After downloading an artifact, compute its checksum and verify that it matches the original checksum advertised by source-controller.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Introduce `kustomize.toolkit.fluxcd.io/reconcile` annotation. When set to `disabled`, the controller will no longer apply changes from source, nor it will prune the annotated resource.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If decryption is not enabled, SOPS encrypted secrets will fail to apply with a validation error that doesn't give any hints. It's better to exit early and throw an error that tells users to enable decryption.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
testenv now supports provisioning users. Replace envtest with testenv.
Also, reorder the cleanup to stop the test environment before stopping
the file server to avoid anything in the cluster trying to connect to
the file server after it's stopped.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
In suite test, the context created by SetupSignalHandler() watches for
shutdown signal to cancel the context. This makes it possible to stop
the controllers by sending a kill signal that cancels the context.
This change allows controller context cancellation by creating another
context from SetupSignalHandler() context with a CancelFunc that's
called at the end of the test, instead of sending a kill signal.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When impersonation fails, emit an event with the stale objects and continue with the finalization as this is not a retryable error.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Set the healthiness status to progressing and specify the health check timeout in the condition message.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add `values.yaml` to the supported kubeconfig secret key names in order for SOPS to correctly detect the storage format based on the file extension.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When checking the health status of each declared resource, kstatus
might return nil for certain resources (for whatever reason). In that
case, this information is now conveyed in the health status event.
https://github.com/fluxcd/kustomize-controller/pull/374
Signed-off-by: Max Jonas Werner <mail@makk.es>
Whenever a health check times out now, the most recently collected
error for each resource will be printed as part of the error message.
This excludes errors for those resources for which no error was
reported in the last update. This is because whenever a timeout
occurs, an error is reported on ALL resources, even those that have
been seen as healthy before.
Also, this commit causes all successfully checked resources to be
omitted in the error event.
Signed-off-by: Max Jonas Werner <mail@makk.es>