Skip to content

feat(github-release): update release fluxcd/flux2 ( v2.8.7 → v2.9.0 )#1807

Open
chaplain-grimaldus[bot] wants to merge 1 commit into
mainfrom
renovate/fluxcd-flux2-2.x
Open

feat(github-release): update release fluxcd/flux2 ( v2.8.7 → v2.9.0 )#1807
chaplain-grimaldus[bot] wants to merge 1 commit into
mainfrom
renovate/fluxcd-flux2-2.x

Conversation

@chaplain-grimaldus

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
fluxcd/flux2 minor v2.8.7v2.9.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.9.0

Compare Source

Highlights

Flux v2.9.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.9 GA blog post.

Overview of the new features:

  • Flux CLI Plugin System with the Mirror and Schema plugins (flux plugin)
  • Server-Side Apply field ignore rules for fine-grained drift control (Kustomization)
  • SOPS decryption with the Age post-quantum cipher (Kustomization)
  • Kubernetes Workload Identity authentication for OpenBao and Vault (Kustomization)
  • Helm post-render strategies, including chart hooks support (HelmRelease)
  • Literal mode for Helm values references mirroring helm --set-literal (HelmRelease)
  • Allow empty kind in CEL health check expressions (Kustomization, HelmRelease)
  • Git commit signing and verification with SSH keys (GitRepository, ImageUpdateAutomation)
  • AWS CodeCommit authentication using Workload Identity (GitRepository)
  • Custom Sigstore trusted root for keyless verification in air-gapped environments (OCIRepository)
  • Path pattern directory discovery for monorepos (ArtifactGenerator)
  • Secret-less, OIDC-secured webhook Receivers (Receiver)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.34 >= 1.34.1
v1.35 >= 1.35.0
v1.36 >= 1.36.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs image.toolkit.fluxcd.io/v1beta2 and notification.toolkit.fluxcd.io/v1beta2
have reached end-of-life and have been removed from the CRDs.

Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from older versions of Flux to v2.9.

Components changelog

CLI changelog

New Contributors

Full Changelog: fluxcd/flux2@v2.8.0...v2.9.0

v2.8.8

Compare Source

Highlights

Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)
  • Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)
  • Stop force-applying non-CRD objects placed under a chart's crds/ directory (helm-controller)
  • Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)
  • Improve path handling in the source reconcilers (source-controller)
  • Support Helm semver build-metadata encoding in OCIRepository tags (source-controller)

Improvements:

  • Update go-git to v5.19.1 which fixes CVE-2026-45571 and CVE-2026-45570 (source-controller, image-automation-controller)
  • Move Helm back to upstream v4.2.0 (source-controller, helm-controller)
  • Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)
  • Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller)
  • Update fluxcd/pkg dependencies

Components changelog

CLI changelog

Full Changelog: fluxcd/flux2@v2.8.7...v2.8.8


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants