Merge pull request #528 from fluxcd/update-components

Update helm-controller to v0.4.1

.github/workflows/e2e.yaml

@@ -136,6 +136,16 @@ jobs:
       - name: flux delete source git
         run: |
           ./bin/flux delete source git podinfo --silent
+      - name: flux create tenant
+        run: |
+          ./bin/flux create tenant dev-team --with-namespace=apps
+          ./bin/flux -n apps create source helm podinfo \
+            --url https://stefanprodan.github.io/podinfo
+          ./bin/flux -n apps create hr podinfo-helm \
+            --source=HelmRepository/podinfo \
+            --chart=podinfo \
+            --chart-version="5.0.x" \
+            --service-account=dev-team
       - name: flux check
         run: |
           ./bin/flux check

MAINTAINERS

@@ -2,8 +2,17 @@ The maintainers are generally available in Slack at
 https://cloud-native.slack.com in #flux (https://cloud-native.slack.com/messages/CLAJ40HV3)
 (obtain an invitation at https://slack.cncf.io/).
 
+These maintainers are shared with other Flux v2-related git
+repositories under https://github.com/fluxcd, as noted in their
+respective MAINTAINERS files.
+
+For convenience, they are reflected in the GitHub team
+@fluxcd/flux2-maintainers -- if the list here changes, that team also
+should.
+
 In alphabetical order:
 
 Aurel Canciu, Sortlist <aurel@sortlist.com> (github: @relu, slack: relu)
 Hidde Beydals, Weaveworks <hidde@weave.works> (github: @hiddeco, slack: hidde)
+Philip Laine, Xenit <philip.laine@xenit.se> (github: @phillebaba, slack: phillebaba)
 Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)

cmd/flux/create_helmrelease.go

@@ -107,6 +107,7 @@ var (
 	hrTargetNamespace string
 	hrValuesFile      string
 	hrValuesFrom      flags.HelmReleaseValuesFrom
+	hrSAName          string
 )
 
 func init() {
@@ -116,6 +117,7 @@ func init() {
 	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
 	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
 	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
+	createHelmReleaseCmd.Flags().StringVar(&hrSAName, "service-account", "", "the name of the service account to impersonate when reconciling this HelmRelease")
 	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
 	createHelmReleaseCmd.Flags().Var(&hrValuesFrom, "values-from", hrValuesFrom.Description())
 	createCmd.AddCommand(createHelmReleaseCmd)
@@ -167,6 +169,10 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if hrSAName != "" {
+		helmRelease.Spec.ServiceAccountName = hrSAName
+	}
+
 	if hrValuesFile != "" {
 		data, err := ioutil.ReadFile(hrValuesFile)
 		if err != nil {

cmd/flux/create_kustomization.go

@@ -88,13 +88,13 @@ var (
 
 func init() {
 	createKsCmd.Flags().Var(&ksSource, "source", ksSource.Description())
-	createKsCmd.Flags().StringVar(&ksPath, "path", "./", "path to the directory containing the Kustomization file")
+	createKsCmd.Flags().StringVar(&ksPath, "path", "./", "path to the directory containing a kustomization.yaml file")
 	createKsCmd.Flags().BoolVar(&ksPrune, "prune", false, "enable garbage collection")
 	createKsCmd.Flags().StringArrayVar(&ksHealthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
 	createKsCmd.Flags().DurationVar(&ksHealthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
 	createKsCmd.Flags().StringVar(&ksValidation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
 	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
-	createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
+	createKsCmd.Flags().StringVar(&ksSAName, "service-account", "", "the name of the service account to impersonate when reconciling this Kustomization")
 	createKsCmd.Flags().Var(&ksDecryptionProvider, "decryption-provider", ksDecryptionProvider.Description())
 	createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createKsCmd.Flags().StringVar(&ksTargetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")

