v0.26.0
Highlights
Flux v0.26.0 comes with new features and improvements. Users are encouraged to upgrade for the best experience.
Breaking changes
- The minimum supported version of Kubernetes is now v1.20.6. Note that Flux may work on Kubernetes 1.19, but we don’t recommend running EOL versions in production.
- On multi-tenant clusters, Flux controllers are now using the native Kubernetes impersonation feature. When both
spec.kubeConfig
andspec.ServiceAccountName
are specified in Flux custom resources, the controllers will impersonate the service account on the target cluster, previously the controllers ignored the service account.
Security enhancements
- Platform admins have the option to lock down Flux on multi-tenant clusters and enforce tenant isolation at namespace level without having to use a 3rd party admission controller.
- The Flux installation conforms to the Kubernetes restricted pod security standard and the Seccomp runtime default security profile was enabled for all controllers.
- The container images of all Flux's components are signed with Cosign and GitHub OIDC.
- Flux releases include a Software Bill of Materials (SBOM) that is available for download on the GitHub release page.
New features and improvements
- Preview local changes against live clusters with the
flux diff kustomization
command. - Undo changes made directly on clusters (with kubectl server-side apply) to Flux managed objects.
- Native support for Hashicorp Vault token-based authentication when decrypting SOPS encrypted secrets.
- Auto-login to AWS ECR, Azure ACR and Google Cloud GCR for image update automation on EKS, AKS or GKE.
- On single-tenant clusters, image automation can now refer to Git repositories in other namespaces than the
ImageImageUpdateAutomation
object.
Components changelog
- source-controller v0.21.1 v0.21.0
- kustomize-controller v0.20.0
- helm-controller v0.16.0
- notification-controller v0.21.0
- image-reflector-controller v0.16.0
- image-automation-controller v0.20.0
CLI Changelog
- PR #2167 - @souleb - Preview local changes with flux build/diff kustomization
- PR #2356 - @stefanprodan - Adapt diff test to match Kubernetes 1.23.3 API response
- PR #2348 - @pjbgf - Add pkg-config to arm runners
- PR #2347 - @stealthybox - Fix output usage for
flux get <sources|images>
- PR #2345 - @fluxcdbot - Update toolkit components
- PR #2343 - @stefanprodan - Set minimum supported version to Kubernetes 1.20.6
- PR #2342 - @stefanprodan - Run the CLI as non-root
- PR #2336 - @souleb - Upgrade go-git-providers to v0.5.3
- PR #2317 - @souleb - Add license Header to internal/build files
- PR #2316 - @pjbgf - [security] Enable pod security warnings for flux-system