Update dependency fluxcd/flux2 to v2.8.8 #301

Merged

Lumpiasty merged 1 commits from renovate/fluxcd-flux2-2.x into fresh-start 2026-05-22 14:56:36 +00:00

Conversation 0 Commits 1 Files Changed 1

+5666 -12098

Renovate commented 2026-05-22 14:46:34 +00:00

Collaborator

Copy Link

Copy Source

This PR contains the following updates:

Package	Update	Change
fluxcd/flux2	minor	v2.5.0 → v2.8.8

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.8.8

Compare Source

Highlights

Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)
• Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)
• Stop force-applying non-CRD objects placed under a chart's crds/ directory (helm-controller)
• Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)
• Improve path handling in the source reconcilers (source-controller)
• Support Helm semver build-metadata encoding in OCIRepository tags (source-controller)

Improvements:

• Update go-git to v5.19.1 which fixes CVE-2026-45571 and CVE-2026-45570 (source-controller, image-automation-controller)
• Move Helm back to upstream v4.2.0 (source-controller, helm-controller)
• Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)
• Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller)
• Update fluxcd/pkg dependencies

Components changelog

• helm-controller v1.5.5
• image-automation-controller v1.1.4
• image-reflector-controller v1.1.2
• source-controller v1.8.5

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5904

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8

v2.8.7

Compare Source

Highlights

Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix management of objects annotated with kustomize.toolkit.fluxcd.io/ssa: IfNotPresent where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)

Improvements:

• Update go-git to v5.19.0 which fixes CVE-2026-45022 (source-controller, image-automation-controller)
• Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)

Components changelog

• helm-controller v1.5.4
• image-automation-controller v1.1.3
• kustomize-controller v1.8.5
• notification-controller v1.8.4
• source-controller v1.8.4

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5891

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7

v2.8.6

Compare Source

Highlights

Flux v2.8.6 is a patch release that includes bug fixes and improvements across helm-controller, image-automation-controller, kustomize-controller, notification-controller, and source-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix a post-renderer conflict between overlapping hooks and templates (helm-controller)
• Ignore force replace when server-side apply is enabled (helm-controller)
• Fix a regression where generic providers would not forward commit status events (notification-controller)
• Require the audience field on the GCR Receiver secret for tighter verification — will become mandatory in Flux v2.9 (notification-controller)

Improvements:

• Introduce the MigrateAPIVersion feature gate for migrating the API version of resources in managed field entries (kustomize-controller)
• Update go-git to v5.18.0 bringing performance improvements for Git operations (source-controller, image-automation-controller)

Components changelog

• helm-controller v1.5.4
• image-automation-controller v1.1.2
• kustomize-controller v1.8.4
• notification-controller v1.8.4
• source-controller v1.8.3

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5857

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.5...v2.8.6

v2.8.5

Compare Source

Highlights

Flux v2.8.5 is a patch release that includes bug fixes and improvements across kustomize-controller, source-controller, and notification-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix a race condition where a cancelled reconciliation could leave stale data in the cache, causing Kustomizations to get stuck (kustomize-controller)
• Fix Azure Blob prefix option not being passed to the storage client (source-controller)

Improvements:

• Improve error message for encrypted SSH keys without password (source-controller)
• Add optional email and audience fields to the GCR Receiver for tighter verification (notification-controller)
• Add provider manifest example for Azure Event Hub managed identity authentication (notification-controller)

Components changelog

• kustomize-controller v1.8.3
• source-controller v1.8.2
• notification-controller v1.8.3

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5822

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.4...v2.8.5

v2.8.4

Compare Source

Highlights

Flux v2.8.4 is a patch release that includes fixes for the Flux CLI. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix flux build ks and flux diff ks on Windows
• Fix --source flag validation in create kustomization command

CLI changelog

• Update fluxcd/pkg dependencies by @​fluxcdbot in #​5796
• [release/v2.8.x] fix: validate --source flag in create kustomization command by @​fluxcdbot in #​5799

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.3...v2.8.4

v2.8.3

Compare Source

Highlights

Flux v2.8.3 is a patch release that fixes a regression in helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix templating errors for charts that include --- in the content, e.g. YAML separators, embedded scripts, CAs inside ConfigMaps (helm-controller)

Components changelog

• helm-controller v1.5.3

CLI changelog

• [release/v2.8.x] Add target branch name to update branch by @​fluxcdbot in #​5774
• Update toolkit components by @​fluxcdbot in #​5779

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.2...v2.8.3

v2.8.2

Compare Source

Highlights

Flux v2.8.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix enqueuing new reconciliation requests for events on source Flux objects when they are already reconciling the revision present in the watch event (kustomize-controller, helm-controller)
• Fix the Go templates bug of YAML separator --- getting concatenated to apiVersion: by updating to Helm 4.1.3 (helm-controller)
• Fix canceled HelmReleases getting stuck when they don't have a retry strategy configured by introducing a new feature gate DefaultToRetryOnFailure that improves the experience when the CancelHealthCheckOnNewRevision is enabled (helm-controller)
• Fix the auth scope for Azure Container Registry to use the ACR-specific scope (source-controller, image-reflector-controller)
• Fix potential Denial of Service (DoS) during TLS handshakes (CVE-2026-27138) by building all controllers with Go 1.26.1

Components changelog

• source-controller v1.8.1
• kustomize-controller v1.8.2
• notification-controller v1.8.2
• helm-controller v1.5.2
• image-reflector-controller v1.1.1
• image-automation-controller v1.1.1
• source-watcher v2.1.1

CLI changelog

• [release/v2.8.x] build(deps): bump the ci group across 1 directory with 11 updates by @​fluxcdbot in #​5765
• Update fluxcd/pkg dependencies by @​fluxcdbot in #​5767
• Update toolkit components by @​matheuscscp in #​5770
• Update fluxcd/pkg dependencies by @​fluxcdbot in #​5771

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.2

v2.8.1

Compare Source

Highlights

Flux v2.8.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix Git commit status events being dropped for Kustomizations (notification-controller)
• Fix health check for StatefulSets when the Pods are Pending/Unschedulable during rollout (helm-controller, kustomize-controller)

Components changelog

• kustomize-controller v1.8.1
• notification-controller v1.8.1
• helm-controller v1.5.1

CLI changelog

• [release/v2.8.x] Remove no longer needed workaround for Flux 2.8 by @​fluxcdbot in #​5735
• Update fluxcd/pkg dependencies by @​fluxcdbot in #​5739
• [release/v2.8.x] Update toolkit components by @​fluxcdbot in #​5741

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.0...v2.8.1

v2.8.0

Compare Source

Highlights

Flux v2.8.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.8 GA blog post.

Overview of the new features:

• Helm v4 support, including server-side apply and kstatus-based health checking (HelmRelease)
• Readiness evaluation of Helm-managed objects with CEL expressions (HelmRelease)
• Improved observability of Helm releases with inventory tracking in .status.inventory (HelmRelease)
• Reduced the mean time to recovery of Flux-managed applications via CancelHealthCheckOnNewRevision feature gate (Kustomization, HelmRelease)
• Support for commenting on Pull Requests directly from Flux notifications (Provider)
• Custom SSA apply stages for ordering resource application in kustomize-controller (Kustomization)
• Automatic GitHub App installation ID lookup from the repository owner (GitRepository, ImageUpdateAutomation, Provider)
• Support for Cosign v3 for verifying OCI artifacts and container images (OCIRepository)
• ArtifactGenerator support for extracting and modifying Helm charts (ArtifactGenerator)
• Bypass cache when fetching source objects via DirectSourceFetch feature gate (Kustomization, HelmRelease, ArtifactGenerator)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.33	>= 1.32.0
v1.34	>= 1.34.1
v1.35	>= 1.35.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs v1beta2 and v2beta2 (deprecated in 2024) have reached end-of-life and have been removed from the CRDs.

Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from older versions of Flux to v2.8.

Components changelog

• source-controller v1.8.0
• kustomize-controller v1.8.0
• notification-controller v1.8.0
• helm-controller v1.5.0
• image-reflector-controller v1.1.0
• image-automation-controller v1.1.0
• source-watcher v2.1.0

CLI changelog

• ci: Set GITHUB_TOKEN in the release-flux-manifests workflow by @​stefanprodan in #​5547
• Add backport label for Flux 2.7 by @​matheuscscp in #​5550
• build(deps): bump the ci group across 1 directory with 3 updates by @​dependabot[bot] in #​5548
• Fix flux push artifact not working with --provider by @​matheuscscp in #​5551
• Extend flux migrate to work with local files by @​matheuscscp in #​5554
• Improve flux migrate for live cluster migrations by @​stefanprodan in #​5558
• Fix flux migrate -f command to work with comments by @​matheuscscp in #​5560
• Add source-watcher to docs by @​stefanprodan in #​5562
• Fix flux migrate -f not considering kind comments by @​matheuscscp in #​5563
• refactor: convert Kustomization resource into unstructured map only once during variable substitution by @​ramasai1 in #​5566
• Update toolkit components by @​fluxcdbot in #​5568
• Disable AUR publishing by @​stefanprodan in #​5570
• Fix manifest generation for --storage-adv-addr and --events-addr flags by @​stefanprodan in #​5574
• Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by @​stefanprodan in #​5576
• Update toolkit components by @​fluxcdbot in #​5578
• Restore GitHub PAT for backports by @​matheuscscp in #​5581
• [RFC-0012] Add command flux get source external by @​dgunzy in #​5555
• fix: handle error when writing password prompt to stdout by @​akshatsinha0 in #​5589
• Pin cosign to v2.6.1 by @​matheuscscp in #​5594
• [RFC-0012] Add command flux export source external by @​dgunzy in #​5583
• Fix bootstrap e2e test for image policy by @​matheuscscp in #​5604
• Update toolkit components by @​fluxcdbot in #​5603
• fix: return accepted values for flags when calling Values.Type() by @​jaxels10 in #​5602
• ci: Include source-watcher in the e2e test suite by @​stefanprodan in #​5614
• Add source.extensions.fluxcd.io group to aggregated RBAC roles by @​matheuscscp in #​5627
• Fix panic on reconcile with source of ExternalArtifact kind by @​matheuscscp in #​5630
• Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by @​matheuscscp in #​5633
• diff: report if object is skipped by @​hown3d in #​5625
• Update toolkit components by @​fluxcdbot in #​5639
• Allow option to skip tenant namespace creation by @​anshuishere in #​5597
• Update toolkit components by @​fluxcdbot in #​5648
• fix: #​5654 by checking if both --chart and --chart-ref are set by @​jaxels10 in #​5656
• Added retry logic with delays to the Flux CLI download by @​ivan-munteanu in #​5659
• Run conformance tests for Kubernetes 1.35.0 by @​stefanprodan in #​5663
• fix: normalize path for Windows compatibility by @​sibasispadhi in #​5674
• Introduce support for looking up GH app installation ID by @​matheuscscp in #​5682
• Update dependencies to Kubernetes v1.35.0 by @​stefanprodan in #​5688
• Fix resume command logging success after reconciliation failure by @​Aman-Cool in #​5690
• Add 2.8 to supported versions for flux migrate -f by @​matheuscscp in #​5713
• Introduce workflow for bumping fluxcd/pkg deps by @​matheuscscp in #​5717
• Update fluxcd/pkg dependencies by @​fluxcdbot in #​5719
• Fix event listing ignoring pagination token by @​matheuscscp in #​5721
• Build with Go 1.26 by @​stefanprodan in #​5723
• Update toolkit components by @​fluxcdbot in #​5722
• Update helm-controller to v1.5.0 by @​fluxcdbot in #​5725
• build(deps): bump the ci group across 1 directory with 12 updates by @​dependabot[bot] in #​5720
• Fix bootstrap failure on Windows cross-drive paths by @​veeceey in #​5726
• Dump debug info on e2e tests by @​matheuscscp in #​5729
• Set Kubernetes 1.33 as min supported version by @​matheuscscp in #​5730
• Update conformance tests to min Kubernetes 1.33 by @​stefanprodan in #​5731

New Contributors

• @​ramasai1 made their first contribution in #​5566
• @​akshatsinha0 made their first contribution in #​5589
• @​jaxels10 made their first contribution in #​5602
• @​hown3d made their first contribution in #​5625
• @​anshuishere made their first contribution in #​5597
• @​ivan-munteanu made their first contribution in #​5659
• @​sibasispadhi made their first contribution in #​5674
• @​Aman-Cool made their first contribution in #​5690
• @​veeceey made their first contribution in #​5726

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.0...v2.8.0

v2.7.5

Compare Source

Highlights

Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix HelmRelease history truncation when using the RetryOnFailure strategy.

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• helm-controller v1.4.5

CLI changelog

• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5649

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5

v2.7.4

Compare Source

Highlights

Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Add DisableConfigWatchers feature gate to all controllers for disabling the Secrets/ConfigMaps watchers
• Fix Workload Identity for Azure China Cloud in all controllers
• Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller
• Skip secret decryption for remote kustomize patches in kustomize-controller
• Improve post-build error reporting in kustomize-controller
• Add ArtifactGenerator to aggregated RBAC roles

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3.
Flux users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• source-controller v1.7.4
• kustomize-controller v1.7.3
• notification-controller v1.7.5
• helm-controller v1.4.4
• image-reflector-controller v1.0.4
• image-automation-controller v1.0.4
• source-watcher v2.0.3

CLI changelog

• [release/v2.7.x] ci: Include source-watcher in the e2e test suite by @​fluxcdbot in #​5615
• [release/v2.7.x] Add source.extensions.fluxcd.io group to aggregated RBAC roles by @​fluxcdbot in #​5628
• [release/v2.7.x] Fix panic on reconcile with source of ExternalArtifact kind by @​fluxcdbot in #​5631
• [release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by @​fluxcdbot in #​5634
• [release/v2.7.x] diff: report if object is skipped by @​fluxcdbot in #​5635
• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5640
• [release/v2.7.x] Allow option to skip tenant namespace creation by @​fluxcdbot in #​5642

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4

v2.7.3

Compare Source

Highlights

Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Restore SOCKS5 proxy support in all controllers
• Fix status reporting of HelmReleases with RetryOnFailure strategy
• Automated retries for ImagePolicies when no image tags are found in the database
• Fix alerting for Telegram's message_thread_id
• Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

• source-controller v1.7.3
• kustomize-controller v1.7.2
• notification-controller v1.7.4
• helm-controller v1.4.3
• image-reflector-controller v1.0.3
• image-automation-controller v1.0.3

CLI changelog

• [release/v2.7.x] Pin cosign to v2.6.1 by @​fluxcdbot in #​5595
• [release/v2.7.x] Update toolkit components by @​fluxcdbot in #​5605
• [release/v2.7.x] fix: return accepted values for flags when calling Values.Type() by @​fluxcdbot in #​5606

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3

v2.7.2

Compare Source

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

• source-controller v1.7.2
• kustomize-controller v1.7.1
• notification-controller v1.7.3
• helm-controller v1.4.2
• image-reflector-controller v1.0.2
• image-automation-controller v1.0.2
• source-watcher v2.0.2

CLI changelog

• [release/v2.7.x] Fix manifest generation for --storage-adv-addr and --events-addr flags by @​github-actions[bot] in #​5575
• [release/v2.7.x] Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by @​github-actions[bot] in #​5577
• [release/v2.7.x] Update toolkit components by @​github-actions[bot] in #​5579

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2

v2.7.1

Compare Source

Highlights

Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Improvements:

• Extend flux migrate with support for migrating manifests in Git repositories to the latest API versions.
• Add recommendations for configuring HelmReleases on production environments.

Fixes:

• Fix flux migrate command to handle managed fields properly.
• Fix self-signed TLS cert handling for public Helm repositories in source-controller.
• Fix the default API versions used by receivers in notification-controller.
• Fix redundant Ready condition patching in helm-controller.
• Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller.

Components changelog

• source-controller v1.7.1
• notification-controller v1.7.2
• helm-controller v1.4.1

CLI changelog

• [release/v2.7.x] Backport CI fixes and updates by @​matheuscscp in #​5552
• [release/v2.7.x] Fix flux push artifact not working with --provider by @​github-actions[bot] in #​5553
• [release/v2.7.x] Extend flux migrate to work with local files by @​github-actions[bot] in #​5557
• [release/v2.7.x] Improve flux migrate for live cluster migrations by @​github-actions[bot] in #​5559
• [release/v2.7.x] Fix flux migrate -f command to work with comments by @​github-actions[bot] in #​5561
• [release/v2.7.x] Fix flux migrate -f not considering kind comments by @​github-actions[bot] in #​5564
• [release/v2.7.x] Update toolkit components by @​github-actions[bot] in #​5569
• [release/v2.7.x] Disable AUR publishing by @​github-actions[bot] in #​5571

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1

v2.7.0

Compare Source

Highlights

Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.7 GA blog post.

