All notable changes to this project are documented in this file.
Release date: 2022-11-22
This prerelease comes with a change to the Event API, which is now declared
in the github.com/fluxcd/pkg/apis/event/v1beta1
package. For more information, refer to the updated Event API
documentation.
In addition, dependencies have been updated.
Fixes:
- Remove
nsswitch.confcreation #439
Improvements:
- Refactor notifiers to use Flux Event v1beta1 API #442
- Update dependencies #442
- docs: update spec to reflect v1beta1 Event API #443
Release date: 2022-10-20
This prerelease comes with a new Alert Provider type named generic-hmac
for authenticating the webhook requests coming from notification-controller.
In addition, the controller dependencies have been updated to Kubernetes v1.25.3.
The golang.org/x/text package was updated to v0.4.0 (fix for CVE-2022-32149).
Features:
- Add
generic-hmacProvider #426
Improvements:
- Update dependencies #430
Release date: 2022-09-27
This prerelease comes with strict validation rules for API fields which define a
(time) duration. Effectively, this means values without a time unit (e.g. ms,
s, m, h) will now be rejected by the API server. To stimulate sane
configurations, the units ns, us and µs can no longer be configured, nor
can h be set for fields defining a timeout value.
In addition, the controller dependencies have been updated to Kubernetes controller-runtime v0.13.
Provider.spec.timeoutnew validation pattern is"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
Improvements:
- api: add custom validation for v1.Duration types #420
- Update dependencies #423
- Dockerfile: Build with Go 1.19 #424
- docs: Fix table with git commit status providers #421
Release date: 2022-09-12
This prerelease comes with with finalizers to properly record the reconciliation metrics for deleted resources. In addition, the controller dependencies have been updated to Kubernetes controller-runtime v0.12.
Improvements:
- Align controller logs to Kubernetes structured logging #412
- Add finalizers to the custom resources #416
- Add
.spec.timeoutto the Provider API #410 - Refactor Fuzzers based on Go native fuzzing #414
- Fuzz optimisations #413
Release date: 2022-08-29
This prerelease comes with panic recovery, to protect the controller from crashing when reconciliations lead to a crash.
In addition, the controller dependencies have been updated to Kubernetes v1.25.0.
Fixes:
- Fix context cancel defer for commit status updates #408
Improvements:
Release date: 2022-08-11
This prerelease comes with a fix to GitHub Container Registry webhook receivers.
Starting with this version, Flux Receivers can be used to trigger OCIRepositories
reconciliation when pushing OCI artifacts to GHCR from GH Action.
Fixes:
- Remove code for parsing github payload #401
Improvements:
- Add flags to configure exponential back-off retry #399
Release date: 2022-08-08
This prerelease comes with support for sending alerts based on OCIRepository events.
In addition, various dependencies have been updated to their latest versions.
Improvements:
- Add OCIRepository event source #396
- Update dependencies #397
- Add missing language to fenced code block #394
Release date: 2022-07-13
This prerelease comes with some minor improvements and updates dependencies to patch upstream CVEs.
Improvements:
- Force github.com/emicklei/go-restful to v2.16.0 #390
- Update flux types api versions #381
- Update Azure DevOps Go API #384
- Update dependencies #387
- Use masktoken pkg for redacting token #388
- build: Upgrade to Go 1.18 #389
Release date: 2022-05-27
This prerelease comes with support for triggering GitHub Actions workflows using the repository dispatch provider. For more information on how to configure this integration see the alerting provider docs.
Features:
- Add GitHub dispatch provider #369
Improvements:
- Better error messages for alert providers #375
- Add docs for Microsoft Teams #370
- Update dependencies #371 #373 #379
Release date: 2022-05-03
This prerelease comes with dependencies updates, and improvements to the BitBucket commit status notifications.
Improvements:
Release date: 2022-04-21
This prerelease updates the Go golang.org/x/crypto dependency to latest to
please static security analysers (CVE-2022-27191).
