clank/kubernetes-state
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Update dependency fluxcd/flux2 to v2.7.5 #21

Open
kjuulh wants to merge 1 commits from renovate/all into main
pull from: renovate/all
merge into: clank:main
Conversation 0 Commits 1 Files Changed 1 +1170 -3559
kjuulh commented 2025-05-30 02:33:54 +02:00
Owner
Copy Link

This PR contains the following updates:

Package Update Change
fluxcd/flux2 minor v2.5.1 -> v2.7.5

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.7.5

Compare Source

Highlights

Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix HelmRelease history truncation when using the RetryOnFailure strategy.

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog
CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5

v2.7.4

Compare Source

Highlights

Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Add DisableConfigWatchers feature gate to all controllers for disabling the Secrets/ConfigMaps watchers
  • Fix Workload Identity for Azure China Cloud in all controllers
  • Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller
  • Skip secret decryption for remote kustomize patches in kustomize-controller
  • Improve post-build error reporting in kustomize-controller
  • Add ArtifactGenerator to aggregated RBAC roles

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4

v2.7.3

Compare Source

Highlights

Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Restore SOCKS5 proxy support in all controllers
  • Fix status reporting of HelmReleases with RetryOnFailure strategy
  • Automated retries for ImagePolicies when no image tags are found in the database
  • Fix alerting for Telegram's message_thread_id
  • Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3

v2.7.2

Compare Source

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2

v2.7.1

Compare Source

Highlights

Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Improvements:

  • Extend flux migrate with support for migrating manifests in Git repositories to the latest API versions.
  • Add recommendations for configuring HelmReleases on production environments.

Fixes:

  • Fix flux migrate command to handle managed fields properly.
  • Fix self-signed TLS cert handling for public Helm repositories in source-controller.
  • Fix the default API versions used by receivers in notification-controller.
  • Fix redundant Ready condition patching in helm-controller.
  • Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller.

Components changelog

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1

v2.7.0

Compare Source

Highlights

Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.7 GA blog post.

Overview of the new features:

  • General availability release of the Image Automation APIs (ImagePolicy, ImageRepository, ImageUpdateAutomation)
  • Watch for changes in ConfigMaps and Secrets references (Kustomization, HelmRelease)
  • Support for remote cluster authentication using Workload Identity (Kustomization, HelmRelease)
  • Extend the readiness evaluation of dependencies with CEL expressions (Kustomization, HelmRelease)
  • Support for global SOPS Age decryption keys on single-tenant clusters (Kustomization)
  • Support for optional Kustomize components (Kustomization)
  • Introduce RetryOnFailure lifecycle management strategy (HelmRelease)
  • Support mTLS for sending alerts to external systems (Provider)
  • Object-level workload identity authentication (Bucket, Provider)
  • Support mTLS for GitHub App transport (GitRepository, ImageUpdateAutomation, Provider)
  • OpenTelemetry tracing for Kustomization and HelmRelease reconciliation (Provider)
  • Support for 3rd-party source controllers (ExternalArtifact)
  • Support for source composition and decomposition patterns (ArtifactGenerator)
  • CancelHealthCheckOnNewRevision feature gate (kustomize-controller)
  • GitSparseCheckout feature gate (image-automation-controller)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.32 >= 1.32.0
v1.33 >= 1.33.0
v1.34 >= 1.34.1

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs v1beta1 and v2beta1 (deprecated in 2023) have reached end-of-life and have been removed from the CRDs.

Unless you are using Flux Operator to deploy the Flux controllers, you must run the flux migrate command on clusters before upgrading.

For more details, please refer to the Flux v2.7 upgrade guide.

Components changelog

New Documentation

CLI changelog

New Contributors

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.7.0

v2.6.4

Compare Source

Highlights

Flux v2.6.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

  • Fix for SOPS decryption with US Government KMS keys failing with the error:
STS: AssumeRoleWithWebIdentity, https response error\n   StatusCode: 0, RequestID: ,
request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp:
lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host

Components changelog

CLI changed

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4

v2.6.3

Compare Source

Highlights

Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

  • Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.

Components changelog

CLI changed

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3

v2.6.2

Compare Source

Highlights

Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

  • Fix authentication for flux push artifact --provider=azure on Azure DevOps runners.
  • Fix OIDC authentication for Amazon ECR Public in source-controller and image-reflector-controller.
  • Fix knownhosts key mismatch regression bug in the Flux CLI, source-controller and image-automation-controller.

