This is the changelog for the Flux daemon; the changelog for the Helm operator is in ./CHANGELOG-helmop.md.
This release provides a deeper integration with Azure (DevOps Git hosts
and ACR) and allows configuring how fluxctl
finds fluxd
(useful for
clusters with multiple fluxd installations).
- Support Azure DevOps Git hosts weaveworks/flux#1729 weaveworks/flux#1731
- Use AKS credentials for ACR weaveworks/flux#1694
- Make port forward label selector configurable weaveworks/flux#1727
Lots of thanks to @alanjcastonguay, @hiddeco, and @sarath-p for their contributions to this release.
This release adds the --registry-exclude-image
flag for excluding
images from scanning, allows for registries with self-signed
certificates, and fixes several bugs.
- Bumped
justinbarrick/go-k8s-portforward
to1.0.2
to correctly handle multiple paths in theKUBECONFIG
env variable weaveworks/flux#1658 - Improved handling of registry challenge requests (preventing memory leaks) weaveworks/flux#1672
- Altered merging strategy for image credentials, which previously could lead to Flux trying to fetch image details with credentials from a different workload weaveworks/flux#1702
- Allow (potentially all) images to be excluded from scanning weaveworks/flux#1659
--registry-insecure-host
now first tries to skip TLS host host verification before falling back to HTTP, allowing registries with self-signed certificates weaveworks/flux#1526- Allow
HOME
env variable when invoking Git which allows for mounting a config file under$HOME/config/git
weaveworks/flux#1644 - Several documentation improvements and clarifications weaveworks/flux{#1656, #1675, #1681}
- Removed last traces of
linting
weaveworks/flux#1673 - Warn users about external changes in sync tag weaveworks/flux#1695
Lots of thanks to @2opremio, @alanjcastonguay, @bheesham, @brantb, @dananichev, @dholbach, @dmarkey, @hiddeco, @ncabatoff, @rade, @squaremo, @switchboardOp, @stefanprodan and @Timer for their contributions to this release, and anyone I've missed while writing this note.
This release adds native support for ECR (Amazon Elastic Container Registry) authentication.
- Make sure a
/etc/hosts
mounted into the fluxd container is respected weaveworks/flux#1630 - Proceed more gracefully when RBAC rules restrict access weaveworks/flux#1620
- Show more contextual information when
fluxctl
fails weaveworks/flux#1615
- Authenticate to ECR using a token from AWS IAM, when possible weaveworks/flux#1619
- Make it possible, and the default for new deployments, to configure a ClusterIP for memcached (previously it was only possible to use DNS service discovery) weaveworks/flux#1618
This release was made possible by welcome contributions from @2opremio, @agcooke, @cazzoo, @davidkarlsen, @dholbach, @dmarkey, @donifer, @ericbarch, @errordeveloper, @florianrusch, @gellweiler, @hiddeco, @isindir, @k, @marcincuber, @markbenschop, @Morriz, @rndstr, @roffe, @runningman84, @shahbour, @squaremo, @srueg, @stefanprodan, @stephenmoloney, @switchboardOp, @tobru, @tux-00, @u-phoria, @Viji-Sarathy-Bose.
This holiday season release fixes a handful of annoyances, and adds an
experimental --watch
flag for following the progress of fluxctl release
.
- Respect proxy env entries for git operations weaveworks/flux#1556
- Only push the "sync tag" when the synced revision has changed, avoiding spurious notifications weaveworks/flux#1605
- Return any sync errors for workloads in the ListControllers API weaveworks/flux#1521
- The experimental flag
fluxctl release --watch
shows the rollout progress of workloads in the release weaveworks/flux#1525 - The example manifests now include resource requests, to help Kubernetes with scheduling weaveworks/flux#1541
- We have a more comprehensive example git repo, which is mentioned consistently throughout the docs weaveworks/flux#1527 and weaveworks/flux#1540.
- Many clarifications and better structure in the docs weaveworks/flux{#1597, #1595, #1563, #1555, #1548, #1550, #1549, #1547, #1508, #1557}
- Registry scanning produces far less log spam, and abandons scans as soon as possible on being throttled weaveworks/flux#1538
Thanks to @Alien2150, @batpok, @bboreham, @brantb, @camilb, @davidkarlsen, @dbluxo, @demikl, @dholbach, @dpgeekzero, @etos, @hiddeco, @iandotmartin, @jakubbujny, @JeremyParker, @JimPruitt, @johnraz, @kopachevsky, @kozejonaz, @leoblanc, @marccarre, @marcincuber, @mgazza, @michalschott, @montyz, @ncabatoff, @nmaupu, @Nogbit, @pdeveltere, @rampreethethiraj, @rndstr, @samisq, @scjudd, @sfrique, @Smirl, @songsak2299, @squaremo, @stefanprodan, @stephenmoloney, @Timer, @whereismyjetpack, @willnewby for contributions in the period up to this release.
This release completes the support for HelmRelease
resources as used
by the Helm operator from v0.5 onwards.
Note This release bakes in kubectl
v.1.11.3, while previous
releases used v1.9.0. Officially, kubectl
is compatible with one
minor version before and one minor version after its own, i.e., now
v1.10-1.12. In practice, it may work fine for most purposes in a wider
range. If you run into difficulties relating to the kubectl
version,
contact us.
- Deal correctly with port numbers in images, when updating (Flux)HelmRelease resources weaveworks/flux#1507
- Many corrections and updates to the documentation weaveworks/flux#1506, weaveworks/flux#1502, weaveworks/flux#1501, weaveworks/flux#1498, weaveworks/flux#1492, weaveworks/flux#1490, weaveworks/flux#1488, weaveworks/flux#1489
- The metrics exported by the Flux daemon are now listed weaveworks/flux#1483
HelmRelease
resources are treated as workloads, so they can be automated, and updated withfluxctl release ...
weaveworks/flux#1382- Container-by-container releases, as used by
fluxctl --interactive
, now post detailed notifications to Weave Cloud weaveworks/flux#1472 and have better commit messages weaveworks/flux#1479 - Errors encountered when applying manifests are reported in the
ListControllers API (and may appear, in the future, in the
fluxctl release
output) weaveworks/flux#1410
Thanks go to @Ashiroq, @JimPruitt, @MansM, @Morriz, @Smirl, @Timer, @aytekk, @bzon, @camilb, @claude-leveille, @demikl, @dholbach, @endrec, @foot, @hiddeco, @jrcole2884, @lelenanam, @marcusolsson, @mellena1, @montyz, @olib963, @rade, @rndstr, @sfitts, @squaremo, @stefanprodan, @whereismyjetpack for their contributions.
This release includes a change to how image registries are scanned for metadata, which should reduce the amount of polling, while being sensitive to image metadata that changes frequently, as well as respecting throttling.
- Better chance of a graceful shutdown on signals weaveworks/flux#1438
- Take more notice of possible errors weaveworks/flux#1432 and weaveworks/flux#1433
- Report the problematic string when failing to parse an image ref weaveworks/flux#1407
- Apply CustomResourceDefinition manifests ahead of (most) other kinds of resource, since there will likely be other things that depend on the definition (e.g., the custom resources themselves) weaveworks/flux#1429
- Add
--git-timeout
flag for setting the default timeout for git operations (useful e.g., if you knowgit clone
will take a long time) weaveworks/flux#1416 fluxctl list-controllers
now has an aliasfluxctl list-workloads
weaveworks/flux#1425- Adapt the sampling rate for image metadata, and back off when throttled weaveworks/flux#1354
- The detailed rollout status of workloads is now reported in the API (NB this is not yet used in the command-line tool) weaveworks/flux#1380
A warm thank-you to @AugustasV, @MansM, @Morriz, @MrYadro, @Timer, @aaron-trout, @bhavin192, @brandon-bethke-neudesic, @brantb, @bzon, @dbluxo, @dholbach, @dlespiau, @endrec, @hiddeco, @justdavid, @justinbarrick, @kozejonaz, @lelenanam, @leoblanc, @marcemq, @marcusolsson, @mellena1, @mt-inside, @ncabatoff, @pcfens, @rade, @rndstr, @sc250024, @sfrique, @skurtzemann, @squaremo, @stefanprodan, @stephenmoloney, @timthelion, @tlvu, @whereismyjetpack, @white-hat, @wstrange for your contributions.
This is a patch release, mainly to include the fix for initContainer images (#1372).
- Include initContainers when scanning for images to fetch metadata
for, e..g, so there will be "available image" rows for the
initContainer in
fluxctl list-images
weaveworks/flux#1372 - Turn memcached's logging verbosity down, in the example deployment YAMLs weaveworks/flux#1369
- Remove mention of an archaic
fluxctl
command from help text weaveworks/flux#1389
Thanks for fixes go to @alanjcastonguay, @dholbach, and @squaremo.
