Skip to content

chore(deps): update dependency fluxcd/flux2 to v0.39.0

Botaniker (Bot) requested to merge renovate/fluxcd-flux2-0.x into main

This MR contains the following updates:

Package Update Change
fluxcd/flux2 minor v0.38.3 -> v0.39.0

Release Notes

fluxcd/flux2

v0.39.0

Compare Source

Highlights

Flux v0.39.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.

Starting with this version, the Flux controllers come with SBOMs and SLSA Provenance Attestations embedded in their container images.

The Flux Terraform Provider has a new resource for bootstrapping Flux, without depending on third-party Terraform providers, that allows customising the controllers at install time. Users are encouraged to migrate to this new resources and provide feedback.

The Flux CLI is now included in Wolfi OS, the Linux (Un)distro designed for securing the software supply chain. The Chainguard team and Wolfi maintainers are shipping updates for the Flux package on a regular basis.

Features and improvements
  • Recreate immutable resources (e.g. Kubernetes Jobs) by annotating or labeling them with kustomize.toolkit.fluxcd.io/force: enabled.
  • Support for HTTPS bearer token authentication for Git repositories.
  • Improve memory usage by disabling the caching of Secret and ConfigMap resources in all controllers.
  • Better observability with progressive status updates for Sources (Git, OCI, Helm, S3 Buckets).
  • Allow extracting the OCI artifact SHA256 digest for Cosign with flux push artifact -o json.
  • Track CRDs managed by Flux, flux trace and flux tree will show which HelmRelease deployed which CRDs.
  • Allow the Flux GitHub Action to use a GitHub token when checking for updates to avoid rate limiting.
New documentation
Components changelog
CLI Changelog

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Merge request reports