cmd/flux/create_tenant.go

@@ -55,8 +55,7 @@ reconcilers scope to the tenant namespaces.`,
 }
 
 const (
-	tenantLabel       = "toolkit.fluxcd.io/tenant"
-	tenantRoleBinding = "gotk-reconciler"
+	tenantLabel = "toolkit.fluxcd.io/tenant"
 )
 
 var (
@@ -123,18 +122,20 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 
 		roleBinding := rbacv1.RoleBinding{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      tenantRoleBinding,
+				Name:      fmt.Sprintf("%s-reconciler", tenant),
 				Namespace: ns,
 				Labels:    objLabels,
 			},
 			Subjects: []rbacv1.Subject{
 				{
-					Kind: "User",
-					Name: fmt.Sprintf("gotk:%s:reconciler", ns),
+					APIGroup: "rbac.authorization.k8s.io",
+					Kind:     "User",
+					Name:     fmt.Sprintf("gotk:%s:reconciler", ns),
 				},
 				{
-					Kind: "ServiceAccount",
-					Name: tenant,
+					Kind:      "ServiceAccount",
+					Name:      tenant,
+					Namespace: ns,
 				},
 			},
 			RoleRef: rbacv1.RoleRef{
@@ -290,7 +291,7 @@ func exportTenant(namespace corev1.Namespace, account corev1.ServiceAccount, rol
 	fmt.Println(resourceToString(data))
 
 	account.TypeMeta = metav1.TypeMeta{
-		APIVersion: "",
+		APIVersion: "v1",
 		Kind:       "ServiceAccount",
 	}
 	data, err = yaml.Marshal(account)

cmd/flux/reconcile_alert.go

@@ -64,13 +64,17 @@ func reconcileAlertCmdRun(cmd *cobra.Command, args []string) error {
 		Name:      name,
 	}
 
-	logger.Actionf("annotating Alert %s in %s namespace", name, namespace)
 	var alert notificationv1.Alert
 	err = kubeClient.Get(ctx, namespacedName, &alert)
 	if err != nil {
 		return err
 	}
 
+	if alert.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
+	logger.Actionf("annotating Alert %s in %s namespace", name, namespace)
 	if alert.Annotations == nil {
 		alert.Annotations = map[string]string{
 			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
@@ -78,6 +82,7 @@ func reconcileAlertCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		alert.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
 	}
+
 	if err := kubeClient.Update(ctx, &alert); err != nil {
 		return err
 	}

cmd/flux/reconcile_helmrelease.go

@@ -86,6 +86,10 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if helmRelease.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
 	if syncHrWithSource {
 		switch helmRelease.Spec.Chart.Spec.SourceRef.Kind {
 		case sourcev1.HelmRepositoryKind:

cmd/flux/reconcile_kustomization.go

@@ -84,6 +84,10 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if kustomization.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
 	if syncKsWithSource {
 		switch kustomization.Spec.SourceRef.Kind {
 		case sourcev1.GitRepositoryKind:

cmd/flux/reconcile_receiver.go

@@ -64,13 +64,17 @@ func reconcileReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		Name:      name,
 	}
 
-	logger.Actionf("annotating Receiver %s in %s namespace", name, namespace)
 	var receiver notificationv1.Receiver
 	err = kubeClient.Get(ctx, namespacedName, &receiver)
 	if err != nil {
 		return err
 	}
 
+	if receiver.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
+	logger.Actionf("annotating Receiver %s in %s namespace", name, namespace)
 	if receiver.Annotations == nil {
 		receiver.Annotations = map[string]string{
 			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),

cmd/flux/reconcile_source_bucket.go

@@ -74,6 +74,10 @@ func reconcileSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if bucket.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
 	lastHandledReconcileAt := bucket.Status.LastHandledReconcileAt
 	logger.Actionf("annotating Bucket source %s in %s namespace", name, namespace)
 	if err := requestBucketReconciliation(ctx, kubeClient, namespacedName, &bucket); err != nil {

