Skip to content

feat(github-release): update flux group ( v2.5.1 → v2.9.0 )#445

Open
parsec-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/flux
Open

feat(github-release): update flux group ( v2.5.1 → v2.9.0 )#445
parsec-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/flux

Conversation

@parsec-renovate

@parsec-renovate parsec-renovate Bot commented May 29, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
fluxcd/flux2 Kustomization minor v2.5.1v2.9.0
ghcr.io/fluxcd/flux-manifests minor v2.5.1v2.9.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.9.0

Compare Source

Highlights

Flux v2.9.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.9 GA blog post.

Overview of the new features:

  • Flux CLI Plugin System with the Mirror and Schema plugins (flux plugin)
  • Server-Side Apply field ignore rules for fine-grained drift control (Kustomization)
  • SOPS decryption with the Age post-quantum cipher (Kustomization)
  • Kubernetes Workload Identity authentication for OpenBao and Vault (Kustomization)
  • Helm post-render strategies, including chart hooks support (HelmRelease)
  • Literal mode for Helm values references mirroring helm --set-literal (HelmRelease)
  • Allow empty kind in CEL health check expressions (Kustomization, HelmRelease)
  • Git commit signing and verification with SSH keys (GitRepository, ImageUpdateAutomation)
  • AWS CodeCommit authentication using Workload Identity (GitRepository)
  • Custom Sigstore trusted root for keyless verification in air-gapped environments (OCIRepository)
  • Path pattern directory discovery for monorepos (ArtifactGenerator)
  • Secret-less, OIDC-secured webhook Receivers (Receiver)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.34 >= 1.34.1
v1.35 >= 1.35.0
v1.36 >= 1.36.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs image.toolkit.fluxcd.io/v1beta2 and notification.toolkit.fluxcd.io/v1beta2
have reached end-of-life and have been removed from the CRDs.

Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from older versions of Flux to v2.9.

Components changelog
CLI changelog
New Contributors

Full Changelog: fluxcd/flux2@v2.8.0...v2.9.0

v2.8.8

Compare Source

Highlights

Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)
  • Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)
  • Stop force-applying non-CRD objects placed under a chart's crds/ directory (helm-controller)
  • Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)
  • Improve path handling in the source reconcilers (source-controller)
  • Support Helm semver build-metadata encoding in OCIRepository tags (source-controller)

Improvements:

  • Update go-git to v5.19.1 which fixes CVE-2026-45571 and CVE-2026-45570 (source-controller, image-automation-controller)
  • Move Helm back to upstream v4.2.0 (source-controller, helm-controller)
  • Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)
  • Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller)
  • Update fluxcd/pkg dependencies
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.7...v2.8.8

v2.8.7

Compare Source

Highlights

Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix management of objects annotated with kustomize.toolkit.fluxcd.io/ssa: IfNotPresent where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)

Improvements:

  • Update go-git to v5.19.0 which fixes CVE-2026-45022 (source-controller, image-automation-controller)
  • Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.6...v2.8.7

v2.8.6

Compare Source

Highlights

Flux v2.8.6 is a patch release that includes bug fixes and improvements across helm-controller, image-automation-controller, kustomize-controller, notification-controller, and source-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix a post-renderer conflict between overlapping hooks and templates (helm-controller)
  • Ignore force replace when server-side apply is enabled (helm-controller)
  • Fix a regression where generic providers would not forward commit status events (notification-controller)
  • Require the audience field on the GCR Receiver secret for tighter verification — will become mandatory in Flux v2.9 (notification-controller)

Improvements:

  • Introduce the MigrateAPIVersion feature gate for migrating the API version of resources in managed field entries (kustomize-controller)
  • Update go-git to v5.18.0 bringing performance improvements for Git operations (source-controller, image-automation-controller)
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.5...v2.8.6

v2.8.5

Compare Source

Highlights

Flux v2.8.5 is a patch release that includes bug fixes and improvements across kustomize-controller, source-controller, and notification-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix a race condition where a cancelled reconciliation could leave stale data in the cache, causing Kustomizations to get stuck (kustomize-controller)
  • Fix Azure Blob prefix option not being passed to the storage client (source-controller)

Improvements:

  • Improve error message for encrypted SSH keys without password (source-controller)
  • Add optional email and audience fields to the GCR Receiver for tighter verification (notification-controller)
  • Add provider manifest example for Azure Event Hub managed identity authentication (notification-controller)
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.4...v2.8.5

v2.8.4

Compare Source

Highlights

Flux v2.8.4 is a patch release that includes fixes for the Flux CLI. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix flux build ks and flux diff ks on Windows
  • Fix --source flag validation in create kustomization command
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.3...v2.8.4

v2.8.3

Compare Source

Highlights

Flux v2.8.3 is a patch release that fixes a regression in helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix templating errors for charts that include --- in the content, e.g. YAML separators, embedded scripts, CAs inside ConfigMaps (helm-controller)
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.2...v2.8.3

v2.8.2

Compare Source

Highlights

Flux v2.8.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix enqueuing new reconciliation requests for events on source Flux objects when they are already reconciling the revision present in the watch event (kustomize-controller, helm-controller)
  • Fix the Go templates bug of YAML separator --- getting concatenated to apiVersion: by updating to Helm 4.1.3 (helm-controller)
  • Fix canceled HelmReleases getting stuck when they don't have a retry strategy configured by introducing a new feature gate DefaultToRetryOnFailure that improves the experience when the CancelHealthCheckOnNewRevision is enabled (helm-controller)
  • Fix the auth scope for Azure Container Registry to use the ACR-specific scope (source-controller, image-reflector-controller)
  • Fix potential Denial of Service (DoS) during TLS handshakes (CVE-2026-27138) by building all controllers with Go 1.26.1
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.1...v2.8.2

v2.8.1

Compare Source

Highlights

Flux v2.8.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix Git commit status events being dropped for Kustomizations (notification-controller)
  • Fix health check for StatefulSets when the Pods are Pending/Unschedulable during rollout (helm-controller, kustomize-controller)
Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.8.0...v2.8.1

v2.8.0

Compare Source

Highlights

Flux v2.8.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.8 GA blog post.

Overview of the new features:

  • Helm v4 support, including server-side apply and kstatus-based health checking (HelmRelease)
  • Readiness evaluation of Helm-managed objects with CEL expressions (HelmRelease)
  • Improved observability of Helm releases with inventory tracking in .status.inventory (HelmRelease)
  • Reduced the mean time to recovery of Flux-managed applications via CancelHealthCheckOnNewRevision feature gate (Kustomization, HelmRelease)
  • Support for commenting on Pull Requests directly from Flux notifications (Provider)
  • Custom SSA apply stages for ordering resource application in kustomize-controller (Kustomization)
  • Automatic GitHub App installation ID lookup from the repository owner (GitRepository, ImageUpdateAutomation, Provider)
  • Support for Cosign v3 for verifying OCI artifacts and container images (OCIRepository)
  • ArtifactGenerator support for extracting and modifying Helm charts (ArtifactGenerator)
  • Bypass cache when fetching source objects via DirectSourceFetch feature gate (Kustomization, HelmRelease, ArtifactGenerator)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.33 >= 1.32.0
v1.34 >= 1.34.1
v1.35 >= 1.35.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs v1beta2 and v2beta2 (deprecated in 2024) have reached end-of-life and have been removed from the CRDs.

Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from older versions of Flux to v2.8.

Components changelog
CLI changelog
New Contributors

Full Changelog: fluxcd/flux2@v2.7.0...v2.8.0

v2.7.5

Compare Source

Highlights

Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix HelmRelease history truncation when using the RetryOnFailure strategy.

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.7.4...v2.7.5

v2.7.4

Compare Source

Highlights

Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Add DisableConfigWatchers feature gate to all controllers for disabling the Secrets/ConfigMaps watchers
  • Fix Workload Identity for Azure China Cloud in all controllers
  • Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller
  • Skip secret decryption for remote kustomize patches in kustomize-controller
  • Improve post-build error reporting in kustomize-controller
  • Add ArtifactGenerator to aggregated RBAC roles

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.7.3...v2.7.4

v2.7.3

Compare Source

Highlights

Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Restore SOCKS5 proxy support in all controllers
  • Fix status reporting of HelmReleases with RetryOnFailure strategy
  • Automated retries for ImagePolicies when no image tags are found in the database
  • Fix alerting for Telegram's message_thread_id
  • Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog
CLI changelog

Full Changelog: fluxcd/flux2@v2.7.2...v2.7.3

v2.7.2

Compare Source

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.6.0 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.6.1 ) (minor) Jun 2, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.6.1 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.6.2 ) (minor) Jun 16, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.6.2 ) (minor) feat(github-release): update flux group (minor) Jun 27, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group (minor) feat(github-release): update flux group ( v2.5.1 → v2.6.3 ) (minor) Jun 27, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.6.3 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.6.4 ) (minor) Jul 8, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.6.4 ) (minor) feat(github-release): update flux group (minor) Sep 30, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.0 ) (minor) Sep 30, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.0 ) (minor) feat(github-release): update flux group (minor) Oct 6, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.1 ) (minor) Oct 6, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.1 ) (minor) feat(github-release): update flux group (minor) Oct 8, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.2 ) (minor) Oct 8, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.2 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.3 ) (minor) Oct 28, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.3 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.4 ) (minor) Nov 24, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.4 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.7.5 ) (minor) Nov 27, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.5 ) (minor) feat(container): update ghcr.io/fluxcd/flux-manifests ( v2.5.1 → v2.7.5 ) Feb 4, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(container): update ghcr.io/fluxcd/flux-manifests ( v2.5.1 → v2.7.5 ) feat(github-release): update flux group ( v2.5.1 → v2.7.5 ) (minor) Feb 4, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.7.5 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.0 ) (minor) Feb 24, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.0 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.1 ) (minor) Feb 27, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.1 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.2 ) (minor) Mar 12, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.2 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.3 ) (minor) Mar 16, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.3 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.4 ) (minor) Apr 7, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.4 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.5 ) (minor) Apr 7, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.5 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.6 ) (minor) Apr 21, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.6 ) (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.6 ) May 6, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.6 ) feat(github-release): update flux group (minor) May 12, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group (minor) feat(github-release): update flux group ( v2.5.1 → v2.8.7 ) May 12, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.7 ) feat(github-release): update flux group ( v2.5.1 → v2.8.8 ) May 20, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(github-release): update flux group ( v2.5.1 → v2.8.8 ) feat(github-release): update flux group ( v2.5.1 → v2.9.0 ) Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants