fluxcd · Sep 10, 2021 · Sep 10, 2021 · Sep 10, 2021 · Sep 30, 2021 · Sep 30, 2021
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -30,18 +30,12 @@ jobs:
           image: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
       - name: Setup Kustomize
         uses: fluxcd/pkg//actions/kustomize@main
-      - name: Setup Kubebuilder
-        uses: fluxcd/pkg//actions/kubebuilder@main
       - name: Setup Kubectl
         uses: fluxcd/pkg/actions/kubectl@main
         with:
           version: 1.21.2
-      - name: Override Kubebuilder kubectl
-        run: sudo cp /usr/local/bin/kubectl /home/runner/work/kustomize-controller/kustomize-controller/kubebuilder/bin/kubectl
-      - name: Run tests
+      - name: Run controller tests
         run: make test
-        env:
-          KUBEBUILDER_ASSETS: ${{ github.workspace }}/kubebuilder/bin
       - name: Check if working tree is dirty
         run: |
           if [[ $(git diff --stat) != '' ]]; then
@@ -51,8 +45,6 @@ jobs:
           fi
       - name: Build container image
         run: make docker-build IMG=test/kustomize-controller:latest
-        env:
-          KUBEBUILDER_ASSETS: ${{ github.workspace }}/kubebuilder/bin
       - name: Load test image
         run: kind load docker-image test/kustomize-controller:latest
       - name: Install CRDs
@@ -66,13 +58,12 @@ jobs:
             echo -e "${RESULT}\n\ndoes not equal\n\n${EXPECTED}"
             exit 1
           fi
+          kubectl delete -f config/testdata/status-defaults
       - name: Deploy controllers
         run: |
           make dev-deploy IMG=test/kustomize-controller:latest
           kubectl -n kustomize-system rollout status deploy/source-controller --timeout=1m
           kubectl -n kustomize-system rollout status deploy/kustomize-controller --timeout=1m
-        env:
-          KUBEBUILDER_ASSETS: ${{ github.workspace }}/kubebuilder/bin
       - name: Run overlays tests
         run: |
           kubectl -n kustomize-system apply -k ./config/testdata/overlays
@@ -90,6 +81,11 @@ jobs:
           kubectl -n impersonation wait kustomizations/podinfo --for=condition=ready --timeout=4m
           kubectl -n impersonation delete kustomizations/podinfo
           until kubectl -n impersonation get deploy/podinfo 2>&1 | grep NotFound ; do sleep 2; done
+      - name: Run CRDs + CRs tests
+        run: |
+          kubectl -n kustomize-system apply -f ./config/testdata/crds-crs
+          kubectl -n kustomize-system wait kustomizations/certs --for=condition=ready --timeout=4m
+          kubectl -n kustomizer-cert-test wait issuers/my-ca-issuer --for=condition=ready --timeout=1m
       - name: Logs
         run: |
           kubectl -n kustomize-system logs deploy/source-controller

diff --git a/.gitignore b/.gitignore
@@ -13,6 +13,7 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+testbin/
 bin/
 config/release/
 config/crd/bases/gitrepositories.yaml

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,60 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.15.0
+
+**Release date:** 2021-10-08
+
+This prerelease comes with a [new reconciler](https://github.com/fluxcd/kustomize-controller/pull/426)
+based on Kubernetes server-side apply and graduates the API to `v1beta2`.
+
+The controller dependencies has been updated to match
+kustomize [v4.4.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.4.0)
+which restores the usage of YAML anchors.
+
+**Breaking changes**
+
+- Namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported.
+  Setting a namespace for all objects reconciled by a Kustomization can be done with `spec.targetNamespace`.
+- The logs, events and alerts that report Kubernetes namespaced object changes are
+  now using the `Kind/Namespace/Name` format instead of `Kind/Name`.
+- The minimum required version of Kubernetes has changed to:
+
+    | Kubernetes version | Minimum required |
+    | --- | --- |
+    | `v1.16` | `>= 1.16.11` |
+    | `v1.17` | `>= 1.17.7` |
+    | `v1.18` | `>= 1.18.4` |
+    | `v1.19` and later | `>= 1.19.0` |
+
+**Features and Improvements**
+
+- Being able to validate and reconcile sources that contain both CRDs and CRs.
+- Being able to wait for all the applied resources to become ready
+  without requiring users to fill-in the health check list.
+- Improve performance (CPU, memory, network, FD usage) and reduce the number of calls to Kubernetes API
+  by replacing kubectl execs with a specialized applier written in Go.
+- Detect and report drift between the desired state (git, s3, etc) and cluster state reliably.
+- Improve the overall observably of the reconciliation process by reporting in real-time
+  the garbage collection and health assessment actions.
+- Reconcile empty sources including pruning of all the resources previously applied.
+- Mask secrets data in logs, events and alerts.
+
+**API changes**
+
+The `kustomize.toolkit.fluxcd.io/v1beta2` API is backwards compatible with `v1beta1`.
+
+Additions, deprecations and removals:
+- `.spec.patchesStrategicMerge` deprecated in favour of `.spec.patches`
+- `.spec.patchesJson6902` deprecated in favour of `.spec.patches`
+- `.spec.validation` deprecated and no longer used (server-side validation is implicit)
+- `.spec.wait` added (when enabled, will wait for all the reconciled resources to become ready)
+- `.status.snapshot` replaced by `.status.inventory`
+
+Updating the manifests in Git to `v1beta2` can be done at any time after the kustomize-controller upgrade.
+All users are encouraged to update the manifests as the deprecated fields
+will be removed when the next API version will be released.
+
 ## 0.14.1
 
 **Release date:** 2021-09-09

diff --git a/Dockerfile b/Dockerfile
@@ -1,19 +1,7 @@
 FROM golang:1.16-alpine as builder
 
-ARG TARGETPLATFORM
-
 WORKDIR /workspace
 
-RUN apk add --no-cache ca-certificates curl
-
-RUN kubectl_ver=1.21.3 && \
-arch=${TARGETPLATFORM:-linux/amd64} && \
-if [ "$TARGETPLATFORM" == "linux/arm/v7" ]; then arch="linux/arm"; fi && \
-curl -sL https://storage.googleapis.com/kubernetes-release/release/v${kubectl_ver}/bin/${arch}/kubectl \
--o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl
-
-RUN kubectl version --client=true
-
 # copy api submodule
 COPY api/ api/
 
@@ -38,7 +26,6 @@ LABEL org.opencontainers.image.source="https://github.com/fluxcd/kustomize-contr
 
 RUN apk add --no-cache ca-certificates tini git openssh-client gnupg
 
-COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/
 COPY --from=builder /workspace/kustomize-controller /usr/local/bin/
 
 # Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries.
@@ -50,6 +37,5 @@ RUN addgroup -S controller && adduser -S controller -G controller
 USER controller
 
 ENV GNUPGHOME=/tmp
-COPY config/kubeconfig /home/controller/.kube/config
 
 ENTRYPOINT [ "/sbin/tini", "--", "kustomize-controller" ]
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 IMG ?= fluxcd/kustomize-controller:latest
 # Produce CRDs that work back to Kubernetes 1.16
 CRD_OPTIONS ?= crd:crdVersions=v1
-SOURCE_VER ?= v0.15.4
+SOURCE_VER ?= v0.16.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -13,10 +13,16 @@ endif
 
 all: manager
 
-# Run tests
-test: generate fmt vet manifests api-docs download-crd-deps
-	go test ./... -coverprofile cover.out
-	cd api; go test ./... -coverprofile cover.out
+# Download the envtest binaries to testbin
+ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
+ENVTEST_AKUBERNETES_VERSION=latest
+install-envtest: setup-envtest
+	$(SETUP_ENVTEST) use $(ENVTEST_AKUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR)
+
+# Run controller tests
+KUBEBUILDER_ASSETS?="$(shell $(SETUP_ENVTEST) use -i $(ENVTEST_AKUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
+test: generate fmt vet manifests api-docs download-crd-deps install-envtest
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) go test ./controllers/...  -v -coverprofile cover.out
 
 # Build manager binary
 manager: generate fmt vet
@@ -65,7 +71,7 @@ manifests: controller-gen
 
 # Generate API reference documentation
 api-docs: gen-crd-api-reference-docs
-	$(API_REF_GEN) -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/kustomize.md
+	$(API_REF_GEN) -api-dir=./api/v1beta2 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/kustomize.md
 
