8000 Release kluctl-v2.22.0 · kluctl/kluctl · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

kluctl-v2.22.0
Compare
Choose a tag to compare
@github-actions github-actions released this 02 Nov 09:08
· 454 commits to main since this release
v2.22.0
e447823

Kluctl v2.22.0 comes with improvements, fixes and breaking changes.

Breaking changes

  • credentialsId in helm-chart.yaml is deprecated from now on and will be removed in a future release of Kluctl. See "Authentication to Helm Repositories and OCI Registries" for details.
  • The same applies to the --helm-username=<credsId>:<username> (and all other --helm-xxx arguments) form, which is deprecated from now on. Use the new --helm-username=<my-host.org>/<optional-path>=<username> form instead.
  • The migration code for the legacy flux-kluctl-controller has been removed. This means, you can not use this release to perform the migration from the legacy controller to the new controller anymore. If you still need to do this, upgrade to v2.21.x before and go through the migration before actually upgrading to v2.22.0.
  • spec.source.url, spec.source.path, spec.source.credentials and spec.source.secretRef have been deprecated. See "KluctlDeployment spec changes" for details.

New Features and Improvements

OCI Support

This release introduces support for OCI includes and the sub-command kluctl oci push. General documentation about OCI support can be found here.

Library Projects

Kluctl now supports Library Projects which are meant to be included in other Kluctl deployments. These library projects can define which arguments are mandatory/optional in the same way as you were able to do for regular projects already. Libraries can be included via OCI includes and Git includes.

The first two library projects that you can already use now are the Kluctl Controller and Kluctl Webui deployments.

AWS configuration via .kluctl.yaml

You can now specify AWS configuration in regard to authentication via .kluctl.yaml, either globally or on target level.

This allows you to configure the AWS profile or service account to use whenever AWS gets involved, e.g. in SOPS decryption or when using AWS Secrets Manager vars sources.

A very powerful side-effect of this is that you can re-use IRSA based authentication locally and in the controller.

Comparable support for other cloud providers will follow in future releases (contributions are welcome here).

GCP Secret Manager and Azure Key Vault support

Variable sources now also support GCP Secret Manager and Azure Key Vault.

GitOps sub-commands

Many new sub commands were implemented to control your GitOps deployments. An example is the kluctl gitops deploy sub-command which will trigger a deployment on the controller. kluctl gitops diff can be used to run a dry-run deploy on the controller and show the diff locally.

All these commands can override GitOps configuration or even the source code of individual repositories, so that you can try out things without actually pushing, e.g. do a kluctl gitops diff with your local changes without the need to push your changes or risk any unwanted deployments.

Authentication to Helm Repositories and OCI Registries

Helm Repository and OCI Registry authentication have been unified and can now all be specified the same way via command line or environment variables. See OCI Authentication and Helm Private Repositories for details.

For GitOps, use the newly introduces spec.credentials field to specify Helm and OCI credentials.

KluctlDeployment spec changes

There are multiple changes to the spec of the KluctlDeployment spec. This release tries its best to add compatibility for the old format, but will not improve the old way of specifying source and credentials in the future. These are the changes made:

  • spec.source is now divided into two git and oci sources. This means, instead of specifying spec.source.url, you'd now specify spec.source.git.url or spec.source.oci.url instead. Same applies to spec.source.path.
  • spec.credentials has been introduced while spec.source.secretRef and spec.source.credentials have been deprecated. This new spec field allows to specify multiple sets of credentials for different sets of hosts/registries/repositories.
  • status introduced multiple incompatible changes (field removals) that will make the status of deployments incomplete until the first reconciliation loop finishes. You can usually just ignore this situation.
  • The kluctl.io/request-xxx annotations are now expected to be valid json adhering to the ManualRequest type. This is considered internal API now and it is recommended to use the new kluctl gitops sub-commands from now on.

Helm lookup

Helm lookups are now finally supported. This will fix many issues with Charts that keep re-generating secrets on every deployment.

Other features and improvements

  • kluctl controller run now supports --namespace and --controller-namespace
  • kluctl delete now supports the --no-wait flag
  • Auto-completion can now auto-complete --context and --namespace
  • The kluctl.io/is-ready annotation can now be used to mark an object are ready, so that everything that waits for readiness will always consider it as ready
  • The spec.suspend field is now shown in the additional printer columns (when using kubectl get kluctldeployments for example)
  • Manual deployment requests are now processed even if spec.suspend is true
  • You can now set service account annotations via the controller_service_account_annotations arg in the Kluctl Controller Deployment

Changelog

For a detailed list of changes, see the release comparison: v2.21.0...v2.22.0

Assets 10
Loading
0