Merge pull request #5642 from fluxcd/backport-5597-to-release/v2.7.x

[release/v2.7.x] Allow option to skip tenant namespace creation

.github/labels.yaml

@@ -44,12 +44,12 @@
   description: Feature request proposals in the RFC format
   color: '#D621C3'
   aliases: ['area/RFC']
+- name: backport:release/v2.4.x
+  description: To be backported to release/v2.4.x
+  color: '#ffd700'
 - name: backport:release/v2.5.x
   description: To be backported to release/v2.5.x
   color: '#ffd700'
 - name: backport:release/v2.6.x
   description: To be backported to release/v2.6.x
   color: '#ffd700'
-- name: backport:release/v2.7.x
-  description: To be backported to release/v2.7.x
-  color: '#ffd700'

.github/workflows/backport.yaml

@@ -10,4 +10,4 @@ jobs:
       pull-requests: write # for creating pull requests against release branches.
     uses: fluxcd/gha-workflows/.github/workflows/backport.yaml@v0.4.0
     secrets:
-      github-token: ${{ secrets.BOT_GITHUB_TOKEN }}
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/conformance.yaml

@@ -19,7 +19,7 @@ jobs:
       matrix:
         # Keep this list up-to-date with https://endoflife.date/kubernetes
         # Build images with https://github.com/fluxcd/flux-benchmark/actions/workflows/build-kind.yaml
-        KUBERNETES_VERSION: [1.33.0, 1.34.1, 1.35.0]
+        KUBERNETES_VERSION: [1.32.1, 1.33.0, 1.34.1]
       fail-fast: false
     steps:
       - name: Checkout

.github/workflows/release.yaml

@@ -13,9 +13,7 @@ jobs:
       hashes: ${{ steps.slsa.outputs.hashes }}
       image_url: ${{ steps.slsa.outputs.image_url }}
       image_digest: ${{ steps.slsa.outputs.image_digest }}
-    runs-on:
-      group: "Default Larger Runners"
-      labels: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     permissions:
       contents: write # needed to write releases
       id-token: write # needed for keyless signing

CONTRIBUTING.md

@@ -49,8 +49,7 @@ you might want to take a look at the [introductory talk and demo](https://www.yo
 This project is composed of:
 
 - [flux2](https://github.com/fluxcd/flux2): The Flux CLI
-- [source-controller](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources (Git, OCI and Helm repositories, S3-compatible Buckets)
-- [source-watcher](https://github.com/fluxcd/source-watcher): Kubernetes operator for advanced source composition and decomposition patterns
+- [source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources (Git and Helm repositories, S3-compatible Buckets)
 - [kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
 - [helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
 - [notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events
@@ -68,9 +67,10 @@ for source changes.
 
 Prerequisites:
 
-* go >= 1.25
+* go >= 1.24
 * kubectl >= 1.30
 * kustomize >= 5.0
+* coreutils (on Mac OS)
 
 Install the [controller-runtime/envtest](https://github.com/kubernetes-sigs/controller-runtime/tree/master/tools/setup-envtest) binaries with:
 

README.md

@@ -52,14 +52,12 @@ guides](https://fluxcd.io/flux/gitops-toolkit/source-watcher/).
 
 ### Components
 
-- [Source Controllers](https://fluxcd.io/flux/components/source/)
+- [Source Controller](https://fluxcd.io/flux/components/source/)
     - [GitRepository CRD](https://fluxcd.io/flux/components/source/gitrepositories/)
     - [OCIRepository CRD](https://fluxcd.io/flux/components/source/ocirepositories/)
     - [HelmRepository CRD](https://fluxcd.io/flux/components/source/helmrepositories/)
     - [HelmChart CRD](https://fluxcd.io/flux/components/source/helmcharts/)
     - [Bucket CRD](https://fluxcd.io/flux/components/source/buckets/)
-    - [ExternalArtifact CRD](https://fluxcd.io/flux/components/source/externalartifacts/)
-    - [ArtifactGenerator CRD](https://fluxcd.io/flux/components/source/artifactgenerators/)
 - [Kustomize Controller](https://fluxcd.io/flux/components/kustomize/)
     - [Kustomization CRD](https://fluxcd.io/flux/components/kustomize/kustomizations/)
 - [Helm Controller](https://fluxcd.io/flux/components/helm/)

action/action.yml

@@ -77,37 +77,9 @@ runs:
 
