diff --git a/cli/Dockerfile b/cli/Dockerfile
index 0ef16a2608e79ccc3616f3e5a11990815fdc7672..e7c1f1b8b188bc1aee3d00f3c3750a80b27ea4b5 100644
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -25,7 +25,7 @@ RUN curl -L "https://get.helm.sh/helm-${HELM_RELEASE}-linux-amd64.tar.gz" | tar
# Flux CLI cache
FROM docker.io/library/fedora:35 as flux
-ARG FLUX_RELEASE=0.25.3
+ARG FLUX_RELEASE=0.26.0
ENV FLUX_RELEASE=${FLUX_RELEASE}
RUN curl -L https://github.com/fluxcd/flux2/releases/download/v${FLUX_RELEASE}/flux_${FLUX_RELEASE}_linux_amd64.tar.gz | tar xvzf - flux \
diff --git a/clusters/k8s01/flux-system/gotk-components.yaml b/clusters/k8s01/flux-system/gotk-components.yaml
index acb71ef6445715f3cade04131db1e54f45f7716d..a6884ddf880600bc953219e0ba558c68fda759e8 100644
--- a/clusters/k8s01/flux-system/gotk-components.yaml
+++ b/clusters/k8s01/flux-system/gotk-components.yaml
@@ -1,6 +1,6 @@
---
# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.25.3
+# Flux Version: v0.26.0
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
@@ -8,7 +8,9 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/warn-version: latest
name: flux-system
---
apiVersion: apiextensions.k8s.io/v1
@@ -20,7 +22,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -232,7 +234,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -492,7 +494,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -851,7 +853,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -1135,7 +1137,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
@@ -1913,7 +1915,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -2160,7 +2162,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
@@ -3261,7 +3263,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -3465,7 +3467,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -3682,7 +3684,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: helm-controller
namespace: flux-system
---
@@ -3692,7 +3694,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: kustomize-controller
namespace: flux-system
---
@@ -3702,7 +3704,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: notification-controller
namespace: flux-system
---
@@ -3712,7 +3714,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: source-controller
namespace: flux-system
---
@@ -3722,7 +3724,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: crd-controller-flux-system
rules:
- apiGroups:
@@ -3803,7 +3805,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -3823,7 +3825,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -3855,7 +3857,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -3875,7 +3877,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: source-controller
namespace: flux-system
@@ -3895,7 +3897,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: webhook-receiver
namespace: flux-system
@@ -3915,7 +3917,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: helm-controller
namespace: flux-system
@@ -3944,7 +3946,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.15.0
+ image: ghcr.io/fluxcd/helm-controller:v0.16.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -3954,6 +3956,7 @@ spec:
ports:
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
@@ -3970,7 +3973,13 @@ spec:
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
@@ -3988,7 +3997,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: kustomize-controller
namespace: flux-system
@@ -4017,7 +4026,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.19.1
+ image: ghcr.io/fluxcd/kustomize-controller:v0.20.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4027,6 +4036,7 @@ spec:
ports:
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
@@ -4043,7 +4053,13 @@ spec:
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
@@ -4063,7 +4079,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -4091,7 +4107,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.20.1
+ image: ghcr.io/fluxcd/notification-controller:v0.21.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4101,10 +4117,13 @@ spec:
ports:
- containerPort: 9090
name: http
+ protocol: TCP
- containerPort: 9292
name: http-webhook
+ protocol: TCP
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
@@ -4121,7 +4140,13 @@ spec:
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
@@ -4139,7 +4164,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
control-plane: controller
name: source-controller
namespace: flux-system
@@ -4172,7 +4197,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.20.1
+ image: ghcr.io/fluxcd/source-controller:v0.21.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4182,10 +4207,13 @@ spec:
ports:
- containerPort: 9090
name: http
+ protocol: TCP
- containerPort: 8080
name: http-prom
+ protocol: TCP
- containerPort: 9440
name: healthz
+ protocol: TCP
readinessProbe:
httpGet:
path: /
@@ -4199,7 +4227,13 @@ spec:
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
@@ -4223,7 +4257,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: allow-egress
namespace: flux-system
spec:
@@ -4243,7 +4277,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: allow-scraping
namespace: flux-system
spec:
@@ -4263,7 +4297,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.25.3
+ app.kubernetes.io/version: v0.26.0
name: allow-webhooks
namespace: flux-system
spec: