Started by GitHub push by ti-chi-bot[bot]Started by GitHub push by ti-chi-bot[bot]00152671526744667446671.0084818481168310df3e85a0572d28a332f7d2af6bece5f22fbb5a10df3e85a0572d28a332f7d2af6bece5f22fbb5aorigin/main10df3e85a0572d28a332f7d2af6bece5f22fbb5a10df3e85a0572d28a332f7d2af6bece5f22fbb5aorigin/main10df3e85a0572d28a332f7d2af6bece5f22fbb5a10df3e85a0572d28a332f7d2af6bece5f22fbb5aorigin/mainhttps://github.com/PingCAP-QE/ci.gitfalse#16834466761436seed #16831683falsefalse16833681424SUCCESS1778573396394https://do.pingcap.net/jenkins/job/seed/1683/default-6cbqx10df3e85a0572d28a332f7d2af6bece5f22fbb5a1778573367000https://do.pingcap.net/jenkins/user/noreplynoreplynoreply@github.comchore(deps): update ghcr.io/fluxcd/flux-cli docker tag to v2.8.6 (#4577) > ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/fluxcd/flux-cli](https://redirect.github.com/fluxcd/flux2) | minor | `v2.2.3` → `v2.8.6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/1780) for more information. --- ### Release Notes <details> <summary>fluxcd/flux2 (ghcr.io/fluxcd/flux-cli)</summary> ### [`v2.8.6`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.6) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.5...v2.8.6) #### Highlights Flux v2.8.6 is a patch release that includes bug fixes and improvements across helm-controller, image-automation-controller, kustomize-controller, notification-controller, and source-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix a post-renderer conflict between overlapping hooks and templates (helm-controller) - Ignore force replace when server-side apply is enabled (helm-controller) - Fix a regression where generic providers would not forward commit status events (notification-controller) - Require the `audience` field on the GCR Receiver secret for tighter verification — will become mandatory in Flux v2.9 (notification-controller) Improvements: - Introduce the `MigrateAPIVersion` feature gate for migrating the API version of resources in managed field entries (kustomize-controller) - Update go-git to v5.18.0 bringing performance improvements for Git operations (source-controller, image-automation-controller) #### Components changelog - helm-controller [v1.5.4](https://redirect.github.com/fluxcd/helm-controller/blob/v1.5.4/CHANGELOG.md) - image-automation-controller [v1.1.2](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.1.2/CHANGELOG.md) - kustomize-controller [v1.8.4](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.8.4/CHANGELOG.md) - notification-controller [v1.8.4](https://redirect.github.com/fluxcd/notification-controller/blob/v1.8.4/CHANGELOG.md) - source-controller [v1.8.3](https://redirect.github.com/fluxcd/source-controller/blob/v1.8.3/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5857](https://redirect.github.com/fluxcd/flux2/pull/5857) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.5...v2.8.6> ### [`v2.8.5`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.5) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.4...v2.8.5) #### Highlights Flux v2.8.5 is a patch release that includes bug fixes and improvements across kustomize-controller, source-controller, and notification-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix a race condition where a cancelled reconciliation could leave stale data in the cache, causing Kustomizations to get stuck (kustomize-controller) - Fix Azure Blob prefix option not being passed to the storage client (source-controller) Improvements: - Improve error message for encrypted SSH keys without password (source-controller) - Add optional `email` and `audience` fields to the GCR Receiver for tighter verification (notification-controller) - Add provider manifest example for Azure Event Hub managed identity authentication (notification-controller) #### Components changelog - kustomize-controller [v1.8.3](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.8.3/CHANGELOG.md) - source-controller [v1.8.2](https://redirect.github.com/fluxcd/source-controller/blob/v1.8.2/CHANGELOG.md) - notification-controller [v1.8.3](https://redirect.github.com/fluxcd/notification-controller/blob/v1.8.3/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5822](https://redirect.github.com/fluxcd/flux2/pull/5822) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.4...v2.8.5> ### [`v2.8.4`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.4) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.3...v2.8.4) #### Highlights Flux v2.8.4 is a patch release that includes fixes for the Flux CLI. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix `flux build ks` and `flux diff ks` on Windows - Fix `--source` flag validation in `create kustomization` command #### CLI changelog - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5796](https://redirect.github.com/fluxcd/flux2/pull/5796) - \[release/v2.8.x] fix: validate --source flag in create kustomization command by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5799](https://redirect.github.com/fluxcd/flux2/pull/5799) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.3...v2.8.4> ### [`v2.8.3`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.3) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.2...v2.8.3) ##### Highlights Flux v2.8.3 is a patch release that fixes a regression in helm-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix templating errors for charts that include `---` in the content, e.g. YAML separators, embedded scripts, CAs inside ConfigMaps (helm-controller) ##### Components changelog - helm-controller [v1.5.3](https://redirect.github.com/fluxcd/helm-controller/blob/v1.5.3/CHANGELOG.md) ##### CLI changelog - \[release/v2.8.x] Add target branch name to update branch by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5774](https://redirect.github.com/fluxcd/flux2/pull/5774) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5779](https://redirect.github.com/fluxcd/flux2/pull/5779) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.2...v2.8.3> ### [`v2.8.2`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.2) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.1...v2.8.2) ##### Highlights Flux v2.8.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix enqueuing new reconciliation requests for events on source Flux objects when they are already reconciling the revision present in the watch event (kustomize-controller, helm-controller) - Fix the Go templates bug of YAML separator `---` getting concatenated to `apiVersion:` by updating to Helm 4.1.3 (helm-controller) - Fix canceled HelmReleases getting stuck when they don't have a retry strategy configured by introducing a new feature gate `DefaultToRetryOnFailure` that improves the experience when the `CancelHealthCheckOnNewRevision` is enabled (helm-controller) - Fix the auth scope for Azure Container Registry to use the ACR-specific scope (source-controller, image-reflector-controller) - Fix potential Denial of Service (DoS) during TLS handshakes (CVE-2026-27138) by building all controllers with Go 1.26.1 ##### Components changelog - source-controller [v1.8.1](https://redirect.github.com/fluxcd/source-controller/blob/v1.8.1/CHANGELOG.md) - kustomize-controller [v1.8.2](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.8.2/CHANGELOG.md) - notification-controller [v1.8.2](https://redirect.github.com/fluxcd/notification-controller/blob/v1.8.2/CHANGELOG.md) - helm-controller [v1.5.2](https://redirect.github.com/fluxcd/helm-controller/blob/v1.5.2/CHANGELOG.md) - image-reflector-controller [v1.1.1](https://redirect.github.com/fluxcd/image-reflector-controller/blob/v1.1.1/CHANGELOG.md) - image-automation-controller [v1.1.1](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.1.1/CHANGELOG.md) - source-watcher [v2.1.1](https://redirect.github.com/fluxcd/source-watcher/blob/v2.1.1/CHANGELOG.md) ##### CLI changelog - \[release/v2.8.x] build(deps): bump the ci group across 1 directory with 11 updates by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5765](https://redirect.github.com/fluxcd/flux2/pull/5765) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5767](https://redirect.github.com/fluxcd/flux2/pull/5767) - Update toolkit components by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5770](https://redirect.github.com/fluxcd/flux2/pull/5770) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5771](https://redirect.github.com/fluxcd/flux2/pull/5771) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.2> ### [`v2.8.1`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.1) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.8.0...v2.8.1) ##### Highlights Flux v2.8.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix Git commit status events being dropped for Kustomizations (notification-controller) - Fix health check for StatefulSets when the Pods are Pending/Unschedulable during rollout (helm-controller, kustomize-controller) ##### Components changelog - kustomize-controller [v1.8.1](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.8.1/CHANGELOG.md) - notification-controller [v1.8.1](https://redirect.github.com/fluxcd/notification-controller/blob/v1.8.1/CHANGELOG.md) - helm-controller [v1.5.1](https://redirect.github.com/fluxcd/helm-controller/blob/v1.5.1/CHANGELOG.md) ##### CLI changelog - \[release/v2.8.x] Remove no longer needed workaround for Flux 2.8 by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5735](https://redirect.github.com/fluxcd/flux2/pull/5735) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5739](https://redirect.github.com/fluxcd/flux2/pull/5739) - \[release/v2.8.x] Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5741](https://redirect.github.com/fluxcd/flux2/pull/5741) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.0...v2.8.1> ### [`v2.8.0`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.8.0) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.5...v2.8.0) ##### Highlights Flux v2.8.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.8 GA blog post](https://fluxcd.io/blog/2026/02/flux-v2.8.0/). Overview of the new features: - Helm v4 support, including server-side apply and kstatus-based health checking (`HelmRelease`) - Readiness evaluation of Helm-managed objects with CEL expressions (`HelmRelease`) - Improved observability of Helm releases with inventory tracking in `.status.inventory` (`HelmRelease`) - Reduced the mean time to recovery of Flux-managed applications via `CancelHealthCheckOnNewRevision` feature gate (`Kustomization`, `HelmRelease`) - Support for commenting on Pull Requests directly from Flux notifications (`Provider`) - Custom SSA apply stages for ordering resource application in kustomize-controller (`Kustomization`) - Automatic GitHub App installation ID lookup from the repository owner (`GitRepository`, `ImageUpdateAutomation`, `Provider`) - Support for Cosign v3 for verifying OCI artifacts and container images (`OCIRepository`) - ArtifactGenerator support for extracting and modifying Helm charts (`ArtifactGenerator`) - Bypass cache when fetching source objects via `DirectSourceFetch` feature gate (`Kustomization`, `HelmRelease`, `ArtifactGenerator`) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | | ------------------ | ---------------- | | `v1.33` | `>= 1.32.0` | | `v1.34` | `>= 1.34.1` | | `v1.35` | `>= 1.35.0` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. ##### Upgrade procedure :warning: The Flux APIs `v1beta2` and `v2beta2` (deprecated in 2024) have reached end-of-life and have been removed from the CRDs. Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from older versions of Flux to v2.8. ##### Components changelog - source-controller [v1.8.0](https://redirect.github.com/fluxcd/source-controller/blob/v1.8.0/CHANGELOG.md) - kustomize-controller [v1.8.0](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.8.0/CHANGELOG.md) - notification-controller [v1.8.0](https://redirect.github.com/fluxcd/notification-controller/blob/v1.8.0/CHANGELOG.md) - helm-controller [v1.5.0](https://redirect.github.com/fluxcd/helm-controller/blob/v1.5.0/CHANGELOG.md) - image-reflector-controller [v1.1.0](https://redirect.github.com/fluxcd/image-reflector-controller/blob/v1.1.0/CHANGELOG.md) - image-automation-controller [v1.1.0](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.1.0/CHANGELOG.md) - source-watcher [v2.1.0](https://redirect.github.com/fluxcd/source-watcher/blob/v2.1.0/CHANGELOG.md) ##### CLI changelog - ci: Set `GITHUB_TOKEN` in the `release-flux-manifests` workflow by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5547](https://redirect.github.com/fluxcd/flux2/pull/5547) - Add backport label for Flux 2.7 by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5550](https://redirect.github.com/fluxcd/flux2/pull/5550) - build(deps): bump the ci group across 1 directory with 3 updates by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;5548](https://redirect.github.com/fluxcd/flux2/pull/5548) - Fix `flux push artifact` not working with `--provider` by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5551](https://redirect.github.com/fluxcd/flux2/pull/5551) - Extend `flux migrate` to work with local files by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5554](https://redirect.github.com/fluxcd/flux2/pull/5554) - Improve `flux migrate` for live cluster migrations by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5558](https://redirect.github.com/fluxcd/flux2/pull/5558) - Fix `flux migrate -f` command to work with comments by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5560](https://redirect.github.com/fluxcd/flux2/pull/5560) - Add source-watcher to docs by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5562](https://redirect.github.com/fluxcd/flux2/pull/5562) - Fix `flux migrate -f` not considering kind comments by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5563](https://redirect.github.com/fluxcd/flux2/pull/5563) - refactor: convert `Kustomization` resource into unstructured map only once during variable substitution by [@&#8203;ramasai1](https://redirect.github.com/ramasai1) in [#&#8203;5566](https://redirect.github.com/fluxcd/flux2/pull/5566) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5568](https://redirect.github.com/fluxcd/flux2/pull/5568) - Disable AUR publishing