           FLUX_DOWNLOAD_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/"
 
-          MAX_RETRIES=5
-          RETRY_DELAY=5
-          
-          for i in $(seq 1 $MAX_RETRIES); do
-            echo "Downloading flux binary (attempt $i/$MAX_RETRIES)"
-            if curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE"; then
-              break
-            fi
-            if [ $i -lt $MAX_RETRIES ]; then
-              echo "Download failed, retrying in ${RETRY_DELAY} seconds..."
-              sleep $RETRY_DELAY
-            else
-              echo "Failed to download flux binary after $MAX_RETRIES attempts"
-              exit 1
-            fi
-          done
-          
-          for i in $(seq 1 $MAX_RETRIES); do
-            echo "Downloading checksums file (attempt $i/$MAX_RETRIES)"
-            if curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE"; then
-              break
-            fi
-            if [ $i -lt $MAX_RETRIES ]; then
-              echo "Download failed, retrying in ${RETRY_DELAY} seconds..."
-              sleep $RETRY_DELAY
-            else
-              echo "Failed to download checksums file after $MAX_RETRIES attempts"
-              exit 1
-            fi
-          done
-        
+          curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE"
+          curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE"
+
           echo "Verifying checksum"
           sum=""
           if command -v openssl > /dev/null; then

cmd/flux/create_helmrelease.go

@@ -182,10 +182,6 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("chart or chart-ref is required")
 	}
 
-	if helmReleaseArgs.chart != "" && helmReleaseArgs.chartRef != "" {
-		return fmt.Errorf("cannot use --chart in combination with --chart-ref")
-	}
-
 	sourceLabels, err := parseLabels()
 	if err != nil {
 		return err

cmd/flux/create_helmrelease_test.go

@@ -42,11 +42,6 @@ func TestCreateHelmRelease(t *testing.T) {
 			args:   "create helmrelease podinfo --export",
 			assert: assertError("chart or chart-ref is required"),
 		},
-		{
-			name:   "chart and chartRef used in combination",
-			args:   "create helmrelease podinfo --chart podinfo --chart-ref foobar/podinfo --export",
-			assert: assertError("cannot use --chart in combination with --chart-ref"),
-		},
 		{
 			name:   "unknown source kind",
 			args:   "create helmrelease podinfo --source foobar/podinfo --chart podinfo --export",

cmd/flux/export_source_external.go

@@ -1,84 +0,0 @@
-/*
-Copyright 2025 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-)
-
-var exportSourceExternalCmd = &cobra.Command{
-	Use:   "external [name]",
-	Short: "Export ExternalArtifact sources in YAML format",
-	Long:  "The export source external command exports one or all ExternalArtifact sources in YAML format.",
-	Example: `  # Export all ExternalArtifact sources
-  flux export source external --all > sources.yaml
-
-  # Export a specific ExternalArtifact
-  flux export source external my-artifact > source.yaml`,
-	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.ExternalArtifactKind)),
-	RunE: exportWithSecretCommand{
-		list:   externalArtifactListAdapter{&sourcev1.ExternalArtifactList{}},
-		object: externalArtifactAdapter{&sourcev1.ExternalArtifact{}},
-	}.run,
-}
-
-func init() {
-	exportSourceCmd.AddCommand(exportSourceExternalCmd)
-}
-
-func exportExternalArtifact(source *sourcev1.ExternalArtifact) any {
-	gvk := sourcev1.GroupVersion.WithKind(sourcev1.ExternalArtifactKind)
-	export := sourcev1.ExternalArtifact{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       gvk.Kind,
-			APIVersion: gvk.GroupVersion().String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:        source.Name,
-			Namespace:   source.Namespace,
-			Labels:      source.Labels,
-			Annotations: source.Annotations,
-		},
-		Spec: source.Spec,
-	}
-	return export
-}
-
-func getExternalArtifactSecret(source *sourcev1.ExternalArtifact) *types.NamespacedName {
-	// ExternalArtifact does not have a secretRef in its spec, this satisfies the interface
-	return nil
-}
-
-func (ex externalArtifactAdapter) secret() *types.NamespacedName {
-	return getExternalArtifactSecret(ex.ExternalArtifact)
-}
-
-func (ex externalArtifactListAdapter) secretItem(i int) *types.NamespacedName {
-	return getExternalArtifactSecret(&ex.ExternalArtifactList.Items[i])
-}
-
-func (ex externalArtifactAdapter) export() any {
-	return exportExternalArtifact(ex.ExternalArtifact)
-}
-
-func (ex externalArtifactListAdapter) exportItem(i int) any {
-	return exportExternalArtifact(&ex.ExternalArtifactList.Items[i])
-}