Components changelog

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2

v2.6.1

Compare Source

Highlights

Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

  • Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation.
  • Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty.

Components changelog

  • image-reflector-controller v0.35.1

CLI changelog

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1

v2.6.0

Compare Source

Highlights

Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.6 GA blog post.

Overview of the new features:

  • General availability release for the Flux OCI Artifacts APIs and flux artifact commands
  • Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation)
  • Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider)
  • Cache registry credentials for cloud providers (OCIRepository, ImageRepository)
  • Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation)
  • Support for sparse checkout (GitRepository)
  • Support for GitHub App authentication (Alert Provider)
  • Support for managed Identity authentication to Azure Event Hub (Alert Provider)
  • Customize the ID of the Git commit status with CEL expressions (Alert Provider)
  • WaitForTermination deletion policy (Kustomization)
  • DisableChartDigestTracking feature gate (HelmRelease)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.31 >= 1.31.0
v1.32 >= 1.32.0
v1.33 >= 1.33.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.5.0 to v2.6.0 by following the upgrade guide.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

  1. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain OCIRepository definitions.
  2. Add an annotation api.fluxcd.io/upgrade: "v2.6.0" to the OCIRepository resources. (this is not required if Flux Operator is used for upgrade)
  3. Commit, push, and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

Components changelog

New Documentation

What's Changed

New Contributors

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.5.0...v2.6.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [fluxcd/flux2](https://github.com/fluxcd/flux2) | minor | `v2.5.1` -> `v2.7.5` | --- ### Release Notes <details> <summary>fluxcd/flux2 (fluxcd/flux2)</summary> ### [`v2.7.5`](https://github.com/fluxcd/flux2/releases/tag/v2.7.5) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5) ##### Highlights Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix HelmRelease history truncation when using the `RetryOnFailure` strategy. :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. ##### Components changelog - helm-controller [v1.4.5](https://github.com/fluxcd/helm-controller/blob/v1.4.5/CHANGELOG.md) ##### CLI changelog - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5649 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5 ### [`v2.7.4`](https://github.com/fluxcd/flux2/releases/tag/v2.7.4) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4) #### Highlights Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Add `DisableConfigWatchers` feature gate to all controllers for disabling the Secrets/ConfigMaps watchers - Fix Workload Identity for Azure China Cloud in all controllers - Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller - Skip secret decryption for remote kustomize patches in kustomize-controller - Improve post-build error reporting in kustomize-controller - Add `ArtifactGenerator` to aggregated RBAC roles :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. #### Components changelog - source-controller [v1.7.4](https://github.com/fluxcd/source-controller/blob/v1.7.4/CHANGELOG.md) - kustomize-controller [v1.7.3](https://github.com/fluxcd/kustomize-controller/blob/v1.7.3/CHANGELOG.md) - notification-controller [v1.7.5](https://github.com/fluxcd/notification-controller/blob/v1.7.5/CHANGELOG.md) - helm-controller [v1.4.4](https://github.com/fluxcd/helm-controller/blob/v1.4.4/CHANGELOG.md) - image-reflector-controller [v1.0.4](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.4/CHANGELOG.md) - image-automation-controller [v1.0.4](https://github.com/fluxcd/image-automation-controller/blob/v1.0.4/CHANGELOG.md) - source-watcher [v2.0.3](https://github.com/fluxcd/source-watcher/blob/v2.0.3/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] ci: Include source-watcher in the e2e test suite by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5615 - \[release/v2.7.x] Add source.extensions.fluxcd.io group to aggregated RBAC roles by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5628 - \[release/v2.7.x] Fix panic on reconcile with source of ExternalArtifact kind by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5631 - \[release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5634 - \[release/v2.7.x] diff: report if object is skipped by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5635 - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5640 - \[release/v2.7.x] Allow option to skip tenant namespace creation by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5642 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4 ### [`v2.7.3`](https://github.com/fluxcd/flux2/releases/tag/v2.7.3) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3) #### Highlights Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Restore SOCKS5 proxy support in all controllers - Fix status reporting of HelmReleases with `RetryOnFailure` strategy - Automated retries for ImagePolicies when no image tags are found in the database - Fix alerting for Telegram's `message_thread_id` - Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. #### Components changelog - source-controller [v1.7.3](https://github.com/fluxcd/source-controller/blob/v1.7.3/CHANGELOG.md) - kustomize-controller [v1.7.2](https://github.com/fluxcd/kustomize-controller/blob/v1.7.2/CHANGELOG.md) - notification-controller [v1.7.4](https://github.com/fluxcd/notification-controller/blob/v1.7.4/CHANGELOG.md) - helm-controller [v1.4.3](https://github.com/fluxcd/helm-controller/blob/v1.4.3/CHANGELOG.md) - image-reflector-controller [v1.0.3](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.3/CHANGELOG.md) - image-automation-controller [v1.0.3](https://github.com/fluxcd/image-automation-controller/blob/v1.0.3/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Pin cosign to v2.6.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5595 - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5605 - \[release/v2.7.x] fix: return accepted values for flags when calling Values.Type() by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5606 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3 ### [`v2.7.2`](https://github.com/fluxcd/flux2/releases/tag/v2.7.2) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2) #### Highlights Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the [Go 1.25.2 release notes](https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ). #### Components changelog - source-controller [v1.7.2](https://github.com/fluxcd/source-controller/blob/v1.7.2/CHANGELOG.md) - kustomize-controller [v1.7.1](https://github.com/fluxcd/kustomize-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.3](https://github.com/fluxcd/notification-controller/blob/v1.7.3/CHANGELOG.md) - helm-controller [v1.4.2](https://github.com/fluxcd/helm-controller/blob/v1.4.2/CHANGELOG.md) - image-reflector-controller [v1.0.2](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.2/CHANGELOG.md) - image-automation-controller [v1.0.2](https://github.com/fluxcd/image-automation-controller/blob/v1.0.2/CHANGELOG.md) - source-watcher [v2.0.2](https://github.com/fluxcd/source-watcher/blob/v2.0.2/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Fix manifest generation for `--storage-adv-addr` and `--events-addr` flags by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5575 - \[release/v2.7.x] Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5577 - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5579 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2 ### [`v2.7.1`](https://github.com/fluxcd/flux2/releases/tag/v2.7.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1) #### Highlights Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Improvements: - Extend [flux migrate](https://fluxcd.io/flux/cmd/flux_migrate/) with support for migrating manifests in Git repositories to the latest API versions. - Add [recommendations](https://fluxcd.io/flux/components/helm/helmreleases/#recommended-settings) for configuring HelmReleases on production environments. Fixes: - Fix `flux migrate` command to handle managed fields properly. - Fix self-signed TLS cert handling for public Helm repositories in source-controller. - Fix the default API versions used by receivers in notification-controller. - Fix redundant `Ready` condition patching in helm-controller. - Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller. #### Components changelog - source-controller [v1.7.1](https://github.com/fluxcd/source-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.2](https://github.com/fluxcd/notification-controller/blob/v1.7.2/CHANGELOG.md) - helm-controller [v1.4.1](https://github.com/fluxcd/helm-controller/blob/v1.4.1/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Backport CI fixes and updates by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5552 - \[release/v2.7.x] Fix `flux push artifact` not working with `--provider` by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5553 - \[release/v2.7.x] Extend `flux migrate` to work with local files by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5557 - \[release/v2.7.x] Improve `flux migrate` for live cluster migrations by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5559 - \[release/v2.7.x] Fix `flux migrate -f` command to work with comments by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5561 - \[release/v2.7.x] Fix `flux migrate -f` not considering kind comments by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5564 - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5569 - \[release/v2.7.x] Disable AUR publishing by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in https://github.com/fluxcd/flux2/pull/5571 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1 ### [`v2.7.0`](https://github.com/fluxcd/flux2/releases/tag/v2.7.0) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.4...v2.7.0) #### Highlights Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.7 