Merge pull request #1503 from fluxcd/rc.4

Update docs to Flux RC.4

content/en/flux/cmd/_index.md

@@ -59,7 +59,7 @@ choco install flux
 To install the latest release on Linux, macOS or Windows WSL:
 
 ```bash
-curl -s https://fluxcd.io/install.sh | sudo bash
+curl -s https://fluxcd.io/install.sh | sudo FLUX_VERSION=2.0.0-rc.4 bash
 ```
 
 The [install script](https://raw.githubusercontent.com/fluxcd/flux2/main/install/flux.sh) does the following:
@@ -78,7 +78,7 @@ A container image with `kubectl` and `flux` is available on DockerHub and GitHub
 Example usage:
 
 ```console
-$ docker run -it --entrypoint=sh -v ~/.kube/config:/kubeconfig ghcr.io/fluxcd/flux-cli:v0.17.0 
+$ docker run -it --entrypoint=sh -v ~/.kube/config:/kubeconfig ghcr.io/fluxcd/flux-cli:v2.0.0-rc.4
 / # flux check --kubeconfig=kubeconfig
 ```
 

content/en/flux/components/kustomize/_index.md

@@ -15,7 +15,8 @@ workloads defined with Kubernetes manifests and assembled with Kustomize.
 Features:
 
 - Reconciles the cluster state from multiple sources (provided by source-controller)
-- Generates manifests with Kustomize (from plain Kubernetes yamls or Kustomize overlays)
+- Generates manifests with Kustomize (from plain Kubernetes YAMLs or Kustomize overlays)
+- Decrypts Kubernetes secrets with Mozilla SOPS and KMS
 - Validates manifests against Kubernetes API
 - Impersonates service accounts (multi-tenancy RBAC)  
 - Health assessment of the deployed workloads

content/en/flux/faq.md

@@ -340,17 +340,16 @@ spec:
 
 ### What is the behavior of Kustomize used by Flux?
 
-We referred to the **Kustomize v4** CLI flags here,
+We referred to the **Kustomize v5** CLI flags here,
 so that you can replicate the same behavior using `kustomize build`:
 
 - `---enable-alpha-plugins` is disabled by default, so it uses only the built-in plugins.
 - `--load-restrictor` is set to `LoadRestrictionsNone`, so it allows loading files outside the dir containing `kustomization.yaml`.
-- `--reorder` is set to `legacy`, so the output will have namespaces and cluster roles/role bindings first, CRDs before CRs, and webhooks last.
 
 To replicate the build and apply dry run locally:
 
 ```sh
-kustomize build --load-restrictor=LoadRestrictionsNone --reorder=legacy . \
+kustomize build --load-restrictor=LoadRestrictionsNone . \
 | kubectl apply --server-side --dry-run=server -f-
 ```
 

content/en/flux/gitops-toolkit/packages.md

@@ -43,12 +43,12 @@ import sourcev1 "github.com/fluxcd/source-controller/api/v1"
 
 API Types
 
-| Name | Version |
-|---|---|
-| [GitRepository](../components/source/gitrepositories.md) | v1 |
+| Name                                                       | Version |
+|------------------------------------------------------------|---------|
+| [GitRepository](../components/source/gitrepositories.md)   | v1      |
 | [HelmRepository](../components/source/helmrepositories.md) | v1beta2 |
-| [HelmChart](../components/source/helmcharts.md) | v1beta2 |
-| [Bucket](../components/source/buckets.md) | v1beta2 |
+| [HelmChart](../components/source/helmcharts.md)            | v1beta2 |
+| [Bucket](../components/source/buckets.md)                  | v1beta2 |
 
 ### kustomize.toolkit.fluxcd.io
 
@@ -66,9 +66,9 @@ import kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
 
 API Types
 
-| Name | Version |
-|---|---|
-| [Kustomization](../components/kustomize/kustomization.md) | v1 |
+| Name                                                      | Version |
+|-----------------------------------------------------------|---------|
+| [Kustomization](../components/kustomize/kustomization.md) | v1      |
 
 ### helm.toolkit.fluxcd.io
 
@@ -86,8 +86,8 @@ import helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 
 API Types
 
-| Name | Version |
-|---|---|
+| Name                                              | Version |
+|---------------------------------------------------|---------|
 | [HelmRelease](../components/helm/helmreleases.md) | v2beta1 |
 
 ### notification.toolkit.fluxcd.io
@@ -112,11 +112,11 @@ import notificationv1 "github.com/fluxcd/notification-controller/api/v1"
 
 API Types
 
-| Name | Version |
-|---|---|
-| [Receiver](../components/notification/receiver.md) | v1 |
+| Name                                               | Version |
+|----------------------------------------------------|---------|
+| [Receiver](../components/notification/receiver.md) | v1      |
 | [Provider](../components/notification/provider.md) | v1beta2 |
-| [Alert](../components/notification/alert.md) | v1beta2 |
+| [Alert](../components/notification/alert.md)       | v1beta2 |
 
 ### image.toolkit.fluxcd.io
 
@@ -138,10 +138,10 @@ import (
 
 API Types
 
-| Name | Version |
-|---|---|
-| [ImageRepository](../components/image/imagerepositories.md) | v1beta2 |
-| [ImagePolicy](../components/image/imagepolicies.md) | v1beta2 |
+| Name                                                                   | Version |
+|------------------------------------------------------------------------|---------|
+| [ImageRepository](../components/image/imagerepositories.md)            | v1beta2 |
+| [ImagePolicy](../components/image/imagepolicies.md)                    | v1beta2 |
 | [ImageUpdateAutomation](../components/image/imageupdateautomations.md) | v1beta1 |
 
 ## CRUD Example

content/en/flux/guides/cron-job-image-auth.md

@@ -309,7 +309,7 @@ our desired Namespace.
 Create a directory in your control repository and save this `kustomization.yaml`:
 ```yaml
 # kustomization.yaml
-apiVersion: kustomize.config.k8s.io/v1
+apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - https://github.com/fluxcd/flux2/manifests/integrations/registry-credentials-sync/azure?ref=main

content/en/flux/guides/helmreleases.md

@@ -349,7 +349,7 @@ spec:
 Create a `kustomization.yaml` that generates the `ConfigMap` using our kustomize config:
 
 ```yaml
-apiVersion: kustomize.config.k8s.io/v1
+apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: podinfo
 resources:
@@ -436,7 +436,7 @@ Kustomize configuration.
 Create a `kustomization.yaml` that generates the `Secret`:
 
 ```yaml
-apiVersion: kustomize.config.k8s.io/v1
+apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: podinfo
 resources:
@@ -553,23 +553,22 @@ release:
 
 ```yaml
 apiVersion: notification.toolkit.fluxcd.io/v1beta2
-  kind: Alert
-  metadata:
-    generation: 2
-    name: helm-podinfo
-    namespace: flux-system
-  spec:
-    providerRef:
-      name: slack
-    eventSeverity: info
-    eventSources:
-    - kind: HelmRepository
-      name: podinfo
-    - kind: HelmChart
-      name: default-podinfo
-    - kind: HelmRelease
-      name: podinfo
-      namespace: default
+kind: Alert
+metadata:
+  name: helm-podinfo
+  namespace: flux-system
+spec:
+  providerRef:
+    name: slack
+  eventSeverity: info
+  eventSources:
+  - kind: HelmRepository
+    name: podinfo
+  - kind: HelmChart
+    name: default-podinfo
+  - kind: HelmRelease
+    name: podinfo
+    namespace: default
 ```
 
 ![helm-controller alerts](/img/helm-controller-alerts.png)

content/en/flux/guides/image-update.md

@@ -64,6 +64,8 @@ export GITHUB_USER=<your-username>
 If you bootstrapped Flux before, you need to add
 `--components-extra=image-reflector-controller,image-automation-controller` to your
 bootstrapping routine as image automation components are not installed by default.
+Please note that you need to delete the `flux-system` secret before rerunning bootstrap
+to [rotate the deploy key](../installation.md#deploy-key-rotation).
 {{% /alert %}}
 
 Install Flux with the image automation components:
@@ -445,7 +447,7 @@ spec:
 Kustomize config (`kustomization.yaml`) example:
 
 ```yaml
-apiVersion: kustomize.config.k8s.io/v1
+apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - deployment.yaml

content/en/flux/guides/mozilla-sops.md

@@ -2,7 +2,7 @@
 title: "Manage Kubernetes secrets with Mozilla SOPS"
 linkTitle: "Mozilla SOPS"
 description: "Manage Kubernetes secrets with Mozilla SOPS, OpenPGP, Age and Cloud KMS."
-weight: 70
+weight: 60
 ---
 