 # Run go mod tidy
 tidy:
@@ -130,3 +136,18 @@ API_REF_GEN=$(GOBIN)/gen-crd-api-reference-docs
 else
 API_REF_GEN=$(shell which gen-crd-api-reference-docs)
 endif
+
+setup-envtest:
+ifeq (, $(shell which setup-envtest))
+	@{ \
+	set -e ;\
+	SETUP_ENVTEST_TMP_DIR=$$(mktemp -d) ;\
+	cd $$SETUP_ENVTEST_TMP_DIR ;\
+	go mod init tmp ;\
+	go get sigs.k8s.io/controller-runtime/tools/setup-envtest@latest ;\
+	rm -rf $$SETUP_ENVTEST_TMP_DIR ;\
+	}
+SETUP_ENVTEST=$(GOBIN)/setup-envtest
+else
+SETUP_ENVTEST=$(shell which setup-envtest)
+endif
diff --git a/PROJECT b/PROJECT
@@ -1,6 +1,9 @@
 domain: toolkit.fluxcd.io
 repo: github.com/fluxcd/kustomize-controller
 resources:
+- group: kustomize
+  kind: Kustomization
+  version: v1beta2
 - group: kustomize
   kind: Kustomization
   version: v1beta1

diff --git a/README.md b/README.md
@@ -19,15 +19,15 @@ Features:
 * generates the `kustomization.yaml` file if needed
 * generates Kubernetes manifests with kustomize build
 * decrypts Kubernetes secrets with Mozilla SOPS
-* validates the build output with client-side or APIServer dry-run
+* validates the build output with server-side apply dry-run
 * applies the generated manifests on the cluster
 * prunes the Kubernetes objects removed from source
 * checks the health of the deployed workloads
 * runs `Kustomizations` in a specific order, taking into account the depends-on relationship 
 * notifies whenever a `Kustomization` status changes
 
 Specifications:
-* [API](docs/spec/v1beta1/README.md)
+* [API](docs/spec/v1beta2/README.md)
 * [Controller](docs/spec/README.md)
 
 ## Usage
@@ -55,7 +55,7 @@ flux install
 Create a source object that points to a Git repository containing Kubernetes and Kustomize manifests:
 
 ```yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: GitRepository
 metadata:
   name: podinfo
@@ -88,7 +88,7 @@ kubectl -n flux-system annotate --overwrite gitrepository/podinfo reconcile.flux
 Create a kustomization object that uses the git repository defined above:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-dev
@@ -100,7 +100,6 @@ spec:
   sourceRef:
     kind: GitRepository
     name: podinfo
-  validation: client
   healthChecks:
     - kind: Deployment
       name: frontend
@@ -147,12 +146,12 @@ kubectl -n flux-system logs deploy/kustomize-controller | jq .
   "kustomization": "flux-system/podinfo-dev",
   "output": {
     "namespace/dev": "created",
-    "service/frontend": "created",
-    "deployment.apps/frontend": "created",
-    "horizontalpodautoscaler.autoscaling/frontend": "created",
-    "service/backend": "created",
-    "deployment.apps/backend": "created",
-    "horizontalpodautoscaler.autoscaling/backend": "created"
+    "service/dev/frontend": "created",
+    "deployment/dev/frontend": "created",
+    "horizontalpodautoscaler/dev/frontend": "created",
+    "service/dev/backend": "created",
+    "deployment/dev/backend": "created",
+    "horizontalpodautoscaler/dev/backend": "created"
   }
 }
 ```
@@ -182,7 +181,7 @@ status:
 ```json
 {
   "kustomization": "flux-system/podinfo-dev",
-  "error": "Error from server (NotFound): error when creating podinfo-dev.yaml: namespaces dev not found"
+  "error": "Error when creating 'Service/dev/frontend': namespaces dev not found"
 }
 ```
 
@@ -195,7 +194,7 @@ When combined with health assessment, a kustomization will run after all its dep
 For example, a service mesh proxy injector should be running before deploying applications inside the mesh:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: istio
@@ -212,7 +211,7 @@ spec:
       namespace: istio-system
   timeout: 2m
 ---
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-dev
@@ -251,7 +250,7 @@ that matches the semver range.
 Create a production kustomization and reference the git source that follows the latest semver release:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-production

diff --git a/api/go.mod b/api/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/fluxcd/pkg/apis/kustomize v0.2.0
 	github.com/fluxcd/pkg/apis/meta v0.10.0
 	github.com/fluxcd/pkg/runtime v0.12.0
-	k8s.io/apiextensions-apiserver v0.21.3
-	k8s.io/apimachinery v0.21.3
-	sigs.k8s.io/controller-runtime v0.9.5
+	k8s.io/apiextensions-apiserver v0.22.2
+	k8s.io/apimachinery v0.22.2
+	sigs.k8s.io/controller-runtime v0.10.1
 )