Highlights

Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.

Components changelog

• source-controller v1.6.2
• image-automation-controller v0.41.2

CLI changed

• [release/v2.6.x] Update toolkit components by @fluxcdbot in #5427

Full Changelog: v2.6.2...v2.6.3

Highlights

Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix authentication for flux push artifact --provider=azure on Azure DevOps runners.
• Fix OIDC authentication for Amazon ECR Public in source-controller and image-reflector-controller.
• Fix knownhosts key mismatch regression bug in the Flux CLI, source-controller and image-automation-controller.

Components changelog

• source-controller v1.6.1
• image-reflector-controller v0.35.2
• image-automation-controller v0.41.1

CLI changelog

• [release/v2.6.x] fix: Allow Azure CLI calls in flux push artifact --provider azure on DevOps runners by @fluxcdbot in #5396
• [release/v2.6.x] Fix knownhosts key mismatch regression bug by @fluxcdbot in #5405
• [release/v2.6.x] Update toolkit components by @fluxcdbot in #5410

Full Changelog: v2.6.1...v2.6.2

Highlights

Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation.
• Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty.

Components changelog

• image-reflector-controller v0.35.1

CLI changelog

• [release/v2.6.x] Update image-reflector-controller to v0.35.1 by @fluxcdbot in #5382
• [release/v2.6.x] Add digest pinning to image automation testing by @fluxcdbot in #5384

Full Changelog: v2.6.0...v2.6.1

Highlights

Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.6 GA blog post.

Overview of the new features:

• General availability release for the Flux OCI Artifacts APIs and flux artifact commands
• Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation)
• Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider)
• Cache registry credentials for cloud providers (OCIRepository, ImageRepository)
• Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation)
• Support for sparse checkout (GitRepository)
• Support for GitHub App authentication (Alert Provider)
• Support for managed Identity authentication to Azure Event Hub (Alert Provider)
• Customize the ID of the Git commit status with CEL expressions (Alert Provider)
• WaitForTermination deletion policy (Kustomization)
• DisableChartDigestTracking feature gate (HelmRelease)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.5.0 to v2.6.0 by following the upgrade guide.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain OCIRepository definitions.
2. Add an annotation api.fluxcd.io/upgrade: "v2.6.0" to the OCIRepository resources. (this is not required if Flux Operator is used for upgrade)
3. Commit, push, and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

Components changelog

• source-controller v1.6.0
• kustomize-controller v1.6.0
• notification-controller v1.6.0
• helm-controller v1.3.0
• image-reflector-controller v0.35.0
• image-automation-controller v0.41.0

New Documentation

• OCIRepository v1 specification
• AWS integrations
• Azure integrations
• GCP integrations

