feat(github-release): update flux group to v2.1.2 (minor)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
fluxcd/flux2	Kustomization	minor	v2.0.0-rc.1 -> v2.1.2
ghcr.io/fluxcd/flux-manifests		minor	v2.0.0-rc.1 -> v2.1.2

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.1.2

Compare Source

Highlights

Flux v2.1.2 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes

• Ensures faster recovery of Kustomization and HelmRelease resources when the source-controller has restarted and is working on restoring the storage.
• Prevent source-controller from failing to reconcile OCIRepositories when artifacts contain symlinks.
• Addresses issue with helm-controller miss-labeling Custom Resource Definitions.
• Detect immutable field errors in Google Cloud resources managed by Flux Kustomizations.
• Better error reporting for flux bootstrap when the owner doesn't match the identity associated with the given token.
• Allow flux pull artifact to fetch OCI artifacts produced by other tools.

Components changelog

• source-controller v1.1.2
• kustomize-controller v1.1.1
• helm-controller v0.36.2

CLI Changelog

• PR #​4324 - @​somtochiama - bootstrap: Fix error msg when the Git token doesn't match the repo owner
• PR #​4323 - @​stefanprodan - e2e: Update Go dependencies
• PR #​4313 - @​fluxcdbot - Update toolkit components
• PR #​4296 - @​Skarlso - fix: only wait for changeset if the result is not empty
• PR #​4285 - @​matheuscscp - Add badge for SLSA Level 3
• PR #​4284 - @​errordeveloper - Make flux pull work for OCI artifacts produced by other tools

v2.1.1

Compare Source

Highlights

Flux v2.1.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes

• Use auto lookup strategy for Buckets to widen support for S3-compatible object storage services (source-controller).
• Fix Secret type check for HelmRepositories TLS certs referred in .spec.secretRef (source-controller).
• Fix the branch name reporting when the push branch is the same as the checkout branch (image-automation-controller).
• Restore Helm logs inclusion in failure events (helm-controller).
• Fix the impersonation of the default service account when diffing HelmReleases (helm-controller).
• Check source for nil artifact before loading Helm charts (helm-controller).
• Update the description of Kubernetes specific flag to distinguish them from Flux bootstrap flags (flux CLI).

Components changelog

• source-controller v1.1.1
• helm-controller v0.36.1
• image-automation-controller v0.36.1

CLI Changelog

• PR #​4255 - @​hiddeco - tests/azure: update controller dependencies
• PR #​4251 - @​fluxcdbot - Update toolkit components
• PR #​4246 - @​dependabot[bot] - build(deps): bump the ci group with 4 updates
• PR #​4238 - @​makkes - Upgrade github.com/fluxcd/pkg/{git,git/gogit}
• PR #​4233 - @​sonbui00 - chore: remove support armv6h for aur package
• PR #​4228 - @​sonbui00 - Improve AUR package templates
• PR #​4227 - @​dependabot[bot] - build(deps): bump the ci group with 3 updates
• PR #​4226 - @​somtochiama - Update description of kubeconfig specific flag
• PR #​4222 - @​dependabot[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/integration
• PR #​4221 - @​dependabot[bot] - build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tests/azure
• PR #​4215 - @​dependabot[bot] - build(deps): bump the ci group with 4 updates
• PR #​4213 - @​dependabot[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /tests/integration
• PR #​4212 - @​dependabot[bot] - build(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /tests/integration
• PR #​4198 - @​makkes - Add 2.1.x backport label
• PR #​4197 - @​stefanprodan - Fix links to fluxcd.io
• PR #​4195 - @​dependabot[bot] - build(deps): bump the ci group with 2 updates

v2.1.0

Compare Source

Highlights

Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience.

The Flux APIs were extended with new opt-in features in a backwards-compatible manner.

The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies.

The Flux alerting capabilities have been extended with Datadog support.

The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Deprecations

Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of caFile, keyFile and certFile keys.

For more details about the TLS changes please see the Kubernetes TLS Secrets section.

Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the kube-state-metrics CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The gotk_reconcile_condition metrics was deprecated in favor of the gotk_resource_info.

For more details about the new monitoring stack please see the Flux Prometheus metrics documentation and the flux2-monitoring-example repository.

API changes

GitRepository v1

The GitRepository API was extended with the following fields:

• .spec.proxySecretRef.name is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings.
• .spec.verify.mode now support one of the following values HEAD, Tag, TagAndHEAD.

Kustomization v1

The Kustomization API was extended with two apply policies IfNotPresent and Ignore.

Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations:

Annotation	Default	Values	Role
kustomize.toolkit.fluxcd.io/ssa	Override	- Override - Merge - IfNotPresent - Ignore	Apply policy
kustomize.toolkit.fluxcd.io/force	Disabled	- Enabled - Disabled	Recreate policy
kustomize.toolkit.fluxcd.io/prune	Enabled	- Enabled - Disabled	Delete policy

The IfNotPresent policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.
This policy can be used for Kubernetes Secrets and ValidatingWebhookConfigurations managed by cert-manager,
where Flux creates the resources with fields that are later on mutated by other controllers.

ImageUpdateAutomation v1beta1

The ImageUpdateAutomation was extended with the following fields:

• .spec.git.push.refspec is an optional field used to specify a Git refspec used when pushing commits upstream.
• .spec.git.push.options is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream.

Kubernetes TLS Secrets

All the Flux APIs that accept TLS data have been modified to adopt Secrets of type
kubernetes.io/tls. This includes:

• HelmRepository: The field .spec.secretRef has been deprecated in favor of a new field .spec.certSecretRef.
• OCIRepository: Support for the caFile, keyFile and certFile keys in the Secret specified in .spec.certSecretRef have been deprecated in favor of ca.crt, tls.key and tls.crt.
• ImageRepository: Support for thecaFile, keyFile and certFile keys in the Secret specified in .spec.certSecretRef have been deprecated in favor of ca.crt, tls.key and tls.crt.
• GitRepository: CA certificate can now be provided in the Secret specified in .spec.secretRef using the ca.crt key, which takes precedence over the caFile key.

Upgrade procedure

Upgrade Flux from v2.0.x to v2.1.0 either by rerunning bootstrap or by using the Flux GitHub Action.

To upgrade Flux from v0.x to v2.1.0 please follow the Flux GA upgrade procedure.

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.25	>= 1.25.0
v1.26	>= 1.26.0
v1.27	>= 1.27.1
v1.28	>= 1.28.0

Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

New Documentation

• Flux installation
• Flux bootstrap
• Flux configuration
• Flux Prometheus metrics
• Flux custom Prometheus metrics
• Flux logs
• Flux events

Components changelog

• source-controller v1.1.0
• kustomize-controller v1.1.0
• notification-controller v1.1.0
• helm-controller v0.36.0
• image-reflector-controller v0.30.0
• image-automation-controller v0.36.0

CLI Changelog

• PR #​4189 - @​hiddeco - Update dependencies
• PR #​4186 - @​fluxcdbot - Update toolkit components
• PR #​4183 - @​somtochiama - Fix autocompletion for helm chart
• PR #​4182 - @​hiddeco - manifestgen/install: use clean default HTTP client
• PR #​4181 - @​hiddeco - cmd/events: handle error value
• PR #​4180 - @​stefanprodan - Fix controller version info
• PR #​4177 - @​stefanprodan - Set min value for the --ssh-rsa-bits flag
• PR #​4176 - @​hiddeco - ci: disable fail-fast for ARM end-to-end
• PR #​4175 - @​hiddeco - build: update securejoin dependency
• PR #​4169 - @​darkowlzz - Add monitoring configuration deprecation notice
• PR #​4167 - @​dependabot[bot] - build(deps): bump the ci group with 2 updates
• PR #​4166 - @​stefanprodan - e2e: Add Kubernetes v1.28.0 to conformance tests
• PR #​4151 - @​hiddeco - ci: enable security-and-quality CodeQL query
• PR #​4147 - @​aryan9600 - Adopt Kubernetes style TLS Secrets and add relevant flags
• PR #​4142 - @​dependabot[bot] - build(deps): bump the ci group with 2 updates
• PR #​4140 - @​somtochiama - Disable azure e2e test
• PR #​4134 - @​sestegra - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard
• PR #​4131 - @​mraerino - Fix selection of kustomization resource from multi doc yaml
• PR #​4126 - @​stefanprodan - Set Kubernetes min version to 1.25
• PR #​4077 - @​dependabot[bot] - build(deps): bump the ci group with 2 updates
• PR #​4068 - @​stefanprodan - Update dependencies
• PR #​4065 - @​hiddeco - action: support openssl and sha256sum
• PR #​4062 - @​souleb - diff: Take into account the server-side inventory for local Flux Kustomizations
• PR #​4061 - @​hiddeco - action: re-allow configuration of non-default token
• PR #​4057 - @​fluxcdbot - Update toolkit components
• PR #​4052 - @​stefanprodan - docs: Link to the Flux GitHub Action documentation
• PR #​4051 - @​hiddeco - action: use $RUNNER_TOOL_CACHE, support MacOS and Windows, validate checksum
• PR #​4046 - @​stefanprodan - ci: backport: set write permissions
• PR #​4043 - @​stefanprodan - ci: release: extract the image tag from GITHUB_REF
• PR #​4041 - @​hiddeco - ci: release: disable interpretation backslash esc

