Flux: April 2023 Update

Cross-posted from April 2023 Update | Flux

April 2023 Update

As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here.

It’s the beginning of May 2023 - let’s recap together what happened in April - it has been a lot!

News in the Flux family

Flux v2.0.0 release candidate

This is the first release candidate of Flux v2.0 GA :tada:.

Users are encouraged to upgrade for the best experience. We also very much welcome feedback!

Flux v2.0.0-rc.1 comes with the promotion of the GitOps related APIs to v1 and adds horizontal scaling & sharding capabilities to Flux controllers.

In addition, RC.1 comes with support for auth with Azure Workload Identity when pulling OCI artifacts from ACR and when decrypting secret with Azure Vault. Also, Bootstrap for GitLab was extended with support for generating GitLab Deploy Tokens.

Big thanks to all the Flux contributors that helped us with this release!

And a special shoutout to the GitLab team for their first contribution to Flux!

This release brings API changes we want to highlight here:

  • GitRepository v1
  • Kustomization v1
  • Receiverv1

The GitRepository kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed. The v1 API is backwards compatible with v1beta2, except for the following:

  • the deprecated field .spec.gitImplementation was removed
  • the unused field .spec.accessFrom was removed
  • the deprecated field .status.contentConfigChecksum was removed
  • the deprecated field .status.artifact.checksum was removed
  • the .status.url was removed in favor of the absolute .status.artifact.url

The Kustomization kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed. A new optional field .spec.commonMetadata was added to the API for setting labels and/or annotations to all resources part of a Kustomization. The v1 API is backwards compatible with v1beta2, except for the following:

  • the deprecated field .spec.validation was removed
  • the deprecated field .spec.patchesStrategicMerge was removed (replaced by .spec.patches)
  • the deprecated field .spec.patchesJson6902was removed (replaced by.spec.patches`)

The Receiver kind was promoted from v1beta2 to v1 (GA). The v1 API now supports triggering the reconciliation of multiple resources using .spec.resources.matchLabels. The v1 API is backwards compatible with v1beta2, no fields were removed.

To upgrade Flux from v0.x to v2.0.0-rc-1 you can either rerun flux bootstrap or use the Flux GitHub Action.

To upgrade the APIs from v1beta2, after deploying the new CRDs and controllers, change the manifests in Git:

  • set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain GitRepository definitions and remove the deprecated fields if any
  • set apiVersion: kustomize.toolkit.fluxcd.io/v1 in the YAML files that contain Kustomization definitions and remove the deprecated fields if any
  • set apiVersion: notification.toolkit.fluxcd.io/v1 in the YAML files that contain Receiver definitions

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta versions will be removed after 6 months.

:warning: Note that this release updates the major version of the Flux Go Module to v2. Please update your go.mod to require github.com/fluxcd/flux2/v2, see pkg.go.dev for the documentation of the module.

New Documentation

Flagger: Bug fix release 1.30.0 hits the streets

This release fixes a bug related to the lack of updates to the generated object’s metadata according to the metadata specified in spec.service.apex. Furthermore, a bug where labels were wrongfully copied over from the canary deployment to primary deployment when no value was provided for --include-label-prefix has been fixed. This release also makes Flagger compatible with Flux’s helm-controller drift detection.

Flux Ecosystem

Weave GitOps

Weave GitOps has recently released two new versions, v0.21.2 and v0.22.0, bringing various enhancements and bug fixes to the community.

In v0.21.2, the release includes client-side apply for better interactivity, removal of runs in non-session mode, custom SVGs for navigation icons, health checks in the UI, and more. Alongside these enhancements, bug fixes include resolving dashboard reconciliation issues and URL checking regex.

In v0.22.0, enhancements include group claim support for strings, OIDC prefix support for impersonation, additional health checks, and support for .sourceignore for GitOps Run. Bug fixes address concurrent ID token refreshing, clean-up process issues, and vulnerabilities in the YAML NPM package.

Weave GitOps Enterprise has introduced v0.21.2 and v0.22.0, offering new features and improvements. In v0.21.2, users can view GitOpsSets on leaf clusters in the UI, experience a fixed bug related to GitOpsSets not updating ConfigMaps, and utilize the “View Open Pull Requests” button to select any GitRepository. Enhancements include updating the GoToOpenPullRequest button and extending unwatch cluster logic for better resource management. The UI now has a sync external secret button on the secret details page.

In v0.22.0, the new Explorer backend has been introduced, providing better scalability for Weave GitOps Enterprise. The Explorer now supports Flux sources, and the Applications UI and Sources UI can be configured to use the Explorer backend for an improved user experience.

GitOpsSets offer enhanced templating for numbers and object chunks, and cluster bootstraps now sync secrets without waiting for ControlPlane readiness. The Explorer collector utilizes impersonation, and a feature flag has been added for replacing Applications and Sources with the query service backend. Bug fixes include addressing Git authentication checks, non-deterministic GitRepository template application, and improved support for “View Open PRs” in different URL formats.

Documentation updates include instructions for configuring Weave GitOps Enterprise to create PRs in Azure DevOps and user guides for raw templates and chart paths. In addition, updates cover secrets management, using private Helm repositories, and frontend development process improvements.

You might be interested in our recent blog post about how to use Weave GitOps as your Flux UI as well.

Terraform-controller

The team has recently released Terraform Controller v0.15.0-rc.1 which supports Flux v2.0.0-rc.1. This update brings significant improvements and moves us closer to the Flux GA.

:warning:Important Note::warning: With this release, there are breaking changes to be aware of:

  • Terraform Controller now uses API version v1alpha2, deprecating v1alpha1.
  • This version is not compatible with Flux v2 v0.41.x and earlier versions.

Flux Subsystem for Argo

The team has recently shared a sneak preview of the new version of Flamingo, a powerful drop-in extension for Argo CD that seamlessly integrates Flux as a GitOps engine in any Argo CD environments.

Now with the ability to switch between Argo CD UI and Weave GitOps (the UI for Flux), Flamingo aims to take DevOps and GitOps user experiences to the next level with this integration.

Check out the video demo here.

You might be interested in this blog post on the Weaveworks blog about Flamingo.

New additions to the Flux Ecosystem

AWS Labs introduced their new project awslabs/aws-cloudformation-controller-for-flux. It is a Flux controller for managing AWS CloudFormation stacks and helps you to store CloudFormation templates in a git repository and automatically sync template changes to CloudFormation stacks in your AWS account with Flux.

Check out the demo and example.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

cdCon + GitOpsCon North America 2023

cdCon + GitOpsCon NA 2023 is only a few days away. It will happen May 8-9 in Vancouver, Canada. Of course Team Flux will be there to talk about all things GitOps!

Here’s what we put in our calendar:

OSS Summit North America 2023

Open Source Summit NA 2023 is coming up May 10-12 in Vancouver, Canada. It plays host great number of sub-conferences in many of which you will see Flux goodness happening.

Here are a few that we are looking forward to:

Recent Events (ICYMI) :tv:

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In April here are a couple of talks we would like to highlight.

CloudNativeCon / KubeCon EU 2023

CloudNativeCon / KubeCon is the most important event for us, as it’s such a great venue to meet contributors, friends, end-users and folks who are generally interested. It was a very busy event and luckily Team Flux was there as a big group, so we were able to respond to all requests.

We kicked off the event with the Flux Project Meeting, which saw 4 hours of updates from the maintainers, lots of time for Q&A, story telling and a good opportunity to get to know each other.

Next up was the CNCF Graduated Projects Update, here is the link to the timestamp where we provided the Flux update.

Many folks were looking forward to hear how we envision Flux is used in an OCI world. Luckily Hidde and Stefan gave a talk about it:

At KubeCon EU, @hiddeco and myself, we’ve talked about @fluxcd beyond Git and how Flux OCI artifacts can streamline #Kubernetes continuous delivery.

