Compare commits
8 Commits
main
...
api/v1.4.1
| Author | SHA1 | Date |
|---|---|---|
Matheus Pimenta
|
596130157d | |
|
Matheus Pimenta
|
141ebe43eb | |
|
Matheus Pimenta
|
3d8a070d7f | |
|
Matheus Pimenta
|
ceefb36c14 | |
|
Stefan Prodan
|
db72db6258 | |
|
Stefan Prodan
|
1c39476729 | |
|
Matheus Pimenta
|
1ba110d592 | |
|
Matheus Pimenta
|
7cdf526aa6 |
13
CHANGELOG.md
13
CHANGELOG.md
|
|
@ -1,5 +1,18 @@
|
|||
# Changelog
|
||||
|
||||
## 1.4.1
|
||||
|
||||
**Release date:** 2025-10-06
|
||||
|
||||
This patch release fixes the controller setting the `Ready`
|
||||
condition to `Unknown` redundantly during reconciliation.
|
||||
|
||||
Fixes:
|
||||
- Remove redundant Ready condition setter
|
||||
[#1323](https://github.com/fluxcd/helm-controller/pull/1323)
|
||||
- Fix docs example for kubeconfig workload identity
|
||||
[#1315](https://github.com/fluxcd/helm-controller/pull/1315)
|
||||
|
||||
## 1.4.0
|
||||
|
||||
**Release date:** 2025-09-25
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@ resources:
|
|||
images:
|
||||
- name: fluxcd/helm-controller
|
||||
newName: fluxcd/helm-controller
|
||||
newTag: v1.4.0
|
||||
newTag: v1.4.1
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ metadata:
|
|||
name: podinfo
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 5m
|
||||
interval: 15m
|
||||
url: https://stefanprodan.github.io/podinfo
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
|
|
@ -29,7 +29,7 @@ metadata:
|
|||
name: podinfo
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 10m
|
||||
interval: 15m
|
||||
timeout: 5m
|
||||
chart:
|
||||
spec:
|
||||
|
|
@ -1077,10 +1077,9 @@ metadata:
|
|||
name: kubeconfig
|
||||
namespace: apps
|
||||
data:
|
||||
kubeConfig:
|
||||
provider: aws
|
||||
cluster: arn:aws:eks:eu-central-1:123456789012:cluster/my-cluster
|
||||
serviceAccountName: apps-iam-role # optional. maps to an AWS IAM Role. used for authentication
|
||||
provider: aws
|
||||
cluster: arn:aws:eks:eu-central-1:123456789012:cluster/my-cluster
|
||||
serviceAccountName: apps-iam-role # optional. maps to an AWS IAM Role. used for authentication
|
||||
```
|
||||
|
||||
### Interval
|
||||
|
|
@ -1091,12 +1090,13 @@ matches the desired state.
|
|||
|
||||
After successfully reconciling the object, the controller requeues it for
|
||||
inspection at the specified interval. The value must be in a [Go recognized
|
||||
duration string format](https://pkg.go.dev/time#ParseDuration), e.g. `10m0s`
|
||||
to reconcile the object every ten minutes.
|
||||
duration string format](https://pkg.go.dev/time#ParseDuration), e.g. `15m0s`
|
||||
to reconcile the object every fifteen minutes.
|
||||
|
||||
If the `.metadata.generation` of a resource changes (due to e.g. a change to
|
||||
the spec) or the HelmChart revision changes (which generates a Kubernetes
|
||||
Event), this is handled instantly outside the interval window.
|
||||
Event), or a ConfigMap/Secret referenced in `valuesFrom` changes,
|
||||
this is handled instantly outside the interval window.
|
||||
|
||||
**Note:** The controller can be configured to apply a jitter to the interval in
|
||||
order to distribute the load more evenly when multiple HelmRelease objects are
|
||||
|
|
@ -1121,6 +1121,69 @@ resume.
|
|||
|
||||
## Working with HelmReleases
|
||||
|
||||
### Recommended settings
|
||||
|
||||
When deploying applications to production environments, it is recommended
|
||||
to use OCI-based Helm charts with OCIRepository as `chartRef`, and
|
||||
to configure the following fields, while adjusting them to your desires for
|
||||
responsiveness:
|
||||
|
||||
```yaml
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: OCIRepository
|
||||
metadata:
|
||||
name: webapp-chart
|
||||
namespace: apps
|
||||
spec:
|
||||
interval: 5m # check for new versions every 5 minutes and trigger an upgrade
|
||||
url: oci://ghcr.io/org/charts/webapp
|
||||
secretRef:
|
||||
name: registry-auth # Image pull secret with read-only access
|
||||
layerSelector: # select the Helm chart layer
|
||||
mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
|
||||
operation: copy
|
||||
ref:
|
||||
semver: "*" # track the latest stable version
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: webapp
|
||||
namespace: apps
|
||||
spec:
|
||||
releaseName: webapp
|
||||
chartRef:
|
||||
kind: OCIRepository
|
||||
name: webapp-chart
|
||||
interval: 30m # run drift detection every 30 minutes
|
||||
driftDetection:
|
||||
mode: enabled # undo kubectl edits and other unintended changes
|
||||
install:
|
||||
strategy:
|
||||
name: RetryOnFailure # retry failed installations instead of uninstalling
|
||||
retryInterval: 5m # retry failed installations every five minutes
|
||||
upgrade:
|
||||
crds: CreateReplace # update CRDs when upgrading
|
||||
strategy:
|
||||
name: RetryOnFailure # retry failed upgrades instead of rollback
|
||||
retryInterval: 5m # retry failed upgrades every five minutes
|
||||
# All ConfigMaps and Secrets referenced in valuesFrom should
|
||||
# be labelled with `reconcile.fluxcd.io/watch: Enabled`
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: webapp-values
|
||||
- kind: Secret
|
||||
name: webapp-secret-values
|
||||
```
|
||||
|
||||
Note that the `RetryOnFailure` strategy is suitable for statefulsets
|
||||
and other workloads that cannot tolerate rollbacks and have a high rollout duration
|
||||
susceptible to health check timeouts and transient capacity errors.
|
||||
|
||||
For stateless workloads and applications that can tolerate rollbacks, the
|
||||
`RemediateOnFailure` strategy may be more suitable, as it will ensure that
|
||||
the last known good state is restored in case of a failure.
|
||||
|
||||
### Configuring failure handling
|
||||
|
||||
From time to time, a Helm installation, upgrade, or accompanying [Helm test](#test-configuration)
|
||||
|
|
@ -1191,7 +1254,7 @@ metadata:
|
|||
name: my-operator
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 10m
|
||||
interval: 15m
|
||||
chart:
|
||||
spec:
|
||||
chart: my-operator
|
||||
|
|
@ -1279,7 +1342,7 @@ metadata:
|
|||
namespace: webapp
|
||||
spec:
|
||||
serviceAccountName: webapp-reconciler
|
||||
interval: 5m
|
||||
interval: 15m
|
||||
chart:
|
||||
spec:
|
||||
chart: podinfo
|
||||
|
|
|
|||
2
go.mod
2
go.mod
|
|
@ -17,7 +17,7 @@ replace (
|
|||
require (
|
||||
github.com/Masterminds/semver/v3 v3.4.0
|
||||
github.com/fluxcd/cli-utils v0.36.0-flux.15
|
||||
github.com/fluxcd/helm-controller/api v1.4.0
|
||||
github.com/fluxcd/helm-controller/api v1.4.1
|
||||
github.com/fluxcd/pkg/apis/acl v0.9.0
|
||||
github.com/fluxcd/pkg/apis/event v0.19.0
|
||||
github.com/fluxcd/pkg/apis/kustomize v1.12.0
|
||||
|
|
|
|||
|
|
@ -204,9 +204,8 @@ func (r *HelmReleaseReconciler) reconcileRelease(ctx context.Context, patchHelpe
|
|||
log := ctrl.LoggerFrom(ctx)
|
||||
|
||||
// Mark the resource as under reconciliation.
|
||||
const progressingMsg = "Fulfilling prerequisites"
|
||||
conditions.MarkReconciling(obj, meta.ProgressingReason, progressingMsg)
|
||||
conditions.MarkUnknown(obj, meta.ReadyCondition, meta.ProgressingReason, progressingMsg)
|
||||
// We set Ready=Unknown down below after we assess the readiness of dependencies and the source.
|
||||
conditions.MarkReconciling(obj, meta.ProgressingReason, "Fulfilling prerequisites")
|
||||
if err := patchHelper.Patch(ctx, obj, patch.WithOwnedConditions{Conditions: intreconcile.OwnedConditions}, patch.WithFieldOwner(r.FieldManager)); err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue