Flux 1.20.1

This patch release has some fixes for faults in improvements in 1.20.0.

Fixes

• Do not return error when failed to load last-synced resources fluxcd/flux#3223
• Dockerfile: Include /sbin dir in PATH fluxcd/flux#3211
• Put notice re gitops-engine at top of README fluxcd/flux#3197
• Avoid panic when directory does not exist fluxcd/flux#3193
• Put git messages into tmp files fluxcd/flux#3179

Maintenance and documentation

• Give advice on percent-encoding creds using in URL fluxcd/flux#3204
• Get shellcheck from new URL fluxcd/flux#3224
• Add Sngular as Flux user fluxcd/flux#3212
• Add rebase GitHub action fluxcd/flux#3190

Thanks

Thanks to @alex-shpak, @mmorejon, @ordovicia, @ricardo-larosa, @squaremo and @stefanprodan for their contributions to this release.

Flux 1.20.0

This minor version release updates dependencies, and includes some
quality of life improvements, such as having a cooldown for rate
limiting.

Fixes

• Whitelist three env vars for Git cmd executions fluxcd/flux#3016
• git: retry repo clone on status unreachable fluxcd/flux#3013
• Get ChangeSet from outside of paths if manifest generation is enabled fluxcd/flux#3022
• Direct comparison of last-synced and newly-synced resources fluxcd/flux#3039
• Ignore some errors during manifest loading fluxcd/flux#1559
• Fix missing return on ECR domain check fluxcd/flux#3002
• Take all resource versions into account during GC fluxcd/flux#3008
• Add AWS China region domain to recognized ECR hosts fluxcd/flux#2982
• Introduce cooldown period in rate limiter fluxcd/flux#2986

Enhancements

• Limit git commit message to first 10 images fluxcd/flux#3140
• Support completion for fish fluxcd/flux#2997
• Expand the GCP credentials support to GAR ( *-docker.pkg.dev ) fluxcd/flux#3038

Maintenance and documentation

• Fix typo in fluxyaml-config-files.md doc fluxcd/flux#3001
• build fluxctl snap using GH action fluxcd/flux#3072
• Correct parameter name in docs fluxcd/flux#3079
• Migrate chart publishing to GitHub Actions fluxcd/flux#3085
• ci: Run CVE scanning for latest release and master build fluxcd/flux#3086
• Fix use of 'lxd' and 'snapcraft' in GH action fluxcd/flux#3153
• Update location of kubeyaml image fluxcd/flux#3087
• Update alpine and git version fluxcd/flux#3115
• Update kubectl and kustomize fluxcd/flux#3176, fluxcd/flux#2987, fluxcd/flux#3088
• document previous meetings fluxcd/flux#3006
• README: Add more companies to production users fluxcd/flux#3104,
  fluxcd/flux#3071, fluxcd/flux#3070, fluxcd/flux#3092,
  fluxcd/flux#3100, fluxcd/flux#3094, fluxcd/flux#3091,
  fluxcd/flux#3155, fluxcd/flux#3149, fluxcd/flux#3139,
  fluxcd/flux#3130, fluxcd/flux#2993, fluxcd/flux#2995,
  fluxcd/flux#2974, fluxcd/flux#3067
• Add social links to the footer fluxcd/flux#3106
• docs: (re-)add link to Helm Operator documentation fluxcd/flux#3105
• update theme/mkdocs, use note admonitions, fix identation fluxcd/flux#3102
• Fix markup in ordered lists + fenced code groups fluxcd/flux#3084
• docs: update helm operator integration glob patterns fluxcd/flux#3060
• Update docs for changing default namespace fluxcd/flux#3047
• Add guide to use GKE workload identity with private GCR registry fluxcd/flux#3023
• fix broken minikube link, only report broken links in GH action fluxcd/flux#3000
• build: move back to upstream gh action fluxcd/flux#2977
• Update get started docs fluxcd/flux#2973
• ci: more thorough link checking fluxcd/flux#2956
• Fix 404 pages in documentation fluxcd/flux#3007

Thanks

Thanks to @BitProcessor, @Frizlab, @GregoireW, @alex-shpak, @bboreham,
@billyshambrook, @bpinter, @christiangda, @circa10a, @colinrymer,
@cpressland, @dholbach, @edernucci, @faweis, @hiddeco, @jaydeland,
@jpreese, @marratj, @michaelbeaumont, @nipponilyal, @ordovicia,
@rndstr, @sayboras, @schnatterer, @squaremo, @stefanprodan,
@stephenshaw-felfel, @tux-00, @victorsalaun and @vyckou for their
contributions to this release.

Flux 1.19.0

This minor version release is a bumper edition with many
contributions, including (to pick a handful):

• more flexibility with GPG signature verification
• the ability to disable garbage collection for individual resources
• users of .flux.yaml "patchUpdated" should see an improvement to automated updates, with fluxcd/flux#2805.
• people who want to tightly control which images are scanned by fluxd will appreciate fluxcd/flux#2850

Enhancements

• Add ssh-keygen key format option fluxcd/flux#2911
• Publish fluxctl to Docker Hub so it can be used in e.g., GitHub Actions fluxcd/flux#2915
• Add annotation for disabling garbage collection for individual resources fluxcd/flux#2858
• Dedicated error for unresolvable Git hostname fluxcd/flux#2865
• Support multiple signature verification strategies with --gitVerifySignaturesMode fluxcd/flux#2803
• Let people explicitly include images to scan fluxcd/flux#2850, fluxcd/flux#2852
• Add support for bash/zsh completion fluxcd/flux#2833
• Log start of cluster sync fluxcd/flux#2823
• Add JSON output option for fluxctl's list-images and list-workloads fluxcd/flux#2834

Fixes

• Cache the generators of patchUpdated configurations fluxcd/flux#2805
• address CVE-2020-6750 for glib fluxcd/flux#2922
• Fix concurrent map write panics fluxcd/flux#2926

Maintenance and documentation

• Add portforward package to break versioning deadlock fluxcd/flux#2952
• Make docker/image-tag work on MacOS again fluxcd/flux#2957
• Note the retirement of some maintainers fluxcd/flux#2953
• Migrate tests to GitHub actions fluxcd/flux#2940
• Update Kubernetes packages to 1.17 fluxcd/flux#2950
• Remove support for HelmRelease alpha and beta fluxcd/flux#2949
• Regenerate (and fix verification of) generated_templates.gogen.go fluxcd/flux#2942
• Update gitsrv used in e2e tests to v1.0.0 fluxcd/flux#2937
• Remove race condition in sync e2e test fluxcd/flux#2885
• Move github.com/2opremio/distribution to
  github.com/fluxcd/distribution fluxcd/flux#2884
• Update pluralization of yaml to non-disputable version fluxcd/flux#2876
• Change list in issue template to start at 1 fluxcd/flux#2842
• Fix more links fluxcd/flux#2948
• Update Who is using Flux in production fluxcd/flux#2849, fluxcd/flux#2943, fluxcd/flux#2930, fluxcd/flux#2898
• move to mkdocs fluxcd/flux#2919
• Mention new fluxctl arch linux package fluxcd/flux#2912
• Updated helm operator CRD URL in the documentation fluxcd/flux#2887
• Add other semver example with range fluxcd/flux#2866
• Fixing Helm operator docs link fluxcd/flux#2863
• Add note about targeting a specific Helm version for the Helm operator fluxcd/flux#2830

Thanks

Thanks to @2opremio, @ArchiFleKs, @alaa, @alesgurd, @borancar, @dholbach, @edwardyoung, @hiddeco, @infa-bsurber, @jimangel, @jstevans, @kharf, @mattfarina, @morremeyer, @ogerbron, @pchico83, @phillebaba, @shibumi, @squaremo, @stefanprodan, @stevenpall, @sysdevguru, @trevrosen, @yasserisa and @yiannistri for their contributions to this release.

