Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Setup new flag to allow overriding additional managers and pass this data to the KustomizationReconciler instance
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Update field name to be more specific
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Luke Mallon <luke@mallon.ie>
Update the remaining fieldManagers vars to match the new definition
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Change AdditionalFieldManagers to DisallowedFieldManagers
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Add unit test to cover the new disallowed field manager change
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Use correct variable in the final Run
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Undo the timeout multiplication
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Update internal/controller/kustomization_disallowed_managers_test.go
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Luke Mallon <luke@mallon.ie>
Check for we're not getting errors on the Patch calls and remove the eventually as not needed here
Signed-off-by: Luke Mallon (Nalum) <luke@mallon.ie>
Update main.go
Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: Luke Mallon <luke@mallon.ie>
- Update ``sigs.k8s.io/kustomize` to v5.2.1
- Update `k8s.io` packages to v0.28.4
- Update `sigs.k8s.io/controller-runtime` to v0.16.3 and adapt to breaking changes
- Switch from `sigs.k8s.io/cli-utils` to `github.com/fluxcd/cli-utils`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This flag can be used to set the number of concurrent server-side apply operations.
Defaults to 4 concurrent operations per reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
The metrics helper now accepts owned finalizers to determine if an
object is no longer managed by the controller and is being deleted, and
deletes the metrics associated with the object.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add a `--interval-jitter-percentage` flag to the controller to
add a +/- percentage jitter to the `Kustomization.spec.interval`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Fail the health check as soon as a resource becomes stalled
without waiting for the timeout to expire.
This behavior can be disabled using the `DisableFailFastBehavior` feature flag.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Changes made due to breaking changes in controller-runtime:
* `Watches` accepts a plain `client.Object` instead of a `source.Kind`
object.
* Some fields in `controller.Options` are now in `config.Controller` which
is embedded in `controller.Options`.
* `handler.MapFunc` now accepts a context.
* `ctrlcache.Options` uses `ByObject` instead of `SelectorByObject`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This uses the newly introduced helper from runtime, which also
configures the logger for `klog`.
Resulting in all logs now being properly formatted, even when logged by
internal Kubernetes elements like the leader election or a dynamic
client.
The update from `fluxcd/pkg/runtime` from `v0.29.0` to `v0.31.0` in
addition includes a change which configures the event recoder to only
log on level `trace` (as opposed to `debug`).
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit allows the disabling of the caching cluster reader used by
the status poller while waiting and/or checking the health of resources.
Potentially reducing the memory usage of the controller on large scale
clusters, at the cost of an increase in direct API calls.
The feature can be enabled using
`--feature-gates=DisableStatusPollerCache=true`.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
You can re-enable caching by starting the controller with the argument
`--feature-gates=CacheSecretsAndConfigMaps=true`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Add an optional flag for disabling remote bases. While the `--no-remote-bases` is set to `false` by default, Flux users are encouraged to enable it on production system for security and performance reasons. Using Kustomize remote bases means that kustomize-controller must clone the remote repositories on every reconciliation instead of using the source-controller artifacts cache. Allowing remote bases on multi-tenant clusters, means platform admins have no control over which repositories make up the desired state.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Two new flags were added to allow users to enable the
use of user.Exec and InsecureTLS in the kubeconfigs
provided remote apply reconciliations.
Breaking change: both functionalities are no longer
enabled by default.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Co-authored-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace references to sources.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Using the helper from `pkg/runtime/pprof`, which follows the suggestion
from controller-runtime to use `AddMetricsExtraHandler`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Matheus Pimenta
Stefan Prodan
Daniel Brown
Luke Mallon (Nalum)
Hidde Beydals
Sunny
Sanskar Jaiswal
Hidde Beydals
Somtochi Onyekwere
York Chen
Sanskar Jaiswal
Paulo Gomes
David Quagebeur
playertwo