What's Changed

• fix: correct name on github app secret by @NotAwar in #5202
• Update RFC 0008 and RFC 0009 milestones by @matheuscscp in #5141
• Update kustomize-controller to v1.5.1 by @fluxcdbot in #5214
• Update backport labels for 2.5 by @matheuscscp in #5215
• Fix command debug hr not taking targetPath into account by @matheuscscp in #5227
• Remove redundant space. by @laiminhtrung1997 in #5038
• ci: switch to goreleaser changelog generation by @y-eight in #5284
• change: use the default ephemeral GITHUB_TOKEN instead of the static one by @piontec in #5282
• add: OSSF scorecard configuration file - ignore false-positive by @piontec in #5287
• build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by @dependabot in #5295
• Allow to pull/push artifacts to insecure registries without TLS by @mottetm in #5299
• [RFC-0010] Multi-Tenant Workload Identity by @matheuscscp in #5209
• flux diff: Reset target struct before decoding by @maboehm in #5302
• fix: allow recursive dry-run over local sources by @niveau0 in #5219
• Run conformance tests for Kubernetes 1.33.0 by @stefanprodan in #5318
• Update to Kubernetes 1.33.0 and Go 1.24.0 by @stefanprodan in #5323
• [RFC-0010] Remove EKS Pod Identity from the proposal by @matheuscscp in #5309
• [RFC-0010] Add RBAC for creating service account tokens by @matheuscscp in #5332
• Upgrade fluxcd/pkg auth, oci, git and git/gogit by @matheuscscp in #5333
• Fix exit code handling in get command by @dgunzy in #5338
• build(deps): bump the ci group across 1 directory with 18 updates by @dependabot in #5325
• Fix flux trace for HRs from OCIRepositorys by @makkes in #5349
• Fix e2e workflow by @makkes in #5351
• [RFC-0010] Update RFC to include opt-in feature gate by @matheuscscp in #5354
• [RFC-0010] Update RFC feature gate behavior by @matheuscscp in #5355
• Upgrade fluxcd/pkg packages by @matheuscscp in #5356
• Upgrade fluxcd/pkg packages by @matheuscscp in #5357
• Set Kubernetes 1.31 as min supported version by @stefanprodan in #5364
• Update dependencies by @matheuscscp in #5366
• Update toolkit components by @fluxcdbot in #5368
• Promote artifact commands to stable by @matheuscscp in #5369
• Add --interval and --reflect-digest flags to flux create image policy by @matheuscscp in #5345
• Update CLI to OCIRepository v1 (GA) by @stefanprodan in #5371
• Update dependabot config by @stefanprodan in #5373
• Update toolkit components by @fluxcdbot in #5370

New Contributors

• @NotAwar made their first contribution in #5202
• @laiminhtrung1997 made their first contribution in #5038
• @y-eight made their first contribution in #5284
• @piontec made their first contribution in #5282
• @mottetm made their first contribution in #5299
• @maboehm made their first contribution in #5302
• @niveau0 made their first contribution in #5219
• @dgunzy made their first contribution in #5338

Full Changelog: v2.5.0...v2.6.0

Highlights

Flux v2.5.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in kustomize-controller v1.5.0 that was causing spurious logging for deprecated API versions and health check failures.
• Sanitize the kustomize-controller logs when encountering errors during SOPS decryption.

Components changelog

• kustomize-controller v1.5.1

CLI Changelog

• PR #5215 - @matheuscscp - Update backport labels for 2.5
• PR #5214 - @fluxcdbot - Update kustomize-controller to v1.5.1

Highlights

Flux v2.5.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release,
please refer to the Announcing Flux 2.5 GA blog post.

Overview of the new features:

• Support for GitHub App authentication (GitRepository and ImageUpdateAutomation API)
• Custom Health Checks using CEL (Kustomization API)
• Fine-grained control of garbage collection (Kustomization API)
• Enable decryption of secrets generated by Kustomize components (Kustomization API)
• Support for custom event metadata from annotations (Alert API)
• Git commit status updates for Flux Kustomizations with OCIRepository sources (Alert API)
• Resource filtering using CEL for webhook receivers (Receiver API)
• Debug commands for Flux Kustomizations and HelmReleases (Flux CLI)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using
Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies,
persistent storage, sharding, vertical scaling and the synchronization
of the cluster state from Git repositories, OCI artifacts and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.4.0 to v2.5.0 by following the upgrade guide.

There are no new API versions in this release, so no changes are required in the YAML manifests containing Flux resources.

Components changelog

• source-controller v1.5.0
• kustomize-controller v1.5.0
• notification-controller v1.5.0
• helm-controller v1.2.0
• image-reflector-controller v0.34.0
• image-automation-controller v0.40.0

CLI Changelog

• PR #5204 - @stefanprodan - Update kubectl in flux-cli image
• PR #5203 - @stefanprodan - Update flux-cli image
• PR #5200 - @stefanprodan - Update Kubernetes min supported version to 1.30
• PR #5199 - @matheuscscp - Update integration tests dependencies for Flux 2.5
• PR #5195 - @fluxcdbot - Update toolkit components
• PR #5192 - @fluxcdbot - Update toolkit components
• PR #5190 - @dependabot[bot] - build(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3
• PR #5188 - @matheuscscp - Upgrade pkg/runtime
• PR #5187 - @stefanprodan - Update conformance test suite
• PR #5181 - @dependabot[bot] - build(deps): bump the ci group across 1 directory with 13 updates
• PR #5176 - @YvanGuidoin - fix: align flux diff skipping with kustomize-controller
• PR #5175 - @stefanprodan - Update dependencies
• PR #5151 - @stefanprodan - [RFC-0009] Custom Health Checks using CEL expressions
• PR #5146 - @sjorsholtrop-ritense - Improve "flux resume" error message on non-existent object
• PR #5142 - @matheuscscp - Fix create command always using imageRepositoryType
• PR #5137 - @scottrigby - Add OpenShift 4.16 & 4.17 to conformance testing
• PR #5117 - @stefanprodan - Implement flux debug kustomization command
• PR #5114 - @stefanprodan - Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
• PR #5111 - @stefanprodan - Run conformance tests for Kubernetes 1.32.0
• PR #5107 - @darkowlzz - workflows: Use setup-terraform to install latest
• PR #5106 - @stefanprodan - Implement flux debug helmrelease command
• PR #5105 - @stefanprodan - Update fluxcd/pkg dependencies
• PR #5104 - @dependabot[bot] - build(deps): bump the ci group across 1 directory with 11 updates
• PR #5103 - @dipti-pai - [RFC-007] Flux cli support for GitHub app authentication
• PR #5099 - @bkreitch - fix misplaced quotes
• PR #5073 - @mloskot - docs: Mention Flux upgrade guide in release notes
• PR #5071 - @milas - fix: skip remote Kustomizations on recursive diff
• PR #5068 - @h3nryc0ding - fix(cli): confusing error message for missing kind
• PR #5060 - @jdewinne - Use replicated-actions in conformance tests

Highlights

Flux v2.4.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a comprehensive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.4 GA blog post.

This release marks the General Availability (GA) of Flux Bucket API. The Bucket v1 API comes with new features including: proxy support, mTLS and custom STS configuration for AWS S3 and MinIO LDAP authentication.

The GitRepository v1 API gains support for OIDC authentication. Starting with this version, you can authenticate against Azure DevOps repositories using AKS Workload Identity.

The OCIRepository v1beta2 API gains support for proxy configuration thus allowing dedicated HTTP/S Proxy authentication on multi-tenant Kubernetes clusters.

The HelmRelease v2 API gains support for disabling JSON schema validation of the Helm release values during installation and upgrade. And allows adopting existing Kubernetes resources during Helm release installation.

The Flux controllers are now built with Go 1.23 and their dependencies have been updated to Kubernetes 1.31, Helm 3.16, SOPS 3.9 Cosign 2.4 and Notation 1.2.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts and S3-compatible storage.

API changes

Bucket v1

The Bucket kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2.

New fields:

• .spec.proxySecretRef allows configuring HTTP/S Proxy authentication for the S3-compatible storage service.
• .spec.certSecretRef allows custom TLS client certificate and CA for secure communication with the S3-compatible storage service.
• .spec.sts allows custom STS configuration for AWS S3 and MinIO LDAP authentication.

GitRepository v1

The GitRepository kind gains new optional fields with no breaking changes.

New fields:

• .spec.provider allows specifying an OIDC provider used for authentication purposes. Currently, only the azure provider is supported.

OCIRepository v1beta2

The OCIRepository kind gains new optional fields with no breaking changes.

New fields:

• .spec.proxySecretRef allows configuring HTTP/S Proxy authentication for the container registry service.

HelmRelease v2

The HelmRelease kind gains new optional fields with no breaking changes.

New fields:

• .spec.install.disableSchemaValidation allows disabling the JSON schema validation of the Helm release values during installation.
• .spec.upgrade.disableSchemaValidation allows disabling the JSON schema validation of the Helm release values during upgrade.