Flux 1.18.0

This is a feature release with quite a few new features and fixes.

It includes new flags for fluxd and fluxctl; namely, it includes a new flag to disable registry scanning completely (--registry-disable-scanning) which allows deploying Flux without Memcached.

There is a new .flux.yaml variant (scanForFiles) which allows telling Flux to scan the local files, which is useful when mixing --manifest-generation with raw manifests.

This release also includes a few bugfixes. Namely, it comes with a fix for a filesystem leak in which git clone mirrors weren't being removed.

Enhancements

• Disable Image Scanning with --registry-disable-scanning fluxcd/flux{#2745, #2753 #2798, #2813}
• Add scanForFiles variant of .flux.yaml to scan current directory for manifests instead of generating them fluxcd/flux#2638
• Honor KUBECONFIG env variable in fluxd fluxcd/flux{#2741, #2760}
• Make Kubernetes resource-exclusion configurable through
  --k8s-unsafe-exclude-resource fluxcd/flux{#2749,
  #2754}
• Add detailed error message in fluxctl sync fluxcd/flux#2765
• Add --context flag to fluxctl fluxcd/flux#2715
• Add --containerflag to fluxctl list-workloads to filter by container name fluxcd/flux#2766
• Add --no-headers to fluxctl list-images and fluxctl list-workloads fluxcd/flux#2767
• Add nodeSelector to deployment templates for mixed-OS clusters fluxcd/flux#2692
• Distinguish cached registry errors from live ones fluxcd/flux#2782
• Update kustomize to v3.5.4 fluxcd/flux#2751
• Update kubectl to 1.15 and base image to Alpine to 3.11 fluxcd/flux#2781

Fixes

• Fix git clone leak and make clone cleanups more robust fluxcd/flux#2788
• Fix syncing with --k8s-default-namespace fluxcd/flux#2799
• Unmarshal Docker image labels separately fluxcd/flux#2785
• Raise error if arguments are provided to fluxctl version and fluxctl install fluxcd/flux#2809

Maintenance and Documentation

• Extend end-to-end tests fluxcd/flux{#2752, #2800, #2817}
• Make pkg/install a Go module to reduce its dependencies fluxcd/flux{#2778, #2822, #2824}
• e2e: Make Kind cluster creation more verbose fluxcd/flux#2791
• e2e: Update Kind to v0.7.0 fluxcd/flux#2743
• e2e: check for GNU parallel and schedule defers before creation
  fluxcd/flux#2727
• Update aws-sdk-go to v1.27.0 fluxcd/flux#2722
• Update packages to Kubernetes 1.16 fluxcd/flux#2731
• Remove obsolete integration-test target fluxcd/flux#2819
• Remove go-containerregistry replace directive fluxcd/flux#2776
• Fix make generate-deploy fluxcd/flux#2789
• snap: fix sorting of git tags fluxcd/flux#2772
• Make docker/image-tag work with multiple version tags fluxcd/flux#2748
• Update bug report template fluxcd/flux#2756
• Docs: update Sphinx fluxcd/flux#2694
• Update install docs to Helm v3 fluxcd/flux#2770
• Add Kiam whitelist to ECR docs fluxcd/flux{#2744, #2821}
• Fix typo and mention sops in .flux.yaml docs fluxcd/flux#2730
• Update the get-started guide to recent versions of Kustomize fluxcd/flux#2732
• Remove broken link from FAQ fluxcd/flux#2733
• Use table to display prod users fluxcd/flux#2716
• Add B3i, BlaBlaCar, Cloudlets, Mintel, UK Hydrographic Office, workarea and zaaksysteem to list of production users fluxcd/flux{#2707, #2783, #2773, #2701, #2747, #2784, #2714}

Thanks

Thanks to @2opremio, @Ant59, @dholbach, @dinosk, @fliphess, @hiddeco, @jurruh,
@krymzonn, @mcfearsome, @michaelbeaumont, @nabadger, @ogerbron, @patrickwall57,
@prometherion, @roffe, @rparsonsbb, @sa-spag, @squaremo and @stefanprodan
for their contributions to this release.

Flux 1.17.1

This is a security patch release fixing a problem with the scoping of imagePullSecrets and removing git-URL HTTPS credentials server-side.

Fixes

• Correctly scope imagePullSecrets by their namespace fluxcd/flux#2728
• Sanitize Git remote URLs on the server side fluxcd/flux#2726

Thanks

Thanks to @2opremio, @hiddeco and @bootc for contributing to this release.

Flux 1.17.0

This feature release adds support for encrypted manifests with SOPS and includes the sops binary in the Flux container.

When supplying the --sops flag to fluxd, it will decrypt SOPS-encrypted manifest files before syncing them. Provide decryption keys in the same way as providing them for sops the binary, for example with --git-gpg-key-import. The full description of how to supply sops with a key can be found in the SOPS documentation. Be aware that manifests generated with .flux.yaml files are not decrypted. Instead, make sure to output cleartext manifests by explicitly invoking the sops binary included in the Flux container.

This release also adds the new fluxd flag --k8s-default-namespace which overrides the namespace used for manifests which omit it.

Enhacements

• Add support for SOPS fluxcd/flux#2580
• Add --k8s-default-namespace flag to override default namespace fluxcd/flux#2625
• Upgrade aws-sdk-go to support IRSA (IAM Roles for Service Accounts) fluxcd/flux#2664
• Propagate uppercase proxy env variables to git command fluxcd/flux#2665

Fixes

• Avoid collisions when checking whether the Git repo can be written to fluxcd/flux#2684

Maintenance and Documentation

• Parallelize end-to-end tests and some unit tests fluxcd/flux{#2647, #2681, #2682}
• Considerably reduce the impact of flakey unit and end-to-end tests fluxcd/flux{#2688, #2685, #2687, #2679, #2675, #2675}
• Add program to generate changelog release entries fluxcd/flux#2626
• Change snap confinement to classic fluxcd/flux#2529
• Fix shfmt return-code check when linting end-to-end tests fluxcd/flux#2673
• Update memcached image to 1.5.20 fluxcd/flux#2637
• Update docs on annotations in HelmReleases fluxcd/flux#2670
• Docs: Add early link pointing to kustomize example fluxcd/flux#2666
• Docs: include gpg's --armor option on export fluxcd/flux#2653
• Fix link in troubleshooting docs fluxcd/flux#2658
• Simplify fluxyaml reference fluxcd/flux#2634
• Docs: update helm chart release steps fluxcd/flux#2641
• Add Canva, Infabode, LUNAR, Sage AI Labs and Workable as users of Flux in production fluxcd/flux{#2667, #2644, #2630, #2654, #2680}

Thanks

Thanks to @2opremio, @Crevil, @PaulFarver, @aackerman, @aaparmeggiani, @adusumillipraveen, @alastairs, @dholbach, @groodt, @gtseres-workable, @hiddeco, @kaspernissen, @moshloop, @squaremo and @stefansedich for their contributions to this release.

Flux 1.16.0

This is a feature release with minor new features. New flags --manifest-generation and --read-only have been added to fluxctl install.

This release also incorporates a few fixes and enhacements. Namely:

• The pressure on the Kubernetes API server has been reduced when Flux operates in all namespaces.
• The error handling of manifest generation has been improved.

Additionally, the end-to-end testing infrastructure has been rewritten and numerous new end-to-end tests have been added.

Fixes

• Exclude the metrics APIs from resource discovery fluxcd/flux#2606
• Parse image refs in HelmReleases with >2 elements fluxcd/flux#2620
• Ignore timestamp labels during sorting and release of images fluxcd/flux#2594
• Security: Stop showing value of GIT_AUTHKEY in the fluxctl output fluxcd/flux#2549

Enhancements

• Improve experience with .flux.yaml files fluxcd/flux#{2565, 2603, 2604}
• Performance: Reduce pressure on Kubernetes' API server when Flux operates on all namespaces fluxcd/flux#{2520, 2539, 2622}
• Add manifest generation flag to fluctl install command fluxcd/flux#2583
• Add a read-only flag to fluxctl install command fluxcd/flux#2530
• Create Prometheus metric for flux manifest errors fluxcd/flux#2535

Maintenance and Documentation

• Rewrite end-to-end test infrastructure and add numerous new end-to-end tests
  fluxcd/flux#{2543, 2552, 2559, 2560, 2562, 2567, 2569, 2572, 2574, 2575, 2576, 2577, 2579, 2581, 2587, 2596, 2597, 2598}
• Bump alpine to 3.10 fluxcd/flux#2609
• Break code generation cycle fluxcd/flux#2525
• Fix indents in .flux.yaml example fluxcd/flux#2607
• Remove redundant return code fluxcd/flux#2585
• Remove replace directives in go.mod fluxcd/flux#2590
• Support unwrapping NotReadyError fluxcd/flux#2617
• Fix incorrect use of strings.Trim() fluxcd/flux#2527
• Add Cybrary, bimspot.io, Limejump and Yad2 as production users to README.md fluxcd/flux#{2592, 2499, 2503, 2509}
• Clarify use of pre-release versions by semver fluxcd/flux#2582
• Fix some steps in README.md to install flux by helm fluxcd/flux#2532
• Fix command in fluxyaml config example fluxcd/flux#2531
• Docs: fix namespace in kubectl logs example fluxcd/flux#2526
• Document sync-state and git-readonly daemon flags fluxcd/flux#2511
• Update FAQ advice on using ignore annotation fluxcd/flux#2502
• Fix typo in guide index docs fluxcd/flux#2506
• Fix link to flux-kustomize-example fluxcd/flux#2497

Thanks

Thanks to @2opremio, @at-ishikawa, @bboreham, @beautytiger, @carnott-snap, @denysvitali, @ducksecops, @erdii, @eriadam, @gsf, @hiddeco, @idobry, @jmymy, @mbellgb, @mosesyou, @mpashka, @palemtnrider, @sebikul, @squaremo, @srueg, @stefanprodan, @translucens, @vic3lord and @waseem-h for their contributions to this release!

Flux 1.15.0

This feature release adds secure support for Git over HTTPS, updates kubectl and kustomize, and does a lot of internal rewiring without changing user-visible functions or the public APIs. From this release forward, garbage collection, namespace scoping, and manifest generation are no longer considered experimental.

Fixes

• Reinstate git-secret support after accidentally breaking it during a refactor that landed in 1.14.0 fluxcd/flux#2429
• Fix error handling in splitConfigFilesAndRawManifestPaths fluxcd/flux#2455

Enhancements

• Support secure Git over HTTPS using credentials from environment variables fluxcd/flux#2470
• Add a flag --sync-timeout, for configuring the timeout of sync operations. This is mainly of interest to people making use of the manifest generation feature, or people who are operating exceptionally large Git repositories fluxcd/flux#2481
• Update kubectl to 1.14.7 and kustomize to 3.2.0 fluxcd/flux#2461
• De-experimental-ise garbage collection, namespace scoping, and manifest generation features fluxcd/flux#2485
• Improve logged warning about unsupported automated resource kinds fluxcd/flux#2471

