From 7c4e6c3036831051d1db65c2cf58ed79bf927c21 Mon Sep 17 00:00:00 2001 From: Sean Eagan Date: Fri, 9 Jul 2021 14:57:27 -0500 Subject: [PATCH] Update flux components helm-controller: v0.11.1 source-controller: v0.15.3 This brings in an increase in the default leader election deadlines, in order to hopefully reduce the impact of any cluster instability during reconciliations, particularly with helm releases getting stuck in pending state: [0]: https://github.com/fluxcd/pkg/issues/94 [1]: https://github.com/fluxcd/helm-controller/issues/149 Signed-off-by: Sean Eagan Change-Id: I8e989aead88ffde7812a19e66ee039326d7c3fee --- .../versions-airshipctl.yaml | 4 +- .../function/flux/helm-controller/Kptfile | 4 +- .../flux/helm-controller/upstream/crd/Kptfile | 4 +- .../helm.toolkit.fluxcd.io_helmreleases.yaml | 203 +++++++++++++++++- .../upstream/crd/kustomization.yaml | 2 +- .../helm-controller/upstream/manager/Kptfile | 4 +- .../upstream/manager/deployment.yaml | 36 ++-- .../upstream/manager/kustomization.yaml | 6 +- .../function/flux/source-controller/Kptfile | 4 +- .../source-controller/upstream/crd/Kptfile | 4 +- .../source.toolkit.fluxcd.io_buckets.yaml | 10 +- ...rce.toolkit.fluxcd.io_gitrepositories.yaml | 79 ++++++- .../source.toolkit.fluxcd.io_helmcharts.yaml | 20 +- ...ce.toolkit.fluxcd.io_helmrepositories.yaml | 20 +- .../upstream/manager/Kptfile | 4 +- .../upstream/manager/deployment.yaml | 54 +++-- .../upstream/manager/kustomization.yaml | 2 +- .../upstream/manager/service.yaml | 8 +- 18 files changed, 372 insertions(+), 96 deletions(-) diff --git a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml index 29aec1527..bce213fc1 100644 --- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml +++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml @@ -141,10 +141,10 @@ spec: flux: helm_controller: # helm-controller Deployment manager: - image: ghcr.io/fluxcd/helm-controller:v0.4.3 + image: ghcr.io/fluxcd/helm-controller:v0.11.1 source_controller: # source-controller Deployment manager: - image: ghcr.io/fluxcd/source-controller:v0.5.3 + image: ghcr.io/fluxcd/source-controller:v0.15.3 cert-manager: cainjector: manager: diff --git a/manifests/function/flux/helm-controller/Kptfile b/manifests/function/flux/helm-controller/Kptfile index 8b36552bd..ab3c5e754 100644 --- a/manifests/function/flux/helm-controller/Kptfile +++ b/manifests/function/flux/helm-controller/Kptfile @@ -5,9 +5,9 @@ dependencies: git: repo: "https://github.com/fluxcd/helm-controller" directory: "config/crd" - ref: "v0.4.3" + ref: "v0.11.1" - name: upstream/manager git: repo: "https://github.com/fluxcd/helm-controller" directory: "config/manager" - ref: "v0.4.3" + ref: "v0.11.1" diff --git a/manifests/function/flux/helm-controller/upstream/crd/Kptfile b/manifests/function/flux/helm-controller/upstream/crd/Kptfile index 3f8a178e0..a05f829bc 100644 --- a/manifests/function/flux/helm-controller/upstream/crd/Kptfile +++ b/manifests/function/flux/helm-controller/upstream/crd/Kptfile @@ -3,10 +3,10 @@ kind: Kptfile upstream: type: git git: - commit: a09ab789782adde93419b324c7374aa92049b868 + commit: 9e983b746eb58201a46d8be77ddf58d903ce2e9d repo: https://github.com/fluxcd/helm-controller directory: config/crd - ref: v0.4.3 + ref: v0.11.1 dependencies: - name: upstream/crd git: diff --git a/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 0ef7ee33e..d4ad8b381 100644 --- a/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -1,11 +1,8 @@ - ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.5.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -94,8 +91,19 @@ spec: valuesFile: description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. Ignored when omitted. type: string + valuesFiles: + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding + the first. Ignored when omitted. + items: + type: string + type: array version: default: '*' description: Version semver expression, ignored for charts @@ -131,6 +139,24 @@ spec: description: Install holds the configuration for Helm install actions for this HelmRelease. properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt-in to CRD replace existing CRDs on Helm + install actions, which is not (yet) natively supported by Helm. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string createNamespace: description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist @@ -149,6 +175,10 @@ spec: description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. + type: boolean remediation: description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The @@ -177,8 +207,10 @@ spec: remains in the history. type: boolean skipCRDs: - description: SkipCRDs tells the Helm install action to not install + description: "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." type: boolean timeout: description: Timeout is the time to wait for any individual Kubernetes @@ -204,9 +236,10 @@ spec: for reconciling the HelmRelease. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name of the referent type: string + required: + - name type: object type: object maxHistory: @@ -214,6 +247,131 @@ spec: this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. type: integer + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and + the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document + with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. + https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline + YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array releaseName: description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. @@ -236,6 +394,10 @@ spec: description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. + type: boolean force: description: Force forces resource updates through a replacement strategy. @@ -254,6 +416,12 @@ spec: description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string suspend: description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. @@ -316,6 +484,23 @@ spec: description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string disableHooks: description: DisableHooks prevents hooks from running during the Helm upgrade action. @@ -329,6 +514,10 @@ spec: description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. + type: boolean force: description: Force forces resource updates through a replacement strategy. diff --git a/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml index 34552057c..aea29e068 100644 --- a/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml +++ b/manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - bases/helm.toolkit.fluxcd.io_helmreleases.yaml +- bases/helm.toolkit.fluxcd.io_helmreleases.yaml # +kubebuilder:scaffold:crdkustomizeresource diff --git a/manifests/function/flux/helm-controller/upstream/manager/Kptfile b/manifests/function/flux/helm-controller/upstream/manager/Kptfile index 1446780f9..1eef272f4 100644 --- a/manifests/function/flux/helm-controller/upstream/manager/Kptfile +++ b/manifests/function/flux/helm-controller/upstream/manager/Kptfile @@ -3,10 +3,10 @@ kind: Kptfile upstream: type: git git: - commit: a09ab789782adde93419b324c7374aa92049b868 + commit: 9e983b746eb58201a46d8be77ddf58d903ce2e9d repo: https://github.com/fluxcd/helm-controller directory: config/manager - ref: v0.4.3 + ref: v0.11.1 dependencies: - name: upstream/crd git: diff --git a/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml index 608e0e8bc..ccfa6a6cd 100644 --- a/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml +++ b/manifests/function/flux/helm-controller/upstream/manager/deployment.yaml @@ -17,7 +17,7 @@ spec: prometheus.io/scrape: "true" prometheus.io/port: "8080" spec: - terminationGracePeriodSeconds: 10 + terminationGracePeriodSeconds: 600 containers: - name: manager image: fluxcd/helm-controller @@ -26,21 +26,21 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + protocol: TCP env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace args: - - --watch-all-namespaces - - --log-level=info - - --log-json - - --enable-leader-election + - --watch-all-namespaces + - --log-level=info + - --log-encoding=json + - --enable-leader-election readinessProbe: httpGet: path: /readyz @@ -57,8 +57,8 @@ spec: cpu: 100m memory: 64Mi volumeMounts: - - name: temp - mountPath: /tmp - volumes: - name: temp - emptyDir: {} + mountPath: /tmp + volumes: + - name: temp + emptyDir: {} diff --git a/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml index 3d08ccd48..b11415707 100644 --- a/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml +++ b/manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml @@ -3,6 +3,6 @@ kind: Kustomization resources: - deployment.yaml images: - - name: fluxcd/helm-controller - newName: fluxcd/helm-controller - newTag: v0.4.3 +- name: fluxcd/helm-controller + newName: fluxcd/helm-controller + newTag: v0.11.1 diff --git a/manifests/function/flux/source-controller/Kptfile b/manifests/function/flux/source-controller/Kptfile index 4850fa8b8..dfe8d1910 100644 --- a/manifests/function/flux/source-controller/Kptfile +++ b/manifests/function/flux/source-controller/Kptfile @@ -5,9 +5,9 @@ dependencies: git: repo: "https://github.com/fluxcd/source-controller" directory: "config/crd" - ref: "v0.5.3" + ref: "v0.15.3" - name: upstream/manager git: repo: "https://github.com/fluxcd/source-controller" directory: "config/manager" - ref: "v0.5.3" + ref: "v0.15.3" diff --git a/manifests/function/flux/source-controller/upstream/crd/Kptfile b/manifests/function/flux/source-controller/upstream/crd/Kptfile index a45a40f43..8537bbf51 100644 --- a/manifests/function/flux/source-controller/upstream/crd/Kptfile +++ b/manifests/function/flux/source-controller/upstream/crd/Kptfile @@ -3,10 +3,10 @@ kind: Kptfile upstream: type: git git: - commit: c602c5d85093a8e38fae993fee0ed743c8615e46 + commit: 5c170bfdc3cfba2b34e2be543ef2b6f3630e873b repo: https://github.com/fluxcd/source-controller directory: config/crd - ref: v0.5.2 + ref: v0.15.3 dependencies: - name: upstream/crd git: diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml index 6e95950f4..ec7413ce5 100644 --- a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml @@ -1,11 +1,8 @@ - ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.5.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -83,9 +80,10 @@ spec: for the Bucket. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name of the referent type: string + required: + - name type: object suspend: description: This flag tells the controller to suspend the reconciliation diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml index c6513c3dc..9e9e0840c 100644 --- a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml @@ -1,11 +1,8 @@ - ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.5.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -14,6 +11,8 @@ spec: listKind: GitRepositoryList plural: gitrepositories singular: gitrepository + shortNames: + - gitrepo scope: Namespaced versions: - additionalPrinterColumns: @@ -63,9 +62,41 @@ spec: a default will be used, consult the documentation for your version to find out what those are. type: string + include: + description: Extra git repositories to map into the repository + items: + description: GitRepositoryInclude defines a source with a from and + to path. + properties: + fromPath: + description: The path to copy contents from, defaults to the + root directory. + type: string + repository: + description: Reference to a GitRepository to include. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + toPath: + description: The path to copy contents to, defaults to the name + of the source ref. + type: string + required: + - repository + type: object + type: array interval: description: The interval at which to check for repository updates. type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes + all submodules within, using their default settings. This option + is available only when using the 'go-git' GitImplementation. + type: boolean ref: description: The Git reference to checkout and monitor for changes, defaults to master branch. @@ -93,9 +124,10 @@ spec: and known_hosts fields. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name of the referent type: string + required: + - name type: object suspend: description: This flag tells the controller to suspend the reconciliation @@ -125,9 +157,10 @@ spec: trusted Git authors. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name of the referent type: string + required: + - name type: object required: - mode @@ -236,6 +269,36 @@ spec: - type type: object type: array + includedArtifacts: + description: IncludedArtifacts represents the included artifacts from + the last successful repository sync. + items: + description: Artifact represents the output of a source synchronisation. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml index c7da4899b..661e49885 100644 --- a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml @@ -1,11 +1,8 @@ - ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.5.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -14,6 +11,8 @@ spec: listKind: HelmChartList plural: helmcharts singular: helmchart + shortNames: + - hc scope: Namespaced versions: - additionalPrinterColumns: @@ -92,8 +91,19 @@ spec: type: boolean valuesFile: description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Ignored when omitted. + expected to be a relative path in the SourceRef. Deprecated in favor + of ValuesFiles, for backwards compatibility the file defined here + is merged before the ValuesFiles items. Ignored when omitted. type: string + valuesFiles: + description: Alternative list of values files to use as the chart + values (values.yaml is not included by default), expected to be + a relative path in the SourceRef. Values files are merged in the + order of this list with the last file overriding the first. Ignored + when omitted. + items: + type: string + type: array version: default: '*' description: The chart version semver expression, ignored for charts diff --git a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml index 00868c6ad..b06570b7e 100644 --- a/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml +++ b/manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml @@ -1,11 +1,8 @@ - ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.5.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -14,6 +11,8 @@ spec: listKind: HelmRepositoryList plural: helmrepositories singular: helmrepository + shortNames: + - helmrepo scope: Namespaced versions: - additionalPrinterColumns: @@ -52,6 +51,14 @@ spec: interval: description: The interval at which to check the upstream for updates. type: string + passCredentials: + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. + type: boolean secretRef: description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain @@ -59,9 +66,10 @@ spec: certFile and keyFile, and/or caCert fields. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name of the referent type: string + required: + - name type: object suspend: description: This flag tells the controller to suspend the reconciliation diff --git a/manifests/function/flux/source-controller/upstream/manager/Kptfile b/manifests/function/flux/source-controller/upstream/manager/Kptfile index 5da7b4adf..03ff269c3 100644 --- a/manifests/function/flux/source-controller/upstream/manager/Kptfile +++ b/manifests/function/flux/source-controller/upstream/manager/Kptfile @@ -3,10 +3,10 @@ kind: Kptfile upstream: type: git git: - commit: c602c5d85093a8e38fae993fee0ed743c8615e46 + commit: 5c170bfdc3cfba2b34e2be543ef2b6f3630e873b repo: https://github.com/fluxcd/source-controller directory: config/manager - ref: v0.5.2 + ref: v0.15.3 dependencies: - name: upstream/crd git: diff --git a/manifests/function/flux/source-controller/upstream/manager/deployment.yaml b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml index a87653f30..b97e94cf9 100644 --- a/manifests/function/flux/source-controller/upstream/manager/deployment.yaml +++ b/manifests/function/flux/source-controller/upstream/manager/deployment.yaml @@ -26,26 +26,28 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true ports: - - containerPort: 9090 - name: http - - containerPort: 8080 - name: http-prom + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace args: - - --watch-all-namespaces - - --log-level=info - - --log-json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + - --watch-all-namespaces + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. livenessProbe: httpGet: - port: http - path: / + port: healthz + path: /healthz readinessProbe: httpGet: port: http @@ -58,12 +60,18 @@ spec: cpu: 50m memory: 64Mi volumeMounts: - - name: data - mountPath: /data - - name: tmp - mountPath: /tmp - volumes: - name: data - emptyDir: {} + mountPath: /data - name: tmp - emptyDir: {} + mountPath: /tmp + volumes: + - name: data + emptyDir: {} + - name: tmp + emptyDir: {} + # Required for AWS IAM Role bindings + # https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html + securityContext: + fsGroup: 1337 + strategy: + type: Recreate diff --git a/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml index 2b22929ce..7506f616c 100644 --- a/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml +++ b/manifests/function/flux/source-controller/upstream/manager/kustomization.yaml @@ -6,4 +6,4 @@ resources: images: - name: fluxcd/source-controller newName: fluxcd/source-controller - newTag: v0.5.2 + newTag: v0.15.3 diff --git a/manifests/function/flux/source-controller/upstream/manager/service.yaml b/manifests/function/flux/source-controller/upstream/manager/service.yaml index 66ee36bd9..d8527a860 100644 --- a/manifests/function/flux/source-controller/upstream/manager/service.yaml +++ b/manifests/function/flux/source-controller/upstream/manager/service.yaml @@ -9,7 +9,7 @@ spec: selector: app: source-controller ports: - - name: http - port: 80 - protocol: TCP - targetPort: http + - name: http + port: 80 + protocol: TCP + targetPort: http