cmd/flux/export_test.go

@@ -110,12 +110,6 @@ func TestExport(t *testing.T) {
 			"testdata/export/bucket.yaml",
 			tmpl,
 		},
-		{
-			"source external",
-			"export source external flux-system",
-			"testdata/export/external-artifact.yaml",
-			tmpl,
-		},
 	}
 
 	for _, tt := range cases {

cmd/flux/get_source_all.go

@@ -59,10 +59,6 @@ var getSourceAllCmd = &cobra.Command{
 				apiType: helmChartType,
 				list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
 			},
-			{
-				apiType: externalArtifactType,
-				list:    &externalArtifactListAdapter{&sourcev1.ExternalArtifactList{}},
-			},
 		}
 
 		for _, c := range allSourceCmd {

cmd/flux/get_source_external.go

@@ -1,108 +0,0 @@
-/*
-Copyright 2025 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	sourcev1 "github.com/fluxcd/source-controller/api/v1"
-
-	"github.com/fluxcd/flux2/v2/internal/utils"
-)
-
-var getSourceExternalCmd = &cobra.Command{
-	Use:   "external",
-	Short: "Get ExternalArtifact source statuses",
-	Long:  `The get sources external command prints the status of the ExternalArtifact sources.`,
-	Example: `  # List all ExternalArtifacts and their status
-  flux get sources external
-
-  # List ExternalArtifacts from all namespaces
-  flux get sources external --all-namespaces`,
-	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.ExternalArtifactKind)),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		get := getCommand{
-			apiType: externalArtifactType,
-			list:    &externalArtifactListAdapter{&sourcev1.ExternalArtifactList{}},
-			funcMap: make(typeMap),
-		}
-
-		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
-			o, ok := obj.(*sourcev1.ExternalArtifact)
-			if !ok {
-				return nil, fmt.Errorf("impossible to cast type %#v to ExternalArtifact", obj)
-			}
-
-			sink := &externalArtifactListAdapter{&sourcev1.ExternalArtifactList{
-				Items: []sourcev1.ExternalArtifact{
-					*o,
-				}}}
-			return sink, nil
-		})
-
-		if err != nil {
-			return err
-		}
-
-		if err := get.run(cmd, args); err != nil {
-			return err
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	getSourceCmd.AddCommand(getSourceExternalCmd)
-}
-
-func (a *externalArtifactListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
-	item := a.Items[i]
-	var revision string
-	if item.Status.Artifact != nil {
-		revision = item.Status.Artifact.Revision
-	}
-	status, msg := statusAndMessage(item.Status.Conditions)
-	revision = utils.TruncateHex(revision)
-	msg = utils.TruncateHex(msg)
-
-	var source string
-	if item.Spec.SourceRef != nil {
-		source = fmt.Sprintf("%s/%s/%s",
-			item.Spec.SourceRef.Kind,
-			item.Spec.SourceRef.Namespace,
-			item.Spec.SourceRef.Name)
-	}
-	return append(nameColumns(&item, includeNamespace, includeKind),
-		revision, source, status, msg)
-}
-
-func (a externalArtifactListAdapter) headers(includeNamespace bool) []string {
-	headers := []string{"Name", "Revision", "Source", "Ready", "Message"}
-	if includeNamespace {
-		headers = append([]string{"Namespace"}, headers...)
-	}
-	return headers
-}
-
-func (a externalArtifactListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
-	item := a.Items[i]
-	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
-}

