Upgrade Flux to v2.0.1 (#212)

* change resource URL to v2.0.0

* update CustomResourceDefinitions

* apply v2.0.1 patch

* fix hack/hack-resources.sh typo

* update resources keeping custom changes

Changes kept:
- annotation and label overrides
- seccomp profiles
- clusterRoles values flag

* improve CONTRIBUTING.md

* bump appVersion in Chart.yaml

CONTRIBUTING.md

@@ -5,7 +5,7 @@ Updating from upstream requires `kustomize` (https://github.com/kubernetes-sigs/
 ### Make container images available
 
 - Look for images in the `install.yaml` in the upstream release (For example: https://github.com/fluxcd/flux2/releases/download/v0.33.0/install.yaml)
-  - For example: `grep -i ' image: ' install.0.33.0.yaml` 
+  - For example: `grep -i ' image: ' install.0.33.0.yaml`
   - Add any images not already retagged to [retagger](https://github.com/giantswarm/retagger)
     - The name rewrite rules are in `helm/flux-app/values.yaml` under `images`
     - You can double-check if the images have been retagged for example in Quay: https://quay.io/organization/giantswarm?tab=repos
@@ -40,9 +40,11 @@ Updating from upstream requires `kustomize` (https://github.com/kubernetes-sigs/
   {{ include "podTemplateLabels.kustomizeController" . }}
   ```
   Please also check if upstream changed the labels and update the definition in `helm/flux-app/templates/_helpers.tpl`
+
 - IMPORTANT: There are some `ClusterRoles` upstream that we do not want to deploy to MCs: `flux-view` and `flux-edit` at
   the time of writing. They are guarded by a condition based on the value `.clusterRoles.install` which is enabled by
   default to install it automatically for customers using the app for themselves. In MCF however we disable them. Please
   make sure on upgrade that this 2 (and similar `ClusterRoles` if they add more that would give access to giantswarm
   resources if bound and are not required to make flux work) CRs are guarded by this condition.
+
 - Bump the `appVersion` in `helm/flux-app/Chart.yaml`

hack/hack-resources.sh

@@ -11,7 +11,7 @@ then
     sed -i 's!GS_PLACEHOLDER_RESOURCES_NOTIFICATION_CONTROLLER!\n{{ include "resources.notificationController" . | indent 12 }}!g' helm/flux-app/templates/install.yaml
     sed -i 's!GS_PLACEHOLDER_RESOURCES_SOURCE_CONTROLLER!\n{{ include "resources.sourceController" . | indent 12 }}!g' helm/flux-app/templates/install.yaml
 
-    sed -i e "/image:/b;s/'{{/{{/g" -e "/image:/b;s/}}'/}}/g" helm/flux-app/templates/install.yaml
+    sed -i -e "/image:/b;s/'{{/{{/g" -e "/image:/b;s/}}'/}}/g" helm/flux-app/templates/install.yaml
 else
     ## BSD sed commands
     sed -i "" 's!GS_PLACEHOLDER_RESOURCES_HELM_CONTROLLER!\n{{ include "resources.helmController" . | indent 12 }}!g' helm/flux-app/templates/install.yaml

hack/kustomization.yaml

@@ -24,7 +24,7 @@ images:
 
 
 resources:
-- https://github.com/fluxcd/flux2/releases/download/v0.41.2/install.yaml
+- "https://github.com/fluxcd/flux2/releases/download/v2.0.1/install.yaml"
 - ./additional-resources/pvc-psp.yaml
 - ./additional-resources/metrics-service.yaml
 

helm/flux-app/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.41.2
+appVersion: 2.0.1
 annotations:
   application.giantswarm.io/team: team-honeybadger
   application.giantswarm.io/two-step-install: "true"

helm/flux-app/crd-base/alert.yaml

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.1
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.12.0
   labels:
     app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: '{{ .Release.Name }}'
@@ -205,6 +204,11 @@ spec:
             spec:
               description: AlertSpec defines an alerting rule for events involving a list of objects.
               properties:
+                eventMetadata:
+                  additionalProperties:
+                    type: string
+                  description: EventMetadata is an optional field for adding metadata to events dispatched by the controller. This can be used for enhancing the context of the event. If a field would override one already present on the original event as generated by the emitter, then the override doesn't happen, i.e. the original value is preserved, and an info log is printed.
+                  type: object
                 eventSeverity:
                   default: info
                   description: EventSeverity specifies how to filter events based on severity. If set to 'info' no events will be filtered.
@@ -218,10 +222,10 @@ spec:
                     description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
                     properties:
                       apiVersion:
-                        description: API version of the referent.
+                        description: API version of the referent
                         type: string
                       kind:
-                        description: Kind of the referent.
+                        description: Kind of the referent
                         enum:
                           - Bucket
                           - GitRepository
@@ -237,19 +241,20 @@ spec:
                       matchLabels:
                         additionalProperties:
                           type: string
-                        description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        description: MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. MatchLabels requires the name to be set to `*`.
                         type: object
                       name:
-                        description: Name of the referent.
+                        description: Name of the referent If multiple resources are targeted `*` may be set.
                         maxLength: 53
                         minLength: 1
                         type: string
                       namespace:
-                        description: Namespace of the referent.
+                        description: Namespace of the referent
                         maxLength: 53
                         minLength: 1
                         type: string
                     required:
+                      - kind
                       - name
                     type: object
                   type: array
@@ -258,6 +263,11 @@ spec:
                   items:
                     type: string
                   type: array
+                inclusionList:
+                  description: InclusionList specifies a list of Golang regular expressions to be used for including messages.
+                  items:
+                    type: string
+                  type: array
                 providerRef:
                   description: ProviderRef specifies which Provider this Alert should use.
                   properties:

helm/flux-app/crd-base/bucket.yaml

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.1
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.12.0
   labels:
     app.kubernetes.io/component: source-controller
     app.kubernetes.io/instance: '{{ .Release.Name }}'
@@ -310,9 +309,6 @@ spec:
                 artifact:
                   description: Artifact represents the last successful Bucket reconciliation.
                   properties:
-                    checksum:
-                      description: 'Checksum is the SHA256 checksum of the Artifact file. Deprecated: use Artifact.Digest instead.'
-                      type: string
                     digest:
                       description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
                       pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
@@ -340,7 +336,9 @@ spec:
                       description: URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.
                       type: string
                   required:
+                    - lastUpdateTime
                     - path
+                    - revision
                     - url
                   type: object
                 conditions: