Highlights
Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience.
For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.7 GA blog post.
Overview of the new features:
- General availability release of the Image Automation APIs (
ImagePolicy,ImageRepository,ImageUpdateAutomation) - Watch for changes in ConfigMaps and Secrets references (
Kustomization,HelmRelease) - Support for remote cluster authentication using Workload Identity (
Kustomization,HelmRelease) - Extend the readiness evaluation of dependencies with CEL expressions (
Kustomization,HelmRelease) - Support for global SOPS Age decryption keys on single-tenant clusters (
Kustomization) - Support for optional Kustomize components (
Kustomization) - Introduce
RetryOnFailurelifecycle management strategy (HelmRelease) - Support mTLS for sending alerts to external systems (
Provider) - Object-level workload identity authentication (
Bucket,Provider) - Support mTLS for GitHub App transport (
GitRepository,ImageUpdateAutomation,Provider) - OpenTelemetry tracing for
KustomizationandHelmReleasereconciliation (Provider) - Support for 3rd-party source controllers (
ExternalArtifact) - Support for source composition and decomposition patterns (
ArtifactGenerator) CancelHealthCheckOnNewRevisionfeature gate (kustomize-controller)GitSparseCheckoutfeature gate (image-automation-controller)
❤️ Big thanks to all the Flux contributors that helped us with this release!
Kubernetes compatibility
This release is compatible with the following Kubernetes versions:
| Kubernetes version | Minimum required |
|---|---|
v1.32
| >= 1.32.0
|
v1.33
| >= 1.33.0
|
v1.34
| >= 1.34.1
|
Note
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.
OpenShift compatibility
Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.
Upgrade procedure
⚠️ The Flux APIs v1beta1 and v2beta1 (deprecated in 2023) have reached end-of-life and have been removed from the CRDs.
Unless you are using Flux Operator to deploy the Flux controllers, you must run the flux migrate command on clusters before upgrading.
For more details, please refer to the Flux v2.7 upgrade guide.
Components changelog
- source-controller v1.7.0
- kustomize-controller v1.7.0
- notification-controller v1.7.0 v1.7.1
- helm-controller v1.4.0
- image-reflector-controller v1.0.0 v1.0.1
- image-automation-controller v1.0.0 v1.0.1
- source-watcher v2.0.0 v2.0.1
New Documentation
- ImageRepository v1 specification
- ImagePolicy v1 specification
- ImageUpdateAutomation v1 specification
- ExternalArtifact v1 specification
- ArtifactGenerator v1beta1 specification
CLI changelog
- Add backport label for
v2.6.xby @stefanprodan in #5379 - Update image-reflector-controller to v0.35.1 by @fluxcdbot in #5381
- Add digest pinning to image automation testing by @stefanprodan in #5383
- correct small typo by @JIbald in #5388
- Remove credentials sync manifests by @matheuscscp in #5347
- Add sparse checkout to cli by @ba-work in #5389
- fix: Allow Azure CLI calls in
flux push artifact --provider azureon DevOps runners by @matheuscscp in #5390 - Fix
knownhosts key mismatchregression bug by @matheuscscp in #5404 - refactor: Use
normalize.UnstructuredListinstead ofssa.SetNativeKindsDefaultsby @cappyzawa in #5407 - Make service-account name configurable in
flux create tenantby @reiSh6phoo9o in #5402 - Update toolkit components by @fluxcdbot in #5409
- refactor: cleanup GetArtifactRegistryCredentials error handling by @cappyzawa in #5418
- Promote image CLI commands to stable by @dgunzy in #5421
- Update toolkit components by @fluxcdbot in #5426
- Bump pkg/ssa to v0.49.0 for CABundle validation fix by @dgunzy in #5431
- [RFC-0010] Add workload identity support for remote clusters by @matheuscscp in #5434
