diff --git a/clusters/k8s01/flux-system/gotk-components.yaml b/clusters/k8s01/flux-system/gotk-components.yaml
index e720d3ebb2e6cb3cc5a838eace6c3757dcd9f88e..71f811a61e29c489a761aba694ba257ae57be6d8 100644
--- a/clusters/k8s01/flux-system/gotk-components.yaml
+++ b/clusters/k8s01/flux-system/gotk-components.yaml
@@ -1,6 +1,6 @@
---
# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v2.0.1
+# Flux Version: v2.1.0
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
@@ -8,7 +8,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest
name: flux-system
@@ -19,7 +19,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: allow-egress
namespace: flux-system
spec:
@@ -39,7 +39,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: allow-scraping
namespace: flux-system
spec:
@@ -59,7 +59,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: allow-webhooks
namespace: flux-system
spec:
@@ -78,7 +78,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: critical-pods-flux-system
namespace: flux-system
spec:
@@ -98,7 +98,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: crd-controller-flux-system
rules:
- apiGroups:
@@ -188,7 +188,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: flux-edit-flux-system
@@ -214,7 +214,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
@@ -239,7 +239,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -259,7 +259,7 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -294,7 +294,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -617,7 +617,9 @@ spec:
description: Insecure allows connecting to a non-TLS HTTP Endpoint.
type: boolean
interval:
- description: Interval at which to check the Endpoint for updates.
+ description: Interval at which the Bucket Endpoint is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
provider:
@@ -810,7 +812,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -894,9 +896,21 @@ spec:
type: object
type: array
interval:
- description: Interval at which to check the GitRepository for updates.
+ description: Interval at which the GitRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
+ proxySecretRef:
+ description: ProxySecretRef specifies the Secret containing the proxy
+ configuration to use while communicating with the Git server.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
recurseSubmodules:
description: RecurseSubmodules enables the initialization of all submodules
within the GitRepository as cloned from the URL, using their default
@@ -963,10 +977,16 @@ spec:
Git commit signature(s).
properties:
mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
+ default: HEAD
+ description: "Mode specifies which Git object(s) should be verified.
+ \n The variants \"head\" and \"HEAD\" both imply the same thing,
+ i.e. verify the commit that the HEAD of the Git repository points
+ to. The variant \"head\" solely exists to ensure backwards compatibility."
enum:
- head
+ - HEAD
+ - Tag
+ - TagAndHEAD
type: string
secretRef:
description: SecretRef specifies the Secret containing the public
@@ -979,7 +999,6 @@ spec:
- name
type: object
required:
- - mode
- secretRef
type: object
required:
@@ -1202,6 +1221,10 @@ spec:
description: ObservedRecurseSubmodules is the observed resource submodules
configuration used to produce the current Artifact.
type: boolean
+ sourceVerificationMode:
+ description: SourceVerificationMode is the last used verification
+ mode indicating which Git object(s) have been verified.
+ type: string
type: object
type: object
served: true
@@ -1990,7 +2013,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -2333,8 +2356,9 @@ spec:
at in the SourceRef.
type: string
interval:
- description: Interval is the interval at which to check the Source
- for updates.
+ description: Interval at which the HelmChart SourceRef is checked
+ for updates. This interval is approximate and may be subject to
+ jitter to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
reconcileStrategy:
@@ -2585,7 +2609,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -2878,8 +2902,27 @@ spec:
required:
- namespaceSelectors
type: object
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n It takes precedence over the values specified in the Secret referred
+ to by `.spec.secretRef`."
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
interval:
- description: Interval at which to check the URL for updates.
+ description: Interval at which the HelmRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
passCredentials:
@@ -2905,8 +2948,9 @@ spec:
secretRef:
description: SecretRef specifies the Secret containing authentication
credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caFile' fields.
+ must contain 'username' and 'password' fields. Support for TLS auth
+ using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
+ Please use `.spec.certSecretRef` instead.
properties:
name:
description: Name of the referent.
@@ -3089,7 +3133,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: ocirepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -3136,13 +3180,15 @@ spec:
description: OCIRepositorySpec defines the desired state of OCIRepository
properties:
certSecretRef:
- description: "CertSecretRef can be given the name of a secret containing
- either or both of \n - a PEM-encoded client certificate (`certFile`)
- and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
+ description: "CertSecretRef can be given the name of a Secret containing
+ either or both of \n - a PEM-encoded client certificate (`tls.crt`)
+ and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
\n and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are authenticating
with a certificate; the CA cert is useful if you are using a self-signed
- server certificate."
