Merge pull request #443 from fluxcd/release-0.15.0

Release v0.15.0

CHANGELOG.md

@@ -2,6 +2,60 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.15.0
+
+**Release date:** 2021-10-08
+
+This prerelease comes with a [new reconciler](https://github.com/fluxcd/kustomize-controller/pull/426)
+based on Kubernetes server-side apply and graduates the API to `v1beta2`.
+
+The controller dependencies has been updated to match
+kustomize [v4.4.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.4.0)
+which restores the usage of YAML anchors.
+
+**Breaking changes**
+
+- Namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported.
+  Setting a namespace for all objects reconciled by a Kustomization can be done with `spec.targetNamespace`.
+- The logs, events and alerts that report Kubernetes namespaced object changes are
+  now using the `Kind/Namespace/Name` format instead of `Kind/Name`.
+- The minimum required version of Kubernetes has changed to:
+
+    | Kubernetes version | Minimum required |
+    | --- | --- |
+    | `v1.16` | `>= 1.16.11` |
+    | `v1.17` | `>= 1.17.7` |
+    | `v1.18` | `>= 1.18.4` |
+    | `v1.19` and later | `>= 1.19.0` |
+
+**Features and Improvements**
+
+- Being able to validate and reconcile sources that contain both CRDs and CRs.
+- Being able to wait for all the applied resources to become ready
+  without requiring users to fill-in the health check list.
+- Improve performance (CPU, memory, network, FD usage) and reduce the number of calls to Kubernetes API
+  by replacing kubectl execs with a specialized applier written in Go.
+- Detect and report drift between the desired state (git, s3, etc) and cluster state reliably.
+- Improve the overall observably of the reconciliation process by reporting in real-time
+  the garbage collection and health assessment actions.
+- Reconcile empty sources including pruning of all the resources previously applied.
+- Mask secrets data in logs, events and alerts.
+
+**API changes**
+
+The `kustomize.toolkit.fluxcd.io/v1beta2` API is backwards compatible with `v1beta1`.
+
+Additions, deprecations and removals:
+- `.spec.patchesStrategicMerge` deprecated in favour of `.spec.patches`
+- `.spec.patchesJson6902` deprecated in favour of `.spec.patches`
+- `.spec.validation` deprecated and no longer used (server-side validation is implicit)
+- `.spec.wait` added (when enabled, will wait for all the reconciled resources to become ready)
+- `.status.snapshot` replaced by `.status.inventory`
+
+Updating the manifests in Git to `v1beta2` can be done at any time after the kustomize-controller upgrade.
+All users are encouraged to update the manifests as the deprecated fields
+will be removed when the next API version will be released.
+
 ## 0.14.1
 
 **Release date:** 2021-09-09

Makefile

@@ -2,7 +2,7 @@
 IMG ?= fluxcd/kustomize-controller:latest
 # Produce CRDs that work back to Kubernetes 1.16
 CRD_OPTIONS ?= crd:crdVersions=v1
-SOURCE_VER ?= v0.15.4
+SOURCE_VER ?= v0.16.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

README.md

@@ -19,15 +19,15 @@ Features:
 * generates the `kustomization.yaml` file if needed
 * generates Kubernetes manifests with kustomize build
 * decrypts Kubernetes secrets with Mozilla SOPS
-* validates the build output with client-side or APIServer dry-run
+* validates the build output with server-side apply dry-run
 * applies the generated manifests on the cluster
 * prunes the Kubernetes objects removed from source
 * checks the health of the deployed workloads
 * runs `Kustomizations` in a specific order, taking into account the depends-on relationship 
 * notifies whenever a `Kustomization` status changes
 
 Specifications:
-* [API](docs/spec/v1beta1/README.md)
+* [API](docs/spec/v1beta2/README.md)
 * [Controller](docs/spec/README.md)
 
