This enables experimental drift detection of cluster state compared to
the current manifest data from the Helm storage's manifest blob.
Drift detection works based on the already proven approach of the
kustomize-controller's SSA package, and utilizes the managed field
configured by the controller since `v0.12.2`.
This feature is planned to go out of experimental once the further
controller rewrite has been finished, and the state of the Helm storage
itself is more fault tolerant.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This updates all the comparisons to make use of `HasRevision` which
supports the RFC-0005 and legacy revision formats.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Establish conventions which aligns with what is supported upstream
today, whilst expanding on documentation to ensure folks have
pointers on how to debug/check for issues going forwards.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Moving into Go Native, the adhoc changes and on-demand build is no
longer necessary.
Previously calls to r.EventRecorder.AnnotatedEventf resulted in panic.
The new dummy recorder resolves the problem without impacting
resource consumption.
A new make target `fuzz-native` was introduced, to loop through all
fuzz tests for the duration of time specified via the environment
variable `FUZZ_TIME`.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Formalises the API requirements around TargetPath and ValuesKey,
which were the two fields missing validation within ValuesReference.
In both cases the validation was introduced at CRD level, so that
the apiserver will enforce it.
ValuesKey must be a valid Data Key. Therefore the same logic used by
upstream Kubernetes is reused here to ensure a valid key is being used.
For TargetPath a loose regex is being used to largely represent the
expected format. A max length of 250 is now being enforced.
This is a breaking change, as invalid TargetPath and ValuesKey will now
be rejected by the apiserver, instead of being accepted and potentially
failing at reconciliation time.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Fixing a regression introduced in #480 which would always pick the
namespace of the release. In addition, historically seen the
configuration of the impersonation username while making use of a
KubeConfig has never worked correctly, this has been adressed as well.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This is a partial cherry-pick of commit ae4f499e87, including
changes around `kube`. This to include some of the changes around the
construction of the ConfigFlags RESTClientGetter, as an attempt to
solve token refresh issues.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Two new flags were added to allow users to enable the
use of user.Exec and InsecureTLS in the kubeconfigs
provided remote apply reconciliations.
Breaking change: both functionalities are no longer
enabled by default.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This to facilitate improvements on the notification-controller side,
where annotations prefixed with the FQDN of the Group of the Involved
Object will be transformed into "fields".
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When ExternalEventRecorder is nil, the helm release reference is not used
therefore the function can safely return early.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
After downloading an artifact, compute its checksum and verify that it matches the original checksum advertised by source-controller.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If the ReconcileStrategy is changed (from ChartVersion to Revision for
example), we should update the HelmChart.
Signed-off-by: Dylan Arbour <arbourd@users.noreply.github.com>
Add `values.yaml` to the supported kubeconfig secret key names in order for SOPS to correctly detect the storage format based on the file extension.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Before:
{"level":"info","ts":"2021-03-03T12:45:41.305Z","logger":"controller.helmrelease","msg":"could not find optional %s '%s'","reconciler group":"helm.toolkit.fluxcd.io","reconciler kind":"HelmRelease","name":"cert-manager","namespace":"kommander","ConfigMap":{"namespace":"kommander","name":"cert-manager-overrides"}}
After:
{"level":"info","ts":"2021-03-03T13:56:46.365+0100","logger":"controller.helmrelease","msg":"could not find optional ConfigMap 'kommander/cert-manager-overrides'","reconciler group":"helm.toolkit.fluxcd.io","reconciler kind":"HelmRelease","name":"cert-manager","namespace":"kommander"}
Signed-off-by: Max Jonas Werner <mwerner@d2iq.com>
Hidde Beydals