by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5570](https://redirect.github.com/fluxcd/flux2/pull/5570) - Fix manifest generation for `--storage-adv-addr` and `--events-addr` flags by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5574](https://redirect.github.com/fluxcd/flux2/pull/5574) - Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5576](https://redirect.github.com/fluxcd/flux2/pull/5576) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5578](https://redirect.github.com/fluxcd/flux2/pull/5578) - Restore GitHub PAT for backports by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5581](https://redirect.github.com/fluxcd/flux2/pull/5581) - \[RFC-0012] Add command `flux get source external` by [@&#8203;dgunzy](https://redirect.github.com/dgunzy) in [#&#8203;5555](https://redirect.github.com/fluxcd/flux2/pull/5555) - fix: handle error when writing password prompt to stdout by [@&#8203;akshatsinha0](https://redirect.github.com/akshatsinha0) in [#&#8203;5589](https://redirect.github.com/fluxcd/flux2/pull/5589) - Pin cosign to v2.6.1 by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5594](https://redirect.github.com/fluxcd/flux2/pull/5594) - \[RFC-0012] Add command `flux export source external` by [@&#8203;dgunzy](https://redirect.github.com/dgunzy) in [#&#8203;5583](https://redirect.github.com/fluxcd/flux2/pull/5583) - Fix bootstrap e2e test for image policy by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5604](https://redirect.github.com/fluxcd/flux2/pull/5604) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5603](https://redirect.github.com/fluxcd/flux2/pull/5603) - fix: return accepted values for flags when calling Values.Type() by [@&#8203;jaxels10](https://redirect.github.com/jaxels10) in [#&#8203;5602](https://redirect.github.com/fluxcd/flux2/pull/5602) - ci: Include source-watcher in the e2e test suite by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5614](https://redirect.github.com/fluxcd/flux2/pull/5614) - Add source.extensions.fluxcd.io group to aggregated RBAC roles by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5627](https://redirect.github.com/fluxcd/flux2/pull/5627) - Fix panic on reconcile with source of ExternalArtifact kind by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5630](https://redirect.github.com/fluxcd/flux2/pull/5630) - Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5633](https://redirect.github.com/fluxcd/flux2/pull/5633) - diff: report if object is skipped by [@&#8203;hown3d](https://redirect.github.com/hown3d) in [#&#8203;5625](https://redirect.github.com/fluxcd/flux2/pull/5625) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5639](https://redirect.github.com/fluxcd/flux2/pull/5639) - Allow option to skip tenant namespace creation by [@&#8203;anshuishere](https://redirect.github.com/anshuishere) in [#&#8203;5597](https://redirect.github.com/fluxcd/flux2/pull/5597) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5648](https://redirect.github.com/fluxcd/flux2/pull/5648) - fix: [#&#8203;5654](https://redirect.github.com/fluxcd/flux2/issues/5654) by checking if both --chart and --chart-ref are set by [@&#8203;jaxels10](https://redirect.github.com/jaxels10) in [#&#8203;5656](https://redirect.github.com/fluxcd/flux2/pull/5656) - Added retry logic with delays to the Flux CLI download by [@&#8203;ivan-munteanu](https://redirect.github.com/ivan-munteanu) in [#&#8203;5659](https://redirect.github.com/fluxcd/flux2/pull/5659) - Run conformance tests for Kubernetes 1.35.0 by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5663](https://redirect.github.com/fluxcd/flux2/pull/5663) - fix: normalize path for Windows compatibility by [@&#8203;sibasispadhi](https://redirect.github.com/sibasispadhi) in [#&#8203;5674](https://redirect.github.com/fluxcd/flux2/pull/5674) - Introduce support for looking up GH app installation ID by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5682](https://redirect.github.com/fluxcd/flux2/pull/5682) - Update dependencies to Kubernetes v1.35.0 by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5688](https://redirect.github.com/fluxcd/flux2/pull/5688) - Fix resume command logging success after reconciliation failure by [@&#8203;Aman-Cool](https://redirect.github.com/Aman-Cool) in [#&#8203;5690](https://redirect.github.com/fluxcd/flux2/pull/5690) - Add 2.8 to supported versions for `flux migrate -f` by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5713](https://redirect.github.com/fluxcd/flux2/pull/5713) - Introduce workflow for bumping fluxcd/pkg deps by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5717](https://redirect.github.com/fluxcd/flux2/pull/5717) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5719](https://redirect.github.com/fluxcd/flux2/pull/5719) - Fix event listing ignoring pagination token