Upgrade procedure

Upgrade Flux from v2.3.0 to v2.4.0 either by rerunning bootstrap or by using the Flux GitHub Action.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain Bucket definitions.
2. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

Components changelog

• source-controller v1.4.0 v1.4.1
• kustomize-controller v1.4.0
• notification-controller v1.4.0
• helm-controller v1.1.0
• image-reflector-controller v0.33.0
• image-automation-controller v0.39.0

New Documentation

• Bucket v1 specification
• Azure DevOps OIDC auth configuration

CLI Changelog

• PR #5014 - @stefanprodan - Update Kubernetes dependencies to v1.31.1
• PR #5011 - @stefanprodan - Remove TLS deprecated flags from flux create secret
• PR #5010 - @stefanprodan - Add flux create secret proxy command
• PR #5009 - @stefanprodan - Add --proxy-secret-ref to flux create source commands
• PR #5008 - @stefanprodan - Promote bucket commands to GA
• PR #5007 - @stefanprodan - Run conformance tests for Kubernetes 1.29-1.31
• PR #5005 - @fluxcdbot - Update toolkit components
• PR #5004 - @fluxcdbot - Update source-controller to v1.4.1
• PR #4986 - @dipti-pai - [RFC-0007] Add --provider flag to flux create source git
• PR #4970 - @JasonTheDeveloper - Update notaryproject/notation-go to 1.2.1
• PR #4967 - @mxtw - tests: use tempdir to avoid manual gc
• PR #4959 - @stefanprodan - Fix GitHub bootstrap for repositories with custom properties
• PR #4948 - @harshitasao - fix: fixed GHA token-permission and pinned dependencies issue
• PR #4939 - @bkreitch - Recursively diff Kustomizations
• PR #4936 - @stefanprodan - Build with Go 1.23
• PR #4934 - @stefanprodan - Update dependencies to Kubernetes v1.31.0
• PR #4922 - @bkreitch - Stop spinner on cancel of flux diff kustomization
• PR #4918 - @matheuscscp - Fix reconcile helmrelease command description
• PR #4892 - @stefanprodan - Run conformance tests for Kubernetes v1.31
• PR #4871 - @harshitasao - changed the scorecard badge link to the standard format
• PR #4866 - @nagyv - Introduce visibility flag for bootstrap gitlab
• PR #4863 - @stefanprodan - Update conformance tests to Kubernetes v1.30.2
• PR #4845 - @stefanprodan - Run ARM64 e2e tests on GitHub runners
• PR #4842 - @stefanprodan - Add part-of label to controllers base
• PR #4835 - @stefanprodan - ci: Adapt config to GoRelease v2
• PR #4806 - @dipti-pai - [RFC] Passwordless authentication for Git repositories

Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a comprehensive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.

The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

API changes

HelmRelease v2

The HelmRelease kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

• .spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.
• .spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.
• .spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.
• .status.lastAppliedRevision replaced by .status.history.chartVersion.

New fields:

• .spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.
• .spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.

HelmChart v1

The HelmChart kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

• .spec.valuesFile replaced by .spec.chart.valuesFiles.

New fields:

• .spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.
• .spec.verify.provider: notation verify the signature of a Helm OCI artifacts using Notation trust policy and CA certificate.

HelmRepository v1

The HelmRepository kind was promoted from v1beta2 to v1 (GA).

The v1 API is backwards compatible with v1beta2.

OCIRepository v1beta2

The OCIRepository kind gains new optional fields with no breaking changes.

New fields:

• .spec.ref.semverFilter allows filtering the tags based on regular expressions before applying the semver range.
• .spec.verify.provider: notation verify the signature of OCI artifacts using Notation trust policy and CA certificate.

Kustomization v1

The Flux Kustomization kind gains new optional fields with no breaking changes.

New fields:

• .spec.namePrefix allows setting a name prefix for the generated resources.
• .spec.nameSuffix allows setting a name suffix for the generated resources.

ImageUpdateAutomation v1beta2

The ImageUpdateAutomation kind was promoted from v1beta1 to v1beta2.

The v1beta2 API is backwards compatible with v1beta1.

Deprecated fields:

• Updated template data has been deprecated in favour of Changed that is designed to accommodate for all the types of updates made.

New fields:

• .spec.policySelector allows filtering ImagePolicy based on labels.

Receiver v1

The Receiver kind gains new optional fields with no breaking changes.

New fields:

• .spec.type: cdevents allows receiving, validating and filtering of CDEvents.

Upgrade procedure

Upgrade Flux from v2.x to v2.3.0 either by rerunning bootstrap or by using the Flux GitHub Action.

For more details, please refer to the upgrade guide from the Announcing Flux 2.3 GA blog post.

Components changelog

• source-controller v1.3.0
• kustomize-controller v1.3.0
• notification-controller v1.3.0
• helm-controller v1.0.0 v1.0.1
• image-reflector-controller v0.32.0
• image-automation-controller v0.38.0

New Documentation

• HelmRelease v2 specification
• ImageUpdateAutomation v1beta2 specification
• Oracle VBS bootstrap guide
• Azure DevOps bootstrap guide for SSH RSA SHA-2
• OpenShift installation guide and SCC configuration
• Air-gapped installation guide for private container registries
• Bootstrap with Terraform examples
• Flux hub-and-spoke example repository
• Flux CD Architecture Overview blog post

CLI Changelog

• PR #4783 - @stefanprodan - ci: Consolidate conformance tests
• PR #4781 - @stefanprodan - Set Kubernetes 1.28 as min required version
• PR #4780 - @stefanprodan - Update helm-controller to v1.0.1
• PR #4779 - @fluxcdbot - Update toolkit components
• PR #4778 - @darkowlzz - tests/integration: Run flux check after installation
• PR #4777 - @stefanprodan - Add k3s to the conformance test suite
• PR #4775 - @stefanprodan - Update HelmRelease API to v2 (GA)
• PR #4773 - @makkes - Add (create|delete|export) source chart commands
• PR #4771 - @matheuscscp - Add 2.3.x release label
• PR #4770 - @stefanprodan - Update Flux architecture diagram
• PR #4769 - @frekw - Add --reproducible flag to flux push artifact
• PR #4768 - @stefanprodan - Improve end-to-end test workflow
• PR #4766 - @souleb - Add support for HelmRelease v2 in flux reconcile and flux create
• PR #4764 - @stefanprodan - ci: Adapt image automation test to v1beta2
• PR #4759 - @stefanprodan - Update Helm Source APIs to v1 (GA)
• PR #4754 - @stefanprodan - Add --ssh-hostkey-algos flag to bootstrap command
• PR #4747 - @stefanprodan - Update dependencies to Kubernetes 1.30
• PR #4746 - @swade1987 - Specifying go version in setup-go github action.
• PR #4736 - @dependabot[bot] - build(deps): bump the ci group with 4 updates
• PR #4735 - @JasonTheDeveloper - feat(secret): add create notation secret handler
• PR #4734 - @stefanprodan - Run conformance tests for Kubernetes 1.30.0
• PR #4729 - @stefanprodan - Add OpenShift to the conformance test suite
• PR #4728 - @toomaj - bootstrap: Add support for Git HTTP/S authorization header
• PR #4727 - @makkes - Add flags for issuer/subject OCI signature verification
• PR #4717 - @hawwwdi - Set GOMAXPROCS and GOMEMLIMIT to all Flux controllers
• PR #4710 - @stefanprodan - Add flux envsubst command
• PR #4709 - @stefanprodan - Add --strict-substitute flag to flux build ks and flux diff ks
• PR #4706 - @stefanprodan - Add --registry-creds flag to bootstrap and install commands
• PR #4705 - @stefanprodan - Update dependencies to Kustomize v5.4.0
• PR #4701 - @fluxcdbot - Update toolkit components
• PR #4699 - @stefanprodan - Update dependencies to Go 1.22 and Kubernetes 1.29.3
• PR #4689 - @makkes - Pin envtest version
• PR #4687 - @carlpett - Add permissions required for flow control
• PR #4678 - @darkowlzz - Update ImageUpdateAutomation API to v1beta2
• PR #4666 - @stefanprodan - Mark RFC-0006 as implementable
• PR #4657 - @stefanprodan - ci: Include all go modules in snyk testing
• PR #4654 - @stefanprodan - Remove deprecated e2e tests
• PR #4629 - @rishinair11 - Fix a typo in --force flag description
• PR #4620 - @stefanprodan - Update Equinix ARM64 GitHub runners
• PR #4610 - @takp - Fix typo in build.go
• PR #4589 - @stefanprodan - Update dependencies
• PR #4583 - @fluxcdbot - Update toolkit components
• PR #4575 - @stefanprodan - Update dependencies to Kubernetes v1.28.6
• PR #4558 - @twinguy - flux check should error o...