GA blog post](https://fluxcd.io/blog/2025/09/flux-v2.7.0/). Overview of the new features: - General availability release of the Image Automation APIs (`ImagePolicy`, `ImageRepository`, `ImageUpdateAutomation`) - Watch for changes in ConfigMaps and Secrets references (`Kustomization`, `HelmRelease`) - Support for remote cluster authentication using Workload Identity (`Kustomization`, `HelmRelease`) - Extend the readiness evaluation of dependencies with CEL expressions (`Kustomization`, `HelmRelease`) - Support for global SOPS Age decryption keys on single-tenant clusters (`Kustomization`) - Support for optional Kustomize components (`Kustomization`) - Introduce `RetryOnFailure` lifecycle management strategy (`HelmRelease`) - Support mTLS for sending alerts to external systems (`Provider`) - Object-level workload identity authentication (`Bucket`, `Provider`) - Support mTLS for GitHub App transport (`GitRepository`, `ImageUpdateAutomation`, `Provider`) - OpenTelemetry tracing for `Kustomization` and `HelmRelease` reconciliation (`Provider`) - Support for 3rd-party source controllers (`ExternalArtifact`) - Support for source composition and decomposition patterns (`ArtifactGenerator`) - `CancelHealthCheckOnNewRevision` feature gate (kustomize-controller) - `GitSparseCheckout` feature gate (image-automation-controller) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | |--------------------|------------------| | `v1.32` | `>= 1.32.0` | | `v1.33` | `>= 1.33.0` | | `v1.34` | `>= 1.34.1` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. #### Upgrade procedure :warning: The Flux APIs `v1beta1` and `v2beta1` (deprecated in 2023) have reached end-of-life and have been removed from the CRDs. Unless you are using [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) to deploy the Flux controllers, you must run the `flux migrate` command on clusters before upgrading. For more details, please refer to the [Flux v2.7 upgrade guide](https://fluxcd.io/blog/2025/09/flux-v2.7.0/#upgrade-procedure). #### Components changelog - source-controller [v1.7.0](https://github.com/fluxcd/source-controller/blob/v1.7.0/CHANGELOG.md) - kustomize-controller [v1.7.0](https://github.com/fluxcd/kustomize-controller/blob/v1.7.0/CHANGELOG.md) - notification-controller [v1.7.0](https://github.com/fluxcd/notification-controller/blob/v1.7.0/CHANGELOG.md) [v1.7.1](https://github.com/fluxcd/notification-controller/blob/v1.7.1/CHANGELOG.md) - helm-controller [v1.4.0](https://github.com/fluxcd/helm-controller/blob/v1.4.0/CHANGELOG.md) - image-reflector-controller [v1.0.0](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.0/CHANGELOG.md) [v1.0.1](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.1/CHANGELOG.md) - image-automation-controller [v1.0.0](https://github.com/fluxcd/image-automation-controller/blob/v1.0.0/CHANGELOG.md) [v1.0.1](https://github.com/fluxcd/image-automation-controller/blob/v1.0.1/CHANGELOG.md) - source-watcher [v2.0.0](https://github.com/fluxcd/source-watcher/blob/v2.0.0/CHANGELOG.md) [v2.0.1](https://github.com/fluxcd/source-watcher/blob/v1.0.1/CHANGELOG.md) ##### New Documentation - [ImageRepository v1 specification](https://fluxcd.io/flux/components/image/imagerepositories) - [ImagePolicy v1 specification](https://fluxcd.io/flux/components/image/imagepolicies) - [ImageUpdateAutomation v1 specification](https://fluxcd.io/flux/components/image/imageupdateautomations) - [ExternalArtifact v1 specification](https://fluxcd.io/flux/components/source/externalartifacts) - [ArtifactGenerator v1beta1 specification](https://fluxcd.io/flux/components/source/artifactgenerators) #### CLI changelog - Add backport label for `v2.6.x` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5379 - Update image-reflector-controller to v0.35.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5381 - Add digest pinning to image automation testing by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5383 - correct small typo by [@&#8203;JIbald](https://github.com/JIbald) in https://github.com/fluxcd/flux2/pull/5388 - Remove credentials sync manifests by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5347 - Add sparse checkout to cli by [@&#8203;ba-work](https://github.com/ba-work) in https://github.com/fluxcd/flux2/pull/5389 - fix: Allow Azure CLI calls in `flux push artifact --provider azure` on DevOps runners by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5390 - Fix `knownhosts key mismatch` regression bug by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5404 - refactor: Use `normalize.UnstructuredList` instead of `ssa.SetNativeKindsDefaults` by [@&#8203;cappyzawa](https://github.com/cappyzawa) in https://github.com/fluxcd/flux2/pull/5407 - Make service-account name configurable in `flux create tenant` by [@&#8203;reiSh6phoo9o](https://github.com/reiSh6phoo9o) in https://github.com/fluxcd/flux2/pull/5402 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5409 - refactor: cleanup GetArtifactRegistryCredentials error handling by [@&#8203;cappyzawa](https://github.com/cappyzawa) in https://github.com/fluxcd/flux2/pull/5418 - Promote image CLI commands to stable by [@&#8203;dgunzy](https://github.com/dgunzy) in https://github.com/fluxcd/flux2/pull/5421 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5426 - Bump pkg/ssa to v0.49.0 for CABundle validation fix by [@&#8203;dgunzy](https://github.com/dgunzy) in https://github.com/fluxcd/flux2/pull/5431 - \[RFC-0010] Add workload identity support for remote clusters by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5434 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5443 - Fix `flux push artifact` for insecure registries by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5449 - \[RFC-0010] Add workload identity support for remote generic clusters by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5452 - Fix `flux diff kustomization` ignore patterns by [@&#8203;dgunzy](https://github.com/dgunzy) in https://github.com/fluxcd/flux2/pull/5451 - Update dependencies to Kubernetes 1.33.2 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5453 - build(deps): bump the ci group across 1 directory with 7 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in https://github.com/fluxcd/flux2/pull/5435 - Upgrade fluxcd/pkg dependencies by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5455 - ci: Use GITHUB_TOKEN for API calls in update workflow by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5460 - manifests: Add `app.kubernetes.io/part-of: flux` label to controller pods by [@&#8203;pinkavaj](https://github.com/pinkavaj) in https://github.com/fluxcd/flux2/pull/5440 - Migrate sourcesecret package to runtime/secrets APIs by [@&#8203;cappyzawa](https://github.com/cappyzawa) in https://github.com/fluxcd/flux2/pull/5462 - Implement `flux migrate` command by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5473 - \[RFC-0007] Implementation history update by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5480 - Run conformance tests for Kubernetes 1.34.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5497 - Update to Kubernetes v1.34.0 and Go 1.25.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5499 - build(deps): bump the ci group across 1 directory with 10 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in https://github.com/fluxcd/flux2/pull/5500 - Allow the Go runtime to dynamically set `GOMAXPROCS` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5501 - fix(events): respect `--all-namespaces` flag by [@&#8203;mohiuddin-khan-shiam](https://github.com/mohiuddin-khan-shiam) in https://github.com/fluxcd/flux2/pull/5414 - \[RFC-0011] OpenTelemetry Tracing by [@&#8203;adri1197](https://github.com/adri1197) in https://github.com/fluxcd/flux2/pull/5321 - \[RFC-0012] External Artifact API by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5292 - Add `--show-history` flag to `debug helmrelease` by [@&#8203;hawkaii](https://github.com/hawkaii) in https://github.com/fluxcd/flux2/pull/5505 - Skip release candidates on updates by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5507 - ci: Align azure e2e tests secret names with fluxcd/pkg by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5508 - Update image-reflector-controller to v1.0.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5517 - Update source-controller to v1.7.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5518 - Add the source-watcher controller to the Flux distribution by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5519 - Add read-only commands for `ArtifactGenerator` kind by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5520 - ci: Add source-watcher to the update workflow by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5521 - Update image-automation-controller to v1.0.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5522 - Update image-reflector-controller to v1.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5525 - Implement `flux [reconcile|suspend|resume] image policy` commands by [@&#8203;lukas8219](https://github.com/lukas8219) in https://github.com/fluxcd/flux2/pull/5492 - Handle `force: enabled` annotation in `flux diff ks` command by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5528 - ci: Refactor CI with `fluxcd/gha-workflows` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5529 - Remove `ArtifactGenerators` during uninstall by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5531 - Add support for `ExternalArtifact` to `flux trace` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5532 - Set Kubernetes 1.32 as min supported version by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5533 - build(deps): bump the ci group with 6 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in https://github.com/fluxcd/flux2/pull/5535 - Add support for custom storage namespace in HelmRelease creation by [@&#8203;prasad89](https://github.com/prasad89) in https://github.com/fluxcd/flux2/pull/5534 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5537 - ci: remove cron schedule from update by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5539 - Update source-watcher to v2.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5540 - Add `--show-history` flag to `debug kustomization` by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5541 - Update image-automation-controller to v1.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5542 - `fluxcd/flux2/action`: Determine latest version without using GitHub API by [@&#8203;RussellAult](https://github.com/RussellAult) in https://github.com/fluxcd/flux2/pull/5509 #### New Contributors - [@&#8203;JIbald](https://github.com/JIbald) made their first contribution in https://github.com/fluxcd/flux2/pull/5388 - [@&#8203;ba-work](https://github.com/ba-work) made their first contribution in https://github.com/fluxcd/flux2/pull/5389 - [@&#8203;cappyzawa](https://github.com/cappyzawa) made their first contribution in https://github.com/fluxcd/flux2/pull/5407 - [@&#8203;reiSh6phoo9o](https://github.com/reiSh6phoo9o) made their first contribution in https://github.com/fluxcd/flux2/pull/5402 - [@&#8203;pinkavaj](https://github.com/pinkavaj) made their first contribution in https://github.com/fluxcd/flux2/pull/5440 - [@&#8203;mohiuddin-khan-shiam](https://github.com/mohiuddin-khan-shiam) made their first contribution in https://github.com/fluxcd/flux2/pull/5414 - [@&#8203;adri1197](https://github.com/adri1197) made their first contribution in https://github.com/fluxcd/flux2/pull/5321 - [@&#8203;hawkaii](https://github.com/hawkaii) made their first contribution in https://github.com/fluxcd/flux2/pull/5505 - [@&#8203;lukas8219](https://github.com/lukas8219) made their first contribution in https://github.com/fluxcd/flux2/pull/5492 - [@&#8203;prasad89](https://github.com/prasad89) made their first contribution in https://github.com/fluxcd/flux2/pull/5534 - [@&#8203;RussellAult](https://github.com/RussellAult) made their first contribution in https://github.com/fluxcd/flux2/pull/5509 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.7.0 ### [`v2.6.4`](https://github.com/fluxcd/flux2/releases/tag/v2.6.4) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4) #### Highlights Flux v2.6.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix for SOPS decryption with US Government KMS keys failing with the error: <!----> STS: AssumeRoleWithWebIdentity, https response error\n StatusCode: 0, RequestID: , request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp: lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host #### Components changelog - kustomize-controller [v1.6.1](https://github.com/fluxcd/kustomize-controller/blob/v1.6.1/CHANGELOG.md) #### CLI changed - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5444 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4 ### [`v2.6.3`](https://github.com/fluxcd/flux2/releases/tag/v2.6.3) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3) #### Highlights Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix for `rsa-sha2-512` and `rsa-sha2-256` algorithms not being prioritized for `ssh-rsa` host keys in source-controller, image-automation-controller and Flux CLI bootstrap. #### Components changelog - source-controller [v1.6.2](https://github.com/fluxcd/source-controller/blob/v1.6.2/CHANGELOG.md) - image-automation-controller [v0.41.2](https://github.com/fluxcd/image-automation-controller/blob/v0.41.2/CHANGELOG.md) #### CLI changed - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5427 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3 ### [`v2.6.2`](https://github.com/fluxcd/flux2/releases/tag/v2.6.2) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2) #### Highlights Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix authentication for `flux push artifact --provider=azure` on Azure DevOps runners. - Fix OIDC authentication for [Amazon ECR Public](https://fluxcd.io/flux/integrations/aws/#for-amazon-public-elastic-container-registry) in source-controller and image-reflector-controller. - Fix `knownhosts key mismatch` regression bug in the Flux CLI, source-controller and image-automation-controller. #### Components changelog - source-controller [v1.6.1](https://github.com/fluxcd/source-controller/blob/v1.6.1/CHANGELOG.md) - image-reflector-controller [v0.35.2](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.2/CHANGELOG.md) - image-automation-controller [v0.41.1](https://github.com/fluxcd/image-automation-controller/blob/v0.41.1/CHANGELOG.md) #### CLI changelog - \[release/v2.6.x] fix: Allow Azure CLI calls in `flux push artifact --provider azure` on DevOps runners by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5396 - \[release/v2.6.x] Fix `knownhosts key mismatch` regression bug by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5405 - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5410 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2 ### [`v2.6.1`](https://github.com/fluxcd/flux2/releases/tag/v2.6.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1) #### Highlights Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation. - Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty. #### Components changelog - image-reflector-controller [v0.35.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.1/CHANGELOG.md) #### CLI changelog - \[release/v2.6.x] Update image-reflector-controller to v0.35.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5382 - \[release/v2.6.x] Add digest pinning to image automation testing by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5384 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1 ### [`v2.6.0`](https://github.com/fluxcd/flux2/releases/tag/v2.6.0) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.5.1...v2.6.0) #### Highlights Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.6 GA blog post](https://fluxcd.io/blog/2025/05/flux-v2.6.0/). Overview of the new features: - General availability release for the Flux OCI Artifacts APIs and `flux artifact` commands - Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation) - Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider) - Cache registry credentials for cloud providers (OCIRepository, ImageRepository) - Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation) - Support for sparse checkout (GitRepository) - Support for GitHub App authentication (Alert Provider) - Support for managed Identity authentication to Azure Event Hub (Alert Provider) - Customize the ID of the Git commit status with CEL expressions (Alert Provider) - `WaitForTermination` deletion policy (Kustomization) - `DisableChartDigestTracking` feature gate (HelmRelease) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | |--------------------|------------------| | `v1.31` | `>= 1.31.0` | | `v1.32` | `>= 1.32.0` | | `v1.33` | `>= 1.33.0` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. #### Upgrade procedure Upgrade Flux from `v2.5.0` to `v2.6.0` by following the [upgrade guide](https://fluxcd.io/flux/installation/upgrade/). To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git: 1. Set `apiVersion: source.toolkit.fluxcd.io/v1` in the YAML files that contain `OCIRepository` definitions. 2. Add an annotation `api.fluxcd.io/upgrade: "v2.6.0"` to the `OCIRepository` resources. (this is not required if Flux Operator is used for upgrade) 3. Commit, push, and reconcile the API version changes. Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the deprecated versions will be removed after 6 months. #### Components changelog - source-controller [v1.6.0](https://github.com/fluxcd/source-controller/blob/v1.6.0/CHANGELOG.md) - kustomize-controller [v1.6.0](https://github.com/fluxcd/kustomize-controller/blob/v1.6.0/CHANGELOG.md) - notification-controller [v1.6.0](https://github.com/fluxcd/notification-controller/blob/v1.6.0/CHANGELOG.md) - helm-controller [v1.3.0](https://github.com/fluxcd/helm-controller/blob/v1.3.0/CHANGELOG.md) - image-reflector-controller [v0.35.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.0/CHANGELOG.md) - image-automation-controller [v0.41.0](https://github.com/fluxcd/image-automation-controller/blob/v0.41.0/CHANGELOG.md) ##### New Documentation - [OCIRepository v1 specification](https://fluxcd.io/flux/components/source/ocirepositories/) - [AWS integrations](https://fluxcd.io/flux/integrations/aws/) - [Azure integrations](https://fluxcd.io/flux/integrations/azure/) - [GCP integrations](https://fluxcd.io/flux/integrations/gcp/) #### What's Changed - fix: correct name on github app secret by [@&#8203;NotAwar](https://github.com/NotAwar) in https://github.com/fluxcd/flux2/pull/5202 - Update RFC 0008 and RFC 0009 milestones by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5141 - Update kustomize-controller to v1.5.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5214 - Update backport labels for 2.5 by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5215 - Fix command debug hr not taking targetPath into account by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5227 - Remove redundant space. by [@&#8203;laiminhtrung1997](https://github.com/laiminhtrung1997) in https://github.com/fluxcd/flux2/pull/5038 - ci: switch to goreleaser changelog generation by [@&#8203;y-eight](https://github.com/y-eight) in https://github.com/fluxcd/flux2/pull/5284 - change: use the default ephemeral GITHUB_TOKEN instead of the static one by [@&#8203;piontec](https://github.com/piontec) in https://github.com/fluxcd/flux2/pull/5282 - add: OSSF scorecard configuration file - ignore false-positive by [@&#8203;piontec](https://github.com/piontec) in https://github.com/fluxcd/flux2/pull/5287 - build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/fluxcd/flux2/pull/5295 - Allow to pull/push artifacts to insecure registries without TLS by [@&#8203;mottetm](https://github.com/mottetm) in https://github.com/fluxcd/flux2/pull/5299 - \[RFC-0010] Multi-Tenant Workload Identity by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5209 - flux diff: Reset target struct before decoding by [@&#8203;maboehm](https://github.com/maboehm) in https://github.com/fluxcd/flux2/pull/5302 - fix: allow recursive dry-run over local sources by [@&#8203;niveau0](https://github.com/niveau0) in https://github.com/fluxcd/flux2/pull/5219 - Run conformance tests for Kubernetes 1.33.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5318 - Update to Kubernetes 1.33.0 and Go 1.24.