Fixes:
- Update golang.org/x/crypto #367
Release date: 2022-04-19
This prerelease solves an issue with invalid UTF-8 characters while redacting tokens. Furthermore, dependencies have been updated to their latest versions.
Improvements:
- Update dependencies #364
Fixes:
- Return err on invalid UTF-8 character in token #361
Release date: 2022-03-30
This prerelease comes with updates to the Webex notification provider and its integration docs.
In addition, various dependencies have been updated to their latest versions.
Improvements:
- Update the webex notification provider and markdown #352
- Align version of dependencies when Fuzzing #354
- Update fluxcd/pkg/runtime to v0.13.4 #355
Release date: 2022-03-23
This prerelease comes with strict filtering of events metadata. Starting with this version, the metadata keys considered for alerting must be prefixed with the involved object API group.
Improvements:
- Filter event metadata based on the object group #350
Release date: 2022-03-21
This prerelease updates various dependencies to their latest versions.
The code base was refactored to align with fluxcd/pkg/runtime v0.13 release.
Improvements:
- Update
pkg/runtimeandapis/meta#345 - Update dependencies #346
- Cleanup metadata fields before alerting #347
Release date: 2022-03-15
This prerelease patches the Deployment manifest to set the
.spec.securityContext.fsGroup, which may be required for some EKS setups as
reported in fluxcd/flux2#2537.
In addition, it also updates nhooyr.io/websocket to v1.8.7 and
github.com/gin-gonic/gin to v1.7.7, to please static security analysers and
fix any warnings.
Improvements:
Release date: 2022-02-23
This prerelease patches the container image tag in the Deployment manifest that was previously missed in 0.22.1.
Release date: 2022-02-22
This prerelease comes with support for using basic auth when sending alerts to Grafana annotations API.
Improvements:
- Add basic auth support to Grafana provider #334
- Allow the proxy address to specified in the Kubernetes Secret from Alert
spec.secretRef#331 - Switch to controller-runtime metadata client #330
- Update dependencies #333
Release date: 2022-02-16
This prerelease comes with support for sending alerts to Grafana annotations API.
In addition, the Alert API comes with an optional field spec.eventSources[].matchLabels that allows selecting event sources based on labels.
Features:
Improvements:
- Update documentation for alert provider type #321
- Make username and channel field optional for Discord provider #324
Release date: 2022-01-28
This prerelease comes with security improvements for multi-tenant clusters.
Platform admins can disable cross-namespace references with the
--no-cross-namespace-refs=true flag.
When this flag is set, alerts can only refer to event sources in the same namespace
as the alert object, preventing tenants from subscribing to another tenant's events.
Starting with this version, the controller deployment conforms to the Kubernetes restricted pod security standard:
- all Linux capabilities were dropped
- the root filesystem was set to read-only
- the seccomp profile was set to the runtime default
- run as non-root was enabled
- the user and group ID was set to 65534
Breaking changes:
- The use of new seccomp API requires Kubernetes 1.19.
- The controller container is now executed under 65534:65534 (userid:groupid). This change may break deployments that hard-coded the user ID of 'controller' in their PodSecurityPolicy.
Features:
- Pass headers to generic provider through secretRef #317
Improvements:
- Allow disabling cross-namespace event sources #319
- Drop capabilities, enable seccomp and enforce runAsNonRoot #313
- Publish SBOM and sign release artifacts #314
- Add fuzz testing for notifiers #306
- Add documentation for gitea #308
- Update development documentation #309
Fixes:
- Fix(Provider/Matrix): Load CA from CertSecretRef #318
- Fix the missing protocol for the first port in manager config #315
Release date: 2022-01-11
This prerelease comes with a fix for the Prometheus Alertmanager provider and
downgrades the fluxcd/pkg/apis/meta package from v0.11.0-rc.3 to v0.10.2
which is required by flux2.