Overview of the new features:

• General availability release of the Image Automation APIs (ImagePolicy, ImageRepository, ImageUpdateAutomation)
• Watch for changes in ConfigMaps and Secrets references (Kustomization, HelmRelease)
• Support for remote cluster authentication using Workload Identity (Kustomization, HelmRelease)
• Extend the readiness evaluation of dependencies with CEL expressions (Kustomization, HelmRelease)
• Support for global SOPS Age decryption keys on single-tenant clusters (Kustomization)
• Support for optional Kustomize components (Kustomization)
• Introduce RetryOnFailure lifecycle management strategy (HelmRelease)
• Support mTLS for sending alerts to external systems (Provider)
• Object-level workload identity authentication (Bucket, Provider)
• Support mTLS for GitHub App transport (GitRepository, ImageUpdateAutomation, Provider)
• OpenTelemetry tracing for Kustomization and HelmRelease reconciliation (Provider)
• Support for 3rd-party source controllers (ExternalArtifact)
• Support for source composition and decomposition patterns (ArtifactGenerator)
• CancelHealthCheckOnNewRevision feature gate (kustomize-controller)
• GitSparseCheckout feature gate (image-automation-controller)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.32	>= 1.32.0
v1.33	>= 1.33.0
v1.34	>= 1.34.1

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

⚠️ The Flux APIs v1beta1 and v2beta1 (deprecated in 2023) have reached end-of-life and have been removed from the CRDs.

Unless you are using Flux Operator to deploy the Flux controllers, you must run the flux migrate command on clusters before upgrading.

For more details, please refer to the Flux v2.7 upgrade guide.

Components changelog

• source-controller v1.7.0
• kustomize-controller v1.7.0
• notification-controller v1.7.0 v1.7.1
• helm-controller v1.4.0
• image-reflector-controller v1.0.0 v1.0.1
• image-automation-controller v1.0.0 v1.0.1
• source-watcher v2.0.0 v2.0.1

New Documentation

• ImageRepository v1 specification
• ImagePolicy v1 specification
• ImageUpdateAutomation v1 specification
• ExternalArtifact v1 specification
• ArtifactGenerator v1beta1 specification

CLI changelog

• Add backport label for v2.6.x by @​stefanprodan in #​5379
• Update image-reflector-controller to v0.35.1 by @​fluxcdbot in #​5381
• Add digest pinning to image automation testing by @​stefanprodan in #​5383
• correct small typo by @​JIbald in #​5388
• Remove credentials sync manifests by @​matheuscscp in #​5347
• Add sparse checkout to cli by @​ba-work in #​5389
• fix: Allow Azure CLI calls in flux push artifact --provider azure on DevOps runners by @​matheuscscp in #​5390
• Fix knownhosts key mismatch regression bug by @​matheuscscp in #​5404
• refactor: Use normalize.UnstructuredList instead of ssa.SetNativeKindsDefaults by @​cappyzawa in #​5407
• Make service-account name configurable in flux create tenant by @​reiSh6phoo9o in #​5402
• Update toolkit components by @​fluxcdbot in #​5409
• refactor: cleanup GetArtifactRegistryCredentials error handling by @​cappyzawa in #​5418
• Promote image CLI commands to stable by @​dgunzy in #​5421
• Update toolkit components by @​fluxcdbot in #​5426
• Bump pkg/ssa to v0.49.0 for CABundle validation fix by @​dgunzy in #​5431
• [RFC-0010] Add workload identity support for remote clusters by @​matheuscscp in #​5434
• Update toolkit components by @​fluxcdbot in #​5443
• Fix flux push artifact for insecure registries by @​stefanprodan in #​5449
• [RFC-0010] Add workload identity support for remote generic clusters by @​matheuscscp in #​5452
• Fix flux diff kustomization ignore patterns by @​dgunzy in #​5451
• Update dependencies to Kubernetes 1.33.2 by @​stefanprodan in #​5453
• build(deps): bump the ci group across 1 directory with 7 updates by @​dependabot[bot] in #​5435
• Upgrade fluxcd/pkg dependencies by @​matheuscscp in #​5455
• ci: Use GITHUB_TOKEN for API calls in update workflow by @​stefanprodan in #​5460
• manifests: Add app.kubernetes.io/part-of: flux label to controller pods by @​pinkavaj in #​5440
• Migrate sourcesecret package to runtime/secrets APIs by @​cappyzawa in #​5462
• Implement flux migrate command by @​stefanprodan in #​5473
• [RFC-0007] Implementation history update by @​stefanprodan in #​5480
• Run conformance tests for Kubernetes 1.34.0 by @​stefanprodan in #​5497
• Update to Kubernetes v1.34.0 and Go 1.25.0 by @​stefanprodan in #​5499
• build(deps): bump the ci group across 1 directory with 10 updates by @​dependabot[bot] in #​5500
• Allow the Go runtime to dynamically set GOMAXPROCS by @​stefanprodan in #​5501
• fix(events): respect --all-namespaces flag by @​mohiuddin-khan-shiam in #​5414
• [RFC-0011] OpenTelemetry Tracing by @​adri1197 in #​5321
• [RFC-0012] External Artifact API by @​stefanprodan in #​5292
• Add --show-history flag to debug helmrelease by @​hawkaii in #​5505
• Skip release candidates on updates by @​matheuscscp in #​5507
• ci: Align azure e2e tests secret names with fluxcd/pkg by @​matheuscscp in #​5508
• Update image-reflector-controller to v1.0.0 by @​fluxcdbot in #​5517
• Update source-controller to v1.7.0 by @​fluxcdbot in #​5518
• Add the source-watcher controller to the Flux distribution by @​stefanprodan in #​5519
• Add read-only commands for ArtifactGenerator kind by @​stefanprodan in #​5520
• ci: Add source-watcher to the update workflow by @​stefanprodan in #​5521
• Update image-automation-controller to v1.0.0 by @​fluxcdbot in #​5522
• Update image-reflector-controller to v1.0.1 by @​fluxcdbot in #​5525
• Implement flux [reconcile|suspend|resume] image policy commands by @​lukas8219 in #​5492
• Handle force: enabled annotation in flux diff ks command by @​stefanprodan in #​5528
• ci: Refactor CI with fluxcd/gha-workflows by @​stefanprodan in #​5529
• Remove ArtifactGenerators during uninstall by @​stefanprodan in #​5531
• Add support for ExternalArtifact to flux trace by @​stefanprodan in #​5532
• Set Kubernetes 1.32 as min supported version by @​stefanprodan in #​5533
• build(deps): bump the ci group with 6 updates by @​dependabot[bot] in #​5535
• Add support for custom storage namespace in HelmRelease creation by @​prasad89 in #​5534
• Update toolkit components by @​fluxcdbot in #​5537
• ci: remove cron schedule from update by @​matheuscscp in #​5539
• Update source-watcher to v2.0.1 by @​fluxcdbot in #​5540
• Add --show-history flag to debug kustomization by @​matheuscscp in #​5541
• Update image-automation-controller to v1.0.1 by @​fluxcdbot in #​5542
• fluxcd/flux2/action: Determine latest version without using GitHub API by @​RussellAult in #​5509

New Contributors

• @​JIbald made their first contribution in #​5388
• @​ba-work made their first contribution in #​5389
• @​cappyzawa made their first contribution in #​5407
• @​reiSh6phoo9o made their first contribution in #​5402
• @​pinkavaj made their first contribution in #​5440
• @​mohiuddin-khan-shiam made their first contribution in #​5414
• @​adri1197 made their first contribution in #​5321
• @​hawkaii made their first contribution in #​5505
• @​lukas8219 made their first contribution in #​5492
• @​prasad89 made their first contribution in #​5534
• @​RussellAult made their first contribution in #​5509

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.7.0

v2.6.4

Compare Source

Highlights

Flux v2.6.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix for SOPS decryption with US Government KMS keys failing with the error:

STS: AssumeRoleWithWebIdentity, https response error\n   StatusCode: 0, RequestID: ,
request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp:
lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host

Components changelog

• kustomize-controller v1.6.1

CLI changed

• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5444

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4

v2.6.3

Compare Source

Highlights

Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.

Components changelog

• source-controller v1.6.2
• image-automation-controller v0.41.2

CLI changed

• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5427

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3

v2.6.2

Compare Source

Highlights

Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix authentication for flux push artifact --provider=azure on Azure DevOps runners.
• Fix OIDC authentication for Amazon ECR Public in source-controller and image-reflector-controller.
• Fix knownhosts key mismatch regression bug in the Flux CLI, source-controller and image-automation-controller.

Components changelog

• source-controller v1.6.1
• image-reflector-controller v0.35.2
• image-automation-controller v0.41.1

CLI changelog

• [release/v2.6.x] fix: Allow Azure CLI calls in flux push artifact --provider azure on DevOps runners by @​fluxcdbot in #​5396
• [release/v2.6.x] Fix knownhosts key mismatch regression bug by @​fluxcdbot in #​5405
• [release/v2.6.x] Update toolkit components by @​fluxcdbot in #​5410

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2

v2.6.1

Compare Source

Highlights

Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation.
• Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty.

Components changelog

• image-reflector-controller v0.35.1

CLI changelog

• [release/v2.6.x] Update image-reflector-controller to v0.35.1 by @​fluxcdbot in #​5382
• [release/v2.6.x] Add digest pinning to image automation testing by @​fluxcdbot in #​5384

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1

v2.6.0

Compare Source

Highlights

Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.6 GA blog post.