Highlights

Flux v2.2.3 is a patch release which comes with various fixes and improvements. Users are encouraged to upgrade for the best experience.

💡 For upgrading to Flux v2.2, please see the procedure documented in 2.2.0.

This release updates the Kubernetes dependencies to v1.28.6 and various other dependencies to their latest version to patch upstream CVEs.

All controllers are built with Go 1.21.6 using Alpine Linux 3.19.1 base image.

Fixes:

• Reconciling empty directories and directories without Kubernetes manifests no longer results in an error. This regressing bug was introduced with the kustomize-controller upgrade to Kustomize v5.3 and has been fixed in this patch release.
• The regression due to which Roles and ClusterRoles with aggregated roles were continuous reconciled by kustomize-controller has been fixed.
• Fix the Git revision displaying when notification-controller sends alerts to Grafana.
• The HelmRelease status reporting has been improved by ensuring that the stale failure conditions get updated after failure recovery.

See the components changelog for a full list of bug fixes.

Components changelog

• source-controller v1.2.4
• kustomize-controller v1.2.2
• notification-controller v1.2.4
• helm-controller v0.37.4
• image-reflector-controller v0.31.2
• image-automation-controller v0.37.1

CLI Changelog

• PR #4589 - @stefanprodan - Update dependencies
• PR #4585 - @dependabot[bot] - build(deps): bump the ci group with 3 updates
• PR #4583 - @fluxcdbot - Update toolkit components
• PR #4575 - @stefanprodan - Update dependencies to Kubernetes v1.28.6
• PR #4573 - @dependabot[bot] - build(deps): bump the ci group with 5 updates
• PR #4558 - @twinguy - flux check should error on unrecognised args
• PR #4557 - @twinguy - flux stats should error on unrecognised args
• PR #4554 - @dependabot[bot] - build(deps): bump the ci group with 3 updates
• PR #4553 - @twinguy - Properly detect unexpected arguments during uninstall
• PR #4535 - @dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7
• PR #4533 - @darkowlzz - tests/int: Add separate resource cleanup step

Highlights

Flux v2.2.2 is a patch release that addresses an issue with the label selector sharding functionality in the helm-controller. Users are encouraged to upgrade for the best experience.

💡 For upgrading to Flux v2.2, please see the procedure documented in 2.2.0.

Components changelog

• helm-controller v0.37.2

CLI Changelog

• PR #4505 - @hiddeco - Update helm-controller to v0.37.2 in tests
• PR #4501 - @fluxcdbot - Update toolkit components
• PR #4499 - @stuebingerb - Fix typo in Git bootstrap
• PR #4495 - @dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /tests/integration
• PR #4494 - @dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
• PR #4493 - @dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /tests/azure
• PR #4491 - @dependabot[bot] - build(deps): bump the ci group with 3 updates