cmd/flux/reconcile_source_git.go

@@ -72,6 +72,10 @@ func reconcileSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if repository.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
 	logger.Actionf("annotating GitRepository source %s in %s namespace", name, namespace)
 	if err := requestGitRepositoryReconciliation(ctx, kubeClient, namespacedName, &repository); err != nil {
 		return err

cmd/flux/reconcile_source_helm.go

@@ -73,6 +73,10 @@ func reconcileSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if repository.Spec.Suspend {
+		return fmt.Errorf("resource is suspended")
+	}
+
 	logger.Actionf("annotating HelmRepository source %s in %s namespace", name, namespace)
 	if err := requestHelmRepositoryReconciliation(ctx, kubeClient, namespacedName, &repository); err != nil {
 		return err

docs/cmd/flux_create_helmrelease.md

@@ -75,6 +75,7 @@ flux create helmrelease [name] [flags]
       --depends-on stringArray              HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'
   -h, --help                                help for helmrelease
       --release-name string                 name used for the Helm release, defaults to a composition of '[<target-namespace>-]<HelmRelease-name>'
+      --service-account string              the name of the service account to impersonate when reconciling this HelmRelease
       --source helmChartSource              source that contains the chart in the format '<kind>/<name>',where kind can be one of: (HelmRepository, GitRepository, Bucket)
       --target-namespace string             namespace to install this release, defaults to the HelmRelease namespace
       --values string                       local path to the values.yaml file

docs/cmd/flux_create_kustomization.md

@@ -50,9 +50,9 @@ flux create kustomization [name] [flags]
       --health-check stringArray                 workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'
       --health-check-timeout duration            timeout of health checking operations (default 2m0s)
   -h, --help                                     help for kustomization
-      --path string                              path to the directory containing the Kustomization file (default "./")
+      --path string                              path to the directory containing a kustomization.yaml file (default "./")
       --prune                                    enable garbage collection
-      --sa-name string                           service account name
+      --service-account string                   the name of the service account to impersonate when reconciling this Kustomization
       --source kustomizationSource               source that contains the Kubernetes manifests in the format '[<kind>/]<name>',where kind can be one of: (GitRepository, Bucket), if kind is not specified it defaults to GitRepository
       --target-namespace string                  overrides the namespace of all Kustomization objects reconciled by this Kustomization
       --validation string                        validate the manifests before applying them on the cluster, can be 'client' or 'server'

docs/guides/installation.md

@@ -439,6 +439,12 @@ For testing purposes you can install Flux without storing its manifests in a Git
 flux install --arch=amd64
 ```
 
+Or using kustomize and kubectl:
+
+```sh
+kustomize build https://github.com/fluxcd/flux2/manifests/install?ref=main | kubectl apply -f-
+```
+
 Then you can register Git repositories and reconcile them on your cluster:
 