cmd/flux/main.go

@@ -180,7 +180,7 @@ func main() {
 
 	// This is required because controller-runtime expects its consumers to
 	// set a logger through log.SetLogger within 30 seconds of the program's
-	// initialization. If not set, the entire debug stack is printed as an
+	// initalization. If not set, the entire debug stack is printed as an
 	// error, see: https://github.com/kubernetes-sigs/controller-runtime/blob/ed8be90/pkg/log/log.go#L59
 	// Since we have our own logging and don't care about controller-runtime's
 	// logger, we configure it's logger to do nothing.
@@ -225,9 +225,7 @@ func configureDefaultNamespace() {
 func readPasswordFromStdin(prompt string) (string, error) {
 	var out string
 	var err error
-	if _, err := fmt.Fprint(os.Stdout, prompt); err != nil {
-		return "", fmt.Errorf("failed to write prompt: %w", err)
-	}
+	fmt.Fprint(os.Stdout, prompt)
 	stdinFD := int(os.Stdin.Fd())
 	if term.IsTerminal(stdinFD) {
 		var inBytes []byte

cmd/flux/source.go

@@ -195,37 +195,3 @@ func (a helmRepositoryListAdapter) asClientList() client.ObjectList {
 func (a helmRepositoryListAdapter) len() int {
 	return len(a.HelmRepositoryList.Items)
 }
-
-// sourcev1.ExternalArtifact
-
-var externalArtifactType = apiType{
-	kind:         sourcev1.ExternalArtifactKind,
-	humanKind:    "source external-artifact",
-	groupVersion: sourcev1.GroupVersion,
-}
-
-type externalArtifactAdapter struct {
-	*sourcev1.ExternalArtifact
-}
-
-func (a externalArtifactAdapter) asClientObject() client.Object {
-	return a.ExternalArtifact
-}
-
-func (a externalArtifactAdapter) deepCopyClientObject() client.Object {
-	return a.ExternalArtifact.DeepCopy()
-}
-
-// sourcev1.ExternalArtifactList
-
-type externalArtifactListAdapter struct {
-	*sourcev1.ExternalArtifactList
-}
-
-func (a externalArtifactListAdapter) asClientList() client.ObjectList {
-	return a.ExternalArtifactList
-}
-
-func (a externalArtifactListAdapter) len() int {
-	return len(a.ExternalArtifactList.Items)
-}

cmd/flux/testdata/export/external-artifact.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: ExternalArtifact
-metadata:
-  name: flux-system
-  namespace: {{ .fluxns }}
-spec:
-  sourceRef:
-    apiVersion: source.example.com/v1alpha1
-    kind: GitHubRelease
-    name: flux-system
-    namespace: {{ .fluxns }}

cmd/flux/testdata/export/objects.yaml

@@ -165,15 +165,3 @@ spec:
   endpoint: s3.amazonaws.com
   region: us-east-1
   timeout: 30s
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: ExternalArtifact
-metadata:
-  name: flux-system
-  namespace: {{ .fluxns }}
-spec:
-  sourceRef:
-    apiVersion: source.example.com/v1alpha1
-    kind: GitHubRelease
-    name: flux-system
-    namespace: {{ .fluxns }}

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/distribution/distribution/v3 v3.0.0
 	github.com/fluxcd/cli-utils v0.36.0-flux.15
 	github.com/fluxcd/go-git-providers v0.25.0
-	github.com/fluxcd/helm-controller/api v1.4.5
+	github.com/fluxcd/helm-controller/api v1.4.4
 	github.com/fluxcd/image-automation-controller/api v1.0.4
 	github.com/fluxcd/image-reflector-controller/api v1.0.4
 	github.com/fluxcd/kustomize-controller/api v1.7.3

go.sum

@@ -174,8 +174,8 @@ github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg=
 github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo=
 github.com/fluxcd/go-git-providers v0.25.0 h1:zkVgujjo2VjKXbucrlTyNhHd9x+27oqyghJX9uLwQv4=
 github.com/fluxcd/go-git-providers v0.25.0/go.mod h1:8Mx5WRYb61FIjOA26DAi4Ls2rZUHSxP8Nl9qkQHDch8=
-github.com/fluxcd/helm-controller/api v1.4.5 h1:hMEBtgXUbJjp+ah0jPI3OOQNVngoToOQvTgFgVpAjNg=
-github.com/fluxcd/helm-controller/api v1.4.5/go.mod h1:rCgx3qhjjtoIH+1EbzFC2vN71/pp0PgMDrZnGCZX5XY=
+github.com/fluxcd/helm-controller/api v1.4.4 h1:3IFAvJxOBaF2xXItUynqlbgw/2YzTjkL/iBiubxqcHk=
+github.com/fluxcd/helm-controller/api v1.4.4/go.mod h1:rCgx3qhjjtoIH+1EbzFC2vN71/pp0PgMDrZnGCZX5XY=
 github.com/fluxcd/image-automation-controller/api v1.0.4 h1:Fgdy97hXkyh/JFjxLIyq4ZDHsKsa49aumtrvIyjVd08=
 github.com/fluxcd/image-automation-controller/api v1.0.4/go.mod h1:LLBf4XQJAgnpIMlZUwfpVIkCdUtBOi31B6fDbPwBCq4=
 github.com/fluxcd/image-reflector-controller/api v1.0.4 h1:/JGpTZf4eMcKG2FpWfP5H7SneSrD5P8EvwGnHiH/WLY=

internal/build/build.go

@@ -520,32 +520,30 @@ func (b *Builder) do(ctx context.Context, kustomization kustomizev1.Kustomizatio
 		return nil, fmt.Errorf("kustomize build failed: %w", err)
 	}
 
-	if kustomization.Spec.PostBuild == nil {
-		return m, nil
-	}
-
-	data, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&kustomization)
-	if err != nil {
-		return nil, err
-	}
 	for _, res := range m.Resources() {
 		// run variable substitutions
-		outRes, err := kustomize.SubstituteVariables(ctx,
-			b.client,
-			unstructured.Unstructured{Object: data},
-			res,
-			kustomize.SubstituteWithDryRun(b.dryRun),
-			kustomize.SubstituteWithStrict(b.strictSubst),
-		)
-		if err != nil {
-			return nil, fmt.Errorf("var substitution failed for '%s': %w", res.GetName(), err)
-		}
-
-		if outRes != nil {
-			_, err = m.Replace(res)
+		if kustomization.Spec.PostBuild != nil {
+			data, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&kustomization)
 			if err != nil {
 				return nil, err
 			}
+			outRes, err := kustomize.SubstituteVariables(ctx,
+				b.client,
+				unstructured.Unstructured{Object: data},
+				res,
+				kustomize.SubstituteWithDryRun(b.dryRun),
+				kustomize.SubstituteWithStrict(b.strictSubst),
+			)
+			if err != nil {
+				return nil, fmt.Errorf("var substitution failed for '%s': %w", res.GetName(), err)
+			}
+
+			if outRes != nil {
+				_, err = m.Replace(res)
+				if err != nil {
+					return nil, err
+				}
+			}
 		}
 	}
 

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/helm-controller/releases/download/v1.4.5/helm-controller.crds.yaml
-- https://github.com/fluxcd/helm-controller/releases/download/v1.4.5/helm-controller.deployment.yaml
+- https://github.com/fluxcd/helm-controller/releases/download/v1.4.4/helm-controller.crds.yaml
+- https://github.com/fluxcd/helm-controller/releases/download/v1.4.4/helm-controller.deployment.yaml
 - account.yaml
 transformers:
 - labels.yaml

manifests/crds/kustomization.yaml

@@ -3,7 +3,7 @@ kind: Kustomization
 resources:
 - https://github.com/fluxcd/source-controller/releases/download/v1.7.4/source-controller.crds.yaml
 - https://github.com/fluxcd/kustomize-controller/releases/download/v1.7.3/kustomize-controller.crds.yaml
-- https://github.com/fluxcd/helm-controller/releases/download/v1.4.5/helm-controller.crds.yaml
+- https://github.com/fluxcd/helm-controller/releases/download/v1.4.4/helm-controller.crds.yaml
 - https://github.com/fluxcd/notification-controller/releases/download/v1.7.5/notification-controller.crds.yaml
 - https://github.com/fluxcd/image-reflector-controller/releases/download/v1.0.4/image-reflector-controller.crds.yaml
 - https://github.com/fluxcd/image-automation-controller/releases/download/v1.0.4/image-automation-controller.crds.yaml