This release has a soupçon of bug fixes. It gets a minor version bump,
because it introduces a new flag, --listen-metrics
.
- Updates to workloads using initContainers can now succeed weaveworks/flux#1351
- Port forwarding to GCP (and possibly others) works as intended weaveworks/flux#1334
- No longer falls over if the directory given as
--git-path
doesn't exist weaveworks/flux#1341 fluxctl
doesn't try to connect to the cluster when just reporting its version weaveworks/flux#1332- Metadata for unusable images (e.g., those for the wrong architecture) are now correctly recorded, so that they don't get fetched continually weaveworks/flux#1304
- Prometheus metrics can be exposed on a port different from that of
the flux API, using the flag
--listen-metrics
weaveworks/flux#1325
Thank you to the following for contributions (along with anyone I've missed): @ariefrahmansyah, @brantb, @casibbald, @davidkarlsen, @dholbach, @hiddeco, @justinbarrick, @kozejonaz, @lelenanam, @petervandenabeele, @rade, @rndstr, @squaremo, @stefanprodan, @the-fine.
This release improves existing features, and has some new goodies like regexp tag filtering and multiple sync paths. Have fun!
We also have a new contributing guide.
- Update example manifests to Kubernetes 1.9+ API versions weaveworks/flux#1322
- Operate with more restricted RBAC permissions weaveworks/flux#1298
- Verify baked-in host keys (against known good fingerprints) during build weaveworks/flux#1283
- Support authentication for GKE, AWS, etc., when
fluxctl
does automatic port forwarding weaveworks/flux#1284 - Respect tag filters in
fluxctl release ...
, unless--force
is given weaveworks/flux#1270
- Cope with
':'
characters in resource names weaveworks/flux#1282 - Accept multiple
--git-path
arguments; sync (and update) files in all the paths given weaveworks/flux#1297 - Use image pull secrets attached to service accounts, as well as those attached to workloads themselves weaveworks/flux#1291
- You can now filter images using regular expressions (in addition to semantic version ranges, and glob patterns) weaveworks/flux#1292
Thank you to the following for contributions: @Alien2150, @ariefrahmansyah, @brandon-bethke-neudesic, @bzon, @dholbach, @dkerwin, @hartmut-pq, @hiddeco, @justinbarrick, @petervandenabeele, @nicolerenee, @rndstr, @squaremo, @stefanprodan, @stephenmoloney.
This release adds semver image filters, makes it easier to use
fluxctl
securely, and has an experimental interactive mode for
fluxctl release
. It also fixes some long-standing problems with
image metadata DB, including no longer being bamboozled by Windows
images.
- Read the fallback image credentials every time, so they can be updated. This makes it feasible to mount them from a ConfigMap, or update them with a sidecar weaveworks/flux#1230
- Take some measures to prevent spurious image updates caused by bugs
in image metadata fetching:
- Sort images with zero timestamps correctly weaveworks/flux#1247
- Skip any updates where there's suspicious-looking image metadata weaveworks/flux#1249 (then weaveworks/flux#1250)
- Fix the bug that resulted in zero timestamps in the first place weaveworks/flux#1251
- Respect
'false'
value for automation annotation weaveworks/flux#1264 - Cope with images that have a Windows (or other) flavour, by omitting the unsupported image rather than failing entirely weaveworks/flux#1265
fluxctl
will now transparently port-forward to the Flux pod, making it easier to connect securely to the Flux API weaveworks/flux#1212fluxctl release
gained an experimental flag--interactive
that lets you toggle each image update on or off, then apply exactly the updates you have chosen weaveworks/flux#1231- Flux can now report and update
initContainers
, and a wider variety of Helm charts (as used inFluxHelmRelease
resources) weaveworks/flux#1258 - You can use semver (Semantic Versioning) filters for automation, rather than having to rely on glob patterns weaveworks/flux#1266
Thanks to @ariefrahmansyah, @chy168, @cliveseldon, @davidkarlsen, @dholbach, @errordeveloper, @geofflamrock, @grantbachman, @grimesjm, @hiddeco, @jlewi, @JoeyX-u, @justinbarrick, @konfiot, @malvex, @marccampbell, @marctc, @mt-inside, @mwhittington21, @ncabatoff, @rade, @rndstr, @squaremo, @srikantheee84, @stefanprodan, @stephenmoloney, @TheJaySmith (and anyone I've missed!) for their contributions.
