Merge pull request #297 from fluxcd/opt-out-network-policy

Add option to disable the network policy at install time

.github/workflows/docs.yaml

@@ -3,10 +3,7 @@ on:
   push:
     branches:
       - docs*
-      - roadmap*
-      - master
-    tags:
-      - '*'
+      - main
 
 jobs:
   build:

.github/workflows/e2e.yaml

@@ -4,7 +4,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   kind:

.github/workflows/fossa.yml

@@ -1,9 +1,9 @@
 name: FOSSA
 on:
   push:
-    branches: [master]
+    branches: [main]
   pull_request:
-    branches: [master]
+    branches: [main]
 
 jobs:
   build:

.github/workflows/release.yaml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.14.x
+          go-version: 1.15.x
       - name: Download release notes utility
         env:
           GH_REL_URL: https://github.com/buchanae/github-release-notes/releases/download/0.2.0/github-release-notes-linux-amd64-0.2.0.tar.gz
@@ -25,6 +25,8 @@ jobs:
         run: |
           echo 'CHANGELOG' > /tmp/release.txt
           github-release-notes -org fluxcd -repo toolkit -since-latest-release -include-author >> /tmp/release.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup Kustomize
         uses: fluxcd/pkg//actions/kustomize@master
       - name: Generate manifests tarball

README.md

@@ -61,6 +61,7 @@ or get started with one of the following guides:
     - [GitRepository CRD](https://toolkit.fluxcd.io/components/source/gitrepositories/)
     - [HelmRepository CRD](https://toolkit.fluxcd.io/components/source/helmrepositories/)
     - [HelmChart CRD](https://toolkit.fluxcd.io/components/source/helmcharts/)
+    - [Bucket CRD](https://toolkit.fluxcd.io/components/source/buckets/)
 - [Kustomize Controller](https://toolkit.fluxcd.io/components/kustomize/controller/)
     - [Kustomization CRD](https://toolkit.fluxcd.io/components/kustomize/kustomization/)
 - [Helm Controller](https://toolkit.fluxcd.io/components/helm/controller/)
@@ -79,6 +80,6 @@ The GitOps Toolkit is always looking for new contributors and there are a multit
 - Join the [planning discussions](https://github.com/fluxcd/toolkit/discussions)
 - And if you are completely new to the GitOps Toolkit, take a look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
 - To be part of the conversation about Flux's development, [join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
-- Check out [how to contribute](contributing/index.md) to the project
+- Check out [how to contribute](CONTRIBUTING.md) to the project
 
 We are looking forward to seeing you with us!

cmd/gotk/bootstrap.go

@@ -52,13 +52,14 @@ var (
 	bootstrapArch               string
 	bootstrapBranch             string
 	bootstrapWatchAllNamespaces bool
+	bootstrapNetworkPolicy      bool
 	bootstrapLogLevel           string
 	bootstrapManifestsPath      string
 	bootstrapRequiredComponents = []string{"source-controller", "kustomize-controller"}
 )
 
 const (
-	bootstrapDefaultBranch         = "master"
+	bootstrapDefaultBranch         = "main"
 	bootstrapInstallManifest       = "toolkit-components.yaml"
 	bootstrapSourceManifest        = "toolkit-source.yaml"
 	bootstrapKustomizationManifest = "toolkit-kustomization.yaml"
@@ -80,6 +81,8 @@ func init() {
 	rootCmd.AddCommand(bootstrapCmd)
 	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapWatchAllNamespaces, "watch-all-namespaces", true,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapNetworkPolicy, "network-policy", true,
+		"deny ingress access to the toolkit controllers from other namespaces using network policies")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapLogLevel, "log-level", "info", "set the controllers log level")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapManifestsPath, "manifests", "", "path to the manifest directory")
 	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
@@ -126,7 +129,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
 	}
 
 	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents,
-		bootstrapWatchAllNamespaces, bootstrapRegistry, bootstrapImagePullSecret,
+		bootstrapWatchAllNamespaces, bootstrapNetworkPolicy, bootstrapRegistry, bootstrapImagePullSecret,
 		bootstrapArch, bootstrapLogLevel, gotkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}

cmd/gotk/create_kustomization.go

@@ -142,7 +142,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 			Labels:    ksLabels,
 		},
 		Spec: kustomizev1.KustomizationSpec{
-			DependsOn: utils.makeDependsOn(hrDependsOn),
+			DependsOn: utils.makeDependsOn(ksDependsOn),
 			Interval: metav1.Duration{
 				Duration: interval,
 			},

cmd/gotk/get_helmrelease.go

@@ -78,7 +78,6 @@ func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 				logger.Failuref("%s %s", helmRelease.GetName(), c.Message)
 			}
 			isInitialized = true
-			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", helmRelease.GetName())

cmd/gotk/get_kustomization.go

@@ -77,7 +77,6 @@ func getKsCmdRun(cmd *cobra.Command, args []string) error {
 				logger.Failuref("%s %s", kustomization.GetName(), c.Message)
 			}
 			isInitialized = true
-			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", kustomization.GetName())

cmd/gotk/get_source_bucket.go

@@ -75,7 +75,6 @@ func getSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 				logger.Failuref("%s %s", source.GetName(), c.Message)
 			}
 			isInitialized = true
-			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", source.GetName())

cmd/gotk/get_source_git.go

@@ -75,7 +75,6 @@ func getSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 				logger.Failuref("%s %s", source.GetName(), c.Message)
 			}
 			isInitialized = true
-			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", source.GetName())

cmd/gotk/get_source_helm.go

@@ -75,7 +75,6 @@ func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 				logger.Failuref("%s %s", source.GetName(), c.Message)
 			}
 			isInitialized = true
-			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", source.GetName())

cmd/gotk/install.go

@@ -64,6 +64,7 @@ var (
 	installImagePullSecret    string
 	installArch               string
 	installWatchAllNamespaces bool
+	installNetworkPolicy      bool
 	installLogLevel           string
 )
 
@@ -87,6 +88,8 @@ func init() {
 	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", true,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
 	installCmd.Flags().StringVar(&installLogLevel, "log-level", "info", "set the controllers log level")
+	installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", true,
+		"deny ingress access to the toolkit controllers from other namespaces using network policies")
 	rootCmd.AddCommand(installCmd)
 }
 
@@ -113,7 +116,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	if installManifestsPath == "" {
 		err = genInstallManifests(installVersion, namespace, installComponents,
-			installWatchAllNamespaces, installRegistry, installImagePullSecret,
+			installWatchAllNamespaces, installNetworkPolicy, installRegistry, installImagePullSecret,
 			installArch, installLogLevel, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
@@ -215,7 +218,9 @@ transformers:
 
 resources:
   - namespace.yaml
+{{- if .NetworkPolicy }}
   - policies.yaml
+{{- end }}
   - roles
 {{- range .Components }}
   - {{.}}.yaml
@@ -333,7 +338,7 @@ func downloadManifests(version string, tmpDir string) error {
 }
 
 func genInstallManifests(version string, namespace string, components []string,
-	watchAllNamespaces bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
+	watchAllNamespaces, networkPolicy bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
 	eventsAddr := ""
 	if utils.containsItemString(components, defaultNotification) {
 		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
@@ -348,6 +353,7 @@ func genInstallManifests(version string, namespace string, components []string,
 		ImagePullSecret    string
 		Arch               string
 		WatchAllNamespaces bool
+		NetworkPolicy      bool
 		LogLevel           string
 	}{
 		Version:            version,
@@ -358,6 +364,7 @@ func genInstallManifests(version string, namespace string, components []string,
 		ImagePullSecret:    imagePullSecret,
 		Arch:               arch,
 		WatchAllNamespaces: watchAllNamespaces,
+		NetworkPolicy:      networkPolicy,
 		LogLevel:           logLevel,
 	}
 

cmd/gotk/reconcile_helmrelease.go

@@ -21,14 +21,15 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/fluxcd/pkg/apis/meta"
-	corev1 "k8s.io/api/core/v1"
-
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/fluxcd/pkg/apis/meta"
+
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
@@ -98,14 +99,7 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
-	if helmRelease.Annotations == nil {
-		helmRelease.Annotations = map[string]string{
-			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-		}
-	} else {
-		helmRelease.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-	}
-	if err := kubeClient.Update(ctx, &helmRelease); err != nil {
+	if err := requestHelmReleaseReconciliation(ctx, kubeClient, namespacedName); err != nil {
 		return err
 	}
 	logger.Successf("HelmRelease annotated")
@@ -151,3 +145,23 @@ func helmReleaseReconciliationHandled(ctx context.Context, kubeClient client.Cli
 		return helmRelease.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
+
+func requestHelmReleaseReconciliation(ctx context.Context, kubeClient client.Client, namespacedName types.NamespacedName) error {
+	var release helmv2.HelmRelease
+	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
+		if err := kubeClient.Get(ctx, namespacedName, &release); err != nil {
+			return err
+		}
+
+		if release.Annotations == nil {
+			release.Annotations = map[string]string{
+				meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			}
+		} else {
+			release.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		}
+
+		err = kubeClient.Update(ctx, &release)
+		return
+	})
+}

cmd/gotk/reconcile_kustomization.go

@@ -21,10 +21,11 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/fluxcd/pkg/apis/meta"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -96,14 +97,7 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	logger.Actionf("annotating kustomization %s in %s namespace", name, namespace)
-	if kustomization.Annotations == nil {
-		kustomization.Annotations = map[string]string{
-			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-		}
-	} else {
-		kustomization.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-	}
-	if err := kubeClient.Update(ctx, &kustomization); err != nil {
+	if err := requestKustomizeReconciliation(ctx, kubeClient, namespacedName); err != nil {
 		return err
 	}
 	logger.Successf("kustomization annotated")
@@ -150,3 +144,23 @@ func kustomizeReconciliationHandled(ctx context.Context, kubeClient client.Clien
 		return kustomize.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
+
+func requestKustomizeReconciliation(ctx context.Context, kubeClient client.Client, namespacedName types.NamespacedName) error {
+	var kustomization kustomizev1.Kustomization
+	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
+		if err := kubeClient.Get(ctx, namespacedName, &kustomization); err != nil {
+			return err
+		}
+
+		if kustomization.Annotations == nil {
+			kustomization.Annotations = map[string]string{
+				meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			}
+		} else {
+			kustomization.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		}
+
+		err = kubeClient.Update(ctx, &kustomization)
+		return
+	})
+}

docs/cmd/gotk_bootstrap.md

@@ -10,11 +10,12 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 
 ```
       --arch string                arch can be amd64 or arm64 (default "amd64")
-      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
   -h, --help                       help for bootstrap
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --log-level string           set the controllers log level (default "info")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
       --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
       --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)

docs/cmd/gotk_bootstrap_github.md

@@ -58,12 +58,13 @@ gotk bootstrap github [flags]
 
 ```
       --arch string                arch can be amd64 or arm64 (default "amd64")
-      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
       --log-level string           set the controllers log level (default "info")
   -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
       --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects

docs/cmd/gotk_bootstrap_gitlab.md

@@ -55,12 +55,13 @@ gotk bootstrap gitlab [flags]
 
 ```
       --arch string                arch can be amd64 or arm64 (default "amd64")
-      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
       --log-level string           set the controllers log level (default "info")
   -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
       --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects

docs/cmd/gotk_install.md

@@ -38,6 +38,7 @@ gotk install [flags]
   -h, --help                       help for install
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --log-level string           set the controllers log level (default "info")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
       --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
       --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)

docs/get-started/index.md

@@ -83,12 +83,13 @@ Run the bootstrap command:
 gotk bootstrap github \
   --owner=$GITHUB_USER \
   --repository=fleet-infra \
+  --branch=main \
   --path=staging-cluster \
   --personal
 ```
 
 The bootstrap command creates a repository if one doesn't exist and
-commits the toolkit components manifests to the master branch at the specified path.
+commits the toolkit components manifests to the default branch at the specified path.
 Then it configures the target cluster to synchronize with the specified path inside the repository.
 
 If you wish to create the repository under a GitHub organization:
@@ -97,6 +98,7 @@ If you wish to create the repository under a GitHub organization:
 gotk bootstrap github \
   --owner=<organization> \
   --repository=<repo-name> \
+  --branch=<organization default branch> \
   --team=<team1-slug> \
   --team=<team2-slug> \
   --path=staging-cluster

docs/guides/installation.md

@@ -44,7 +44,7 @@ Using the `gotk bootstrap` command you can install the toolkit on a Kubernetes c
 and configure it to manage itself from a Git repository.
 
 The bootstrap creates a Git repository if one doesn't exist and
-commits the toolkit components manifests to the master branch.
+commits the toolkit components manifests to the main branch.
 Then it configures the target cluster to synchronize with that
 repository by setting up SSH deploy keys.
 
@@ -84,7 +84,7 @@ cluster e.g. `staging-cluster` and `production-cluster`:
 ``` 
 
 !!! hint "Change the default branch"
-    If you wish to change the branch to something else than master, create the repository manually,
+    If you wish to change the branch to something else than main, create the repository manually,
     push a branch to origin and then use `gotk bootstrap <GIT-PROVIDER> --branch=your-branch`.
 
 ### GitHub and GitHub Enterprise
@@ -128,6 +128,7 @@ gotk bootstrap github \
   --hostname=my-github-enterprise.com \
   --owner=my-github-organization \
   --repository=my-repository \
+  --branch=main \
   --path=my-cluster
 ```
 
@@ -148,6 +149,7 @@ Run the bootstrap for a repository on your personal GitLab account:
 gotk bootstrap gitlab \
   --owner=my-gitlab-username \
   --repository=my-repository \
+  --branch=master \
   --path=my-cluster \
   --personal
 ```
@@ -158,6 +160,7 @@ Run the bootstrap for a repository owned by a GitLab group:
 gotk bootstrap gitlab \
   --owner=my-gitlab-group \
   --repository=my-repository \
+  --branch=master \
   --path=my-cluster
 ```
 
@@ -168,6 +171,7 @@ gotk bootstrap gitlab \
   --hostname=my-gitlab.com \
   --owner=my-gitlab-group \
   --repository=my-repository \
+  --branch=master \
   --path=my-cluster
 ```
 
@@ -359,7 +363,7 @@ The GitOps Toolkit comes with an optional monitoring stack.
 You can install the stack in the `gotk-system` namespace with:
 
 ```yaml
-kustomize build github.com/fluxcd/toolkit/manifests/monitoring?ref=master | kubectl apply -f-
+kustomize build github.com/fluxcd/toolkit/manifests/monitoring | kubectl apply -f-
 ```
 
 The monitoring stack is composed of:

go.mod

@@ -1,11 +1,11 @@
 module github.com/fluxcd/toolkit
 
-go 1.14
+go 1.15
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.0+incompatible
-	github.com/fluxcd/helm-controller/api v0.1.0
+	github.com/fluxcd/helm-controller/api v0.1.1
 	github.com/fluxcd/kustomize-controller/api v0.1.0
 	github.com/fluxcd/pkg/apis/meta v0.0.2
 	github.com/fluxcd/pkg/git v0.0.7

go.sum

@@ -111,8 +111,8 @@ github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
 github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller/api v0.1.0 h1:hci9/dLlej6W+rZVkAGVi1MjLVaHWsq/luOYX9DtzJo=
-github.com/fluxcd/helm-controller/api v0.1.0/go.mod h1:orwdS+iYGcM8BReUQfIb5CJ+jiFdlKmnLnzp6K3FK2U=
+github.com/fluxcd/helm-controller/api v0.1.1 h1:iKskkLGRYRi5hiZg/+Rn+rpneGPayGQPnmilM3bok44=
+github.com/fluxcd/helm-controller/api v0.1.1/go.mod h1:orwdS+iYGcM8BReUQfIb5CJ+jiFdlKmnLnzp6K3FK2U=
 github.com/fluxcd/kustomize-controller/api v0.1.0 h1:dPowX408q0jO7wnWBj5Dglc22euAQBLxDhPS8XHlLM0=
 github.com/fluxcd/kustomize-controller/api v0.1.0/go.mod h1:upR7/OzX/wXJlKgiBLUn7ez4XG4Lo5edep2WKSx0u7c=
 github.com/fluxcd/pkg/apis/meta v0.0.2 h1:kyA4Y0IzNjf1joBOnFqpWG7aNDHvtLExZcaHQM7qhRI=

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/helm-controller/archive/v0.1.0.zip//helm-controller-0.1.0/config/crd
-- https://github.com/fluxcd/helm-controller/archive/v0.1.0.zip//helm-controller-0.1.0/config/manager
+- https://github.com/fluxcd/helm-controller/archive/v0.1.1.zip//helm-controller-0.1.1/config/crd
+- https://github.com/fluxcd/helm-controller/archive/v0.1.1.zip//helm-controller-0.1.1/config/manager
 patchesJson6902:
 - target:
     group: apps