Overview of the new features:

• General availability release for the Flux OCI Artifacts APIs and flux artifact commands
• Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation)
• Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider)
• Cache registry credentials for cloud providers (OCIRepository, ImageRepository)
• Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation)
• Support for sparse checkout (GitRepository)
• Support for GitHub App authentication (Alert Provider)
• Support for managed Identity authentication to Azure Event Hub (Alert Provider)
• Customize the ID of the Git commit status with CEL expressions (Alert Provider)
• WaitForTermination deletion policy (Kustomization)
• DisableChartDigestTracking feature gate (HelmRelease)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.31	>= 1.31.0
v1.32	>= 1.32.0
v1.33	>= 1.33.0

[!NOTE]
Note that the Flux project offers support only for the latest three minor versions of Kubernetes.
Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as
ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator.
The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

Upgrade Flux from v2.5.0 to v2.6.0 by following the upgrade guide.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain OCIRepository definitions.
2. Add an annotation api.fluxcd.io/upgrade: "v2.6.0" to the OCIRepository resources. (this is not required if Flux Operator is used for upgrade)
3. Commit, push, and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually.
It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

Components changelog

• source-controller v1.6.0
• kustomize-controller v1.6.0
• notification-controller v1.6.0
• helm-controller v1.3.0
• image-reflector-controller v0.35.0
• image-automation-controller v0.41.0

New Documentation

• OCIRepository v1 specification
• AWS integrations
• Azure integrations
• GCP integrations

What's Changed

• fix: correct name on github app secret by @​NotAwar in #​5202
• Update RFC 0008 and RFC 0009 milestones by @​matheuscscp in #​5141
• Update kustomize-controller to v1.5.1 by @​fluxcdbot in #​5214
• Update backport labels for 2.5 by @​matheuscscp in #​5215
• Fix command debug hr not taking targetPath into account by @​matheuscscp in #​5227
• Remove redundant space. by @​laiminhtrung1997 in #​5038
• ci: switch to goreleaser changelog generation by @​y-eight in #​5284
• change: use the default ephemeral GITHUB_TOKEN instead of the static one by @​piontec in #​5282
• add: OSSF scorecard configuration file - ignore false-positive by @​piontec in #​5287
• build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by @​dependabot in #​5295
• Allow to pull/push artifacts to insecure registries without TLS by @​mottetm in #​5299
• [RFC-0010] Multi-Tenant Workload Identity by @​matheuscscp in #​5209
• flux diff: Reset target struct before decoding by @​maboehm in #​5302
• fix: allow recursive dry-run over local sources by @​niveau0 in #​5219
• Run conformance tests for Kubernetes 1.33.0 by @​stefanprodan in #​5318
• Update to Kubernetes 1.33.0 and Go 1.24.0 by @​stefanprodan in #​5323
• [RFC-0010] Remove EKS Pod Identity from the proposal by @​matheuscscp in #​5309
• [RFC-0010] Add RBAC for creating service account tokens by @​matheuscscp in #​5332
• Upgrade fluxcd/pkg auth, oci, git and git/gogit by @​matheuscscp in #​5333
• Fix exit code handling in get command by @​dgunzy in #​5338
• build(deps): bump the ci group across 1 directory with 18 updates by @​dependabot in #​5325
• Fix flux trace for HRs from OCIRepositorys by @​makkes in #​5349
• Fix e2e workflow by @​makkes in #​5351
• [RFC-0010] Update RFC to include opt-in feature gate by @​matheuscscp in #​5354
• [RFC-0010] Update RFC feature gate behavior by @​matheuscscp in #​5355
• Upgrade fluxcd/pkg packages by @​matheuscscp in #​5356
• Upgrade fluxcd/pkg packages by @​matheuscscp in #​5357
• Set Kubernetes 1.31 as min supported version by @​stefanprodan in #​5364
• Update dependencies by @​matheuscscp in #​5366
• Update toolkit components by @​fluxcdbot in #​5368
• Promote artifact commands to stable by @​matheuscscp in #​5369
• Add --interval and --reflect-digest flags to flux create image policy by @​matheuscscp in #​5345
• Update CLI to OCIRepository v1 (GA) by @​stefanprodan in #​5371
• Update dependabot config by @​stefanprodan in #​5373
• Update toolkit components by @​fluxcdbot in #​5370

New Contributors

• @​NotAwar made their first contribution in #​5202
• @​laiminhtrung1997 made their first contribution in #​5038
• @​y-eight made their first contribution in #​5284
• @​piontec made their first contribution in #​5282
• @​mottetm made their first contribution in #​5299
• @​maboehm made their first contribution in #​5302
• @​niveau0 made their first contribution in #​5219
• @​dgunzy made their first contribution in #​5338

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.5.0...v2.6.0

v2.5.1

Compare Source

Highlights

Flux v2.5.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

• Fix a bug introduced in kustomize-controller v1.5.0 that was causing spurious logging for deprecated API versions and health check failures.
• Sanitize the kustomize-controller logs when encountering errors during SOPS decryption.

