fluxcdbot - Update kustomize-controller to v0.19.1
- PR #2290 - @stefanprodan - Update dependencies
- PR #2288 - @aryan9600 - Fix makefile envtest setup and usage
- PR #2141 - @schrej - Simplify arguments of flux trace command
Docker images
docker pull fluxcd/flux-cli:v0.25.2
docker pull ghcr.io/fluxcd/flux-cli:v0.25.2
v0.25.1
Highlights
Flux v0.25.1 is a patch release that comes with a regression bug fix for self-hosted GitLab bootstrap introduced in v0.25.0.
CLI changelog
Docker images
docker pull fluxcd/flux-cli:v0.25.1
docker pull ghcr.io/fluxcd/flux-cli:v0.25.1
v0.25.0
Highlights
Flux v0.25.0 comes with various bug fixes and no breaking changes. Users are encouraged to upgrade for the best experience.
This version aligns Flux and its components with the Kubernetes 1.23 release and Helm 3.7.
The Flux CLI and the GitOps Toolkit controllers are now build with Go 1.17 and Alpine 3.15.
In addition, various Go and OS packages were updated to fix known CVEs.
Note that Kubernetes 1.19 has reached end-of-life in November 2021. This is the last Flux release where Kubernetes 1.19 is supported.
Components changelog
- source-controller v0.20.1 v0.20.0
- kustomize-controller v0.19.0
- helm-controller v0.15.0
- notification-controller v0.20.1 v0.20.0
- image-reflector-controller v0.15.0
- image-automation-controller v0.19.0
CLI changelog
- PR #2281 - @Skarlso - Add optional bindir input to Flux GitHub Action
- PR #2280 - @stefanprodan - Update Git providers
- PR #2278 - @fluxcdbot - Update notification-controller to v0.20.1
- PR #2272 - @hiddeco - Update golang.org/x/crypto to latest main
- PR #2271 - @stefanprodan - Update toolkit components and packages
- PR #2259 - @fluxcdbot - Update toolkit components
- PR #2234 - @souleb - Use provided SSH hostname to sync with SSH
- PR #2223 - @stefanprodan - Add the Helm CLI to the GitHub ARM64 runners setup
- PR #2213 - @relu - Fix ./manifests/scripts/bundle.sh path resolution
- PR #2212 - @squaremo - [RFC-0001] Memorandum on the authorization model
- PR #2208 - @grafjo - Update kube-prometheus-stack to 23.2.0
Docker images
docker pull fluxcd/flux-cli:v0.25.0
docker pull ghcr.io/fluxcd/flux-cli:v0.25.0
v0.24.1
Highlights
This version comes with a change to the length of the SHA hex added to the SemVer metadata composed for a HelmChart
from GitRepository
and Bucket
resources with a Revision
reconcile strategy. Refer to the source-controller changelog for more information.
Components changelog
CLI changelog
- PR #2195 - @Nalum - Removing Kubernetes API Request Duration Graph
- PR #2194 - @kingdonb - monitoring: Pin kube-prometheus-stack to v19.3.0
- PR #2191 - @stefanprodan - Run the ARM64 e2e tests on Equinix hardware
- PR #2178 - @fluxcdbot - Update toolkit components
- PR #2159 - @hiddeco - cmd: start trace short description with T
- PR #2153 - @stefanprodan - e2e: Update Calico to v3.20
Docker images
docker pull fluxcd/flux-cli:v0.24.1
docker pull ghcr.io/fluxcd/flux-cli:v0.24.1
v0.24.0
Highlights
This version comes with a new command for bootstrapping Flux with BitBucket Server and Data Center repositories.
Please see the BitBucket documentation for more details.
It also contains breaking behavioral changes to HelmRepository
and HelmChart
resources:
-
Helm repository index files and/or charts must not exceed the new declared runtime default limits to avoid out-of-memory crashes, overwriting the default configuration is possible.
Type Default max size (in MiB) Option flag to overwrite Helm repository index 50MiB --helm-index-max-size=<bytes>
Helm chart 10MiB --helm-chart-max-size=<bytes>
Singe file from Helm chart 5MiB --helm-chart-file-max-size=<bytes>
-
Using
ValuesFiles
in aHelmChart
will now append a.<Generation>
to the SemVer metadata of the packaged chart and the revision of the Artifact. For example,v1.2.3+.5
for aHelmChart
resource with generation5
. This ensures consumers of the chart are able to notice changes to the merged values without the underlying chart source (revision) changing.
Components changelog
- source-controller v0.19.0
- kustomize-controller v0.18.1
- helm-controller v0.14.0
- notification-controller v0.19.0
- image-automation-controller v0.18.0
- image-reflector-controller v0.14.0
CLI changelog
- PR #2070 - @souleb - bootstrap: add BitBucket Server (previously known as Stash) support
- PR #2123 - @somtochiama - Fix GitHub bootstrap when using custom TLS CA
- PR #2121 - @somtochiama - bootstrap: Add support for self-signed TLS certs by supplying a custom CA
- PR #2120 - @fluxcdbot - Update toolkit components
- PR #2113 - @stefanprodan - Remove deprecated
io/ioutil
fromflux tree
- PR #2101 - @somtochiama - Update test files to use ecdsa key
- PR #2096 - @stefanprodan - Add e2e test for image automation
- PR #2091 - @vespian - Update Alpine to v3.14
Docker images
docker pull fluxcd/flux-cli:v0.24.0
docker pull ghcr.io/fluxcd/flux-cli:v0.24.0
v0.23.0
Highlights
This version comes with artifact integrity verification based on SHA-2 and fixes for image automation.
Components changelog
- source-controller v0.18.0
- kustomize-controller v0.18.0
- helm-controller v0.13.0
- image-reflector-controller v0.13.2
CLI changelog
- PR #2080 - @fluxcdbot - Update toolkit components
Docker images
docker pull fluxcd/flux-cli:v0.23.0
docker pull ghcr.io/fluxcd/flux-cli:v0.23.0
v0.22.1
Components changelog
CLI changelog
- PR #2076 - @fluxcdbot - Update toolkit components
- PR #2075 - @jack-evans - Remove trailing
---
forflux install
to matchflux bootstrap
generated YAML
Docker images
docker pull fluxcd/flux-cli:v0.22.1
docker pull ghcr.io/fluxcd/flux-cli:v0.22.1