Flux release 1.4.1

This release fixes some wrinkles in the new YAML updating code, so
that YAML multidocs and kubernetes List resources are fully
supported.

It also introduces the fluxctl sync command, which tells Flux to
update from git and apply to Kubernetes -- as requested in
TGI Kubernetes!

Fixes

• Write whole files back after updates, so that multidocs and Lists
  aren't overwritten. A symptom of the problem was that a release
  would return an error something like "Verification failed: resources
  {...} were present before update and not after"
  weaveworks/flux#1137
• Interpret and update CronJob manifests correctly
  weaveworks/flux#1133

Improvements

• Return a more helpful message when Flux can't parse YAML files
  weaveworks/flux#1141
• Bake SSH config into the global location (/etc/ssh), so that it's
  easier to override it by mounting a ConfigMap into /root/.ssh/
  weaveworks/flux#1154
• Reduce the size of list-images API/RPC responses by sending only the
  image metadata that's requested
  weaveworks/flux#913

Flux 1.4.0 release

This release includes a rewrite of the YAML updating code, removing the restrictions on using List resources and files with multiple YAML documents, as well as fixing various bugs (like being confused by the indentation of container blocks).

See https://github.com/weaveworks/flux/blob/1.4.0/site/requirements.md for remaining constraints.

The YAML parser preserves comments and literal quoting, but may reindent blocks the first time it changes a file.

Fixes

• Correct an issue the led to Flux incorrectly reporting resources as read-only weaveworks/flux#1119
• Some YAML update problems were fixed by the rewrite, the most egregious being:
  • botched releases when a YAML has indented container blocks
    weaveworks/flux#1082
  • mangled annotations when using multidoc YAML files
    weaveworks/flux#1044

Improvements

• Rewrite the YAML update code to use a round-tripping parser, rather than regular expressions
  weaveworks/flux#976. This removes the restrictions on how YAMLs are formatted, though there are still going to be corner cases in the parser (verifying changes will mitigate those by failing updates that would corrupt files).

Flux 1.3.1 release

Fixes

• Correct filtering of Helm charts when loading manifests from the git repo weaveworks/flux#1076
• Sync with cluster as soon as the git repository is ready weaveworks/flux#1060
• Avoid panic when reporting on StatefulSet status weaveworks/flux#1062

Improvements

• Changes made to the git repo when releasing new images are now verified, meaning less chance of erroneous changes being committed weaveworks/flux#1094
• The ListImages API method now accepts an argument saying which fields to include for each container. This is intended to cut down the amount of data sent over the wire, since you don't always need the full list of available images weaveworks/flux#1084
• Add (back) the fluxd flag --docker-config so that image registry credentials can be supplied in a file mounted into the container weaveworks/flux#1065. This should make it easier to work around situations in which you don't want to use imagePullSecrets on each resource.
• Label flux and helm-operator images with Open Containers Initiative (OCI) metadata weaveworks/flux#1075

Helm Operator 0.1.0-alpha release

This is the first tagged alpha release of the Flux Helm Operator.

Breaking Changes

• API version updated to helm.integrations.flux.weave.works/v1alpha2 weaveworks/flux#1061
• Values format changed from name-value pairs to key-value entries weaveworks/flux#1035

Flux 1.3.0 release

This minor version release updates the daemon so that it no longer requires a git repo to be configured in order to do something useful. If there's no git repo, it will still scan the cluster and report on workloads and their images, but will treat them as read-only.

Fixes

• Exclude no-longer relevant changes from auto-releases weaveworks/flux#1036
• Make release and auto-release events more accurately record the
  affected resources, by looking at the calculated result weaveworks/flux#1050

Improvements

• Let the flux daemon operate without a git repo, and report cluster resources as read-only when there is no corresponding manifest weaveworks/flux#962
• Reinstate command-line arg for setting the git polling interval --git-poll-interval weaveworks/flux#1030
• Add --git-ci-skip (and for more fine control, --git-ci-skip-message) for customising flux's commit messages such that CI systems ignore the commits weaveworks/flux#1011
• Log the daemon version on startup weaveworks/flux#1017

Flux 1.2.5 release

Fixes

• Handle single-quoted image values in manifests weaveworks/flux#1008

Improvements

• Use a writable tmpfs volume for generating keys, since Kubernetes >=1.10 and GKE (as of March 13 2018) mount secrets as read-only weaveworks/flux#1007. See the note below.

Note on read-only secrets

As mentioned above, Kubernetes 1.10, and GKE as of March 13 2018, mount secrets as read-only. Previously, fluxd used the volume mounted from the secret as a scratch area for generating new SSH key for use with git. If the volume is read-only, this clearly won't work any more.

PR weaveworks/flux#1007 adds a flag --ssh-keygen-dir to fluxd to tell it to use another directory as a key generation scratch area. The intended mode of use is to mount another tmpfs volume, defined just for this purpose and writable, and supply the flag to make fluxd use it. An example is given in deploy/flux-deployment.yaml. Note also that you need to give the secret volume an extra field defaultMode: 0400 so that any existing key is given the right permissions.

You do not need to change your flux deployment config if you are not using Kubernetes 1.10 or GKE. The daemon shall behave as it did before. However, you can safely update your config even if you are not (yet) using Kubernetes 1.10 or GKE.

Flux 1.2.4 release

Fixes

• CLI help examples updated with new resource ID format weaveworks/flux#945
• Fix a panic caused by accessing a nil map when logging events weaveworks/flux#975
• Properly support multi-line lock messages weaveworks/flux#978
• Ignore Helm charts when looking for Kubernetes manifests weaveworks/flux#993

Improvements

• Enable pprof weaveworks/flux#927
• Use a Kubernetes serviceAccount when deploying Flux standalone weaveworks/flux#972
• Ensure at-least-once delivery of events to Weave Cloud weaveworks/flux#973
• Include resource sync errors when logging a sync event weaveworks/flux#970

Flux 1.2.3 release

Fixes

Fix a spin loop in the registry cache weaveworks/flux#928

Flux 1.2.2 release

Fixes

• Correctly handle YAML files with no trailing newline
  weaveworks/flux#916

Improvements

The following improvements are to help if you are running a private
registry.

• Support image registries using basic authentication (rather than
  token-based authentication)
  weaveworks/flux#915
• Introduce the daemon argument --registry-insecure-host for marking
  a registry as accessible via HTTP (rather than HTTPS)
  weaveworks/flux#918
• Better logging of registry fetch failures, for troubleshooting
  weaveworks/flux#898

Flux 1.2.1 release

Fixes

• Fix an issue that prevented fetching tags for private repositories on DockerHub (and self-hosted registries) weaveworks/flux#897