Fixes https://github.com/fluxcd/image-reflector-controller/issues/225
This PR adds a finalizer to the ImagePolicy and ImageRepository resources. This is to properly record the Deleted reconciliation status when the object is deleted from the cluster. Without this change, the resource would be deleted before the image reflector controller has a chance to properly report the resource's status in the metrics. As a result, end-users may see falsely reported metrics.
Signed-off-by: Kaden Nelson <kaden_l_nelson@apple.com>
- fluxcd/pkg/apis/meta v0.14.0
- fluxcd/pkg/runtime v0.16.0
- k8s.io/* v0.24.0
- aws/aws-sdk-go v1.44.11
Note that fluxcd/pkg/runtime v0.16 comes with support for Kubernetes API Priority and Fairness feature.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
ExlusionList specifies a list of regex expressions, which is used to
filter out unwanted tags from being stored in the database. If the list
is empty, by default all tags ending with `.sig` are ignored.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Follow up on #235 to fully implement new tooling requirements. By
implementing the interfaces, the `conditions` package can now be used.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit replaces the local ACL-related API types, and the func for
checking access, with their standarised forms in fluxcd/pkg/apis/acl
and fluxcd/pkg/runtime/acl respectively.
The test case for "When the ACL is empty, it denies access" needed
adjustment because the zero value of acl.AccessFrom is not valid -- it
needs an explicit list of namespace selectors. Providing `nil` in the
test case is the equivalent of providing a zero value.
Signed-off-by: Michael Bridgen <michael@weave.works>
This ensures tools like `kstatus` do not consider the resource to be in
a `Ready` state premataturely due to `generation` and
`observedGeneration` equaling to `0` for a short period of time.
Signed-off-by: Tom Huang <tom.huang@weave.works>
- add `AccessFrom` to ImageRepositorySpec for granting cross-namespace access to repositories
- change `ImageRepositoryRef` type from local reference to namespaced reference
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The schema is the same, which means this is a case of
- copying over the type definitions;
- changing the "stored" CRD version;
- giving a CRD conversion of None, meaning just change the apiVersion;
- using the new API package in the controller code;
- moving the API docs to v1beta1
Signed-off-by: Michael Bridgen <michael@weave.works>
The image automation part of the API has changed structure (see [1]),
and had a version bump from `v1alpha1` to `v1alpha2`. Since the types
here are also in `image.toolkit.fluxcd.io`, there will be less
complication if they also get a version bump even though they aren't
changing.
[1] https://github.com/fluxcd/image-automation-controller/pull/139
Signed-off-by: Michael Bridgen <michael@weave.works>
Converts the given list of tags to floats and compares them based on the
ordering rule.
If a tag is not convertible, it will err and fail to compute the latest
version.
Fixes#102
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
This comes with less baggage than the corev1 original.
(While I was here, I updated the fallback controller-gen version to
0.4.1, which gives much better error messages.)
Signed-off-by: Michael Bridgen <michael@weave.works>
This implements the design in #89, so you can provide a TLS
certificate and key to use for authentication; and, a CA certificate
for when you are using self-signed certs.
Unlike other GOTK controllers, the certificate secret is separate to
the credentials secret. This is because the credentials secret is more
likely to be a dockerconfigjson secret (i.e., created with
docker create secret docker-registry ...
or its equivalent).
Signed-off-by: Michael Bridgen <michael@weave.works>
Tag regex filtering allows the user to filter tags based on a regular
expression pattern and enables tag version extraction through capture
group replacement reference.
Fixes#73
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
This commit upgrades the `controller-runtime` dependency to `v0.7.0`,
including all changes required to make all wiring work again.
- Upgrade `runtime` to v0.6.0 to include `controller-runtime` changes.
- Logger has been removed from the reconciler, and is now retrieved
from the `context.Context` passed to the `Reconcile` method and
downwards functions.
- Logger configuration flags are now bound to the flag set using
`BindFlags` from `runtime/logger`, ensuring the same contract across
GitOps Toolkit controllers, and the `--log-json` flag has been
deprecated in favour of the `--log-encoding=json` default.
- The `ChangePredicate` from `runtime` has changed to a
`ReconcilateAtChangedPredicate`, and is now chained with the
`GenerationChangedPredicate` from `controller-runtime` using
`predicate.Or`.
- Signatures that made use of `runtime.Object` have changed to
`client.Object`, removing the requirement to e.g. call
`runtime.Object#Object`.
- The `leader-election-role` was changed, as leader election now works
via the `coordination/v1` API.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This implementation allows one to set a `MatchTagPrefix` to filter a
list of tags and/or use `Order` to set the ordering rule by which tags
are evaluated.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
This adds the conventional Conditions field to the ImagePolicy status,
and sets the status in the controller as well as reporting readiness
metrics.
Signed-off-by: Michael Bridgen <michael@weave.works>
The zero value of an ImageRepositoryStatus includes a struct value in
LastScanResult, which prevents it from being omitted when
serialised. The effect is that a freshly-constructed ImageRepository
will serialise like this:
```yaml
apiVersion: image.toolkit.fluxcd.io/v1alpha1
kind: ImageRepository
metadata:
name: foobar
namespace: flux-system
spec:
image: alpine
interval: 1m0s
status:
lastScanResult:
tagCount: 0
```
This commit changes the LastScanResult field to a pointer
type, so it can be `nil` when not set.
The ScanTime field is changed from a pointer to a value, since it
should be present in any scan result.
Signed-off-by: Michael Bridgen <michael@weave.works>
This is an attempt to bring the api and controller logic closer to what
the other controller components already have set as patterns.
1. Adopt the k8s standard Condition type.
2. Rename `ScanInterval` to `Interval` to be consistent with the
`Interval` attribute other Spec types have defined, translating to
reconciliation interval. This attribute is now required.
3. Add `ScanTime` attribute to the `ScanResult` type, enabling keeping
track of the last successful scan execution. Use this value for scan
frequency throttling.
4. Add optional `Timeout` attribute to allow custom scan timeout
handling. The default value is equal to that of the `Interval` attr.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
This commit adds a field to the ImageRepository spec for referring to
a secret containing credentials. The credentials are then available to
use for scanning the registry.
Signed-off-by: Michael Bridgen <michael@weave.works>
Kaden Nelson
Stefan Prodan
Paulo Gomes
Sanskar Jaiswal
Rashed Kamal
Hidde Beydals
Sunny
Michael Bridgen
Aurel Canciu
Tom Huang