 In order to store secrets safely in a public or private Git repository, you can use

content/en/flux/guides/sealed-secrets.md

@@ -2,7 +2,7 @@
 title: "Sealed Secrets"
 linkTitle: "Sealed Secrets"
 description: "Manage Kubernetes secrets with Bitnami sealed-secrets controller."
-weight: 60
+weight: 70
 ---
 
 In order to store secrets safely in a public or private Git repository, you can use

content/en/flux/installation.md

@@ -13,13 +13,17 @@ You will need a Kubernetes cluster that matches one of the following versions:
 
 | Kubernetes version | Minimum required |
 |--------------------|------------------|
-| `v1.20`            | `>= 1.20.6`      |
-| `v1.21`            | `>= 1.21.0`      |
-| `v1.22`            | `>= 1.22.0`      |
-| `v1.23` and later  | `>= 1.23.0`      |
+| `v1.23`            | `>= 1.23.0`      |
+| `v1.24`            | `>= 1.24.0`      |
+| `v1.25`            | `>= 1.25.0`      |
+| `v1.26`            | `>= 1.26.0`      |
+| `v1.27` and later  | `>= 1.27.1`      |
 
-Note that Flux may work on Kubernetes 1.19,
-but we don't recommend running EOL versions in production.
+{{% alert color="info" title="Kubernetes EOL" %}}
+Note that Flux may work on older versions of Kubernetes e.g. 1.19,
+but we don't recommend running [EOL versions](https://endoflife.date/kubernetes)
+in production nor do we offer support for these versions.
+{{% /alert %}}
 
 ## Install the Flux CLI
 
@@ -419,18 +423,18 @@ List all container images:
 ```sh
 $ flux install --export | grep ghcr.io
 
-image: ghcr.io/fluxcd/helm-controller:v0.8.0
-image: ghcr.io/fluxcd/kustomize-controller:v0.9.0
-image: ghcr.io/fluxcd/notification-controller:v0.9.0
-image: ghcr.io/fluxcd/source-controller:v0.9.0
+image: ghcr.io/fluxcd/helm-controller:v2.0.0-rc.4
+image: ghcr.io/fluxcd/kustomize-controller:v2.0.0-rc.4
+image: ghcr.io/fluxcd/notification-controller:v2.0.0-rc.4
+image: ghcr.io/fluxcd/source-controller:v2.0.0-rc.4
 ```
 
 Pull the images locally and push them to your container registry:
 
 ```sh
-docker pull ghcr.io/fluxcd/source-controller:v0.9.0
-docker tag ghcr.io/fluxcd/source-controller:v0.9.0 registry.internal/fluxcd/source-controller:v0.9.0
-docker push registry.internal/fluxcd/source-controller:v0.9.0
+docker pull ghcr.io/fluxcd/source-controller:v2.0.0-rc.4
+docker tag ghcr.io/fluxcd/source-controller:v2.0.0-rc.4 registry.internal/fluxcd/source-controller:v2.0.0-rc.4
+docker push registry.internal/fluxcd/source-controller:v2.0.0-rc.4
 ```
 
 Copy `flux` binary to a computer with access to your air-gapped cluster,
@@ -652,6 +656,7 @@ flux create helmrelease nginx \
 
 There are several reasons you may want to rotate the deploy key:
 
+- The token used to generate the key has expired.
 - The key has been compromised.
 - You want to change the scope of the key, e.g. to allow write access using the `--read-write-key` flag to `flux bootstrap`.
 
@@ -664,8 +669,6 @@ To rotate the SSH key generated at bootstrap, first delete the secret from the c
 kubectl -n flux-system delete secret flux-system
 ```
 
-
-
 Then you have two alternatives to generate a new key:
 
 1. Generate a new secret with

content/en/roadmap.md

@@ -69,9 +69,9 @@ The completion of this milestone will be marked by the `v2.0.0` release of the F
   - [x] `gitrepositories.source.toolkit.fluxcd.io` API specification
   - [x] `kustomizations.kustomize.toolkit.fluxcd.io` API specification
 
-- [ ] Kustomize v5 support
-  - [ ] [Update Flux controllers to Kustomize v5.0](https://github.com/fluxcd/flux2/issues/3564)
-  - [ ] [Update Kubernetes to 1.27.2](https://github.com/fluxcd/pkg/pull/534)
+- [x] Kustomize v5 support
+  - [x] [Update Flux controllers to Kustomize v5.0](https://github.com/fluxcd/flux2/issues/3564)
+  - [x] [Update Kubernetes to 1.27.2](https://github.com/fluxcd/pkg/pull/534)
 
 ### Flux Helm GA (Q3 2023)