After downloading an artifact, compute its checksum and verify that it matches the original checksum advertised by source-controller.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Introduce `kustomize.toolkit.fluxcd.io/reconcile` annotation. When set to `disabled`, the controller will no longer apply changes from source, nor it will prune the annotated resource.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If decryption is not enabled, SOPS encrypted secrets will fail to apply with a validation error that doesn't give any hints. It's better to exit early and throw an error that tells users to enable decryption.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When impersonation fails, emit an event with the stale objects and continue with the finalization as this is not a retryable error.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Set the healthiness status to progressing and specify the health check timeout in the condition message.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Reduce the log level from error to info to match the level of the event.
Signed-off-by: Allen Porter <allen.porter@gmail.com>
Signed-off-by: Allen Porter <allen@thebends.org>
This should give users some guidance when `kubectl apply` itself does
not give any useful output back itself, till date only observed when
it times out waiting.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Allow passing --force to kubectl apply. Useful when dealing with
immutable field changes in resources.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
- record the last health assessment result in a dedicated status condition
- use the condition status when issuing events to prevent notifications spam
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Log the reconciliation error instead of returning it, so that controller-runtime doesn't requeue immediately. Reconciliation failures should be scheduled at the specified retry interval.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
To include a bug fix to the `ReconcilateAtChangedPredicate`
and renaming to `ReconcileRequestedPredicate`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Paulo Gomes
Stefan Prodan
Rishabh Bohra
Somtochi Onyekwere
Michal Schott
Jodok Batlogg
Hidehito Yabuuchi
Chanwit Kaewkasi
Allen Porter
Hidde Beydals
Florian Richter
Aurel Canciu
Laszlo Fogas
Christian Hernvall