chore(deps): update dependency fluxcd/flux2 to v0.29.0 #86
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.28.5
->v0.29.0
Release Notes
fluxcd/flux2
v0.29.0
Compare Source
Flux v0.29.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
source-controller
RUNTIME_NAMESPACE
environment variable is no longer taken into account to configure the advertised HTTP/Saddress of the storage. Instead, variable substitution must be used, as described in the changelog entry for
v0.5.2
.TLSClientConfig.CAFile
,TLSClientConfig.KeyFile
,TLSClientConfig.CertFile
andBearerTokenFile
). The drive behind the change was to discourage insecure practices of mounting Kubernetes tokens inside the controller's container file system.TLSClientConfig.Insecure
in KubeConfig file is disabled by default, but can be enabled at controller level with the flag--insecure-kubeconfig-tls
.ExecProvider
in KubeConfig file is now disabled by default, but can be enabled at controller level with the flag--insecure-kubeconfig-exec
.Features and improvements
Notification Improvements
A new notification is now emitted to identify recovery from failures. It is triggered when a failed reconciliation is followed by a successful one, and the notification message is the same that's sent in usual successful source reconciliation message about the stored artifact.
In-memory cache for HelmRepository
The opt-in in-memory cache for
HelmRepository
addresses issues where the index file is loaded and unmarshalled in concurrent reconciliation resulting in a heavy memory footprint. It can be configured using the flags:--helm-cache-max-size
,--helm-cache-ttl
,--helm-cache-purge-interval
.Configurable retention of Source Artifacts
Garbage Collection is enabled by default, and now its retention options are configurable with the flags:
--artifact-retention-ttl
(default:60s
) and--artifact-retention-records
(default:2
). They define the minimum time to live and the maximum amount of artifacts to survive a collection.Configurable Key Exchange Algorithms for SSH connections
The Key Exchange Algorithms used when establishing SSH connections are based on the defaults configured upstream in
go-git
andgolang.org/x/crypto
. Now this can be overriden with the flag--ssh-kex-algos
. Note this applies to thego-git
gitImplementation or thelibgit2
gitImplementation but only when Managed Transport is being used.Configurable Exponential Back-off retry settings
The exponential back-off retry can be configured with the new flags:
--min-retry-delay
(default:750ms
) and--max-retry-delay
(default:15min
). Previously the defaults were set to5ms
and1000s
, which in some cases impaired the controller's ability to self-heal (e.g. retrying failing SSH connections).Experimental managed transport for libgit2 Git implementation
Managed Transport for
libgit2
now introduces self-healing capabilities, to recover from failure when long-running connections become stale.SOPS refactored and optimized
SOPS implementation was refactored to include various improvements and extended code coverage. Age identities are now imported once and reused multiple times, optimizing CPU and memory usage between decryption operations.
Helm chart directory loader improvements
Introduction of a secure directory loader which improves the handling of Helm charts paths.
Components Changelog
Other changes since last minor release:
CLI Changelog
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.