This release includes a number of usability improvements, the majority of which were suggested or contributed by community members. Thanks everyone!
- Don't output fluxd usage text twice weaveworks/flux#1183
- Allow dots in resource IDs; e.g.,
default:deployment/foo.db
, which is closer to what Kubernetes allows weaveworks/flux#1197 - Log more about why git mirroring fails weaveworks/flux#1171
- Interpret FluxHelmRelease resources that specify multiple images to use in a chart weaveworks/flux#1175 (and several PRs that can be tracked down from there)
- Add an experimental flag for restricting the view fluxd has of the
cluster, reducing Kubernetes API usage:
--k8s-namespace-whitelist
weaveworks/flux#1184 - Share more image layers between quay.io/weaveworks/flux and quay.io/weaveworks/helm-operator images weaveworks/flux#1192
- Apply resources in "dependency order" so that e.g., namespaces are created before things in the namespaces weaveworks/flux#1117
This release fixes some wrinkles in the new YAML updating code, so that YAML multidocs and kubernetes List resources are fully supported.
It also introduces the fluxctl sync
command, which tells Flux to
update from git and apply to Kubernetes -- as requested in
TGI Kubernetes!
- Write whole files back after updates, so that multidocs and Lists aren't overwritten. A symptom of the problem was that a release would return an error something like "Verification failed: resources {...} were present before update and not after" weaveworks/flux#1137
- Interpret and update CronJob manifests correctly weaveworks/flux#1133
- Return a more helpful message when Flux can't parse YAML files weaveworks/flux#1141
- Bake SSH config into the global location (
/etc/ssh
), so that it's easier to override it by mounting a ConfigMap into/root/.ssh/
weaveworks/flux#1154 - Reduce the size of list-images API/RPC responses by sending only the image metadata that's requested weaveworks/flux#913
This release includes a rewrite of the YAML updating code, removing
the restrictions on using List resources and files with multiple YAML
documents, as well as fixing various bugs (like being confused by the
indentation of container
blocks).
See https://github.com/weaveworks/flux/blob/1.4.0/site/requirements.md for remaining constraints.
The YAML parser preserves comments and literal quoting, but may reindent blocks the first time it changes a file.
- Correct an issue the led to Flux incorrectly reporting resources as read-only weaveworks/flux#1119
- Some YAML update problems were fixed by the rewrite, the most egregious being:
- botched releases when a YAML has indented container blocks weaveworks/flux#1082
- mangled annotations when using multidoc YAML files weaveworks/flux#1044
- Rewrite the YAML update code to use a round-tripping parser, rather than regular expressions weaveworks/flux#976. This removes the restrictions on how YAMLs are formatted, though there are still going to be corner cases in the parser (verifying changes will mitigate those by failing updates that would corrupt files).
- Correct filtering of Helm charts when loading manifests from the git repo weaveworks/flux#1076
- Sync with cluster as soon as the git repository is ready weaveworks/flux#1060
- Avoid panic when reporting on
StatefulSet
status weaveworks/flux#1062
- Changes made to the git repo when releasing new images are now verified, meaning less chance of erroneous changes being committed weaveworks/flux#1094
- The ListImages API method now accepts an argument saying which fields to include for each container. This is intended to cut down the amount of data sent over the wire, since you don't always need the full list of available images weaveworks/flux#1084
- Add (back) the fluxd flag
--docker-config
so that image registry credentials can be supplied in a file mounted into the container weaveworks/flux#1065. This should make it easier to work around situations in which you don't want to use imagePullSecrets on each resource. - Label
flux
andhelm-operator
images with Open Containers Initiative (OCI) metadata weaveworks/flux#1075
- Exclude no-longer relevant changes from auto-releases weaveworks/flux#1036
- Make release and auto-release events more accurately record the affected resources, by looking at the calculated result weaveworks/flux#1050
- Let the flux daemon operate without a git repo, and report cluster resources as read-only when there is no corresponding manifest weaveworks/flux#962
- Reinstate command-line arg for setting the git polling interval
--git-poll-interval
weaveworks/flux#1030 - Add
--git-ci-skip
(and for more fine control,--git-ci-skip-message
) for customising flux's commit messages such that CI systems ignore the commits weaveworks/flux#1011 - Log the daemon version on startup weaveworks/flux#1017
- Handle single-quoted image values in manifests weaveworks/flux#1008
- Use a writable tmpfs volume for generating keys, since Kubernetes >=1.10 and GKE (as of March 13 2018) mount secrets as read-only weaveworks/flux#1007
- CLI help examples updated with new resource ID format weaveworks/flux#945
- Fix a panic caused by accessing a
nil
map when logging events weaveworks/flux#975 - Properly support multi-line lock messages weaveworks/flux#978
- Ignore Helm charts when looking for Kubernetes manifests weaveworks/flux#993
- Enable pprof weaveworks/flux#927
- Use a Kubernetes serviceAccount when deploying Flux standalone weaveworks/flux#972
- Ensure at-least-once delivery of events to Weave Cloud weaveworks/flux#973
- Include resource sync errors when logging a sync event weaveworks/flux#970
- Alpha release of helm-operator. See ./CHANGELOG-helmop.md for future releases.