v2.0.1

Compare Source

Highlights

Flux v2.0.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

💡 For upgrading from Flux v0.x, please see the procedure documented in 2.0.0.

Fixes

• Fix AWS auth for cross-region ECR repositories (source-controller, image-reflector-controller).
• Prevent spurious alerts for skipped resources (kustomize-controller).
• List removed resources for flux diff ks --kustomization-file (flux CLI).
• Fix SLSA provenance generation for the Flux CLI binaries.

Components changelog

• source-controller v1.0.1
• kustomize-controller v1.0.1
• image-reflector-controller v0.29.1

CLI Changelog

• PR #​4068 - @​stefanprodan - Update dependencies
• PR #​4065 - @​hiddeco - action: support openssl and sha256sum
• PR #​4062 - @​souleb - diff: Take into account the server-side inventory for local Flux Kustomizations
• PR #​4061 - @​hiddeco - action: re-allow configuration of non-default token
• PR #​4057 - @​fluxcdbot - Update toolkit components
• PR #​4052 - @​stefanprodan - docs: Link to the Flux GitHub Action documentation
• PR #​4051 - @​hiddeco - action: use $RUNNER_TOOL_CACHE, support MacOS and Windows, validate checksum
• PR #​4046 - @​stefanprodan - ci: backport: set write permissions
• PR #​4043 - @​stefanprodan - ci: release: extract the image tag from GITHUB_REF
• PR #​4041 - @​hiddeco - ci: release: disable interpretation backslash esc

New Documentation

• Flux GitHub Action
• SLSA provenance verification

v2.0.0

Compare Source

Highlights

This is the first General Availability (GA) release of Flux v2.

Flux v2.0.0 comes with the promotion of the GitOps related APIs to v1 and adds horizontal scaling & sharding capabilities to Flux controllers. The Git bootstrap capabilities provided by the Flux CLI and by Flux Terraform Provider are now considered stable and production ready.

Starting with this version, the build, release and provenance portions of the Flux project supply chain provisionally meet SLSA Build Level 3.

Flux GA is fully integrated with Kubernetes Workload Identity for AWS, Azure and Google Cloud to facilitate passwordless authentication to OCI sources (container images, OCI artifacts, Helm charts).

The Flux alerting capabilities have been extended with PagerDuty and Google Pub/Sub support. The improved Alert v1beta2 API provides better control over events filtering and allows users to enrich the alerts with custom metadata.

Supported versions

Starting with this version, the Flux CLI and the GA components (source-controller, kustomize-controller and notification-controller) follow the release cadence and support pledge documented in the Flux release specification.

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.24	>= 1.24.0
v1.25	>= 1.25.0
v1.26	>= 1.26.0
v1.27	>= 1.27.1

Note that Flux may work on older versions of Kubernetes e.g. 1.19, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

Flux ecosystem support

The following (open-source) extensions & integrations are compatible with this Flux release, starting from the specified minimum version or higher.

Type	Project	Version
Flux Web UI	weave-gitops	0.26.0
Terraform integration	tf-controller	0.15.0

API changes

GitRepository v1

The GitRepository kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

• the deprecated field .spec.gitImplementation was removed
• the unused field .spec.accessFrom was removed
• the deprecated field .status.contentConfigChecksum was removed
• the deprecated field .status.artifact.checksum was removed
• the .status.url was removed (replaced by .status.artifact.url)

Kustomization v1

The Kustomization kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

A new optional field .spec.commonMetadata was added to the API for setting labels and/or annotations to all resources part of a Kustomization.