Check out the recording on YouTubehttps://t.co/HhOJSpTmzq

— Stefan Prodan (@stefanprodan) May 2, 2023

We thank the Cloud Native Computing Foundation for setting up a Graduation Celebration for Argo and Flux, the two GitOps solutions which graduated around the same time! Cupcake time for everyone!

Last up was a great panel which featured Priyanka Ravi, Weaveworks; Christian Hernandez, Red Hat; Filip Jansson, Strålfors; Roberth Strand, Amesto Fortytwo; Leigh Capili, VMware.

They all talked about “How GitOps Changed Our Lives & Can Change Yours Too!”. Priyanka “Pinky”, Leigh and Roberth are long-time friends of Flux.

And thanks a lot to the Cloud Native Photo Crew, who took these pictures:

Upcoming Events :calendar:

We are happy to announce that we have a number of events coming up in May - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Flux Bug Scrub

Our Flux Bug Scrubs still are happening on a weekly basis and remain one of the best ways to get involved in Flux. They are a friendly and welcoming way to learn more about contributing and how Flux is organised as a project.

The next dates are going to be:

We are flexible with subjects and often go with the interests of the group or of the presenter. If you want to come and join us in either capacity, just show up or if you have questions, reach out to Kingdon on Slack.

We really enjoyed this demo of the k3d git server recently. It’s a local Git server that runs outside of Kubernetes, to support offline dev in a realistic but also simple way that does not depend on GitHub or other hosted services.

In other news

Michael Fornaro joins Flux as a Project Member

We are pleased to announce that Michael Fornaro has joined Flux as a project member. Michael has been heavily involved in the Flux community, offering valuable assistance and support through the Slack #flux channels and participating in Flux Bug Scrub sessions.

In collaboration with Kingdon, Michael is working to expand the Bug Scrub initiative, recently launching the first AEST session to accommodate members in Eastern Europe, India, Southeast Asia, and other regions including Australia.

Michael is the founder of Raspbernetes and co-founder in K8s@Home, both of which are organizations that focus on learning and supporting Kubernetes at home. The community has a strong presence on GitHub and Discord, where Michael has been a valuable contributor.

People writing/talking about Flux

We love it when you all write about Flux and share your experience, write how-tos on integrating Flux with other pieces of software or other things. Give us a shout-out and we will link it from this section! :writing_hand:

Grafana Operator Blog: Install Grafana-operator using Flux and Kustomize

The grafana-operator team have recently started to ship their Kustomize manifests using OCI with the help of Flux artifact. As a part of this, they have written a small blog on how to install grafana-operator using Flux and how to manage grafana dashboards as code.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Alluvial, Orange, Kiln, Tchibo.

If you have not already done so, use the instructions here or give us a ping and we will help to add you. Not only is it great for us to get to know and welcome you to our community. It also gives the team a big boost in morale to know where in the world Flux is used everywhere.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

  • Internal documentation which explains how to use certain parts of the website.
  • Updated our announcements for KubeCon EU 2023 and Google Season of Docs 2023 to support the events better!
  • Updates to the docs to move graduated APIs to v1.
  • New documentation: Sharding Cheatsheet.
  • New additions to our resources page.
  • Lots of fixes and improvements all over the place.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Max Jonas Werner, Daniel Favour, Hidde Beydals, Claire Liguori, David Blaisonneau, Eddie Zaneski, Jan Christoph Ebersbach, Mehdi Bechiri, Romain Guichard, Sanskar Jaiswal, Stacey Potter, Tim Rohwedder, harshitasao, lehnerj.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

  1. :handshake: Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
  2. :robot: Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
  3. :nut_and_bolt: Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, fully integrates with OCI and all CI workflow providers.
  4. :lock: Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
  5. :wheel_of_dharma: Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
  6. :person_juggling: Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
  7. :sparkles: Dashboards love Flux: No matter if you use one of the Flux UIs or a hosted cloud offering from your cloud vendor, Flux has a thriving ecosystem of integrations and products built on top of it and all have great dashboards for you.
  8. :telephone_receiver: Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
  9. :+1: Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
  10. :sparkling_heart: Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

We are looking forward to working with you.