v2.6.0
stefanprodan
Stefan Prodan
Highlights
Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience.
For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.6 GA blog post.
Overview of the new features:
- General availability release for the Flux OCI Artifacts APIs and
flux artifactcommands - Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation)
- Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider)
- Cache registry credentials for cloud providers (OCIRepository, ImageRepository)
- Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation)
- Support for sparse checkout (GitRepository)
- Support for GitHub App authentication (Alert Provider)
- Support for managed Identity authentication to Azure Event Hub (Alert Provider)
- Customize the ID of the Git commit status with CEL expressions (Alert Provider)
WaitForTerminationdeletion policy (Kustomization)DisableChartDigestTrackingfeature gate (HelmRelease)
❤️ Big thanks to all the Flux contributors that helped us with this release!
Kubernetes compatibility
This release is compatible with the following Kubernetes versions:
| Kubernetes version | Minimum required |
|---|---|
v1.31 |
>= 1.31.0 |
v1.32 |
>= 1.32.0 |
v1.33 |
>= 1.33.0 |
Note
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.
OpenShift compatibility
Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.
Upgrade procedure
Upgrade Flux from v2.5.0 to v2.6.0 by following the upgrade guide.
To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:
- Set
apiVersion: source.toolkit.fluxcd.io/v1in the YAML files that containOCIRepositorydefinitions. - Add an annotation
api.fluxcd.io/upgrade: "v2.6.0"to theOCIRepositoryresources. (this is not required if Flux Operator is used for upgrade) - Commit, push, and reconcile the API version changes.
Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.
Components changelog
- source-controller v1.6.0
- kustomize-controller v1.6.0
- notification-controller v1.6.0
- helm-controller v1.3.0
- image-reflector-controller v0.35.0
- image-automation-controller v0.41.0
New Documentation
What's Changed
- fix: correct name on github app secret by @NotAwar in #5202
- Update RFC 0008 and RFC 0009 milestones by @matheuscscp in #5141
- Update kustomize-controller to v1.5.1 by @fluxcdbot in #5214
- Update backport labels for 2.5 by @matheuscscp in #5215
- Fix command debug hr not taking targetPath into account by @matheuscscp in #5227
- Remove redundant space. by @laiminhtrung1997 in #5038
- ci: switch to goreleaser changelog generation by @y-eight in #5284
- change: use the default ephemeral GITHUB_TOKEN instead of the static one by @piontec in #5282
- add: OSSF scorecard configuration file - ignore false-positive by @piontec in #5287
- build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by @dependabot in #5295
- Allow to pull/push artifacts to insecure registries without TLS by @mottetm in #5299
- [RFC-0010] Multi-Tenant Workload Identity by @matheuscscp in #5209
- flux diff: Reset target struct before decoding by @maboehm in #5302
- fix: allow recursive dry-run over local sources by @niveau0 in #5219
- Run conformance tests for Kubernetes 1.33.0 by @stefanprodan in #5318
- Update to Kubernetes 1.33.0 and Go 1.24.0 by @stefanprodan in #5323
- [RFC-0010] Remove EKS Pod Identity from the proposal by @matheuscscp in #5309
- [RFC-0010] Add RBAC for creating service account tokens by @matheuscscp in #5332
- Upgrade fluxcd/pkg auth, oci, git and git/gogit by @matheuscscp in #5333
- Fix exit code handling in get command by @dgunzy in #5338
- build(deps): bump the ci group across 1 directory with 18 updates by @dependabot in #5325
- Fix
flux tracefor HRs fromOCIRepositorys by @makkes in #5349 - Fix e2e workflow by @makkes in #5351
- [RFC-0010] Update RFC to include opt-in feature gate by @matheuscscp in #5354
- [RFC-0010] Update RFC feature gate behavior by @matheuscscp in #5355
- Upgrade fluxcd/pkg packages by @matheuscscp in #5356
- Upgrade fluxcd/pkg packages by @matheuscscp in #5357
- Set Kubernetes 1.31 as min supported version by @stefanprodan in #5364
- Update dependencies by @matheuscscp in #5366
- Update toolkit components by @fluxcdbot in #5368
- Promote artifact commands to stable by @matheuscscp in #5369
- Add --interval and --reflect-digest flags to flux create image policy by @matheuscscp in #5345
- Update CLI to OCIRepository v1 (GA) by @stefanprodan in #5371
- Update dependabot config by @stefanprodan in #5373
- Update toolkit components by @fluxcdbot in #5370
New Contributors
- @NotAwar made their first contribution in #5202
- @laiminhtrung1997 made their first contribution in #5038
- @y-eight made their first contribution in #5284
- @piontec made their first contribution in #5282
- @mottetm made their first contribution in #5299
- @maboehm made their first contribution in #5302
- @niveau0 made their first contribution in #5219
- @dgunzy made their first contribution in #5338
Full Changelog: v2.5.0...v2.6.0