- Update toolkit components by @fluxcdbot in #5443
- Fix
flux push artifactfor insecure registries by @stefanprodan in #5449 - [RFC-0010] Add workload identity support for remote generic clusters by @matheuscscp in #5452
- Fix
flux diff kustomizationignore patterns by @dgunzy in #5451 - Update dependencies to Kubernetes 1.33.2 by @stefanprodan in #5453
- build(deps): bump the ci group across 1 directory with 7 updates by @dependabot[bot] in #5435
- Upgrade fluxcd/pkg dependencies by @matheuscscp in #5455
- ci: Use GITHUB_TOKEN for API calls in update workflow by @stefanprodan in #5460
- manifests: Add
app.kubernetes.io/part-of: fluxlabel to controller pods by @pinkavaj in #5440 - Migrate sourcesecret package to runtime/secrets APIs by @cappyzawa in #5462
- Implement
flux migratecommand by @stefanprodan in #5473 - [RFC-0007] Implementation history update by @stefanprodan in #5480
- Run conformance tests for Kubernetes 1.34.0 by @stefanprodan in #5497
- Update to Kubernetes v1.34.0 and Go 1.25.0 by @stefanprodan in #5499
- build(deps): bump the ci group across 1 directory with 10 updates by @dependabot[bot] in #5500
- Allow the Go runtime to dynamically set
GOMAXPROCSby @stefanprodan in #5501 - fix(events): respect
--all-namespacesflag by @mohiuddin-khan-shiam in #5414 - [RFC-0011] OpenTelemetry Tracing by @adri1197 in #5321
- [RFC-0012] External Artifact API by @stefanprodan in #5292
- Add
--show-historyflag todebug helmreleaseby @hawkaii in #5505 - Skip release candidates on updates by @matheuscscp in #5507
- ci: Align azure e2e tests secret names with fluxcd/pkg by @matheuscscp in #5508
- Update image-reflector-controller to v1.0.0 by @fluxcdbot in #5517
- Update source-controller to v1.7.0 by @fluxcdbot in #5518
- Add the source-watcher controller to the Flux distribution by @stefanprodan in #5519
- Add read-only commands for
ArtifactGeneratorkind by @stefanprodan in #5520 - ci: Add source-watcher to the update workflow by @stefanprodan in #5521
- Update image-automation-controller to v1.0.0 by @fluxcdbot in #5522
- Update image-reflector-controller to v1.0.1 by @fluxcdbot in #5525
- Implement
flux [reconcile|suspend|resume] image policycommands by @lukas8219 in #5492 - Handle
force: enabledannotation influx diff kscommand by @stefanprodan in #5528 - ci: Refactor CI with
fluxcd/gha-workflowsby @stefanprodan in #5529 - Remove
ArtifactGeneratorsduring uninstall by @stefanprodan in #5531 - Add support for
ExternalArtifacttoflux traceby @stefanprodan in #5532 - Set Kubernetes 1.32 as min supported version by @stefanprodan in #5533
- build(deps): bump the ci group with 6 updates by @dependabot[bot] in #5535
- Add support for custom storage namespace in HelmRelease creation by @prasad89 in #5534
- Update toolkit components by @fluxcdbot in #5537
- ci: remove cron schedule from update by @matheuscscp in #5539
- Update source-watcher to v2.0.1 by @fluxcdbot in #5540
- Add
--show-historyflag todebug kustomizationby @matheuscscp in #5541 - Update image-automation-controller to v1.0.1 by @fluxcdbot in #5542
fluxcd/flux2/action: Determine latest version without using GitHub API by @RussellAult in #5509
New Contributors
- @JIbald made their first contribution in #5388
- @ba-work made their first contribution in #5389
- @cappyzawa made their first contribution in #5407
- @reiSh6phoo9o made their first contribution in #5402
- @pinkavaj made their first contribution in #5440
- @mohiuddin-khan-shiam made their first contribution in #5414
- @adri1197 made their first contribution in #5321
- @hawkaii made their first contribution in #5505
- @lukas8219 made their first contribution in #5492
- @prasad89 made their first contribution in #5534
- @RussellAult made their first contribution in #5509
Full Changelog: v2.6.0...v2.7.0