[pull] main from fluxcd:main #34
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add `notation` verification provider to API
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Update dependencies to Kustomize v5.4.0
Make sure that `/data` for configmaps are not masked Signed-off-by: Soule BA <bah.soule@gmail.com>
Fix patching on drift detection
Update the Ready condition during drift correction to reflect the current state of reconciliation. Without this, any previous Ready condition value continues to persist on the object. If there was a previous failure due to which Ready=False condition is present on the object, the same value continues to persist if the atomic release reconciliation enters a drift detection and correction loop. Resulting in the status to show inaccurate state of the reconciliation. Examples of two different scenarios that arise due to this issue: - If a release without any dependency is installed, the status shows Ready=True for InstallSucceeded reason. But right after the installation, if a drift is detected the status continues to show the same Ready=True value. There's no indication that a drift correction is going on in the status. The events and logs do show that drift correction is taking place. But it can be confusing to see positive Ready value. Also, since the Ready condition message is copied for Reconciling condition, Reconciling=True with a "Helm install succeeded..." is seen. - If a release depends on another release, and reconciliation results in dependency not ready error at first, Ready=False condition is added on the object. On subsequent runs, even when the dependencies are ready, the Ready=False condition isn't updated, resulting in stale Ready value until atomic release reconciliation completes. But if the atomic reconciliation enters a drift detection and correction loop, the Ready=False with dependency error persists in the status. This gives the impression that something is wrong with dependency check but based on the logs and events, the controller could be stuck in drift detection and correction loop. Updating the Ready condition during drift detection shows the current state of reconciliation, avoiding the confusing scenarios described above. Signed-off-by: Sunny <github@darkowlzz.space>
It takes into account switching from a chart template to a referenced source (garbage collection). Signed-off-by: Soule BA <bah.soule@gmail.com>
Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com> Signed-off-by: souleb <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com> Signed-off-by: souleb <bah.soule@gmail.com>
This is needed for an OCIRepository source in order to detect change for mutable tags. Signed-off-by: Soule BA <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
This commit add the oci artifact digest into the release observed snapshot. This is used to later to add that value as an annotation. Signed-off-by: Soule BA <bah.soule@gmail.com>
The test case successfully upgrade with the same chart because version is not computed the same way (12 digits of digest appended for OCIRepository source). Signed-off-by: Soule BA <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
Use artifact digest instead of revision to validate whether to trigger a new reconciliation Signed-off-by: Soule BA <bah.soule@gmail.com>
Add support for `OCIRepository` as chartRef
If implemented, user will be able to share an existing HelmChart custom resource between HelmReleases. Signed-off-by: Soule BA <bah.soule@gmail.com>
Signed-off-by: Soule BA <bah.soule@gmail.com>
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com> Signed-off-by: souleb <bah.soule@gmail.com>
Add support for `HelmChart` as chartRef
Bumps the ci group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.2` | `4.1.3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.2.0` | `3.3.0` | | [helm/kind-action](https://github.com/helm/kind-action) | `1.9.0` | `1.10.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.4.0` | `3.5.0` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `1.10.0` | `2.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.9` | `3.25.2` | Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@9bb5618...1d96c77) Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@2b51285...d70bba7) Updates `helm/kind-action` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](helm/kind-action@99576bf...0025e74) Updates `sigstore/cosign-installer` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@e1523de...59acb62) Updates `slsa-framework/slsa-github-generator` from 1.10.0 to 2.0.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v1.10.0...v2.0.0) Updates `github/codeql-action` from 3.24.9 to 3.25.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b1aada...8f596b4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
…267b82 build(deps): bump the ci group across 1 directory with 6 updates
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Update dependencies to Kubernetes 1.30
Bumps the ci group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [anchore/sbom-action](https://github.com/anchore/sbom-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@1d96c77...0ad4b8f) Updates `anchore/sbom-action` from 0.15.10 to 0.15.11 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@ab5d7b5...7ccf588) Updates `github/codeql-action` from 3.25.2 to 3.25.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8f596b4...d39d31e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
[RFC-0010] Introduce workload identity auth for remote clusters
Bumps the ci group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [korthout/backport-action](https://github.com/korthout/backport-action) | `3.2.0` | `3.2.1` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.17.0` | `6.18.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.2` | `3.9.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.0` | `0.20.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.18` | `3.29.0` | Updates `korthout/backport-action` from 3.2.0 to 3.2.1 - [Release notes](https://github.com/korthout/backport-action/releases) - [Commits](korthout/backport-action@436145e...0193454) Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@b5ca514...e468171) Updates `docker/build-push-action` from 6.17.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@1dc7386...2634353) Updates `sigstore/cosign-installer` from 3.8.2 to 3.9.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@3454372...398d4b0) Updates `anchore/sbom-action` from 0.20.0 to 0.20.1 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@e11c554...9246b90) Updates `github/codeql-action` from 3.28.18 to 3.29.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@ff0a06e...ce28f5b) --- updated-dependencies: - dependency-name: korthout/backport-action dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: anchore/sbom-action dependency-version: 0.20.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: github/codeql-action dependency-version: 3.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
…ef230b4 Bump the ci group across 1 directory with 6 updates
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Update dependabot config
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
Introduce label selector for watching ConfigMaps and Secrets
…ller level Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
[RFC-0010] Support all Azure clouds for remote clusters at the controller level
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
Fix watch index conflict between HelmChart and OCIRepository kinds
Signed-off-by: Yves Mettier <ymettier@free.fr>
Fix continuous drift due to unstable hashing of values
Extend the readiness evaluation of dependencies with CEL expressions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Extend the readiness evaluation of dependencies with CEL expressions
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
Fix requeue interval for SourceNotReady
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Remove deprecated APIs in group `helm.toolkit.fluxcd.io/v2beta1`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Record the last Helm release action duration in status
Adds new controller flag to enforce ServiceAccount usage in multi-tenant clusters where administrators need to lock down workload identity access: - --default-kubeconfig-service-account This flag complements the existing --default-service-account flag to provide multi-tenancy lockdown coverage for kubeconfig ServiceAccount fields in the HelmRelease API. Signed-off-by: cappyzawa <cappyzawa@gmail.com>
[RFC-0010] Add multi-tenancy lockdown for kubeconfig
Validates that ObjectLevelWorkloadIdentity feature gate is enabled when default kubeconfig service account flags are set. This prevents misconfiguration where lockdown flags are used without enabling the required feature gate. Signed-off-by: cappyzawa <cappyzawa@gmail.com>
…dation Add object-level configuration validation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )