From 437673c6ea3e5b40ee7667da1bfa22578dcec422 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Mon, 13 May 2024 21:48:44 +0300 Subject: [PATCH 1/4] Release v2.3.0 Signed-off-by: Stefan Prodan --- releases/release-v2.3.md | 85 +++++++++++++++++++++++++ tests/v2.3/appliers/helm-sync.yaml | 45 +++++++++++++ tests/v2.3/appliers/kustomize-sync.yaml | 36 +++++++++++ tests/v2.3/appliers/namespace.yaml | 5 ++ tests/v2.3/clusters/kind/appliers.yaml | 18 ++++++ tests/v2.3/clusters/kind/sources.yaml | 16 +++++ tests/v2.3/sources/helm.yaml | 69 ++++++++++++++++++++ tests/v2.3/sources/namespace.yaml | 6 ++ tests/v2.3/sources/oci.yaml | 16 +++++ 9 files changed, 296 insertions(+) create mode 100644 releases/release-v2.3.md create mode 100644 tests/v2.3/appliers/helm-sync.yaml create mode 100644 tests/v2.3/appliers/kustomize-sync.yaml create mode 100644 tests/v2.3/appliers/namespace.yaml create mode 100644 tests/v2.3/clusters/kind/appliers.yaml create mode 100644 tests/v2.3/clusters/kind/sources.yaml create mode 100644 tests/v2.3/sources/helm.yaml create mode 100644 tests/v2.3/sources/namespace.yaml create mode 100644 tests/v2.3/sources/oci.yaml diff --git a/releases/release-v2.3.md b/releases/release-v2.3.md new file mode 100644 index 0000000..6ae5e99 --- /dev/null +++ b/releases/release-v2.3.md @@ -0,0 +1,85 @@ +# Enterprise Distribution for Flux v2.3.x + +- [apis](#api-versions) + - [ga](#general-availability-ga) + - [beta](#beta-preview) + - [promotions](#promotions) +- [v2.3.0](#v230) + - [mainline](#mainline-v230) + - [FIPS-compliant](#fips-compliant-v230) + +## API Versions + +### General Availability (GA) + +| kind | apiVersion | +|:---------------------------------------------------------------------------------------|:------------------------------------| +| [GitRepository](https://v2-3.docs.fluxcd.io/flux/components/source/gitrepositories/) | `source.toolkit.fluxcd.io/v1` | +| [HelmChart](https://v2-3.docs.fluxcd.io/flux/components/source/helmcharts/) | `source.toolkit.fluxcd.io/v1` | +| [HelmRelease](https://v2-3.docs.fluxcd.io/flux/components/helm/helmreleases/) | `helm.toolkit.fluxcd.io/v2` | +| [HelmRepository](https://v2-3.docs.fluxcd.io/flux/components/source/helmrepositories/) | `source.toolkit.fluxcd.io/v1` | +| [Kustomization](https://v2-3.docs.fluxcd.io/flux/components/kustomize/kustomizations/) | `kustomize.toolkit.fluxcd.io/v1` | +| [Receiver](https://v2-3.docs.fluxcd.io/flux/components/notification/receivers/) | `notification.toolkit.fluxcd.io/v1` | + +### Beta (Preview) + +| kind | apiVersion | +|:---------------------------------------------------------------------------------------------------|:-----------------------------------------| +| [Alert](https://v2-3.docs.fluxcd.io/flux/components/notification/alerts/) | `notification.toolkit.fluxcd.io/v1beta3` | +| [Bucket](https://v2-3.docs.fluxcd.io/flux/components/source/buckets/) | `source.toolkit.fluxcd.io/v1beta2` | +| [ImagePolicy](https://v2-3.docs.fluxcd.io/flux/components/image/imagepolicies/) | `image.toolkit.fluxcd.io/v1beta2` | +| [ImageRepository](https://v2-3.docs.fluxcd.io/flux/components/image/imagerepositories/) | `image.toolkit.fluxcd.io/v1beta2` | +| [ImageUpdateAutomation](https://v2-3.docs.fluxcd.io/flux/components/image/imageupdateautomations/) | `image.toolkit.fluxcd.io/v1beta2` | +| [OCIRepository](https://v2-3.docs.fluxcd.io/flux/components/source/ocirepositories/) | `source.toolkit.fluxcd.io/v1beta2` | +| [Provider](https://v2-3.docs.fluxcd.io/flux/components/notification/providers/) | `notification.toolkit.fluxcd.io/v1beta3` | + +### Promotions + +| Kind | New Version | Deprecated Version | Group | +|:----------------------|:------------|:-------------------|:---------------------------| +| HelmChart | **v1** | v1beta2 | `source.toolkit.fluxcd.io` | +| HelmRelease | **v2** | v2beta2 | `helm.toolkit.fluxcd.io` | +| HelmRepository | **v1** | v1beta2 | `source.toolkit.fluxcd.io` | +| ImageUpdateAutomation | **v1beta2** | v1beta1 | `image.toolkit.fluxcd.io` | + +## v2.3.0 + +Upstream changelog: [fluxcd/flux2 v2.3.0](https://github.com/fluxcd/flux2/releases/tag/v2.3.0) + +### Mainline v2.3.0 + +#### Flux Controllers + +| Controller | Version | Architectures | +|:-------------------------------------------------------------------|---------|---------------| +| `ghcr.io/controlplaneio-fluxcd/alpine/source-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/alpine/kustomize-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/alpine/helm-controller` | v1.0.1 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/alpine/notification-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/alpine/image-reflector-controller` | v0.32.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/alpine/image-automation-controller` | v0.38.0 | amd64 / arm64 | + +#### Flux Manifests + +| OCI Artifact | Version | +|:------------------------------------------------------|---------| +| `ghcr.io/controlplaneio-fluxcd/alpine/flux-manifests` | v2.3.0 | + +### FIPS-compliant v2.3.0 + +#### Flux Controllers + +| Controller | Version | Architectures | +|:------------------------------------------------------------------------|---------|---------------| +| `ghcr.io/controlplaneio-fluxcd/distroless/source-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/distroless/kustomize-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/distroless/helm-controller` | v1.0.1 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/distroless/notification-controller` | v1.3.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/distroless/image-reflector-controller` | v0.32.0 | amd64 / arm64 | +| `ghcr.io/controlplaneio-fluxcd/distroless/image-automation-controller` | v0.38.0 | amd64 / arm64 | + +#### Flux Manifests + +| OCI Artifact | Version | +|:-----------------------------------------------------------|---------| +| `ghcr.io/controlplaneio-fluxcd/distroless/flux-manifests` | v2.3.0 | diff --git a/tests/v2.3/appliers/helm-sync.yaml b/tests/v2.3/appliers/helm-sync.yaml new file mode 100644 index 0000000..9d21a64 --- /dev/null +++ b/tests/v2.3/appliers/helm-sync.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo + namespace: appliers +spec: + type: oci + interval: 10m + url: oci://ghcr.io/stefanprodan/charts +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: podinfo + namespace: appliers +spec: + interval: 10m + timeout: 2m + chart: + spec: + chart: podinfo + version: ">1.0.0" + sourceRef: + kind: HelmRepository + name: podinfo + interval: 50m + releaseName: podinfo-helm + install: + crds: CreateReplace + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + test: + enable: false + driftDetection: + mode: enabled + ignore: + - paths: ["/spec/replicas"] + target: + kind: Deployment + values: + replicaCount: 2 diff --git a/tests/v2.3/appliers/kustomize-sync.yaml b/tests/v2.3/appliers/kustomize-sync.yaml new file mode 100644 index 0000000..11a53fc --- /dev/null +++ b/tests/v2.3/appliers/kustomize-sync.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo + namespace: appliers +spec: + interval: 10m + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + semver: ">1.0.0" + ignore: | + # exclude all + /* + # include deployment and service + !deployment.yaml + !service.yaml +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: podinfo + namespace: appliers +spec: + interval: 10m + wait: true + timeout: 2m + retryInterval: 5m + prune: true + force: false + targetNamespace: appliers + sourceRef: + kind: OCIRepository + name: podinfo + namespace: appliers + path: "./" diff --git a/tests/v2.3/appliers/namespace.yaml b/tests/v2.3/appliers/namespace.yaml new file mode 100644 index 0000000..4c7e6cb --- /dev/null +++ b/tests/v2.3/appliers/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: appliers diff --git a/tests/v2.3/clusters/kind/appliers.yaml b/tests/v2.3/clusters/kind/appliers.yaml new file mode 100644 index 0000000..bdff940 --- /dev/null +++ b/tests/v2.3/clusters/kind/appliers.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: appliers + namespace: flux-system +spec: + dependsOn: + - name: sources + serviceAccountName: kustomize-controller + interval: 10m + sourceRef: + kind: GitRepository + name: flux-system + path: ./tests/v2.3/appliers + prune: true + wait: true + timeout: 5m diff --git a/tests/v2.3/clusters/kind/sources.yaml b/tests/v2.3/clusters/kind/sources.yaml new file mode 100644 index 0000000..043436f --- /dev/null +++ b/tests/v2.3/clusters/kind/sources.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: sources + namespace: flux-system +spec: + serviceAccountName: kustomize-controller + interval: 10m + sourceRef: + kind: GitRepository + name: flux-system + path: ./tests/v2.3/sources + prune: true + wait: true + timeout: 5m diff --git a/tests/v2.3/sources/helm.yaml b/tests/v2.3/sources/helm.yaml new file mode 100644 index 0000000..d97c16f --- /dev/null +++ b/tests/v2.3/sources/helm.