- Fix a spin loop in the registry cache weaveworks/flux#928
- Correctly handle YAML files with no trailing newline weaveworks/flux#916
The following improvements are to help if you are running a private registry.
- Support image registries using basic authentication (rather than token-based authentication) weaveworks/flux#915
- Introduce the daemon argument
--registry-insecure-host
for marking a registry as accessible via HTTP (rather than HTTPS) weaveworks/flux#918 - Better logging of registry fetch failures, for troubleshooting weaveworks/flux#898
- Fix an issue that prevented fetching tags for private repositories on DockerHub (and self-hosted registries) weaveworks/flux#897
- Releases are more responsive, because dry runs are now done without triggering a sync weaveworks/flux#862
- Syncs are much faster, because they are now done all-in-one rather than calling kubectl for each resource weaveworks/flux#872
- Rewrite of the image registry package to solve several problems weaveworks/flux#851
- Support signed manifests (from GCR in particular) weaveworks/flux#838
- Support CronJobs from Kubernetes API version
batch/v1beta1
, which are present in Kubernetes 1.7 (while those frombatch/b2alpha1
are not) weaveworks/flux#868 - Expand the GCR credentials support to
*.gcr.io
weaveworks/flux#882 - Check that the synced git repo is writable before syncing, which avoids a number of indirect failures weaveworks/flux#865
- and, lots of other things
- Flux can now release updates to DaemonSets, StatefulSets and CronJobs in addition to Deployments. Matching Service resources are no longer required.
- Implemented support for v2 registry manifests.
- Flux daemon can be configured to populate the git commit author with the name of the requesting user
- When multiple flux daemons share the same configuration repository, each fluxd only sends Slack notifications for commits that affect its branch/path
- When a resource is locked the invoking user is recorded, along with an optional message
- When a new config repo is synced for the first time, don't send notifications for the entire commit history
- The
fluxctl identity
command only worked via the Weave Cloud service, and not when connecting directly to the daemon
This release introduces significant changes to the way flux works:
- The git repository is now the system of record for your cluster state. Flux continually works to synchronise your cluster with the config repository
- Release, automation and policy actions work by updating the config repository
See https://github.com/weaveworks/flux/releases/tag/1.0.0 for full details.
Update to support newer Kubernetes (1.6.1).
- Support for Kubernetes' ReplicationControllers is deprecated; please update these to Deployments, which do the same job but much better (see https://kubernetes.io/docs/user-guide/replication-controller/#deployment-recommended)
- The service<->daemon protocol is versioned. The daemon will now crash-loop, printing a warning to the log, if it tries to connect to the service with a deprecated version of the protocol.
- Updated the version of
kubectl
bundled in the Flux daemon image, to work with newer (>1.5) Kubernetes. - Added
fluxctl save
command for bootstrapping a repo from an existing cluster - You can now record a message and username with each release, which show up in notifications
More informative and helpful UI.
- Lots more documentation
- More informative output from
fluxctl release
- Added option in
fluxctl set-config
to generate a deploy key
- Slack notifications are tidier
- Support for releasing to >1 service at a time
- Better behaviour when flux deploys itself
- More help given for commonly encountered errors
- Filter out Kubernetes add-ons from consideration
- More consistent Prometheus metric labeling
See also https://github.com/weaveworks/flux/issues?&q=closed%3A"2017-01-27 .. 2017-03-15"
Initial semver release.
- Validate image release requests.
- Added version command
- Added rate limiting to prevent registry 500's
- Added new release process
- Refactored registry code and improved coverage
See https://github.com/weaveworks/flux/milestone/7?closed=1 for full details.