+ server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ \n Note: Support for the `caFile`, `certFile` and `keyFile` keys
+ have been deprecated."
properties:
name:
description: Name of the referent.
@@ -3161,7 +3207,9 @@ spec:
registry.
type: boolean
interval:
- description: The interval at which to check for image updates.
+ description: Interval at which the OCIRepository URL is checked for
+ updates. This interval is approximate and may be subject to jitter
+ to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
layerSelector:
@@ -3448,7 +3496,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: source-controller
namespace: flux-system
---
@@ -3459,7 +3507,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: source-controller
namespace: flux-system
@@ -3480,7 +3528,7 @@ metadata:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: source-controller
namespace: flux-system
@@ -3515,7 +3563,7 @@ spec:
fieldPath: metadata.namespace
- name: TUF_ROOT
value: /tmp/.sigstore
- image: ghcr.io/fluxcd/source-controller:v1.0.1
+ image: ghcr.io/fluxcd/source-controller:v1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -3579,7 +3627,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
@@ -3746,6 +3794,8 @@ spec:
type: array
interval:
description: The interval at which to reconcile the Kustomization.
+ This interval is approximate and may be subject to jitter to ensure
+ efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
@@ -5209,7 +5259,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: kustomize-controller
namespace: flux-system
---
@@ -5220,7 +5270,7 @@ metadata:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: kustomize-controller
namespace: flux-system
@@ -5249,7 +5299,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v1.0.1
+ image: ghcr.io/fluxcd/kustomize-controller:v1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -5306,7 +5356,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
@@ -5585,7 +5635,9 @@ spec:
type: string
type: object
interval:
- description: Interval at which to reconcile the Helm release.
+ description: Interval at which to reconcile the Helm release. This
+ interval is approximate and may be subject to jitter to ensure efficient
+ use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
@@ -6231,7 +6283,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: helm-controller
namespace: flux-system
---
@@ -6242,7 +6294,7 @@ metadata:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: helm-controller
namespace: flux-system
@@ -6271,7 +6323,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.35.0
+ image: ghcr.io/fluxcd/helm-controller:v0.36.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -6328,7 +6380,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -6765,7 +6817,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -6998,8 +7050,9 @@ spec:
maxLength: 2048
type: string
certSecretRef:
- description: CertSecretRef specifies the Secret containing a PEM-encoded
- CA certificate (`caFile`).
+ description: "CertSecretRef specifies the Secret containing a PEM-encoded
+ CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile`
+ key has been deprecated."
properties:
name:
description: Name of the referent.
@@ -7067,6 +7120,7 @@ spec:
- grafana
- githubdispatch
- pagerduty
+ - datadog
type: string
username:
description: Username specifies the name under which events are posted.
@@ -7174,7 +7228,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -7840,7 +7894,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
name: notification-controller
namespace: flux-system
---
@@ -7851,7 +7905,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -7872,7 +7926,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: webhook-receiver
namespace: flux-system
@@ -7893,7 +7947,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v2.0.1
+ app.kubernetes.io/version: v2.1.0
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -7921,7 +7975,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v1.0.0
+ image: ghcr.io/fluxcd/notification-controller:v1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
diff --git a/images/koolbox/Dockerfile b/images/koolbox/Dockerfile
index f409aeeeecac93bd9df9262063d1190f606c3097..8b6b3c9b6b5942783f59db337563079b93da7dce 100644
--- a/images/koolbox/Dockerfile
+++ b/images/koolbox/Dockerfile
@@ -37,7 +37,7 @@ RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" | tar
FROM quay.io/fedora/fedora:38 as flux
# renovate: datasource=github-releases depName=fluxcd/flux2
-ARG FLUX_VERSION=v2.0.1
+ARG FLUX_VERSION=v2.1.0
ENV FLUX_VERSION=${FLUX_VERSION}
RUN curl -L https://github.com/fluxcd/flux2/releases/download/${FLUX_VERSION}/flux_$(sed 's/^v//g' <<<${FLUX_VERSION})_linux_amd64.tar.gz | tar xvzf - flux \