The v1 API is backwards compatible with v1beta2, except for the following:

• the deprecated field .spec.validation was removed
• the deprecated field .spec.patchesStrategicMerge was removed (replaced by .spec.patches)
• the deprecated field .spec.patchesJson6902 was removed (replaced by .spec.patches)

Receiver v1

The Receiver kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed.

The v1 API is backwards compatible with v1beta2, except for the following:

• the deprecated field .status.url was removed (replaced by .status.webhookPath)

Upgrade procedure

Upgrade Flux from v0.x to v2.0.0 either by rerunning bootstrap or by using the Flux GitHub Action.

To upgrade the APIs from v1beta2, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Remove the deprecated fields from the GitRepository and Kustomization definitions.
2. Commit, push and reconcile the fields removal changes.
3. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain GitRepository definitions.
4. Set apiVersion: kustomize.toolkit.fluxcd.io/v1 in the YAML files that contain Flux Kustomization definitions.
5. Set apiVersion: notification.toolkit.fluxcd.io/v1 in the YAML files that contain Receiver definitions.
6. Update the API version of GitRepository and Kustomization objects present in the .spec.resources list of Receiver definitions.
7. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta versions will be removed after 6 months.

New Documentation

• Release cadence and support
• SLSA Assessment
• Controller sharding and horizontal scaling
• GitRepository v1 specification
• Kustomization v1 specification
• Receiver v1 specification

❤️ Big thanks to all the Flux contributors that helped us reach this milestone!
👏 And a special shoutout to the Flux community who supported us over the years!

Components changelog

• source-controller v1.0.0
• kustomize-controller v1.0.0
• notification-controller v1.0.0
• helm-controller v0.35.0
• image-reflector-controller v0.29.0
• image-automation-controller v0.35.0

CLI Changelog

• PR #​4035 - @​stefanprodan - Update dependencies
• PR #​4033 - @​stefanprodan - docs: link to releases spec from website
• PR #​4031 - @​stefanprodan - Run conformance tests for Kubernetes v1.27.3
• PR #​4029 - @​stefanprodan - Run e2e tests on release branches
• PR #​4028 - @​makkes - Annotate errors from go-git-providers
• PR #​4027 - @​hiddeco - Update go-git to unreleased v5.8.0
• PR #​4023 - @​stefanprodan - Add backport GitHub Action workflow
• PR #​4020 - @​stefanprodan - Set minimum supported version to Kubernetes 1.24.0
• PR #​4018 - @​stefanprodan - docs: Fix the flux push example for ECR
• PR #​4015 - @​stefanprodan - Align go.mod version with Kubernetes (Go 1.20)
• PR #​4008 - @​stefanprodan - Add SLSA3 generators to release workflow
• PR #​4006 - @​fluxcdbot - Update toolkit components
• PR #​4002 - @​makkes - Don't log errors with missing CRDs for "get * all" commands
• PR #​3990 - @​aryan9600 - RFC-0004: add section about proxy
• PR #​3976 - @​darklore - Use equivalent and shorter way to generate shell completions
• PR #​3955 - @​somtochiama - Fix 'patchesJson6902' is deprecated' warning
• PR #​3945 - @​makkes - Make flux logs more lenient

v2.0.0-rc.5

Compare Source

Highlights

This is the 5th release candidate of Flux v2.0 GA. Users are advised to upgrade from older versions to v2.0.0-rc.5 as soon as possible.

Flux v2.0.0-rc.5 addresses a regression that was introduced in v2.0.0-rc.4. This regression caused a disruption in the compatibility with Git servers utilizing v2 of the wire protocol, such as Azure Devops and AWS CodeCommit.

💡 For upgrading from v0.x, please see the procedure documented in RC.1.

⚠️ Note that v2.0.0-rc.4 updated all components to use Kustomize v5 and controller-runtime v0.15, both of which contain breaking changes.

Fixes and improvements

• Fix support for Git v2 servers.
• Suppress misleading error message [controller-runtime] log.SetLogger(...) was never called... (CLI).
• Include both revision and token in event metadata, if present (helm-controller).
• Update source-controller to patch a vulnerability in Sigstore (CVE-2023-33199)

Components Changelog

• source-controller v1.0.0-rc.5
• image-automation-controller v0.34.1
• helm-controller v0.34.1

CLI Changelog

• PR #​3943 - @​fluxcdbot - Update toolkit components, and git/go-git to v0.12.0
• PR #​3940 - @​somtochiama - Set controller runtime logger in Azure e2e tests
• PR #​3938 - @​aryan9600 - e2e: Run e2e Azure tests for PRs to main if tests or wofklow changes
• PR #​3932 - @​aryan9600 - Set controller-runtime logger to a null logger

v2.0.0-rc.4

Compare Source

Highlights

This is the 4nd release candidate of Flux v2.0 GA. Users are advised to upgrade from older versions to v2.0.0-rc.4 as soon as possible.

Flux v2.0.0-rc.4 comes with support for Kustomize 5.0, Helm 3.12 and Cosign 2.0.

💡 For upgrading from v0.x, please see the procedure documented in RC.1.

⚠️ Note that Kustomize v5 contains breaking changes, please consult their changelog for more details.

⚠️ The GitOps Toolkit and the Flux controllers have been updated to controller-runtime v0.15 which contains breaking changes that could affect 3rd-party controllers that integrate with Flux.

Fixes and improvements

• Full support for Azure Workload Identity when connecting Flux to Azure Container Registry, Azure Blog Storage and Azure Key Vault.
• New command flux reconcile source chart for pulling Helm OCI charts on-demand from container registries (CLI).
• Retry OCI operations on network errors for flux push artifact (CLI).
• Support annotated Git tags with .spec.ref.name in GitRepository (source-controller).
• Fix pulling Helm OCI charts from ACR when using Azure OIDC (source-controller).
• Fix incorrect rate limiting for HelmRelease events (notification-controller).
• All components have been updated to patch vulnerabilities in Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842) and Sigstore (CVE-2023-30551).

Components changelog

• source-controller v1.0.0-rc.4
• kustomize-controller v1.0.0-rc.4
• notification-controller v1.0.0-rc.4
• helm-controller v0.34.0
• image-reflector-controller v0.28.0
• image-automation-controller v0.34.0

CLI Changelog

• PR #​3929 - @​stefanprodan - Update Git packages
• PR #​3928 - @​stefanprodan - Update kubectl to v1.27.2 in flux-cli image
• PR #​3927 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.3.3 to 2.3.5
• PR #​3926 - @​dependabot[bot] - build(deps): bump snyk/actions from 8061827 to b98d498
• PR #​3924 - @​hgranillo - Fix break lines in create helmrelease and source
• PR #​3922 - @​fluxcdbot - Update toolkit components
• PR #​3918 - @​somtochiama - Retry oci push operations
• PR #​3910 - @​stefanprodan - Update Kubernetes to v1.27 and Kustomize to v5.0
• PR #​3903 - @​dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.5
• PR #​3902 - @​dependabot[bot] - build(deps): bump actions/setup-go from 4.0.0 to 4.0.1
• PR #​3901 - @​dependabot[bot] - build(deps): bump helm/kind-action from 1.5.0 to 1.7.0

v2.0.0-rc.3

Compare Source

Highlights

This is the 3rd release candidate of Flux v2.0 GA. Users are advised to upgrade from v0.41 and older versions to v2.0.0-rc.3 as soon as possible.

Flux v2.0.0-rc.3 comes with security improvements, new features and fixes to issues reported for RC.2.

💡 For upgrading from v0.x, please see the procedure documented in RC.1.

⚠️ Note that Kubernetes 1.27.0 contains a regression bug that affects Flux, it is recommended to upgrade Kubernetes to 1.27.1 or newer.

Fixes and improvements

• Fix bootstrap on GKE (RC.2 regression due to insufficient quota for critical pods).
• All controller base images have been updated to Alpine 3.18.
• All components have been updated to patch CVE-2023-2253 and CVE-2023-1732 (note that Flux is not affected, these CVEs are for packages used in tests).
• Verify artifacts integrity, issue warning events and remove tempered artifacts from storage forcing a re-download (source-controller).
• Files with executable permissions are now archived with their mode set to 0o744, allowing CI system to run them (source-controller).
• The Alert v1beta2 API has a new optional field .spec.eventMetadata that allows users to enrich the alerts with information about the cluster name, region, environment, etc. (notification-controller).
• Improve the detection of values changes for HelmReleases by stable sorting them by key (helm-controller).