 ```sh
@@ -473,12 +479,75 @@ flux create helmrelease nginx \
   --chart-version="5.x.x"
 ```
 
-## Monitoring with Prometheus and Grafana
+## Upgrade 
 
-Flux comes with a monitoring stack composed of Prometheus and Grafana. The controllers expose
-metrics that can be used to track the readiness of the cluster reconciliation process.
+Update Flux CLI to the latest release with `brew upgrade fluxcd/tap/flux` or by 
+downloading the binary from [GitHub](https://github.com/fluxcd/flux2/releases).
 
-To install the monitoring stack please follow this [guide](monitoring.md).
+Verify that you are running the latest version with:
+
+```sh
+flux --version
+```
+
+### Bootstrap upgrade
+
+If you've used the [bootstrap](#bootstrap) procedure to deploy Flux,
+then rerun the bootstrap command for each cluster using the same arguments as before:
+
+```sh
+flux bootstrap github \
+  --owner=my-github-username \
+  --repository=my-repository \
+  --branch=main \
+  --path=clusters/my-cluster \
+  --personal
+```
+
+The above command will clone the repository, it will update the components manifest in
+`<path>/flux-system/gotk-components.yaml` and it will push the changes to the remote branch.
+
+Tell Flux to pull the manifests from Git and upgrade itself with:
+
+```sh
+flux reconcile source git flux-system
+```
+
+Verify that the controllers have been upgrade with:
+
+```sh
+flux check
+```
+
+### Terraform upgrade
+
+Update the Flux provider to the [latest release](https://github.com/fluxcd/terraform-provider-flux/releases)
+and run `terraform apply`.
+
+Tell Flux to upgrade itself in-cluster or wait for it to pull the latest commit from Git:
+
+```sh
+kubectl annotate --overwrite gitrepository/flux-system reconcile.fluxcd.io/requestedAt="$(date +%s)"
+```
+
+### In-cluster upgrade
+
+If you've installed Flux directly on the cluster, then rerun the install command:
+
+```sh
+flux install --version=latest
+```
+
+The above command will download the latest manifests from
+[GitHub](https://github.com/fluxcd/flux2/releases) and it will apply them on your cluster.
+You can verify that the controllers have been upgraded to the latest version with `flux check`.
+
+If you've installed Flux directly on the cluster with kubectl,
+then rerun the command using the latest manifests from the `main` branch:
+
+```sh
+kustomize build https://github.com/fluxcd/flux2/manifests/install?ref=main | kubectl apply -f-
+```
 
 ## Uninstall
 

go.mod

@@ -4,7 +4,7 @@ go 1.15
 
 require (
 	github.com/blang/semver/v4 v4.0.0
-	github.com/fluxcd/helm-controller/api v0.4.0
+	github.com/fluxcd/helm-controller/api v0.4.1
 	github.com/fluxcd/kustomize-controller/api v0.4.0
 	github.com/fluxcd/notification-controller/api v0.4.0
 	github.com/fluxcd/pkg/apis/meta v0.4.0

go.sum

@@ -132,8 +132,8 @@ github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
 github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller/api v0.4.0 h1:sFWhxiFi1x7IHdmmOAZm4y0aN32O6xTgdt4sXfsW0po=
-github.com/fluxcd/helm-controller/api v0.4.0/go.mod h1:2oU4Q26TW39IGC7tmJehCNJpISj8ovpU0DoRI7Y76wE=
+github.com/fluxcd/helm-controller/api v0.4.1 h1:XOYJQQDukRmMXDuqSusSoW3gOQr7BEPKJfpiUnBQzvQ=
+github.com/fluxcd/helm-controller/api v0.4.1/go.mod h1:2oU4Q26TW39IGC7tmJehCNJpISj8ovpU0DoRI7Y76wE=
 github.com/fluxcd/kustomize-controller/api v0.4.0 h1:QBilPNIFf5VCmJrt0L96iPWfV0lRT28n6vD+W7Kz88s=
 github.com/fluxcd/kustomize-controller/api v0.4.0/go.mod h1:NB4aJ+hSWyg6Tx6p47ZWExzjwq4sPRRYvaP02JrHrNU=
 github.com/fluxcd/notification-controller/api v0.4.0 h1:x7QwF7F/uG0JuaMaEBWqHWhy5DLJEsC3zWlj5rK6kB8=

install/flux.sh

@@ -42,7 +42,10 @@ setup_verify_arch() {
         ARCH=$(uname -m)
     fi
     case ${ARCH} in
-        arm64)
+        arm|armv6l|armv7l)
+            ARCH=arm
+            ;;
+        arm64|aarch64|armv8l)
             ARCH=arm64
             ;;
         amd64)

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/helm-controller/archive/v0.4.0.zip//helm-controller-0.4.0/config/crd
-- https://github.com/fluxcd/helm-controller/archive/v0.4.0.zip//helm-controller-0.4.0/config/manager
+- https://github.com/fluxcd/helm-controller/archive/v0.4.1.zip//helm-controller-0.4.1/config/crd
+- https://github.com/fluxcd/helm-controller/archive/v0.4.1.zip//helm-controller-0.4.1/config/manager
 patchesJson6902:
 - target:
     group: apps