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: podinfo-https + namespace: sources +spec: + interval: 10m + url: https://stefanprodan.github.io/podinfo +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo-https + namespace: sources +spec: + interval: 10m + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo-https +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: podinfo-oci + namespace: sources +spec: + type: oci + interval: 10m + url: oci://ghcr.io/stefanprodan/charts +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo-oci + namespace: sources +spec: + interval: 10m + chart: podinfo + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: podinfo-oci +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: podinfo-git + namespace: sources +spec: + interval: 10m + url: https://github.com/stefanprodan/podinfo + ref: + semver: ">1.0.0" +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmChart +metadata: + name: podinfo-git + namespace: sources +spec: + interval: 10m + chart: ./charts/podinfo + reconcileStrategy: Revision + sourceRef: + kind: GitRepository + name: podinfo-git diff --git a/tests/v2.3/sources/namespace.yaml b/tests/v2.3/sources/namespace.yaml new file mode 100644 index 0000000..51fd880 --- /dev/null +++ b/tests/v2.3/sources/namespace.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: sources + diff --git a/tests/v2.3/sources/oci.yaml b/tests/v2.3/sources/oci.yaml new file mode 100644 index 0000000..c5d323a --- /dev/null +++ b/tests/v2.3/sources/oci.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: podinfo-cosign + namespace: sources +spec: + interval: 10m + url: oci://ghcr.io/stefanprodan/manifests/podinfo + ref: + semver: ">1.0.0" + verify: + provider: cosign + matchOIDCIdentity: + - issuer: "^https://token.actions.githubusercontent.com$" + subject: "^https://github.com/stefanprodan/podinfo.*$" From 2c958a261071b23f4c2eb233ef196bd629ab5b53 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Mon, 13 May 2024 23:53:32 +0300 Subject: [PATCH 2/4] Update HelmRepository API in tests Co-authored-by: souleb --- tests/v2.3/sources/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/v2.3/sources/helm.yaml b/tests/v2.3/sources/helm.yaml index d97c16f..45ccab3 100644 --- a/tests/v2.3/sources/helm.yaml +++ b/tests/v2.3/sources/helm.yaml @@ -21,7 +21,7 @@ spec: kind: HelmRepository name: podinfo-https --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: podinfo-oci From fe2d2d72d3d223d2a82c9e0d16724c8bfabb7356 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 14 May 2024 00:13:06 +0300 Subject: [PATCH 3/4] Run e2e matrix of release branches Signed-off-by: Stefan Prodan --- .github/workflows/e2e-fips.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/e2e-fips.yaml b/.github/workflows/e2e-fips.yaml index a281155..5cd90dc 100644 --- a/.github/workflows/e2e-fips.yaml +++ b/.github/workflows/e2e-fips.yaml @@ -1,8 +1,17 @@ name: FIPS conformance tests on: workflow_dispatch: + inputs: + version: + description: 'Flux version' + required: false schedule: - cron: '00 8 * * 1' + push: + branches: + - 'release-*' + tags-ignore: + - '*' permissions: contents: read @@ -34,6 +43,17 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | VERSION=$(gh release view --json tagName -q '.tagName') + + branch=${{ github.ref_name }} + prefix="release-" + if [[ "${branch}" =~ ^$prefix.* ]]; then + VERSION=${branch#"$prefix"} + fi + + if [ "${{ github.event.inputs.version }}" != "" ]; then + VERSION="${{ github.event.inputs.version }}" + fi + echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Setup Flux uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3 From 78527a2fa3fcb5621259b3aeff81d6aa90c25ffc Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 14 May 2024 00:19:27 +0300 Subject: [PATCH 4/4] Add version input to image update Signed-off-by: Stefan Prodan --- .github/workflows/update-images.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/update-images.yaml b/.github/workflows/update-images.yaml index c0e35f3..b3af585 100644 --- a/.github/workflows/update-images.yaml +++ b/.github/workflows/update-images.yaml @@ -2,6 +2,10 @@ name: Update images on: workflow_dispatch: + inputs: + version: + description: 'Flux version' + required: false schedule: - cron: '00 10 * * 1-5' @@ -33,6 +37,11 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | VERSION=$(gh release view --json tagName -q '.tagName') + + if [ "${{ github.event.inputs.version }}" != "" ]; then + VERSION="${{ github.event.inputs.version }}" + fi + echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Setup Flux uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3