Components changelog

• source-controller v1.0.0-rc.3
• kustomize-controller v1.0.0-rc.3
• notification-controller v1.0.0-rc.3
• helm-controller v0.33.0
• image-reflector-controller v0.27.2
• image-automation-controller v0.33.1

CLI Changelog

• PR #​3883 - @​stefanprodan - e2e: Update dependencies
• PR #​3882 - @​fluxcdbot - Update toolkit components
• PR #​3880 - @​stefanprodan - Add OSSF Scorecard
• PR #​3879 - @​stefanprodan - Add ResourceQuota for critical pods
• PR #​3877 - @​dependabot[bot] - build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible
• PR #​3876 - @​dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 in /tests/azure
• PR #​3875 - @​dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3
• PR #​3866 - @​onedr0p - Update Alpine to 3.18

v2.0.0-rc.2

Compare Source

Highlights

This is the 2nd release candidate of Flux v2.0 GA. Users are advised to upgrade from v0.41 to v2.0.0-rc.2 as soon as possible.

Flux v2.0.0-rc.2 comes with fixes to issues reported for RC.1 and performance improvements. Starting with this version, source-controller, kustomize-controller and helm-controller pods are marked as system-cluster-critical. This priority class will reduce the chances of Flux controllers being evicted before other non-critical workloads and prevents the pods from being permanently unavailable.

💡 For upgrading from v0.x, please see the procedure documented in RC.1.

⚠️ Note that Kubernetes 1.27.0 contains a regression bug that affects Flux, it is recommended to upgrade Kubernetes to 1.27.1 or newer.

Fixes and improvements

• Fix bootstrap for BitBucket Server (CLI).
• Fix secrets decryption when using Azure Key Vault (kustomize-controller).
• Fix drift detection for renamed HelmReleases (helm-controller).
• Improve performance when handling webhook receivers (notification-controller).
• The Alert v1beta2 API has a new optional field .spec.inclusionList for fine-grained control over events filtering (notification-controller).
• The deprecated field .status.url was removed from the Receiver v1 API (notification-controller).
• Add support for commit signing using OpenPGP keys with passphrases (image-automation-controller).

Components changelog

• source-controller v1.0.0-rc.2
• kustomize-controller v1.0.0-rc.2
• notification-controller v1.0.0-rc.2
• helm-controller v0.32.2
• image-reflector-controller v0.27.1
• image-automation-controller v0.33.0

CLI Changelog

• PR #​3860 - @​bigkevmcd - e2e: Add summary to Azure Alert
• PR #​3858 - @​fluxcdbot - Update toolkit components
• PR #​3857 - @​talife - Fix autocompletion for image repository reconcile
• PR #​3855 - @​dependabot[bot] - build(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1
• PR #​3854 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.3.2 to 2.3.3
• PR #​3853 - @​dependabot[bot] - build(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2
• PR #​3849 - @​makkes - Update fluxcd/go-git-providers to v0.15.3
• PR #​3838 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.3.0 to 2.3.2
• PR #​3837 - @​dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3
• PR #​3833 - @​matheuscscp - Add OCI provider option to create Helm source command
• PR #​3830 - @​cuishuang - misc: fix some comments
• PR #​3827 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.12 to 2.3.0
• PR #​3822 - @​Hey - Fix outdated Loki Helm values URL
• PR #​3821 - @​makkes - Fix bootstrap for Bitbucket Server
• PR #​3805 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
• PR #​3804 - @​dependabot[bot] - build(deps): bump actions/checkout from 3.5.0 to 3.5.2
• PR #​3802 - @​stefanprodan - Set priority class for the critical Flux components
• PR #​3797 - @​makkes - better messaging for pull artifact command
• PR #​3796 - @​fluxcdbot - Update helm-controller to v0.32.2
• PR #​3795 - @​stefanprodan - Run conformance tests for Kubernetes 1.27
• PR #​3783 - @​aryan9600 - Clean directory before cloning git repo
• PR #​3780 - @​dependabot[bot] - build(deps): bump github/codeql-action from 2.2.9 to 2.2.11
• PR #​3779 - @​dependabot[bot] - build(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0
• PR #​3778 - @​dependabot[bot] - build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2
• PR #​3768 - @​relu - Fix publishing pre-release versions to AUR
• PR #​3764 - @​somtochiama - Add label selector flag to get cmd

---

Configuration

📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.