 ## Usage
@@ -55,7 +55,7 @@ flux install
 Create a source object that points to a Git repository containing Kubernetes and Kustomize manifests:
 
 ```yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: GitRepository
 metadata:
   name: podinfo
@@ -88,7 +88,7 @@ kubectl -n flux-system annotate --overwrite gitrepository/podinfo reconcile.flux
 Create a kustomization object that uses the git repository defined above:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-dev
@@ -100,7 +100,6 @@ spec:
   sourceRef:
     kind: GitRepository
     name: podinfo
-  validation: client
   healthChecks:
     - kind: Deployment
       name: frontend
@@ -147,12 +146,12 @@ kubectl -n flux-system logs deploy/kustomize-controller | jq .
   "kustomization": "flux-system/podinfo-dev",
   "output": {
     "namespace/dev": "created",
-    "service/frontend": "created",
-    "deployment.apps/frontend": "created",
-    "horizontalpodautoscaler.autoscaling/frontend": "created",
-    "service/backend": "created",
-    "deployment.apps/backend": "created",
-    "horizontalpodautoscaler.autoscaling/backend": "created"
+    "service/dev/frontend": "created",
+    "deployment/dev/frontend": "created",
+    "horizontalpodautoscaler/dev/frontend": "created",
+    "service/dev/backend": "created",
+    "deployment/dev/backend": "created",
+    "horizontalpodautoscaler/dev/backend": "created"
   }
 }
 ```
@@ -182,7 +181,7 @@ status:
 ```json
 {
   "kustomization": "flux-system/podinfo-dev",
-  "error": "Error from server (NotFound): error when creating podinfo-dev.yaml: namespaces dev not found"
+  "error": "Error when creating 'Service/dev/frontend': namespaces dev not found"
 }
 ```
 
@@ -195,7 +194,7 @@ When combined with health assessment, a kustomization will run after all its dep
 For example, a service mesh proxy injector should be running before deploying applications inside the mesh:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: istio
@@ -212,7 +211,7 @@ spec:
       namespace: istio-system
   timeout: 2m
 ---
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-dev
@@ -251,7 +250,7 @@ that matches the semver range.
 Create a production kustomization and reference the git source that follows the latest semver release:
 
 ```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: podinfo-production

config/default/kustomization.yaml

@@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kustomize-system
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.15.4/source-controller.crds.yaml
-- https://github.com/fluxcd/source-controller/releases/download/v0.15.4/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.16.0/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.16.0/source-controller.deployment.yaml
 - ../crd
 - ../rbac
 - ../manager

config/samples/kustomize_v1beta1_kustomization.yaml

@@ -1,4 +1,4 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: webapp-dev
@@ -9,17 +9,10 @@ spec:
   sourceRef:
     kind: GitRepository
     name: webapp-latest
-  validation: client
-  healthChecks:
-    - kind: Deployment
-      name: backend
-      namespace: webapp
-    - kind: Deployment
-      name: frontend
-      namespace: webapp
+  wait: true
   timeout: 2m
 ---
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
   name: webapp-production
@@ -30,7 +23,6 @@ spec:
   sourceRef:
     kind: GitRepository
     name: webapp-releases
-  validation: client
   healthChecks:
     - kind: Deployment
       name: backend

go.mod

@@ -8,14 +8,14 @@ require (
 	filippo.io/age v1.0.0
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/drone/envsubst v1.0.3-0.20200804185402-58bc65f69603
-	github.com/fluxcd/kustomize-controller/api v0.14.1
+	github.com/fluxcd/kustomize-controller/api v0.15.0
 	github.com/fluxcd/pkg/apis/kustomize v0.2.0
 	github.com/fluxcd/pkg/apis/meta v0.10.1
 	github.com/fluxcd/pkg/runtime v0.12.2
 	github.com/fluxcd/pkg/ssa v0.0.2
 	github.com/fluxcd/pkg/testserver v0.1.0
 	github.com/fluxcd/pkg/untar v0.1.0
-	github.com/fluxcd/source-controller/api v0.15.4
+	github.com/fluxcd/source-controller/api v0.16.0
 	github.com/go-logr/logr v0.4.0
 	github.com/hashicorp/go-retryablehttp v0.6.8
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c

go.sum

@@ -224,8 +224,8 @@ github.com/fluxcd/pkg/testserver v0.1.0 h1:nOYgM1HYFZNNSUFykuWDmrsxj4jQxUCvmLHWO
 github.com/fluxcd/pkg/testserver v0.1.0/go.mod h1:fvt8BHhXw6c1+CLw1QFZxcQprlcXzsrL4rzXaiGM+Iw=
 github.com/fluxcd/pkg/untar v0.1.0 h1:k97V/xV5hFrAkIkVPuv5AVhyxh1ZzzAKba/lbDfGo6o=
 github.com/fluxcd/pkg/untar v0.1.0/go.mod h1:aGswNyzB1mlz/T/kpOS58mITBMxMKc9tlJBH037A2HY=
-github.com/fluxcd/source-controller/api v0.15.4 h1:9aRcH/WKJWt7Bp954K/wzLRuiRiHuD2osvYp74GoP64=
-github.com/fluxcd/source-controller/api v0.15.4/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
+github.com/fluxcd/source-controller/api v0.16.0 h1:xFz+K7lLg/82uOQp+a0g04GsgoWNfyzwXAoVQy4T/oI=
+github.com/fluxcd/source-controller/api v0.16.0/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=