Maintenance and documentation

• Build: upgrade Go to 1.13.1 fluxcd/flux#2482
• Build: avoid spurious diffs in generated files by fixing their modtimes to Unix epoch fluxcd/flux#2473
• Build: update Kind, used for end-to-end tests, to 0.5.1 fluxcd/flux#2461
• Build: simplify the files included in snapcraft.yaml fluxcd/flux#2427
• Build: stop publishing Docker images to Weaveworks' DockerHub fluxcd/flux#2491
• Build: republish Git tag with a v prefix during release, to make it available to Go Mod fluxcd/flux#2491
• Code: change import paths from weaveworks to fluxcd fluxcd/flux#2305
• Code: move all packages to pkg/ fluxcd/flux#2464
• Code: fix some typos in comments fluxcd/flux#2478
• Documentation: update organization mentions (weaveworks -> fluxcd) fluxcd/flux#2430
• Documentation: remove values. prefix from annotation examples fluxcd/flux#2436
• Documentation: include installation instructions for fluxctl on Windows using Chocolatey fluxcd/flux#2457
• Documentation: provide some additional links within the documentation to using Flux with Kustomize, Helm, or Flagger fluxcd/flux#2358
• Documentation: reflow commit customization bits in fluxctl documentation fluxcd/flux#2459
• Documentation: small .flux.yaml documentation improvements fluxcd/flux#{#2466, #2467}
• Documentation: remove mention of mergePatchUpdater in .flux.yaml documentation, as it is not a thing fluxcd/flux#2469
• Documentation: use flux as a default namespace in deploy/ examples fluxcd/flux#2475
• Documentation: fix incorrectly documented Helm chart repository fluxcd/flux#2484
• Documentation: update the documented fluxctl output fluxcd/flux#2489
• Documentation: fix --git-path argument in 'get started' and 'driving Flux' tutorials fluxcd/flux#{#2423, #2424}
• Documentation: add HMCTS and WGTwo as production users (:tada:) fluxcd/flux#{#2458, #2450}

Thanks

Tip of the hat and many thanks to @davidpristovnik, @dananichev, @Keralin, @domgoodwin @luxas, @squaremo, @stefanprodan, @hiddeco, @elzapp, @nodanero, @dholbach, @stealthybox, @arsiesys, @alexmt, @darindouglass, @holger-wg2, @chrisfowles, @timja, @2opremio, @adusumillipraveen for contributions to this release.

Flux 1.14.2

This is a patch release, with some important fixes to the handling of HelmRelease resources.

Fixes

• Correct a problem that prevented automated HelmRelease updates fluxcd/flux#2412
• Fix a crash triggered when helm.fluxcd.io/v1 resources are present in the cluster fluxcd/flux#2404

Enhancements

• Add a flag --k8s-verbosity, for controlling Kubernetes client logging (formerly, this was left disabled) fluxcd/flux#2410

Maintenance and documentation

• Rakuten is now listed as a production user fluxcd/flux#2413

Thanks

Bouquets to @HighwayofLife, @IsNull, @adeleglise, @aliartiza75, @antonosmond, @bforchhammer, @brunowego, @cartyc, @chainlink, @cristian-radu, @dholbach, @dranner-bgt, @fshot, @hiddeco, @isen-ng, @jonohill, @kingdonb, @mflendrich, @mfrister, @mgenov, @raravena80, @rndstr, @robertgates55, @sklemmer, @smartpcr, @squaremo, @stefanprodan, @stefansedich, @yellowmegaman, @ysaakpr for contributions to this release.

Flux 1.14.1

This is a patch release.

Fixes

• Automated updates of auto detected images in HelmRelease resources has been fixed fluxcd/flux#2400
• fluxctl install --git-paths option has been replaced by --git-path, to match the fluxd option, the --git-paths has been deprecated but still works fluxcd/flux#2392
• fluxctl port forward looks for a pod with one of the labels again, instead of stopping when the first label did not return a result fluxcd/flux#2394

Maintenance and documentation

• Starbucks is now listed as production user (:tada:!) fluxcd/flux#2389
• Various fixes to the installation documentation fluxcd/flux{#2384, #2395}
• Snap build has been updated to work with Go Modules and Go 1.12.x fluxcd/flux#2385
• Typo fixes in code comments fluxcd/flux#2381

Thanks

Thanks @aliartiza75, @ethan-daocloud, @HighwayofLife, @stefanprodan, @2opremio, @dholbach, @squaremo, @hiddeco for contributing to this release.