Components changelog

• kustomize-controller v1.5.1

CLI Changelog

• PR #​5215 - @​matheuscscp - Update backport labels for 2.5
• PR #​5214 - @​fluxcdbot - Update kustomize-controller to v1.5.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [fluxcd/flux2](https://github.com/fluxcd/flux2) | minor | `v2.5.0` → `v2.8.8` | --- ### Release Notes <details> <summary>fluxcd/flux2 (fluxcd/flux2)</summary> ### [`v2.8.8`](https://github.com/fluxcd/flux2/releases/tag/v2.8.8) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8) #### Highlights Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller) - Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller) - Stop force-applying non-CRD objects placed under a chart's `crds/` directory (helm-controller) - Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller) - Improve path handling in the source reconcilers (source-controller) - Support Helm semver build-metadata encoding in OCIRepository tags (source-controller) Improvements: - Update go-git to v5.19.1 which fixes [CVE-2026-45571](https://github.com/advisories/GHSA-crhj-59gh-8x96) and [CVE-2026-45570](https://github.com/advisories/GHSA-m7cr-m3pv-hgrp) (source-controller, image-automation-controller) - Move Helm back to upstream v4.2.0 (source-controller, helm-controller) - Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller) - Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller) - Update fluxcd/pkg dependencies #### Components changelog - helm-controller [v1.5.5](https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md) - image-automation-controller [v1.1.4](https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md) - image-reflector-controller [v1.1.2](https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md) - source-controller [v1.8.5](https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5904](https://github.com/fluxcd/flux2/pull/5904) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8> ### [`v2.8.7`](https://github.com/fluxcd/flux2/releases/tag/v2.8.7) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7) #### Highlights Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix management of objects annotated with `kustomize.toolkit.fluxcd.io/ssa: IfNotPresent` where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller) Improvements: - Update go-git to v5.19.0 which fixes [CVE-2026-45022](https://github.com/advisories/GHSA-389r-gv7p-r3rp) (source-controller, image-automation-controller) - Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller) #### Components changelog - helm-controller [v1.5.4](https://github.com/fluxcd/helm-controller/blob/v1.5.4/CHANGELOG.md) - image-automation-controller [v1.1.3](https://github.com/fluxcd/image-automation-controller/blob/v1.1.3/CHANGELOG.md) - kustomize-controller [v1.8.5](https://github.com/fluxcd/kustomize-controller/blob/v1.8.5/CHANGELOG.md) - notification-controller [v1.8.4](https://github.com/fluxcd/notification-controller/blob/v1.8.4/CHANGELOG.md) - source-controller [v1.8.4](https://github.com/fluxcd/source-controller/blob/v1.8.4/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5891](https://github.com/fluxcd/flux2/pull/5891) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7> ### [`v2.8.6`](https://github.com/fluxcd/flux2/releases/tag/v2.8.6) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.5...v2.8.6) #### Highlights Flux v2.8.6 is a patch release that includes bug fixes and improvements across helm-controller, image-automation-controller, kustomize-controller, notification-controller, and source-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix a post-renderer conflict between overlapping hooks and templates (helm-controller) - Ignore force replace when server-side apply is enabled (helm-controller) - Fix a regression where generic providers would not forward commit status events (notification-controller) - Require the `audience` field on the GCR Receiver secret for tighter verification — will become mandatory in Flux v2.9 (notification-controller) Improvements: - Introduce the `MigrateAPIVersion` feature gate for migrating the API version of resources in managed field entries (kustomize-controller) - Update go-git to v5.18.0 bringing performance improvements for Git operations (source-controller, image-automation-controller) #### Components changelog - helm-controller [v1.5.4](https://github.com/fluxcd/helm-controller/blob/v1.5.4/CHANGELOG.md) - image-automation-controller [v1.1.2](https://github.com/fluxcd/image-automation-controller/blob/v1.1.2/CHANGELOG.md) - kustomize-controller [v1.8.4](https://github.com/fluxcd/kustomize-controller/blob/v1.8.4/CHANGELOG.md) - notification-controller [v1.8.4](https://github.com/fluxcd/notification-controller/blob/v1.8.4/CHANGELOG.md) - source-controller [v1.8.3](https://github.com/fluxcd/source-controller/blob/v1.8.3/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5857](https://github.com/fluxcd/flux2/pull/5857) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.5...v2.8.6> ### [`v2.8.5`](https://github.com/fluxcd/flux2/releases/tag/v2.8.5) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.4...v2.8.5) #### Highlights Flux v2.8.5 is a patch release that includes bug fixes and improvements across kustomize-controller, source-controller, and notification-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix a race condition where a cancelled reconciliation could leave stale data in the cache, causing Kustomizations to get stuck (kustomize-controller) - Fix Azure Blob prefix option not being passed to the storage client (source-controller) Improvements: - Improve error message for encrypted SSH keys without password (source-controller) - Add optional `email` and `audience` fields to the GCR Receiver for tighter verification (notification-controller) - Add provider manifest example for Azure Event Hub managed identity authentication (notification-controller) #### Components changelog - kustomize-controller [v1.8.3](https://github.com/fluxcd/kustomize-controller/blob/v1.8.3/CHANGELOG.md) - source-controller [v1.8.2](https://github.com/fluxcd/source-controller/blob/v1.8.2/CHANGELOG.md) - notification-controller [v1.8.3](https://github.com/fluxcd/notification-controller/blob/v1.8.3/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5822](https://github.com/fluxcd/flux2/pull/5822) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.4...v2.8.5> ### [`v2.8.4`](https://github.com/fluxcd/flux2/releases/tag/v2.8.4) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.3...v2.8.4) #### Highlights Flux v2.8.4 is a patch release that includes fixes for the Flux CLI. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix `flux build ks` and `flux diff ks` on Windows - Fix `--source` flag validation in `create kustomization` command #### CLI changelog - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5796](https://github.com/fluxcd/flux2/pull/5796) - \[release/v2.8.x] fix: validate --source flag in create kustomization command by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5799](https://github.com/fluxcd/flux2/pull/5799) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.3...v2.8.4> ### [`v2.8.3`](https://github.com/fluxcd/flux2/releases/tag/v2.8.3) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.2...v2.8.3) #### Highlights Flux v2.8.3 is a patch release that fixes a regression in helm-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix templating errors for charts that include `---` in the content, e.g. YAML separators, embedded scripts, CAs inside ConfigMaps (helm-controller) #### Components changelog - helm-controller [v1.5.3](https://github.com/fluxcd/helm-controller/blob/v1.5.3/CHANGELOG.md) #### CLI changelog - \[release/v2.8.x] Add target branch name to update branch by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5774](https://github.com/fluxcd/flux2/pull/5774) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5779](https://github.com/fluxcd/flux2/pull/5779) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.2...v2.8.3> ### [`v2.8.2`](https://github.com/fluxcd/flux2/releases/tag/v2.8.2) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.2) #### Highlights Flux v2.8.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix enqueuing new reconciliation requests for events on source Flux objects when they are already reconciling the revision present in the watch event (kustomize-controller, helm-controller) - Fix the Go templates bug of YAML separator `---` getting concatenated to `apiVersion:` by updating to Helm 4.1.3 (helm-controller) - Fix canceled HelmReleases getting stuck when they don't have a retry strategy configured by introducing a new feature gate `DefaultToRetryOnFailure` that improves the experience when the `CancelHealthCheckOnNewRevision` is enabled (helm-controller) - Fix the auth scope for Azure Container Registry to use the ACR-specific scope (source-controller, image-reflector-controller) - Fix potential Denial of Service (DoS) during TLS handshakes (CVE-2026-27138) by building all controllers with Go 1.26.1 #### Components changelog - source-controller [v1.8.1](https://github.com/fluxcd/source-controller/blob/v1.8.1/CHANGELOG.md) - kustomize-controller [v1.8.2](https://github.com/fluxcd/kustomize-controller/blob/v1.8.2/CHANGELOG.md) - notification-controller [v1.8.2](https://github.com/fluxcd/notification-controller/blob/v1.8.2/CHANGELOG.md) - helm-controller [v1.5.2](https://github.com/fluxcd/helm-controller/blob/v1.5.2/CHANGELOG.md) - image-reflector-controller [v1.1.1](https://github.com/fluxcd/image-reflector-controller/blob/v1.1.1/CHANGELOG.md) - image-automation-controller [v1.1.1](https://github.com/fluxcd/image-automation-controller/blob/v1.1.1/CHANGELOG.md) - source-watcher [v2.1.1](https://github.com/fluxcd/source-watcher/blob/v2.1.1/CHANGELOG.md) #### CLI changelog - \[release/v2.8.x] build(deps): bump the ci group across 1 directory with 11 updates by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5765](https://github.com/fluxcd/flux2/pull/5765) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5767](https://github.com/fluxcd/flux2/pull/5767) - Update toolkit components by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5770](https://github.com/fluxcd/flux2/pull/5770) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5771](https://github.com/fluxcd/flux2/pull/5771) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.2> ### [`v2.8.1`](https://github.com/fluxcd/flux2/releases/tag/v2.8.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.0...v2.8.1) #### Highlights Flux v2.8.