This adds a `--interval-jitter-percentage` flag to the controller to
add a +/- percentage jitter to the interval defined in resources
(defaults to 10%).
Effectively, this results in a reconcilation every 4.5 - 5.5 minutes
for a resource with an interval of 5 minutes.
Main reason to add this change is to mitigate spikes in memory and
CPU usage caused by many resources being configured with the same
interval.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
If implemented user will be able to provide their own custom start and
bypass tls verification when interacting with OCI registries over https
to pull helmCharts.
Signed-off-by: Soule BA <soule@weave.works>
- github.com/Azure/azure-sdk-for-go/sdk/azcore to v1.7.0
- github.com/Azure/azure-sdk-for-go/sdk/storage/azblob to v1.1.0
- github.com/distribution/distribution/v3 to v3.0.0-20230802173126-807a836852c0
- github.com/docker/cli to v24.0.5+incompatible
- github.com/fluxcd/pkg/apis/event to v0.5.2
- github.com/fluxcd/pkg/apis/meta to v1.1.2
- github.com/fluxcd/pkg/git to v0.12.4
- github.com/fluxcd/pkg/gittestserver to v0.8.5
- github.com/fluxcd/pkg/helmtestserver to v0.13.2
- github.com/fluxcd/pkg/oci to v0.30.1
- github.com/fluxcd/pkg/runtime to v0.41.0
- github.com/fluxcd/pkg/sourceignore to v0.3.5
- github.com/fluxcd/pkg/ssh to v0.8.1
- github.com/fluxcd/source-controller/api to v1.0.1
- github.com/google/go-containerregistry to v0.16.1
- github.com/google/go-containerregistry/pkg/authn/k8schain to v0.0.0-20230802205906-a54d64203cff
- github.com/minio/minio-go/v7 to v7.0.61
- github.com/onsi/gomega to v1.27.10
- github.com/opencontainers/go-digest/blake3 to v0.0.0-20230801144141-122dc6384261
- golang.org/x/crypto to v0.12.0
- google.golang.org/api to v0.134.0
- helm.sh/helm/v3 to v3.12.2
- k8s.io/api to v0.27.4
- k8s.io/apimachinery to v0.27.4
- k8s.io/client-go to v0.27.4
- sigs.k8s.io/cli-utils to v0.35.0
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
In Reconcile() methods, move the object deletion above add finalizer.
Finalizers can't be set when an object is being deleted.
Introduce a cacheless client in suite_test to use for testing this
change. It ensures that the Reconcile() call always operates on the
latest version of the object which has the deletion timestamp and
existing finalizer.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Add tests to test Cosign support for insecure registries. Furthermore,
refactor OCI test utils to be more user friendly and enable accurate
testing of HTTPS and HTTP OCI registries by circumnavigating Docker's
automatic connection downgrade for registries hosted on localhost.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add support for verifying insecure HTTP OCI repositories with cosign. If
`.spec.insecure` set to true, then cosign uses plain HTTP connections to
communicate with the registry.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add support for specifying TLS auth data via `.spec.certSecretRef` in
HelmRepository and log a deprecation warning if TLS is configured via
`.spec.secretRef`. Introduce (and refactor) Helm client builder and
auth helpers to reduce duplicated code and increase uniformity and
testability.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.certSecretRef` to HelmRepository for specifying TLS auth data
in a secret using the `certFile`, `caFile` and `keyFile` keys. Mark
support for these keys in the secret specified in `.spec.secretRef` as
deprecated.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Add `.spec.proxySecretRef.name` to the `GitRepository` API to allow
referencing a secret containing the proxy settings to be used for all
remote Git operations for the particular `GitRepository` object.
It takes precedence over any proxy configured through enviornment
variables.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This allows GitHub Action workflows to be triggered for the PR created
by the bot.
As things are now triggered by the bot, elevated permissions of the
workflow itself are no longer required.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Hidde Beydals
Hidde Beydals
Somtochi Onyekwere
Stefan Prodan
Soule BA
Max Jonas Werner
dependabot[bot]
Sunny
Sanskar Jaiswal
Aurel Canciu