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5323 - \[RFC-0010] Remove EKS Pod Identity from the proposal by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5309 - \[RFC-0010] Add RBAC for creating service account tokens by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5332 - Upgrade fluxcd/pkg auth, oci, git and git/gogit by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5333 - Fix exit code handling in get command by [@&#8203;dgunzy](https://github.com/dgunzy) in https://github.com/fluxcd/flux2/pull/5338 - build(deps): bump the ci group across 1 directory with 18 updates by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/fluxcd/flux2/pull/5325 - Fix `flux trace` for HRs from `OCIRepository`s by [@&#8203;makkes](https://github.com/makkes) in https://github.com/fluxcd/flux2/pull/5349 - Fix e2e workflow by [@&#8203;makkes](https://github.com/makkes) in https://github.com/fluxcd/flux2/pull/5351 - \[RFC-0010] Update RFC to include opt-in feature gate by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5354 - \[RFC-0010] Update RFC feature gate behavior by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5355 - Upgrade fluxcd/pkg packages by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5356 - Upgrade fluxcd/pkg packages by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5357 - Set Kubernetes 1.31 as min supported version by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5364 - Update dependencies by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5366 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5368 - Promote artifact commands to stable by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5369 - Add --interval and --reflect-digest flags to flux create image policy by [@&#8203;matheuscscp](https://github.com/matheuscscp) in https://github.com/fluxcd/flux2/pull/5345 - Update CLI to OCIRepository v1 (GA) by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5371 - Update dependabot config by [@&#8203;stefanprodan](https://github.com/stefanprodan) in https://github.com/fluxcd/flux2/pull/5373 - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in https://github.com/fluxcd/flux2/pull/5370 #### New Contributors - [@&#8203;NotAwar](https://github.com/NotAwar) made their first contribution in https://github.com/fluxcd/flux2/pull/5202 - [@&#8203;laiminhtrung1997](https://github.com/laiminhtrung1997) made their first contribution in https://github.com/fluxcd/flux2/pull/5038 - [@&#8203;y-eight](https://github.com/y-eight) made their first contribution in https://github.com/fluxcd/flux2/pull/5284 - [@&#8203;piontec](https://github.com/piontec) made their first contribution in https://github.com/fluxcd/flux2/pull/5282 - [@&#8203;mottetm](https://github.com/mottetm) made their first contribution in https://github.com/fluxcd/flux2/pull/5299 - [@&#8203;maboehm](https://github.com/maboehm) made their first contribution in https://github.com/fluxcd/flux2/pull/5302 - [@&#8203;niveau0](https://github.com/niveau0) made their first contribution in https://github.com/fluxcd/flux2/pull/5219 - [@&#8203;dgunzy](https://github.com/dgunzy) made their first contribution in https://github.com/fluxcd/flux2/pull/5338 **Full Changelog**: https://github.com/fluxcd/flux2/compare/v2.5.0...v2.6.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
kjuulh added 1 commit 2025-05-30 02:33:54 +02:00
Update dependency fluxcd/flux2 to v2.6.0 69c65ca0c3
kjuulh changed title from Update dependency fluxcd/flux2 to v2.6.0 to Update dependency fluxcd/flux2 to v2.6.1 2025-06-03 02:33:28 +02:00
kjuulh force-pushed renovate/all from 69c65ca0c3 to 8b71a08859 2025-06-03 02:33:29 +02:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.6.1 to Update dependency fluxcd/flux2 to v2.6.2 2025-06-18 02:33:37 +02:00
kjuulh force-pushed renovate/all from 8b71a08859 to 1b0be17e1a 2025-06-18 02:33:37 +02:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.6.2 to Update dependency fluxcd/flux2 to v2.6.3 2025-06-28 02:33:33 +02:00
kjuulh force-pushed renovate/all from 1b0be17e1a to 1a607bf3b6 2025-06-28 02:33:34 +02:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.6.3 to Update dependency fluxcd/flux2 to v2.6.4 2025-07-09 02:35:54 +02:00
kjuulh force-pushed renovate/all from 1a607bf3b6 to 3e6b85fe68 2025-07-09 02:35:55 +02:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.6.4 to Update dependency fluxcd/flux2 to v2.7.3 2025-11-13 03:14:04 +01:00
kjuulh force-pushed renovate/all from 3e6b85fe68 to c2000f32d3 2025-11-13 03:14:05 +01:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.7.3 to Update dependency fluxcd/flux2 to v2.7.4 2025-11-25 02:39:53 +01:00
kjuulh force-pushed renovate/all from c2000f32d3 to 2113662f57 2025-11-25 02:39:55 +01:00 Compare
kjuulh changed title from Update dependency fluxcd/flux2 to v2.7.4 to Update dependency fluxcd/flux2 to v2.7.5 2025-11-28 02:37:52 +01:00
kjuulh force-pushed renovate/all from 2113662f57 to 2056ed0c78 2025-11-28 02:37:54 +01:00 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/all:renovate/all
git checkout renovate/all
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
kjuulh
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: clank/kubernetes-state#21
No description provided.
Delete Branch "renovate/all"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?