Fixes:
- Downgrade fluxcd/pkg/apis/meta to v0.10.2 #303
- Add timestamp as label for Prometheus Alertmanager #298
Release date: 2022-01-11
This prerelease comes with an update to the Kubernetes and controller-runtime dependencies to align them with the Kubernetes 1.23 release.
In addition, the controller is now built with Go 1.17 and Alpine 3.15.
Improvements:
- Update Go to v1.17 and controller-runtime to v0.11 #279
- Update dependencies (fix CVE-2021-43565) #301
- Update Dockerfile xx base and bump alpine to 3.15 #297
- Update docs for telegram #300
Release date: 2021-11-23
This prerelease introduces the Reconciling and Stalled Condition Types
to indicate if a resource is under reconciliation, or has failed to reach
a Ready==True state. This is most beneficial to consumers making use of
kstatus,
which uses the information to return early instead of timing out.
It introduces support for Slack apps bots. See the Provider spec for more information on how to get started.
Lastly, controller-runtime has been updated to v0.10.2, solving an
issue with rest_client_request_latency_seconds_.* high cardinality
metrics.
Improvements:
- Add support for Slack app #245
- chore: Drop deprecated io/ioutil #277
- Use condition helpers in reconciler (kstatus compat) #282
- Update Alpine to v3.14 #285
- Update controller-runtime v0.10.2 #289
Fixes:
Release date: 2021-10-22
This prerelease comes with support for self-signed certificates when forwarding events to a TLS endpoint.
Fixes:
- Fixed missing setter for Forwarder CertPool #262
- Fix MSTeams certificates #257
- Use regex to find and replace token #271
Release date: 2021-10-19
This prerelease comes with support for sending alerts to Prometheus Alertmanager.
Features:
- Add alertmanager provider #258
Release date: 2021-10-13
This prerelease comes with a fix to the readiness status reporting of the notification custom resources.
Fixes:
- Set observed generation when recording status #261
Release date: 2021-10-08
This prerelease comes with support for sending alerts to Opsgenie.
Features:
- Add opsgenie provider #252
Fixes:
- Escape metadata string for Telegram notification #249
Release date: 2021-08-26
This prerelease comes with support for sending alerts to Telegram, Lark and Matrix.
Features:
- Add Telegram alerting provider #232
- Add Matrix alerting provider #233
- Add Lark alerting provider #236
Release date: 2021-08-05
This prerelease comes with extended support for Sentry such as: using channel configuration for Sentry environment to re-use the same DSN for multiple clusters, and sending info event as Sentry traces.
Improvements:
- providers/sentry: send traces #224
- providers/sentry: add environment support #223
- Request reconcile using patch instead of update #217
- Update dependencies #226
Fixes:
- providers/sentry: fix default HTTP Transport causing panic #221
Release date: 2021-06-08
This prerelease comes with an update to the Kubernetes and controller-runtime dependencies to align them with the Kubernetes 1.21 release.
Improvements:
- Update Kubernetes dependencies #210
- Add cert pool to Slack provider requests #207
- Make Slack channel optional #208
Release date: 2021-05-26
This prerelease comes with a bug fix to the parsing of revisions to make it accept branches with slashes.
Fixes:
- Fix revision parsing when branch contains slash #201
Release date: 2021-05-11
This prerelease comes with support for sending events to Azure Event Hub.
Features:
- Add support for Azure EventHub provider #191
Improvements:
Release date: 2021-04-21
This prerelease comes with support for sending alerts to HTTPS servers with self-signed TLS certs.
Features:
- Add self-signed cert to provider #184
Release date: 2021-03-26
This prerelease comes with support for sending alerts to Sentry.
Starting with this version, events are subject to rate limiting to
reduce the amount of duplicate alerts sent by notification-controller.
The interval of the rate limit is set by default to 5m
but can be configured with the --rate-limit-interval command arg.
The event server exposes HTTP request metrics to track the amount of rate limited events. The following promql will get the rate at which requests are rate limited:
rate(gotk_event_http_request_duration_seconds_count{code="429"}[30s])
Features:
- Add support for Sentry provider #176
Improvements:
- Add rate limiter to event http servers #167
Release date: 2021-03-26
This is the eleventh MINOR prerelease.
This prerelease comes with support for sending alerts to Webex and for posting commit status updates to GitHub enterprise.
This prerelease comes with a breaking change: the leader election ID
was renamed from 4ae6d3b3.fluxcd.io to
notification-controller-leader-election.
This change should however not have a direct impact.
The suspended status of resources is now recorded to a
gotk_suspend_status Prometheus gauge metric.
Features:
- Add support for Webex as an alert provider #168
- Add support for GitHub enterprise commit status #162
Improvements:
Fixes:
Release date: 2021-03-16
This is the tenth MINOR prerelease.
This prerelease comes with support for sending alerts to Google Chat and for triggering container image updates to Git using Azure Container Registry.
Features:
Improvements:
- Use controller-runtime structured logging #156
- Use unstructured client to annotate receiver targets #151
- Update runtime dependencies #157
Fixes:
Release date: 2021-02-24
This is the ninth MINOR prerelease.
This prerelease comes with a fix to the alerting exclusion list.
The Kubernetes custom resource definitions are packaged as a multi-doc YAML asset and published on the GitHub release page.
Improvements:
Fixes:
- Fix alerts regex filtering #144
Release date: 2021-02-12
This is the eight MINOR prerelease.
This prerelease comes with support for excluding messages form alerting using regular expressions.
Golang pprof endpoints have been enabled on the metrics server,
making it easier to collect runtime information to debug performance issues.
Features:
- Implement regex exclusions for alerts #138
Improvements:
- Enable pprof endpoints on metrics server #136
Release date: 2021-01-26
This prerelease adds *Kind string constants for the kind objects
exposed by the API to further normalise it to GitOps Toolkit standards.
Improvements
- Add kinds to API types #131
Release date: 2021-01-22
This is the seventh MINOR prerelease.
The Receiver API gains a new webhook type called generic-hmac,
that validates the caller legitimacy using HMAC signatures.
The Alert API comes with support for image update notifications
and is now possible to trigger container image updates to Git
using Sonatype Nexus webhooks.
Two new argument flags are introduced to support configuring the QPS
(--kube-api-qps) and burst (--kube-api-burst) while communicating
with the Kubernetes API server.
The LocalObjectReference from the Kubernetes core has been replaced
with our own, making Name a required field. The impact of this should
be limited to direct API consumers only, as the field was already
required by controller logic.
Features:
Improvements:
- Add the object kind to notification messages #124
- Allow ImageUpdateAutomations in object refs #128
- Update fluxcd/pkg/runtime to v0.8.0 #129
Release date: 2021-01-19
This prerelease comes with support for triggering container image updates to Git using Quay and GCR webhooks.
The Kubernetes packages were updated to v1.20.2 and controller-runtime to v0.8.0.
Features:
Improvements:
- Update Kubernetes packages to v1.20.2 #119
Release date: 2021-01-14
This prerelease comes with support for triggering
container image updates to Git using webhook receiver and
fixes a regression bug introduced in v0.6.0 that caused
reconciliation request annotations to be ignored in certain scenarios.
Features:
- Trigger ImageRepository reconciliation with webhook receivers #110
- Implement DockerHub webhook receiver #112
Improvements:
- Upgrade runtime package to v0.6.2 #111
Release date: 2021-01-12
This is the sixth MINOR prerelease, upgrading the controller-runtime
dependencies to v0.7.0.
The container image for ARMv7 and ARM64 that used to be published
separately as notification-controller:*-arm64 has been merged with
the AMD64 image.
Release date: 2020-12-10
This is the fifth MINOR prerelease. It comes with support for
customising the alert message with spec.summary.
Improvements:
Fixes:
- Lookup ready receivers in all namespaces #96
- Add check for duplicate status to avoid spamming the same status #93
Release date: 2020-11-26
This is the fourth MINOR prerelease. It comes with support for Azure DevOps commit status updates.
Improvements:
Release date: 2020-11-20
This is the third MINOR prerelease. It introduces a breaking change to
the API package; the status condition type has changed to the type
introduced in Kubernetes API machinery v1.19.0.
Improvements:
- Add support for sending a
Notification-ControllerHTTP header from the forward notifier #84 - Verify repository ID in Git notifiers #82
- Use subgroup in GitLab #80
Release date: 2020-11-09
This prerelease comes with support for Bitbucket commit status updates.
Improvements:
Release date: 2020-10-29
This is the second MINOR prerelease, it comes with breaking changes:
- the histogram metric
gotk_reconcile_durationwas renamed togotk_reconcile_duration_seconds - the annotation
fluxcd.io/reconcileAtwas renamed toreconcile.fluxcd.io/requestedAt
Release date: 2020-10-19
This prerelease adds support for HTTP/S proxies when sending alerts.
An optional field called Proxy was added to the Provider API.
Features:
- Add support for http(s) proxy when sending alerts #62
Release date: 2020-10-13
This prerelease comes with Prometheus instrumentation for the controller's resources.
For each kind, the controller exposes a gauge metric to track the Ready condition status,
and a histogram with the reconciliation duration in seconds:
gotk_reconcile_condition{kind, name, namespace, status, type="Ready"}gotk_reconcile_duration{kind, name, namespace}
Release date: 2020-09-30
This is the first MINOR prerelease, it promotes the
notification.toolkit.fluxcd.io API to v1beta1
and removes support for v1alpha1.
Going forward, changes to the API will be accompanied by a conversion mechanism. With this release the API becomes more stable, but while in beta phase there are no guarantees about backwards compatibility between beta releases.
Release date: 2020-09-22
This prerelease comes with support for publishing events
to GitLab commit status API.
The alerts and receivers were extended to support
S3 Bucket sources.
Container images for ARMv7 and ARMv8 are published to
ghcr.io/fluxcd/notification-controller-arm64.
Release date: 2020-09-12
This prerelease comes with the option to watch for resources in the runtime namespace of the controller or at cluster level.
Release date: 2020-09-11
This prerelease makes the api package available as
a dedicated versioned module.
Release date: 2020-09-02
This prerelease comes with support for publishing events to GitHub commit status API.
Release date: 2020-08-05
This prerelease comes with a fix to the Prometheus scraping endpoint.
Release date: 2020-07-31
This prerelease comes with a breaking change, the CRDs group
has been renamed to notification.toolkit.fluxcd.io.
The dependency on source-controller has been updated to v0.0.7 to
be able to work with source.toolkit.fluxcd.io resources.
Release date: 2020-07-20
This prerelease drops support for Kubernetes <1.16.
The CRDs have been updated to apiextensions.k8s.io/v1.
Release date: 2020-07-16
This prerelease comes with improvements to logging and fixes a bug preventing alerts to be dispatched for resources outside of the controller's namespace.
Release date: 2020-07-14
This prerelease allows alert rules to be reconciled outside of the controller's namespace.
Release date: 2020-07-13
This prerelease comes with improvements to logging. The default logging format is JSON and the timestamp format is ISO8601.
Release date: 2020-07-07
This prerelease comes with webhook receivers support. With the Receiver API you can define a webhook receiver (GitHub, GitLab, Bitbucket, Harbour, generic) that triggers reconciliation for a group of resources.
Release date: 2020-07-03
This beta release comes with wildcard support for defining alerts that target all resources of a particular kind in a namespace.
Release date: 2020-07-02
This alpha release comes with improvements to alerts delivering. The alert delivery method is at-most once with a timeout of 15 seconds. The controller performs automatic retries for connection errors and 500-range response code. If the webhook receiver returns an error, the controller will retry sending an alert for four times with an exponential backoff of maximum 30 seconds.
Release date: 2020-07-01
This is the first alpha release of notifications controller.