by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5721](https://redirect.github.com/fluxcd/flux2/pull/5721) - Build with Go 1.26 by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5723](https://redirect.github.com/fluxcd/flux2/pull/5723) - Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5722](https://redirect.github.com/fluxcd/flux2/pull/5722) - Update helm-controller to v1.5.0 by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5725](https://redirect.github.com/fluxcd/flux2/pull/5725) - build(deps): bump the ci group across 1 directory with 12 updates by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;5720](https://redirect.github.com/fluxcd/flux2/pull/5720) - Fix bootstrap failure on Windows cross-drive paths by [@&#8203;veeceey](https://redirect.github.com/veeceey) in [#&#8203;5726](https://redirect.github.com/fluxcd/flux2/pull/5726) - Dump debug info on e2e tests by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5729](https://redirect.github.com/fluxcd/flux2/pull/5729) - Set Kubernetes 1.33 as min supported version by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5730](https://redirect.github.com/fluxcd/flux2/pull/5730) - Update conformance tests to min Kubernetes 1.33 by [@&#8203;stefanprodan](https://redirect.github.com/stefanprodan) in [#&#8203;5731](https://redirect.github.com/fluxcd/flux2/pull/5731) ##### New Contributors - [@&#8203;ramasai1](https://redirect.github.com/ramasai1) made their first contribution in [#&#8203;5566](https://redirect.github.com/fluxcd/flux2/pull/5566) - [@&#8203;akshatsinha0](https://redirect.github.com/akshatsinha0) made their first contribution in [#&#8203;5589](https://redirect.github.com/fluxcd/flux2/pull/5589) - [@&#8203;jaxels10](https://redirect.github.com/jaxels10) made their first contribution in [#&#8203;5602](https://redirect.github.com/fluxcd/flux2/pull/5602) - [@&#8203;hown3d](https://redirect.github.com/hown3d) made their first contribution in [#&#8203;5625](https://redirect.github.com/fluxcd/flux2/pull/5625) - [@&#8203;anshuishere](https://redirect.github.com/anshuishere) made their first contribution in [#&#8203;5597](https://redirect.github.com/fluxcd/flux2/pull/5597) - [@&#8203;ivan-munteanu](https://redirect.github.com/ivan-munteanu) made their first contribution in [#&#8203;5659](https://redirect.github.com/fluxcd/flux2/pull/5659) - [@&#8203;sibasispadhi](https://redirect.github.com/sibasispadhi) made their first contribution in [#&#8203;5674](https://redirect.github.com/fluxcd/flux2/pull/5674) - [@&#8203;Aman-Cool](https://redirect.github.com/Aman-Cool) made their first contribution in [#&#8203;5690](https://redirect.github.com/fluxcd/flux2/pull/5690) - [@&#8203;veeceey](https://redirect.github.com/veeceey) made their first contribution in [#&#8203;5726](https://redirect.github.com/fluxcd/flux2/pull/5726) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.0...v2.8.0> ### [`v2.7.5`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.5) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5) ##### Highlights Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix HelmRelease history truncation when using the `RetryOnFailure` strategy. :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. ##### Components changelog - helm-controller [v1.4.5](https://redirect.github.com/fluxcd/helm-controller/blob/v1.4.5/CHANGELOG.md) ##### CLI changelog - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5649](https://redirect.github.com/fluxcd/flux2/pull/5649) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5> ### [`v2.7.4`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.4) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4) ##### Highlights Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Add `DisableConfigWatchers` feature gate to all controllers for disabling the Secrets/ConfigMaps watchers - Fix Workload Identity for Azure China Cloud in all controllers - Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller - Skip secret decryption for remote kustomize patches in kustomize-controller - Improve post-build error reporting in kustomize-controller - Add `ArtifactGenerator` to aggregated RBAC roles :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. ##### Components changelog - source-controller [v1.7.4](https://redirect.github.com/fluxcd/source-controller/blob/v1.7.4/CHANGELOG.md) - kustomize-controller [v1.7.3](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.7.3/CHANGELOG.md) - notification-controller [v1.7.5](https://redirect.github.com/fluxcd/notification-controller/blob/v1.7.5/CHANGELOG.md) - helm-controller [v1.4.4](https://redirect.github.com/fluxcd/helm-controller/blob/v1.4.4/CHANGELOG.md) - image-reflector-controller [v1.0.4](https://redirect.github.com/fluxcd/image-reflector-controller/blob/v1.0.4/CHANGELOG.md) - image-automation-controller [v1.0.4](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.0.4/CHANGELOG.md) - source-watcher [v2.0.3](https://redirect.github.com/fluxcd/source-watcher/blob/v2.0.3/CHANGELOG.md) ##### CLI changelog - \[release/v2.7.x] ci: Include source-watcher in the e2e test suite by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5615](https://redirect.github.com/fluxcd/flux2/pull/5615) - \[release/v2.7.x] Add source.extensions.fluxcd.io group to aggregated RBAC roles by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5628](https://redirect.github.com/fluxcd/flux2/pull/5628) - \[release/v2.7.x] Fix panic on reconcile with source of ExternalArtifact kind by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5631](https://redirect.github.com/fluxcd/flux2/pull/5631) - \[release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5634](https://redirect.github.com/fluxcd/flux2/pull/5634) - \[release/v2.7.x] diff: report if object is skipped by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5635](https://redirect.github.com/fluxcd/flux2/pull/5635) - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5640](https://redirect.github.com/fluxcd/flux2/pull/5640) - \[release/v2.7.x] Allow option to skip tenant namespace creation by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5642](https://redirect.github.com/fluxcd/flux2/pull/5642) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4> ### [`v2.7.3`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.3) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3) ##### Highlights Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Restore SOCKS5 proxy support in all controllers - Fix status reporting of HelmReleases with `RetryOnFailure` strategy - Automated retries for ImagePolicies when no image tags are found in the database - Fix alerting for Telegram's `message_thread_id` - Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. ##### Components changelog - source-controller [v1.7.3](https://redirect.github.com/fluxcd/source-controller/blob/v1.7.3/CHANGELOG.md) - kustomize-controller [v1.7.2](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.7.2/CHANGELOG.md) - notification-controller [v1.7.4](https://redirect.github.com/fluxcd/notification-controller/blob/v1.7.4/CHANGELOG.md) - helm-controller [v1.4.3](https://redirect.github.com/fluxcd/helm-controller/blob/v1.4.3/CHANGELOG.md) - image-reflector-controller [v1.0.3](https://redirect.github.com/fluxcd/image-reflector-controller/blob/v1.0.3/CHANGELOG.md) - image-automation-controller [v1.0.3](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.0.3/CHANGELOG.md) ##### CLI changelog - \[release/v2.7.x] Pin cosign to v2.6.1 by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5595](https://redirect.github.com/fluxcd/flux2/pull/5595) - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5605](https://redirect.github.com/fluxcd/flux2/pull/5605) - \[release/v2.7.x] fix: return accepted values for flags when calling Values.Type() by [@&#8203;fluxcdbot](https://redirect.github.com/fluxcdbot) in [#&#8203;5606](https://redirect.github.com/fluxcd/flux2/pull/5606) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3> ### [`v2.7.2`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.2) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2) #### Highlights Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the [Go 1.25.2 release notes](https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ). #### Components changelog - source-controller [v1.7.2](https://redirect.github.com/fluxcd/source-controller/blob/v1.7.2/CHANGELOG.md) - kustomize-controller [v1.7.1](https://redirect.github.com/fluxcd/kustomize-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.3](https://redirect.github.com/fluxcd/notification-controller/blob/v1.7.3/CHANGELOG.md) - helm-controller [v1.4.2](https://redirect.github.com/fluxcd/helm-controller/blob/v1.4.2/CHANGELOG.md) - image-reflector-controller [v1.0.2](https://redirect.github.com/fluxcd/image-reflector-controller/blob/v1.0.2/CHANGELOG.md) - image-automation-controller [v1.0.2](https://redirect.github.com/fluxcd/image-automation-controller/blob/v1.0.2/CHANGELOG.md) - source-watcher [v2.0.2](https://redirect.github.com/fluxcd/source-watcher/blob/v2.0.2/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Fix manifest generation for `--storage-adv-addr` and `--events-addr` flags by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5575](https://redirect.github.com/fluxcd/flux2/pull/5575) - \[release/v2.7.x] Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5577](https://redirect.github.com/fluxcd/flux2/pull/5577) - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5579](https://redirect.github.com/fluxcd/flux2/pull/5579) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2> ### [`v2.7.1`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.1) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1) #### Highlights Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://redirect.github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Improvements: - Extend [flux migrate](https://fluxcd.io/flux/cmd/flux_migrate/) with support for migrating manifests in Git repositories to the latest API versions. - Add [recommendations](https://fluxcd.io/flux/components/helm/helmreleases/#recommended-settings) for configuring HelmReleases on production environments. Fixes: - Fix `flux migrate` command to handle managed fields properly. - Fix self-signed TLS cert handling for public Helm repositories in source-controller. - Fix the default API versions used by receivers in notification-controller. - Fix redundant `Ready` condition patching in helm-controller. - Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller. #### Components changelog - source-controller [v1.7.1](https://redirect.github.com/fluxcd/source-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.2](https://redirect.github.com/fluxcd/notification-controller/blob/v1.7.2/CHANGELOG.md) - helm-controller [v1.4.1](https://redirect.github.com/fluxcd/helm-controller/blob/v1.4.1/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Backport CI fixes and updates by [@&#8203;matheuscscp](https://redirect.github.com/matheuscscp) in [#&#8203;5552](https://redirect.github.com/fluxcd/flux2/pull/5552) - \[release/v2.7.x] Fix `flux push artifact` not working with `--provider` by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5553](https://redirect.github.com/fluxcd/flux2/pull/5553) - \[release/v2.7.x] Extend `flux migrate` to work with local files by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5557](https://redirect.github.com/fluxcd/flux2/pull/5557) - \[release/v2.7.x] Improve `flux migrate` for live cluster migrations by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5559](https://redirect.github.com/fluxcd/flux2/pull/5559) - \[release/v2.7.x] Fix `flux migrate -f` command to work with comments by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5561](https://redirect.github.com/fluxcd/flux2/pull/5561) - \[release/v2.7.x] Fix `flux migrate -f` not considering kind comments by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5564](https://redirect.github.com/fluxcd/flux2/pull/5564) - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5569](https://redirect.github.com/fluxcd/flux2/pull/5569) - \[release/v2.7.x] Disable AUR publishing by [@&#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in [#&#8203;5571](https://redirect.github.com/fluxcd/flux2/pull/5571) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1> ### [`v2.7.0`](https://redirect.github.com/fluxcd/flux2/releases/tag/v2.7.0) [Compare Source](https://redirect.github.com/fluxcd/flux2/compare/v2.6.4...v2.7.0) #### Highlights Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.7 GA blog post](https://fluxcd.io/blog/2025/09/flux-v2.7.0/). Overview of the new features: - General availability release of the Image Automation APIs (`ImagePolicy`, `ImageRepository`, `ImageUpdateAutomation`) - Watch for changes in ConfigMaps and Secrets references (`Kustomization`, `HelmRelease`) - Support for remote cluster authentication using Workload Identity (`Kustomization`, `HelmRelease`) - Extend the readiness evaluation of dependencies with CEL expressions (`Kustomization`, `HelmRelease`) - Support for global SOPS Age decryption keys on single-tenant clusters (`Kustomization`) - Support for optional Kustomize components (`Kustomization`) - Introduce `RetryOnFailure` lifecycle management strategy (`HelmRelease`) - Support mTLS for sending alerts to external systems (`Provider`) - Object-level workload identity authentication (`Bucket`, `Provider`) - Support mTLS for GitHub App transport (`GitRepository`, `ImageUpdateAutomation`, `Provider`) - OpenTelemetry tracing for `Kustomization` and `HelmRelease` reconciliation (`Provider`) - Support for 3rd-party source controllers (`ExternalArtifact`) - Support for source composition and decomposition patterns (`ArtifactGenerator`) - `CancelHealthCheckOnNewRevision` feature gate (kustomize-controller) - `GitSparseCheckout` feature gate (image-automation-controller) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | | ------------------ | ---------------- | | `v1.32` | `>= 1.32.0` | | `v1.33` | `>= 1.33.0` | | `v1.34` | `>= 1.34.1` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI 2026-05-12 08:09:27 +000010df3e85a0572d28a332f7d2af6bece5f22fbb5achore(deps): update ghcr.io/fluxcd/flux-cli docker tag to v2.8.6 (#4577)githttps://do.pingcap.net/jenkins/user/noreplynoreply