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix Git commit status events being dropped for Kustomizations (notification-controller) - Fix health check for StatefulSets when the Pods are Pending/Unschedulable during rollout (helm-controller, kustomize-controller) #### Components changelog - kustomize-controller [v1.8.1](https://github.com/fluxcd/kustomize-controller/blob/v1.8.1/CHANGELOG.md) - notification-controller [v1.8.1](https://github.com/fluxcd/notification-controller/blob/v1.8.1/CHANGELOG.md) - helm-controller [v1.5.1](https://github.com/fluxcd/helm-controller/blob/v1.5.1/CHANGELOG.md) #### CLI changelog - \[release/v2.8.x] Remove no longer needed workaround for Flux 2.8 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5735](https://github.com/fluxcd/flux2/pull/5735) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5739](https://github.com/fluxcd/flux2/pull/5739) - \[release/v2.8.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5741](https://github.com/fluxcd/flux2/pull/5741) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.0...v2.8.1> ### [`v2.8.0`](https://github.com/fluxcd/flux2/releases/tag/v2.8.0) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.5...v2.8.0) #### Highlights Flux v2.8.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.8 GA blog post](https://fluxcd.io/blog/2026/02/flux-v2.8.0/). Overview of the new features: - Helm v4 support, including server-side apply and kstatus-based health checking (`HelmRelease`) - Readiness evaluation of Helm-managed objects with CEL expressions (`HelmRelease`) - Improved observability of Helm releases with inventory tracking in `.status.inventory` (`HelmRelease`) - Reduced the mean time to recovery of Flux-managed applications via `CancelHealthCheckOnNewRevision` feature gate (`Kustomization`, `HelmRelease`) - Support for commenting on Pull Requests directly from Flux notifications (`Provider`) - Custom SSA apply stages for ordering resource application in kustomize-controller (`Kustomization`) - Automatic GitHub App installation ID lookup from the repository owner (`GitRepository`, `ImageUpdateAutomation`, `Provider`) - Support for Cosign v3 for verifying OCI artifacts and container images (`OCIRepository`) - ArtifactGenerator support for extracting and modifying Helm charts (`ArtifactGenerator`) - Bypass cache when fetching source objects via `DirectSourceFetch` feature gate (`Kustomization`, `HelmRelease`, `ArtifactGenerator`) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | | ------------------ | ---------------- | | `v1.33` | `>= 1.32.0` | | `v1.34` | `>= 1.34.1` | | `v1.35` | `>= 1.35.0` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. #### Upgrade procedure :warning: The Flux APIs `v1beta2` and `v2beta2` (deprecated in 2024) have reached end-of-life and have been removed from the CRDs. Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from older versions of Flux to v2.8. #### Components changelog - source-controller [v1.8.0](https://github.com/fluxcd/source-controller/blob/v1.8.0/CHANGELOG.md) - kustomize-controller [v1.8.0](https://github.com/fluxcd/kustomize-controller/blob/v1.8.0/CHANGELOG.md) - notification-controller [v1.8.0](https://github.com/fluxcd/notification-controller/blob/v1.8.0/CHANGELOG.md) - helm-controller [v1.5.0](https://github.com/fluxcd/helm-controller/blob/v1.5.0/CHANGELOG.md) - image-reflector-controller [v1.1.0](https://github.com/fluxcd/image-reflector-controller/blob/v1.1.0/CHANGELOG.md) - image-automation-controller [v1.1.0](https://github.com/fluxcd/image-automation-controller/blob/v1.1.0/CHANGELOG.md) - source-watcher [v2.1.0](https://github.com/fluxcd/source-watcher/blob/v2.1.0/CHANGELOG.md) #### CLI changelog - ci: Set `GITHUB_TOKEN` in the `release-flux-manifests` workflow by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5547](https://github.com/fluxcd/flux2/pull/5547) - Add backport label for Flux 2.7 by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5550](https://github.com/fluxcd/flux2/pull/5550) - build(deps): bump the ci group across 1 directory with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5548](https://github.com/fluxcd/flux2/pull/5548) - Fix `flux push artifact` not working with `--provider` by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5551](https://github.com/fluxcd/flux2/pull/5551) - Extend `flux migrate` to work with local files by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5554](https://github.com/fluxcd/flux2/pull/5554) - Improve `flux migrate` for live cluster migrations by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5558](https://github.com/fluxcd/flux2/pull/5558) - Fix `flux migrate -f` command to work with comments by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5560](https://github.com/fluxcd/flux2/pull/5560) - Add source-watcher to docs by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5562](https://github.com/fluxcd/flux2/pull/5562) - Fix `flux migrate -f` not considering kind comments by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5563](https://github.com/fluxcd/flux2/pull/5563) - refactor: convert `Kustomization` resource into unstructured map only once during variable substitution by [@&#8203;ramasai1](https://github.com/ramasai1) in [#&#8203;5566](https://github.com/fluxcd/flux2/pull/5566) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5568](https://github.com/fluxcd/flux2/pull/5568) - Disable AUR publishing by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5570](https://github.com/fluxcd/flux2/pull/5570) - Fix manifest generation for `--storage-adv-addr` and `--events-addr` flags by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5574](https://github.com/fluxcd/flux2/pull/5574) - Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5576](https://github.com/fluxcd/flux2/pull/5576) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5578](https://github.com/fluxcd/flux2/pull/5578) - Restore GitHub PAT for backports by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5581](https://github.com/fluxcd/flux2/pull/5581) - \[RFC-0012] Add command `flux get source external` by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5555](https://github.com/fluxcd/flux2/pull/5555) - fix: handle error when writing password prompt to stdout by [@&#8203;akshatsinha0](https://github.com/akshatsinha0) in [#&#8203;5589](https://github.com/fluxcd/flux2/pull/5589) - Pin cosign to v2.6.1 by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5594](https://github.com/fluxcd/flux2/pull/5594) - \[RFC-0012] Add command `flux export source external` by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5583](https://github.com/fluxcd/flux2/pull/5583) - Fix bootstrap e2e test for image policy by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5604](https://github.com/fluxcd/flux2/pull/5604) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5603](https://github.com/fluxcd/flux2/pull/5603) - fix: return accepted values for flags when calling Values.Type() by [@&#8203;jaxels10](https://github.com/jaxels10) in [#&#8203;5602](https://github.com/fluxcd/flux2/pull/5602) - ci: Include source-watcher in the e2e test suite by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5614](https://github.com/fluxcd/flux2/pull/5614) - Add source.extensions.fluxcd.io group to aggregated RBAC roles by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5627](https://github.com/fluxcd/flux2/pull/5627) - Fix panic on reconcile with source of ExternalArtifact kind by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5630](https://github.com/fluxcd/flux2/pull/5630) - Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5633](https://github.com/fluxcd/flux2/pull/5633) - diff: report if object is skipped by [@&#8203;hown3d](https://github.com/hown3d) in [#&#8203;5625](https://github.com/fluxcd/flux2/pull/5625) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5639](https://github.com/fluxcd/flux2/pull/5639) - Allow option to skip tenant namespace creation by [@&#8203;anshuishere](https://github.com/anshuishere) in [#&#8203;5597](https://github.com/fluxcd/flux2/pull/5597) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5648](https://github.com/fluxcd/flux2/pull/5648) - fix: [#&#8203;5654](https://github.com/fluxcd/flux2/issues/5654) by checking if both --chart and --chart-ref are set by [@&#8203;jaxels10](https://github.com/jaxels10) in [#&#8203;5656](https://github.com/fluxcd/flux2/pull/5656) - Added retry logic with delays to the Flux CLI download by [@&#8203;ivan-munteanu](https://github.com/ivan-munteanu) in [#&#8203;5659](https://github.com/fluxcd/flux2/pull/5659) - Run conformance tests for Kubernetes 1.35.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5663](https://github.com/fluxcd/flux2/pull/5663) - fix: normalize path for Windows compatibility by [@&#8203;sibasispadhi](https://github.com/sibasispadhi) in [#&#8203;5674](https://github.com/fluxcd/flux2/pull/5674) - Introduce support for looking up GH app installation ID by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5682](https://github.com/fluxcd/flux2/pull/5682) - Update dependencies to Kubernetes v1.35.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5688](https://github.com/fluxcd/flux2/pull/5688) - Fix resume command logging success after reconciliation failure by [@&#8203;Aman-Cool](https://github.com/Aman-Cool) in [#&#8203;5690](https://github.com/fluxcd/flux2/pull/5690) - Add 2.8 to supported versions for `flux migrate -f` by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5713](https://github.com/fluxcd/flux2/pull/5713) - Introduce workflow for bumping fluxcd/pkg deps by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5717](https://github.com/fluxcd/flux2/pull/5717) - Update fluxcd/pkg dependencies by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5719](https://github.com/fluxcd/flux2/pull/5719) - Fix event listing ignoring pagination token by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5721](https://github.com/fluxcd/flux2/pull/5721) - Build with Go 1.26 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5723](https://github.com/fluxcd/flux2/pull/5723) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5722](https://github.com/fluxcd/flux2/pull/5722) - Update helm-controller to v1.5.