Changes made due to breaking changes in controller-runtime:
* `Watches` accepts a plain `client.Object` instead of a `source.Kind`
object.
* Some fields in `controller.Options` are now in `config.Controller` which
is embedded in `controller.Options`.
* `handler.MapFunc` now accepts a context.
* `ctrlcache.Options` uses `ByObject` instead of `SelectorByObject`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This uses the newly introduced helper from runtime, which also
configures the logger for `klog`.
Resulting in all logs now being properly formatted, even when logged by
internal Kubernetes elements like the leader election or a dynamic
client.
The update from `fluxcd/pkg/runtime` from `v0.29.0` to `v0.31.0` in
addition includes a change which configures the event recoder to only
log on level `trace` (as opposed to `debug`).
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit allows the disabling of the caching cluster reader used by
the status poller while waiting and/or checking the health of resources.
Potentially reducing the memory usage of the controller on large scale
clusters, at the cost of an increase in direct API calls.
The feature can be enabled using
`--feature-gates=DisableStatusPollerCache=true`.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
You can re-enable caching by starting the controller with the argument
`--feature-gates=CacheSecretsAndConfigMaps=true`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Add an optional flag for disabling remote bases. While the `--no-remote-bases` is set to `false` by default, Flux users are encouraged to enable it on production system for security and performance reasons. Using Kustomize remote bases means that kustomize-controller must clone the remote repositories on every reconciliation instead of using the source-controller artifacts cache. Allowing remote bases on multi-tenant clusters, means platform admins have no control over which repositories make up the desired state.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Two new flags were added to allow users to enable the
use of user.Exec and InsecureTLS in the kubeconfigs
provided remote apply reconciliations.
Breaking change: both functionalities are no longer
enabled by default.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Co-authored-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace references to sources.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Using the helper from `pkg/runtime/pprof`, which follows the suggestion
from controller-runtime to use `AddMetricsExtraHandler`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This prevents the resources from getting annotated, and instead uses
the `handler.EnqueueRequestsFromMapFunc` to queue requests based on
changes to the source objects.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The reconcileAt annotation and the predicate that recognises it are
now in fluxcd/pkg/runtime. This removes (near) duplicate definitions
in favour of using those.
Stefan Prodan
Sanskar Jaiswal
Hidde Beydals
Hidde Beydals
Somtochi Onyekwere
York Chen
Sanskar Jaiswal
Paulo Gomes
David Quagebeur
playertwo
Michael Bridgen
Philip Laine