Check the auth secret for the `ca.crt` key for CA certificate data.
`ca.crt` takes precdence over `caFile`.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.
Deprecate the usage of `caFile`, `certFile` and `keyFile` keys.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Update `github.com/fluxcd/pkg/oci` to v0.31.o which comes with support for Azure China and US Gov regions when pulling OCI artifacts.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add support for verifying tags and optionally the commit object it
points to. Modify the reconciler to trigger a full reconciliation if the
object contains a verification configuration that implies that we need
to verify one (or more) Git objects that we haven't previosuly verified.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add three new verification modes for `.spec.verify.mode`:
* `HEAD`: Verify the commit that the HEAD of the repo points to after
checking out to the ref specified in `.spec.ref`. Its the same as
`head`, which cannot be removed due to backwards compatibility
reasons and is converted to `HEAD` internally.
* `Tag`: Verify the tag referred to by `.spec.ref.tag`.
* `TagAndHEAD`: Verify the tag referred to by `.spec.ref.tag` and the
commit that the tag points to.
The default is `HEAD`, to ensure backwards compatibility.
Furthermore, add `.status.sourceVerificationMode` to record the last
successful verification mode used.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Move record suspend metrics next to readiness and duration metrics so
that it gets recorded along with others always at the end and the
metrics delete, which requires the knowledge of deleted finalizers,
applies to suspend too.
HelmRepository cache event metrics for a given helmrepo also continues
to be exported even after the object is deleted. This change deletes
the cache event metrics when the object is deleted.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
- github.com/distribution/distribution/v3 to v3.0.0-20230808081639-69fe1690134c
- github.com/sigstore/sigstore to v1.7.2
- google.golang.org/api to v0.136.0
- helm.sh/helm/v3 to v3.12.3
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This adds a `--interval-jitter-percentage` flag to the controller to
add a +/- percentage jitter to the interval defined in resources
(defaults to 10%).
Effectively, this results in a reconcilation every 4.5 - 5.5 minutes
for a resource with an interval of 5 minutes.
Main reason to add this change is to mitigate spikes in memory and
CPU usage caused by many resources being configured with the same
interval.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
If implemented user will be able to provide their own custom start and
bypass tls verification when interacting with OCI registries over https
to pull helmCharts.
Signed-off-by: Soule BA <soule@weave.works>
- github.com/Azure/azure-sdk-for-go/sdk/azcore to v1.7.0
- github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v1.1.0
- github.com/distribution/distribution/v3 to v3.0.0-20230802173126-807a836852c0
- github.com/docker/cli to v24.0.5+incompatible
- github.com/fluxcd/pkg/apis/event to v0.5.2
- github.com/fluxcd/pkg/apis/meta to v1.1.2
- github.com/fluxcd/pkg/git to v0.12.4
- github.com/fluxcd/pkg/gittestserver to v0.8.5
- github.com/fluxcd/pkg/helmtestserver to v0.13.2
- github.com/fluxcd/pkg/oci to v0.30.1
- github.com/fluxcd/pkg/runtime to v0.41.0
- github.com/fluxcd/pkg/sourceignore to v0.3.5
- github.com/fluxcd/pkg/ssh to v0.8.1
- github.com/fluxcd/source-controller/api to v1.0.1
- github.com/google/go-containerregistry to v0.16.1
- github.com/google/go-containerregistry/pkg/authn/k8schain to v0.0.0-20230802205906-a54d64203cff
- github.com/minio/minio-go/v7 to v7.0.61
- github.com/onsi/gomega to v1.27.10
- github.com/opencontainers/go-digest/blake3 to v0.0.0-20230801144141-122dc6384261
- golang.org/x/crypto to v0.12.0
- google.golang.org/api to v0.134.0
- helm.sh/helm/v3 to v3.12.2
- k8s.io/api to v0.27.4
- k8s.io/apimachinery to v0.27.4
- k8s.io/client-go to v0.27.4
- sigs.k8s.io/cli-utils to v0.35.0
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Sanskar Jaiswal
Stefan Prodan
Somtochi Onyekwere
Kingdon Barrett
Max Jonas Werner
dependabot[bot]
Sunny
Hidde Beydals
Hidde Beydals
Soule BA