Dependencies updated:
- cloud.google.com/go/storage to version 1.25.0.
- github.com/Azure/azure-sdk-for-go/sdk/azcore to version 1.1.2.
- github.com/ProtonMail/go-crypto to version 0.0.0-20220812175011-7fcef0dbe794.
- github.com/distribution/distribution/v3 to version 3.0.0-20220816150328-6c237953cbbe.
- github.com/fluxcd/gitkit to version 0.6.0.
- github.com/fluxcd/pkg/gittestserver to version 0.6.0.
- github.com/fluxcd/pkg/oci to version 0.5.1.
- github.com/google/go-containerregistry to version 0.11.0.
- github.com/google/go-containerregistry/pkg/authn/k8schain to version 0.0.0-20220808030257-7196cf3dc436.
- github.com/minio/minio-go/v7 to version 7.0.34.
- github.com/onsi/gomega to version 1.20.0.
- github.com/prometheus/client_golang to version 1.13.0.
- golang.org/x/crypto to version 0.0.0-20220722155217-630584e8d5aa.
- golang.org/x/net to version 0.0.0-20220812174116-3211cb980234.
- golang.org/x/sync to version 0.0.0-20220722155255-886fb9371eb4.
- google.golang.org/api to version 0.93.0.
- helm.sh/helm/v3 to version 3.9.3.
- k8s.io/api to version 0.24.3.
- k8s.io/apimachinery to version 0.24.3.
- k8s.io/client-go to version 0.24.3.
- k8s.io/utils to version 0.0.0-20220812165043-ad590609e2e5.
Replace removed for gopkg.in/yaml.v3@v3.0.1 and github.com/containerd/containerd@v1.6.6,
as they no longer need to be enforced.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Use of MUSL was a temporary solution to mitigate cross-platform
issues while building openssl and libssh2. Since Unmanaged transport has
been deprecated, openssl and libssh2 dependencies are no longer required
and by extension MUSL.
Enables libgit2 threadless support and provides a regression assurance
for fluxcd/image-automation-controller#339.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- cloud.google.com/go/storage to version 1.23.0.
- github.com/ProtonMail/go-crypto to version 0.0.0-20220623141421-5afb4c282135.
- github.com/distribution/distribution/v3 to version 3.0.0-20220702071910-8857a1948739.
- github.com/minio/minio-go/v7 to version 7.0.31.
- golang.org/x/crypto to version 0.0.0-20220622213112-05595931fe9d.
- golang.org/x/net to version 0.0.0-20220706163947-c90051bbdb60.
- google.golang.org/api to version 0.86.0.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- github.com/fluxcd/pkg/apis/meta to version 0.14.2.
- github.com/fluxcd/pkg/runtime to version 0.16.2.
- google.golang.org/api to version 0.83.0.
- k8s.io/api to version 0.24.1.
- github.com/fluxcd/pkg/apis/meta to version 0.14.2.
- k8s.io/apimachinery to version 0.24.1.
- github.com/fluxcd/pkg/helmtestserver to version 0.7.4.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Earlier, host key verification could potentially fail if there were
multiple entries in the known_hosts file and if the intended encryption
algorithm wasn't the first entry. This happened because we used the same
hasher object to compute the sum of all the public keys present in the
known_hosts file, which led to invalid hashes, resulting in a mismatch
when compared with the hash of the advertised public key. This is fixed,
by not creating the hasher ourselves and instead delegating that to the
function actually doing the matching, ensuring that a new hasher is used
for each comparison.
Regression introduced in v0.25.0 and reported in
https://github.com/fluxcd/image-automation-controller/issues/378
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
- github.com/distribution/distribution/v3 to version 3.0.0-20220526142353-ffbd94cbe269.
- github.com/docker/cli to version 20.10.17+incompatible.
- github.com/elazarl/goproxy to version 0.0.0-20220529153421-8ea89ba92021.
- github.com/fluxcd/pkg/gittestserver to version 0.5.4.
- github.com/fluxcd/pkg/helmtestserver to version 0.7.3.
- github.com/fluxcd/pkg/ssh to version 0.4.1.
- github.com/minio/minio-go/v7 to version 7.0.27.
- golang.org/x/crypto to version 0.0.0-20220525230936-793ad666bf5e.
- golang.org/x/net to version 0.0.0-20220607020251-c690dde0001d.
- golang.org/x/sync to version 0.0.0-20220601150217-0de741cfad7f.
- google.golang.org/api to version 0.82.0.
- github.com/containerd/containerd to version v1.6.6.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- cloud.google.com/go/storage to v1.22.1
- github.com/ProtonMail/go-crypto to v0.0.0-20220517143526-88bb52951d5b
- github.com/distribution/distribution/v3 to v3.0.0-20220516112011-c202b9b0d7b7
- github.com/docker/cli to v20.10.16+incompatible
- github.com/fluxcd/gitkit to v0.5.1
- github.com/fluxcd/pkg/helmtestserver to v0.7.2
- github.com/fluxcd/pkg/ssh to v0.4.0
- github.com/phayes/freeport to v0.0.0-20220201140144-74d24b5ae9f5
- github.com/prometheus/client_golang to v1.12.2
- golang.org/x/crypto to v0.0.0-20220518034528-6f7dac969898
- golang.org/x/net to v0.0.0-20220524220425-1d687d428aca
- golang.org/x/sync to v0.0.0-20220513210516-0976fa681c29
- google.golang.org/api to v0.81.0
- sigs.k8s.io/cli-utils to v0.31.1
Signed-off-by: Hidde Beydals <hello@hidde.co>
- fluxcd/pkg/apis/meta v0.14.0
- fluxcd/pkg/runtime v0.16.0
- k8s.io/* v0.24.0
- helm.sh/helm/v3 v3.9.0-rc.1 (required by breaking changes in Kubernetes 1.24)
Note that fluxcd/pkg/runtime v0.16 comes with support for Kubernetes API Priority and Fairness feature.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
* Add OCI Helm support
* users will be able to declare OCI HelmRepository by using the `.spec.type` field of the HelmRepository API. Contrary to the HTTP/S HelmRepository no index.yaml is reconciled from source, instead a simple url and credentials validation is performed.
* For backwards-compatibility, an empty `.spec.type` field leads to the HelmRepository being treated as a plain old HTTP Helm repository.
* users will be able to declare the new OCI HelmRepository type as source using the .Spec.SourceRef field of the HelmChart API. This will result in reconciling a chart from an OCI repository.
* Add registryTestServer in the test suite and OCI HelmRepository test case
* Add a new OCI chart repository type that manage tags and charts from an OCI registry.
* Adapat RemoteBuilder to accept both repository types
* discard output from OCI registry client; The client has no way to set a verbosity level and spamming the controller logs with "Login succeeded" every time the object is reconciled doesn't help much.
Signed-off-by: Soule BA <soule@weave.works>
Signed-off-by: Max Jonas Werner <mail@makk.es>
Co-authored-by: Soule BA <soule@weave.works>
Hashed known_hosts was previously only supported when using
go-git. Now both Git implementations benefit from this
features, and the code coverage across them can ensure no
future regression.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Connection caching was a feature created to resolve
upstream issues raised from concurrent ssh connections.
Some scenarios were based on multiple key exchange
operations happening at the same time.
This PR removes the connection caching, and instead:
- Services Session.StdoutPipe() as soon as possible,
as it is a known source of blocking SSH connections.
- Reuse SSH connection within the same subtransport,
eliminating the need for new handshakes when talking
with the same server.
- Simplifies the entire transport logic for better
maintainability.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
OptimizedGitClones decreases resource utilization for GitRepository
reconciliations. It supports both go-git and libgit2 implementations
when cloning repositories using branches or tags.
This is an opt-out feature, which can be disabled by starting the
controller with the argument '--feature-gates=OptimizedGitClones=false'.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
- github.com/fluxcd/pkg/runtime to v0.14.2
- golang.org/x/crypto to v0.0.0-20220427172511-eb4f295cb31f
- google.golang.org/api to v0.77.0
- k8s.io/api to v0.23.6
- k8s.io/client-go to v0.23.6
Signed-off-by: Hidde Beydals <hello@hidde.co>
Paulo Gomes
Stefan Prodan
Somtochi Onyekwere
Philip Laine
Sunny
Soule BA
Sanskar Jaiswal
Hidde Beydals
Max Jonas Werner
Max Jonas Werner