chore(deps): pin fluxcd/flux2 to v2.7.5

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
fluxcd/flux2	minor	v2.0.1 → v2.7.5

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.7.5

Compare Source

Highlights

Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix HelmRelease history truncation when using the RetryOnFailure strategy.

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• helm-controller v1.4.5

CLI changelog

• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5649

Full Changelog: fluxcd/flux2@v2.7.4...v2.7.5

v2.7.4

Compare Source

Highlights

Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Add DisableConfigWatchers feature gate to all controllers for disabling the Secrets/ConfigMaps watchers
• Fix Workload Identity for Azure China Cloud in all controllers
• Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller
• Skip secret decryption for remote kustomize patches in kustomize-controller
• Improve post-build error reporting in kustomize-controller
• Add ArtifactGenerator to aggregated RBAC roles

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• source-controller v1.7.4
• kustomize-controller v1.7.3
• notification-controller v1.7.5
• helm-controller v1.4.4
• image-reflector-controller v1.0.4
• image-automation-controller v1.0.4
• source-watcher v2.0.3

CLI changelog

• [release/v2.7.x] ci: Include source-watcher in the e2e test suite by @​fluxcdbot in #​5615
• [release/v2.7.x] Add source.extensions.fluxcd.io group to aggregated RBAC roles by @​fluxcdbot in #​5628
• [release/v2.7.x] Fix panic on reconcile with source of ExternalArtifact kind by @​fluxcdbot in #​5631
• [release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by @​fluxcdbot in #​5634
• [release/v2.7.x] diff: report if object is skipped by @​fluxcdbot in #​5635
• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5640
• [release/v2.7.x] Allow option to skip tenant namespace creation by @​fluxcdbot in #​5642

Full Changelog: fluxcd/flux2@v2.7.3...v2.7.4

v2.7.3

Compare Source

Highlights

Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Restore SOCKS5 proxy support in all controllers
• Fix status reporting of HelmReleases with RetryOnFailure strategy
• Automated retries for ImagePolicies when no image tags are found in the database
• Fix alerting for Telegram's message_thread_id
• Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• source-controller v1.7.3
• kustomize-controller v1.7.2
• notification-controller v1.7.4
• helm-controller v1.4.3
• image-reflector-controller v1.0.3
• image-automation-controller v1.0.3

CLI changelog

• [release/v2.7.x] Pin cosign to v2.6.1 by @​fluxcdbot in #​5595
• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5605
• [release/v2.7.x] fix: return accepted values for flags when calling Values.Type() by @​fluxcdbot in #​5606

Full Changelog: fluxcd/flux2@v2.7.2...v2.7.3

v2.7.2

Compare Source

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

• source-controller v1.7.2
• kustomize-controller v1.7.1
• notification-controller v1.7.3
• helm-controller v1.4.2
• image-reflector-controller v1.0.2
• image-automation-controller v1.0.2
• source-watcher v2.0.2

CLI changelog

• [release/v2.7.x] Fix manifest generation for --storage-adv-addr and --events-addr flags by @​github-actions[bot] in #​5575
• [release/v2.7.x] Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by @​github-actions[bot] in #​5577
• [release/v2.7.x] Update toolkit components by @​github-actions[bot] in #​5579

Full Changelog: fluxcd/flux2@v2.7.1...v2.7.2

v2.7.1

Compare Source

Highlights

Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Improvements:

• Extend flux migrate with support for migrating manifests in Git repositories to the latest API versions.
• Add recommendations for configuring HelmReleases on production environments.

Fixes:

• Fix flux migrate command to handle managed fields properly.
• Fix self-signed TLS cert handling for public Helm repositories in source-controller.
• Fix the default API versions used by receivers in notification-controller.
• Fix redundant Ready condition patching in helm-controller.
• Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller.

Components changelog

• source-controller v1.7.1
• notification-controller v1.7.2
• helm-controller v1.4.1

CLI changelog

• [release/v2.7.x] Backport CI fixes and updates by @​matheuscscp in #​5552
• [release/v2.7.x] Fix flux push artifact not working with --provider by @​github-actions[bot] in #​5553
• [release/v2.7.x] Extend flux migrate to work with local files by @​github-actions[bot] in #​5557
• [release/v2.7.x] Improve flux migrate for live cluster migrations by @​github-actions[bot] in #​5559
• [release/v2.7.x] Fix flux migrate -f command to work with comments by @​github-actions[bot] in #​5561
• [release/v2.7.x] Fix flux migrate -f not considering kind comments by @​github-actions[bot] in #​5564
• [release/v2.7.x] Update toolkit components by @​github-actions[bot] in #​5569
• [release/v2.7.x] Disable AUR publishing by @​github-actions[bot] in #​5571

Full Changelog: fluxcd/flux2@v2.7.0...v2.7.1

v2.7.0

Compare Source

Highlights

Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.7 GA blog post.

Overview of the new features:

• General availability release of the Image Automation APIs (ImagePolicy, ImageRepository, ImageUpdateAutomation)
• Watch for changes in ConfigMaps and Secrets references (Kustomization, HelmRelease)
• Support for remote cluster authentication using Workload Identity (Kustomization, HelmRelease)
• Extend the readiness evaluation of dependencies with CEL expressions (Kustomization, HelmRelease)
• Support for global SOPS Age decryption keys on single-tenant clusters (Kustomization)
• Support for optional Kustomize components (Kustomization)
• Introduce RetryOnFailure lifecycle management strategy (HelmRelease)
• Support mTLS for sending alerts to external systems (Provider)
• Object-level workload identity authentication (Bucket, Provider)
• Support mTLS for GitHub App transport (GitRepository, ImageUpdateAutomation, Provider)
• OpenTelemetry tracing for Kustomization and HelmRelease reconciliation (Provider)
• Support for 3rd-party source controllers (ExternalArtifact)
• Support for source composition and decomposition patterns (ArtifactGenerator)
• CancelHealthCheckOnNewRevision feature gate (kustomize-controller)
• GitSparseCheckout feature gate (image-automation-controller)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.32	>= 1.32.0
v1.33	>= 1.33.0
v1.34	>= 1.34.1

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs v1beta1 and v2beta1 (deprecated in 2023) have reached end-of-life and have been removed from the CRDs.

Unless you are using Flux Operator to deploy the Flux controllers, you must run the flux migrate command on clusters before upgrading.

For more details, please refer to the Flux v2.7 upgrade guide.

Components changelog

• source-controller v1.7.0
• kustomize-controller v1.7.0
• notification-controller v1.7.0 v1.7.1
• helm-controller v1.4.0
• image-reflector-controller v1.0.0 v1.0.1
• image-automation-controller v1.0.0 v1.0.1
• source-watcher v2.0.0 v2.0.1

New Documentation

• ImageRepository v1 specification
• ImagePolicy v1 specification
• ImageUpdateAutomation v1 specification
• ExternalArtifact v1 specification
• ArtifactGenerator v1beta1 specification

CLI changelog

• Add backport label for v2.6.x by @​stefanprodan in #​5379
• Update image-reflector-controller to v0.35.1 by @​fluxcdbot in #​5381
• Add digest pinning to image automation testing by @​stefanprodan in #​5383
• correct small typo by @​JIbald in #​5388
• Remove credentials sync manifests by @​matheuscscp in #​5347
• Add sparse checkout to cli by @​ba-work in #​5389
• fix: Allow Azure CLI calls in flux push artifact --provider azure on DevOps runners by @​matheuscscp in #​5390
• Fix knownhosts key mismatch regression bug by @​matheuscscp in #​5404
• refactor: Use normalize.UnstructuredList instead of ssa.SetNativeKindsDefaults by @​cappyzawa in #​5407
• Make service-account name configurable in flux create tenant by @​reiSh6phoo9o in #​5402
• Update toolkit components by @​fluxcdbot in #​5409
• refactor: cleanup GetArtifactRegistryCredentials error handling by @​cappyzawa in #​5418
• Promote image CLI commands to stable by @​dgunzy in #​5421
• Update toolkit components by @​fluxcdbot in #​5426
• Bump pkg/ssa to v0.49.0 for CABundle validation fix by @​dgunzy in #​5431
• [RFC-0010] Add workload identity support for remote clusters by @​matheuscscp in #​5434
• Update toolkit components by @​fluxcdbot in #​5443
• Fix flux push artifact for insecure registries by @​stefanprodan in #​5449
• [RFC-0010] Add workload identity support for remote generic clusters by @​matheuscscp in #​5452
• Fix flux diff kustomization ignore patterns by @​dgunzy in #​5451
• Update dependencies to Kubernetes 1.33.2 by @​stefanprodan in #​5453
• build(deps): bump the ci group across 1 directory with 7 updates by @​dependabot[bot] in #​5435
• Upgrade fluxcd/pkg dependencies by @​matheuscscp in #​5455
• ci: Use GITHUB_TOKEN for API calls in update workflow by @​stefanprodan in #​5460
• manifests: Add app.kubernetes.io/part-of: flux label to controller pods by @​pinkavaj in #​5440
• Migrate sourcesecret package to runtime/secrets APIs by @​cappyzawa in #​5462
• Implement flux migrate command by @​stefanprodan in #​5473
• [RFC-0007] Implementation history update by @​stefanprodan in #​5480
• Run conformance tests for Kubernetes 1.34.0 by @​stefanprodan in #​5497
• Update to Kubernetes v1.34.0 and Go 1.25.0 by @​stefanprodan in #​5499
• build(deps): bump the ci group across 1 directory with 10 updates by @​dependabot[bot] in #​5500
• Allow the Go runtime to dynamically set GOMAXPROCS by @​stefanprodan in #​5501
• fix(events): respect --all-namespaces flag by @​mohiuddin-khan-shiam in #​5414
• [RFC-0011] OpenTelemetry Tracing by @​adri1197 in #​5321
• [RFC-0012] External Artifact API by @​stefanprodan in #​5292
• Add --show-history flag to debug helmrelease by @​hawkaii in #​5505
• Skip release candidates on updates by @​matheuscscp in #​5507
• ci: Align azure e2e tests secret names with fluxcd/pkg by @​matheuscscp in #​5508
• Update image-reflector-controller to v1.0.0 by @​fluxcdbot in #​5517
• Update source-controller to v1.7.0 by @​fluxcdbot in #​5518
• Add the source-watcher controller to the Flux distribution by @​stefanprodan in #​5519
• Add read-only commands for ArtifactGenerator kind by @​stefanprodan in #​5520
• ci: Add source-watcher to the update workflow by @​stefanprodan in #​5521
• Update image-automation-controller to v1.0.0 by @​fluxcdbot in #​5522
• Update image-reflector-controller to v1.0.1 by @​fluxcdbot in #​5525
• Implement flux [reconcile|suspend|resume] image policy commands by @​lukas8219 in #​5492
• Handle force: enabled annotation in flux diff ks command by @​stefanprodan in #​5528
• ci: Refactor CI with fluxcd/gha-workflows by @​stefanprodan in #​5529
• Remove ArtifactGenerators during uninstall by @​stefanprodan in #​5531
• Add support for ExternalArtifact to flux trace by @​stefanprodan in #​5532
• Set Kubernetes 1.32 as min supported version by @​stefanprodan in #​5533
• build(deps): bump the ci group with 6 updates by @​dependabot[bot] in #​5535
• Add support for custom storage namespace in HelmRelease creation by @​prasad89 in #​5534
• Update toolkit components by @​fluxcdbot in #​5537
• ci: remove cron schedule from update by @​matheuscscp in #​5539
• Update source-watcher to v2.0.1 by @​fluxcdbot in #​5540
• Add --show-history flag to debug kustomization by @​matheuscscp in #​5541
• Update image-automation-controller to v1.0.1 by @​fluxcdbot in #​5542
• fluxcd/flux2/action: Determine latest version without using GitHub API by @​RussellAult in #​5509

New Contributors

• @​JIbald made their first contribution in #​5388
• @​ba-work made their first contribution in #​5389
• @​cappyzawa made their first contribution in #​5407
• @​reiSh6phoo9o made their first contribution in #​5402
• @​pinkavaj made their first contribution in #​5440
• @​mohiuddin-khan-shiam made their first contribution in #​5414
• @​adri1197 made their first contribution in #​5321
• @​hawkaii made their first contribution in #​5505
• @​lukas8219 made their first contribution in #​5492
• @​prasad89 made their first contribution in #​5534
• @​RussellAult made their first contribution in #​5509

Full Changelog: fluxcd/flux2@v2.6.0...v2.7.0

v2.6.4

Compare Source

Highlights

Flux v2.6.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix for SOPS decryption with US Government KMS keys failing with the error:

STS: AssumeRoleWithWebIdentity, https response error\n   StatusCode: 0, RequestID: ,
request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp:
lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host

Components changelog

• kustomize-controller v1.6.1

CLI changed

• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5444

Full Changelog: fluxcd/flux2@v2.6.3...v2.6.4

v2.6.3

Compare Source

Highlights

Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.

Components changelog

• source-controller v1.6.2
• image-automation-controller v0.41.2

CLI changed

• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5427

Full Changelog: fluxcd/flux2@v2.6.2...v2.6.3

v2.6.2

Compare Source

Highlights

Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix authentication for flux push artifact --provider=azure on Azure DevOps runners.
• Fix OIDC authentication for Amazon ECR Public in source-controller and image-reflector-controller.
• Fix knownhosts key mismatch regression bug in the Flux CLI, source-controller and image-automation-controller.

Components changelog

• source-controller v1.6.1
• image-reflector-controller v0.35.2
• image-automation-controller v0.41.1

CLI changelog

• [release/v2.6.x] fix: Allow Azure CLI calls in flux push artifact --provider azure on DevOps runners by @​fluxcdbot in #​5396
• [release/v2.6.x] Fix knownhosts key mismatch regression bug by @​fluxcdbot in #​5405
• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5410

Full Changelog: fluxcd/flux2@v2.6.1...v2.6.2

v2.6.1

Compare Source

Highlights

Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation.
• Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty.

Components changelog

• image-reflector-controller v0.35.1

CLI changelog

• [release/v2.6.x] Update image-reflector-controller to v0.35.1 by @​fluxcdbot in #​5382
• [release/v2.6.x] Add digest pinning to image automation testing by @​fluxcdbot in #​5384

Full Changelog: fluxcd/flux2@v2.6.0...v2.6.1

v2.6.0

Compare Source

Highlights

Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.6 GA blog post.

Overview of the new features:

• General availability release for the Flux OCI Artifacts APIs and flux artifact commands
• Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation)
• Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider)
• Cache registry credentials for cloud providers (OCIRepository, ImageRepository)
• Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation)
• Support for sparse checkout (GitRepository)
• Support for GitHub App authentication (Alert Provider)
• Support for managed Identity authentication to Azure Event Hub (Alert Provider)
• Customize the ID of the Git commit status with CEL expressions (Alert Provider)
• WaitForTermination deletion policy (Kustomization)
• DisableChartDigestTracking feature gate (HelmRelease)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.31	>= 1.31.0
v1.32	>= 1.32.0
v1.33	>= 1.33.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.5.0 to v2.6.0 by following the upgrade guide.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain OCIRepository definitions.
2. Add an annotation api.fluxcd.io/upgrade: "v2.6.0" to the OCIRepository resources. (this is not required if Flux Operator is used for upgrade)
3. Commit, push, and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

Components changelog

• source-controller v1.6.0
• kustomize-controller v1.6.0
• notification-controller v1.6.0
• helm-controller v1.3.0
• image-reflector-controller v0.35.0
• image-automation-controller v0.41.0

New Documentation

• OCIRepository v1 specification
• AWS integrations
• Azure integrations
• GCP integrations

What's Changed

• fix: correct name on github app secret by @​NotAwar in #​5202
• Update RFC 0008 and RFC 0009 milestones by @​matheuscscp in #​5141
• Update kustomize-controller to v1.5.1 by @​fluxcdbot in #​5214
• Update backport labels for 2.5 by @​matheuscscp in #​5215
• Fix command debug hr not taking targetPath into account by @​matheuscscp in #​5227
• Remove redundant space. by @​laiminhtrung1997 in #​5038
• ci: switch to goreleaser changelog generation by @​y-eight in #​5284
• change: use the default ephemeral GITHUB_TOKEN instead of the static one by @​piontec in #​5282
• add: OSSF scorecard configuration file - ignore false-positive by @​piontec in #​5287
• build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by @​dependabot in #​5295
• Allow to pull/push artifacts to insecure registries without TLS by @​mottetm in #​5299
• [RFC-0010] Multi-Tenant Workload Identity by @​matheuscscp in #​5209
• flux diff: Reset target struct before decoding by @​maboehm in #​5302
• fix: allow recursive dry-run over local sources by @​niveau0 in #​5219
• Run conformance tests for Kubernetes 1.33.0 by @​stefanprodan in #​5318
• Update to Kubernetes 1.33.0 and Go 1.24.0 by @​stefanprodan in #​5323
• [RFC-0010] Remove EKS Pod Identity from the proposal by @​matheuscscp in #​5309
• [RFC-0010] Add RBAC for creating service account tokens by @​matheuscscp in #​5332
• Upgrade fluxcd/pkg auth, oci, git and git/gogit by @​matheuscscp in #​5333
• Fix exit code handling in get command by @​dgunzy in #​5338
• build(deps): bump the ci group across 1 directory with 18 updates by @​dependabot in #​5325
• Fix flux trace for HRs from OCIRepositorys by @​makkes in #​5349
• Fix e2e workflow by @​makkes in #​5351
• [RFC-0010] Update RFC to include opt-in feature gate by @​matheuscscp in #​5354
• [RFC-0010] Update RFC feature gate behavior by @​matheuscscp in #​5355
• Upgrade fluxcd/pkg packages by @​matheuscscp in #​5356
• Upgrade fluxcd/pkg packages by @​matheuscscp in #​5357
• Set Kubernetes 1.31 as min supported version by @​stefanprodan in #​5364
• Update dependencies by @​matheuscscp in #​5366
• Update toolkit components by @​fluxcdbot in #​5368
• Promote artifact commands to stable by @​matheuscscp in #​5369
• Add --interval and --reflect-digest flags to flux create image policy by @​matheuscscp in #​5345
• Update CLI to OCIRepository v1 (GA) by @​stefanprodan in #​5371
• Update dependabot config by @​stefanprodan in #​5373
• Update toolkit components by @​fluxcdbot in #​5370

New Contributors

• @​NotAwar made their first contribution in #​5202
• @​laiminhtrung1997 made their first contribution in #​5038
• @​y-eight made their first contribution in #​5284
• @​piontec made their first contribution in #​5282
• @​mottetm made their first contribution in #​5299
• @​maboehm made their first contribution in #​5302
• @​niveau0 made their first contribution in #​5219
• @​dgunzy made their first contribution in #​5338

Full Changelog: fluxcd/flux2@v2.5.0...v2.6.0

v2.5.1

Compare Source

Highlights

Flux v2.5.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in kustomize-controller v1.5.0 that was causing spurious logging for deprecated API versions and health check failures.
• Sanitize the kustomize-controller logs when encountering errors during SOPS decryption.

Components changelog

• kustomize-controller v1.5.1

CLI Changelog

• PR #​5215 - @​matheuscscp - Update backport labels for 2.5
• PR #​5214 - @​fluxcdbot - Update kustomize-controller to v1.5.1

v2.5.0

Compare Source

Highlights

Flux v2.5.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release,
please refer to the Announcing Flux 2.5 GA blog post.

Overview of the new features:

• Support for GitHub App authentication (GitRepository and ImageUpdateAutomation API)
• Custom Health Checks using CEL (Kustomization API)
• Fine-grained control of garbage collection (Kustomization API)
• Enable decryption of secrets generated by Kustomize components (Kustomization API)
• Support for custom event metadata from annotations (Alert API)
• Git commit status updates for Flux Kustomizations with OCIRepository sources (Alert API)
• Resource filtering using CEL for webhook receivers (Receiver API)
• Debug commands for Flux Kustomizations and HelmReleases (Flux CLI)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.30	>= 1.30.0
v1.31	>= 1.31.0
v1.32	>= 1.32.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using
Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies,
persistent storage, sharding, vertical scaling and the synchronization
of the cluster state from Git repositories, OCI artifacts and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.4.0 to v2.5.0 by following the upgrade guide.

There are no new API versions in this release, so no changes are required in the YAML manifests containing Flux resources.

Components changelog

• source-controller v1.5.0
• kustomize-controller v1.5.0
• notification-controller v1.5.0
• helm-controller v1.2.0
• image-reflector-controller v0.34.0
• image-automation-controller v0.40.0

CLI Changelog

• PR #​5204 - @​stefanprodan - Update kubectl in flux-cli image
• PR #​5203 - @​stefanprodan - Update flux-cli image
• PR #​5200 - @​stefanprodan - Update Kubernetes min supported version to 1.30
• PR #​5199 - @​matheuscscp - Update integration tests dependencies for Flux 2.5
• PR #​5195 - @​fluxcdbot - Update toolkit components
• PR #​5192 - @​fluxcdbot - Update toolkit components
• PR #​5190 - @​dependabot[bot] - build(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3
• PR #​5188 - @​matheuscscp - Upgrade pkg/runtime
• PR #​5187 - @​stefanprodan - Update conformance test suite
• PR #​5181 - @​dependabot[bot] - build(deps): bump the ci group across 1 directory with 13 updates
• PR #​5176 - @​YvanGuidoin - fix: align flux diff skipping with kustomize-controller
• PR #​5175 - @​stefanprodan - Update dependencies
• PR #​5151 - @​stefanprodan - [RFC-0009] Custom Health Checks using CEL expressions
• PR #​5146 - @​sjorsholtrop-ritense - Improve "flux resume" error message on non-existent object
• PR #​5142 - @​matheuscscp - Fix create command always using imageRepositoryType
• PR #​5137 - @​scottrigby - Add OpenShift 4.16 & 4.17 to conformance testing
• PR #​5117 - @​stefanprodan - Implement flux debug kustomization command
• PR #​5114 - @​stefanprodan - Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
• PR #​5111 - @​stefanprodan - Run conformance tests for Kubernetes 1.32.0
• PR #​5107 - @​darkowlzz - workflows: Use setup-terraform to install latest
• PR #​5106 - @​stefanprodan - Implement flux debug helmrelease command
• PR #​5105 - @​stefanprodan - Update fluxcd/pkg dependencies
• PR #​5104 - @​dependabot[bot] - build(deps): bump the ci group across 1 directory with 11 updates
• PR #​5103 - [@​dipti-pai](https://redirect.github.co

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.