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5725](https://github.com/fluxcd/flux2/pull/5725) - build(deps): bump the ci group across 1 directory with 12 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5720](https://github.com/fluxcd/flux2/pull/5720) - Fix bootstrap failure on Windows cross-drive paths by [@&#8203;veeceey](https://github.com/veeceey) in [#&#8203;5726](https://github.com/fluxcd/flux2/pull/5726) - Dump debug info on e2e tests by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5729](https://github.com/fluxcd/flux2/pull/5729) - Set Kubernetes 1.33 as min supported version by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5730](https://github.com/fluxcd/flux2/pull/5730) - Update conformance tests to min Kubernetes 1.33 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5731](https://github.com/fluxcd/flux2/pull/5731) #### New Contributors - [@&#8203;ramasai1](https://github.com/ramasai1) made their first contribution in [#&#8203;5566](https://github.com/fluxcd/flux2/pull/5566) - [@&#8203;akshatsinha0](https://github.com/akshatsinha0) made their first contribution in [#&#8203;5589](https://github.com/fluxcd/flux2/pull/5589) - [@&#8203;jaxels10](https://github.com/jaxels10) made their first contribution in [#&#8203;5602](https://github.com/fluxcd/flux2/pull/5602) - [@&#8203;hown3d](https://github.com/hown3d) made their first contribution in [#&#8203;5625](https://github.com/fluxcd/flux2/pull/5625) - [@&#8203;anshuishere](https://github.com/anshuishere) made their first contribution in [#&#8203;5597](https://github.com/fluxcd/flux2/pull/5597) - [@&#8203;ivan-munteanu](https://github.com/ivan-munteanu) made their first contribution in [#&#8203;5659](https://github.com/fluxcd/flux2/pull/5659) - [@&#8203;sibasispadhi](https://github.com/sibasispadhi) made their first contribution in [#&#8203;5674](https://github.com/fluxcd/flux2/pull/5674) - [@&#8203;Aman-Cool](https://github.com/Aman-Cool) made their first contribution in [#&#8203;5690](https://github.com/fluxcd/flux2/pull/5690) - [@&#8203;veeceey](https://github.com/veeceey) made their first contribution in [#&#8203;5726](https://github.com/fluxcd/flux2/pull/5726) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.0...v2.8.0> ### [`v2.7.5`](https://github.com/fluxcd/flux2/releases/tag/v2.7.5) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5) #### Highlights Flux v2.7.5 is a patch release that comes with fixes to helm-controller. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix HelmRelease history truncation when using the `RetryOnFailure` strategy. :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. #### Components changelog - helm-controller [v1.4.5](https://github.com/fluxcd/helm-controller/blob/v1.4.5/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5649](https://github.com/fluxcd/flux2/pull/5649) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5> ### [`v2.7.4`](https://github.com/fluxcd/flux2/releases/tag/v2.7.4) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4) #### Highlights Flux v2.7.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Add `DisableConfigWatchers` feature gate to all controllers for disabling the Secrets/ConfigMaps watchers - Fix Workload Identity for Azure China Cloud in all controllers - Update Helm Go SDK to v3.19.2 fixing schema validation issues in helm-controller - Skip secret decryption for remote kustomize patches in kustomize-controller - Improve post-build error reporting in kustomize-controller - Add `ArtifactGenerator` to aggregated RBAC roles :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Flux users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. #### Components changelog - source-controller [v1.7.4](https://github.com/fluxcd/source-controller/blob/v1.7.4/CHANGELOG.md) - kustomize-controller [v1.7.3](https://github.com/fluxcd/kustomize-controller/blob/v1.7.3/CHANGELOG.md) - notification-controller [v1.7.5](https://github.com/fluxcd/notification-controller/blob/v1.7.5/CHANGELOG.md) - helm-controller [v1.4.4](https://github.com/fluxcd/helm-controller/blob/v1.4.4/CHANGELOG.md) - image-reflector-controller [v1.0.4](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.4/CHANGELOG.md) - image-automation-controller [v1.0.4](https://github.com/fluxcd/image-automation-controller/blob/v1.0.4/CHANGELOG.md) - source-watcher [v2.0.3](https://github.com/fluxcd/source-watcher/blob/v2.0.3/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] ci: Include source-watcher in the e2e test suite by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5615](https://github.com/fluxcd/flux2/pull/5615) - \[release/v2.7.x] Add source.extensions.fluxcd.io group to aggregated RBAC roles by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5628](https://github.com/fluxcd/flux2/pull/5628) - \[release/v2.7.x] Fix panic on reconcile with source of ExternalArtifact kind by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5631](https://github.com/fluxcd/flux2/pull/5631) - \[release/v2.7.x] Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5634](https://github.com/fluxcd/flux2/pull/5634) - \[release/v2.7.x] diff: report if object is skipped by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5635](https://github.com/fluxcd/flux2/pull/5635) - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5640](https://github.com/fluxcd/flux2/pull/5640) - \[release/v2.7.x] Allow option to skip tenant namespace creation by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5642](https://github.com/fluxcd/flux2/pull/5642) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4> ### [`v2.7.3`](https://github.com/fluxcd/flux2/releases/tag/v2.7.3) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3) #### Highlights Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Restore SOCKS5 proxy support in all controllers - Fix status reporting of HelmReleases with `RetryOnFailure` strategy - Automated retries for ImagePolicies when no image tags are found in the database - Fix alerting for Telegram's `message_thread_id` - Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher :warning: Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use [Cosign v2.6](https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries) for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8. #### Components changelog - source-controller [v1.7.3](https://github.com/fluxcd/source-controller/blob/v1.7.3/CHANGELOG.md) - kustomize-controller [v1.7.2](https://github.com/fluxcd/kustomize-controller/blob/v1.7.2/CHANGELOG.md) - notification-controller [v1.7.4](https://github.com/fluxcd/notification-controller/blob/v1.7.4/CHANGELOG.md) - helm-controller [v1.4.3](https://github.com/fluxcd/helm-controller/blob/v1.4.3/CHANGELOG.md) - image-reflector-controller [v1.0.3](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.3/CHANGELOG.md) - image-automation-controller [v1.0.3](https://github.com/fluxcd/image-automation-controller/blob/v1.0.3/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Pin cosign to v2.6.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5595](https://github.com/fluxcd/flux2/pull/5595) - \[release/v2.7.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5605](https://github.com/fluxcd/flux2/pull/5605) - \[release/v2.7.x] fix: return accepted values for flags when calling Values.Type() by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5606](https://github.com/fluxcd/flux2/pull/5606) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.2...v2.7.3> ### [`v2.7.2`](https://github.com/fluxcd/flux2/releases/tag/v2.7.2) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2) #### Highlights Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the [Go 1.25.2 release notes](https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ). #### Components changelog - source-controller [v1.7.2](https://github.com/fluxcd/source-controller/blob/v1.7.2/CHANGELOG.md) - kustomize-controller [v1.7.1](https://github.com/fluxcd/kustomize-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.3](https://github.com/fluxcd/notification-controller/blob/v1.7.3/CHANGELOG.md) - helm-controller [v1.4.2](https://github.com/fluxcd/helm-controller/blob/v1.4.2/CHANGELOG.md) - image-reflector-controller [v1.0.2](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.2/CHANGELOG.md) - image-automation-controller [v1.0.2](https://github.com/fluxcd/image-automation-controller/blob/v1.0.2/CHANGELOG.md) - source-watcher [v2.0.2](https://github.com/fluxcd/source-watcher/blob/v2.0.2/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Fix manifest generation for `--storage-adv-addr` and `--events-addr` flags by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5575](https://github.com/fluxcd/flux2/pull/5575) - \[release/v2.7.x] Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5577](https://github.com/fluxcd/flux2/pull/5577) - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5579](https://github.com/fluxcd/flux2/pull/5579) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.1...v2.7.2> ### [`v2.7.1`](https://github.com/fluxcd/flux2/releases/tag/v2.7.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1) #### Highlights Flux v2.7.1 is a patch release that comes with various improvements and fixes. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Improvements: - Extend [flux migrate](https://fluxcd.io/flux/cmd/flux_migrate/) with support for migrating manifests in Git repositories to the latest API versions. - Add [recommendations](https://fluxcd.io/flux/components/helm/helmreleases/#recommended-settings) for configuring HelmReleases on production environments. Fixes: - Fix `flux migrate` command to handle managed fields properly. - Fix self-signed TLS cert handling for public Helm repositories in source-controller. - Fix the default API versions used by receivers in notification-controller. - Fix redundant `Ready` condition patching in helm-controller. - Fix workload identity configuration examples for kubeconfig in helm-controller and kustomize-controller. #### Components changelog - source-controller [v1.7.1](https://github.com/fluxcd/source-controller/blob/v1.7.1/CHANGELOG.md) - notification-controller [v1.7.2](https://github.com/fluxcd/notification-controller/blob/v1.7.2/CHANGELOG.md) - helm-controller [v1.4.1](https://github.com/fluxcd/helm-controller/blob/v1.4.1/CHANGELOG.md) #### CLI changelog - \[release/v2.7.x] Backport CI fixes and updates by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5552](https://github.com/fluxcd/flux2/pull/5552) - \[release/v2.7.x] Fix `flux push artifact` not working with `--provider` by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5553](https://github.com/fluxcd/flux2/pull/5553) - \[release/v2.7.x] Extend `flux migrate` to work with local files by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5557](https://github.com/fluxcd/flux2/pull/5557) - \[release/v2.7.x] Improve `flux migrate` for live cluster migrations by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5559](https://github.com/fluxcd/flux2/pull/5559) - \[release/v2.7.x] Fix `flux migrate -f` command to work with comments by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5561](https://github.com/fluxcd/flux2/pull/5561) - \[release/v2.7.x] Fix `flux migrate -f` not considering kind comments by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5564](https://github.com/fluxcd/flux2/pull/5564) - \[release/v2.7.x] Update toolkit components by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5569](https://github.com/fluxcd/flux2/pull/5569) - \[release/v2.7.x] Disable AUR publishing by [@&#8203;github-actions](https://github.com/github-actions)\[bot] in [#&#8203;5571](https://github.com/fluxcd/flux2/pull/5571) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.7.0...v2.7.1> ### [`v2.7.0`](https://github.com/fluxcd/flux2/releases/tag/v2.7.0) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.4...v2.7.0) #### Highlights Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.7 GA blog post](https://fluxcd.io/blog/2025/09/flux-v2.7.0/). Overview of the new features: - General availability release of the Image Automation APIs (`ImagePolicy`, `ImageRepository`, `ImageUpdateAutomation`) - Watch for changes in ConfigMaps and Secrets references (`Kustomization`, `HelmRelease`) - Support for remote cluster authentication using Workload Identity (`Kustomization`, `HelmRelease`) - Extend the readiness evaluation of dependencies with CEL expressions (`Kustomization`, `HelmRelease`) - Support for global SOPS Age decryption keys on single-tenant clusters (`Kustomization`) - Support for optional Kustomize components (`Kustomization`) - Introduce `RetryOnFailure` lifecycle management strategy (`HelmRelease`) - Support mTLS for sending alerts to external systems (`Provider`) - Object-level workload identity authentication (`Bucket`, `Provider`) - Support mTLS for GitHub App transport (`GitRepository`, `ImageUpdateAutomation`, `Provider`) - OpenTelemetry tracing for `Kustomization` and `HelmRelease` reconciliation (`Provider`) - Support for 3rd-party source controllers (`ExternalArtifact`) - Support for source composition and decomposition patterns (`ArtifactGenerator`) - `CancelHealthCheckOnNewRevision` feature gate (kustomize-controller) - `GitSparseCheckout` feature gate (image-automation-controller) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | | ------------------ | ---------------- | | `v1.32` | `>= 1.32.0` | | `v1.33` | `>= 1.33.0` | | `v1.34` | `>= 1.34.1` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. #### Upgrade procedure :warning: The Flux APIs `v1beta1` and `v2beta1` (deprecated in 2023) have reached end-of-life and have been removed from the CRDs. Unless you are using [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) to deploy the Flux controllers, you must run the `flux migrate` command on clusters before upgrading. For more details, please refer to the [Flux v2.7 upgrade guide](https://fluxcd.io/blog/2025/09/flux-v2.7.0/#upgrade-procedure). #### Components changelog - source-controller [v1.7.0](https://github.com/fluxcd/source-controller/blob/v1.7.0/CHANGELOG.md) - kustomize-controller [v1.7.0](https://github.com/fluxcd/kustomize-controller/blob/v1.7.0/CHANGELOG.md) - notification-controller [v1.7.0](https://github.com/fluxcd/notification-controller/blob/v1.7.0/CHANGELOG.md) [v1.7.1](https://github.com/fluxcd/notification-controller/blob/v1.7.1/CHANGELOG.md) - helm-controller [v1.4.0](https://github.com/fluxcd/helm-controller/blob/v1.4.0/CHANGELOG.md) - image-reflector-controller [v1.0.0](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.0/CHANGELOG.md) [v1.0.1](https://github.com/fluxcd/image-reflector-controller/blob/v1.0.1/CHANGELOG.md) - image-automation-controller [v1.0.0](https://github.com/fluxcd/image-automation-controller/blob/v1.0.0/CHANGELOG.md) [v1.0.1](https://github.com/fluxcd/image-automation-controller/blob/v1.0.1/CHANGELOG.md) - source-watcher [v2.0.0](https://github.com/fluxcd/source-watcher/blob/v2.0.0/CHANGELOG.md) [v2.0.1](https://github.com/fluxcd/source-watcher/blob/v1.0.1/CHANGELOG.md) ##### New Documentation - [ImageRepository v1 specification](https://fluxcd.io/flux/components/image/imagerepositories) - [ImagePolicy v1 specification](https://fluxcd.io/flux/components/image/imagepolicies) - [ImageUpdateAutomation v1 specification](https://fluxcd.io/flux/components/image/imageupdateautomations) - [ExternalArtifact v1 specification](https://fluxcd.io/flux/components/source/externalartifacts) - [ArtifactGenerator v1beta1 specification](https://fluxcd.io/flux/components/source/artifactgenerators) #### CLI changelog - Add backport label for `v2.6.x` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5379](https://github.com/fluxcd/flux2/pull/5379) - Update image-reflector-controller to v0.35.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5381](https://github.com/fluxcd/flux2/pull/5381) - Add digest pinning to image automation testing by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5383](https://github.com/fluxcd/flux2/pull/5383) - correct small typo by [@&#8203;JIbald](https://github.com/JIbald) in [#&#8203;5388](https://github.com/fluxcd/flux2/pull/5388) - Remove credentials sync manifests by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5347](https://github.com/fluxcd/flux2/pull/5347) - Add sparse checkout to cli by [@&#8203;ba-work](https://github.com/ba-work) in [#&#8203;5389](https://github.com/fluxcd/flux2/pull/5389) - fix: Allow Azure CLI calls in `flux push artifact --provider azure` on DevOps runners by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5390](https://github.com/fluxcd/flux2/pull/5390) - Fix `knownhosts key mismatch` regression bug by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5404](https://github.com/fluxcd/flux2/pull/5404) - refactor: Use `normalize.UnstructuredList` instead of `ssa.SetNativeKindsDefaults` by [@&#8203;cappyzawa](https://github.com/cappyzawa) in [#&#8203;5407](https://github.com/fluxcd/flux2/pull/5407) - Make service-account name configurable in `flux create tenant` by [@&#8203;reiSh6phoo9o](https://github.com/reiSh6phoo9o) in [#&#8203;5402](https://github.com/fluxcd/flux2/pull/5402) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5409](https://github.com/fluxcd/flux2/pull/5409) - refactor: cleanup GetArtifactRegistryCredentials error handling by [@&#8203;cappyzawa](https://github.com/cappyzawa) in [#&#8203;5418](https://github.com/fluxcd/flux2/pull/5418) - Promote image CLI commands to stable by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5421](https://github.com/fluxcd/flux2/pull/5421) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5426](https://github.com/fluxcd/flux2/pull/5426) - Bump pkg/ssa to v0.49.0 for CABundle validation fix by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5431](https://github.com/fluxcd/flux2/pull/5431) - \[RFC-0010] Add workload identity support for remote clusters by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5434](https://github.com/fluxcd/flux2/pull/5434) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5443](https://github.com/fluxcd/flux2/pull/5443) - Fix `flux push artifact` for insecure registries by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5449](https://github.com/fluxcd/flux2/pull/5449) - \[RFC-0010] Add workload identity support for remote generic clusters by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5452](https://github.com/fluxcd/flux2/pull/5452) - Fix `flux diff kustomization` ignore patterns by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5451](https://github.com/fluxcd/flux2/pull/5451) - Update dependencies to Kubernetes 1.33.2 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5453](https://github.com/fluxcd/flux2/pull/5453) - build(deps): bump the ci group across 1 directory with 7 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5435](https://github.com/fluxcd/flux2/pull/5435) - Upgrade fluxcd/pkg dependencies by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5455](https://github.com/fluxcd/flux2/pull/5455) - ci: Use GITHUB\_TOKEN for API calls in update workflow by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5460](https://github.com/fluxcd/flux2/pull/5460) - manifests: Add `app.kubernetes.io/part-of: flux` label to controller pods by [@&#8203;pinkavaj](https://github.com/pinkavaj) in [#&#8203;5440](https://github.com/fluxcd/flux2/pull/5440) - Migrate sourcesecret package to runtime/secrets APIs by [@&#8203;cappyzawa](https://github.com/cappyzawa) in [#&#8203;5462](https://github.com/fluxcd/flux2/pull/5462) - Implement `flux migrate` command by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5473](https://github.com/fluxcd/flux2/pull/5473) - \[RFC-0007] Implementation history update by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5480](https://github.com/fluxcd/flux2/pull/5480) - Run conformance tests for Kubernetes 1.34.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5497](https://github.com/fluxcd/flux2/pull/5497) - Update to Kubernetes v1.34.0 and Go 1.25.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5499](https://github.com/fluxcd/flux2/pull/5499) - build(deps): bump the ci group across 1 directory with 10 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5500](https://github.com/fluxcd/flux2/pull/5500) - Allow the Go runtime to dynamically set `GOMAXPROCS` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5501](https://github.com/fluxcd/flux2/pull/5501) - fix(events): respect `--all-namespaces` flag by [@&#8203;mohiuddin-khan-shiam](https://github.com/mohiuddin-khan-shiam) in [#&#8203;5414](https://github.com/fluxcd/flux2/pull/5414) - \[RFC-0011] OpenTelemetry Tracing by [@&#8203;adri1197](https://github.com/adri1197) in [#&#8203;5321](https://github.com/fluxcd/flux2/pull/5321) - \[RFC-0012] External Artifact API by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5292](https://github.com/fluxcd/flux2/pull/5292) - Add `--show-history` flag to `debug helmrelease` by [@&#8203;hawkaii](https://github.com/hawkaii) in [#&#8203;5505](https://github.com/fluxcd/flux2/pull/5505) - Skip release candidates on updates by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5507](https://github.com/fluxcd/flux2/pull/5507) - ci: Align azure e2e tests secret names with fluxcd/pkg by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5508](https://github.com/fluxcd/flux2/pull/5508) - Update image-reflector-controller to v1.0.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5517](https://github.com/fluxcd/flux2/pull/5517) - Update source-controller to v1.7.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5518](https://github.com/fluxcd/flux2/pull/5518) - Add the source-watcher controller to the Flux distribution by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5519](https://github.com/fluxcd/flux2/pull/5519) - Add read-only commands for `ArtifactGenerator` kind by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5520](https://github.com/fluxcd/flux2/pull/5520) - ci: Add source-watcher to the update workflow by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5521](https://github.com/fluxcd/flux2/pull/5521) - Update image-automation-controller to v1.0.0 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5522](https://github.com/fluxcd/flux2/pull/5522) - Update image-reflector-controller to v1.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5525](https://github.com/fluxcd/flux2/pull/5525) - Implement `flux [reconcile|suspend|resume] image policy` commands by [@&#8203;lukas8219](https://github.com/lukas8219) in [#&#8203;5492](https://github.com/fluxcd/flux2/pull/5492) - Handle `force: enabled` annotation in `flux diff ks` command by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5528](https://github.com/fluxcd/flux2/pull/5528) - ci: Refactor CI with `fluxcd/gha-workflows` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5529](https://github.com/fluxcd/flux2/pull/5529) - Remove `ArtifactGenerators` during uninstall by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5531](https://github.com/fluxcd/flux2/pull/5531) - Add support for `ExternalArtifact` to `flux trace` by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5532](https://github.com/fluxcd/flux2/pull/5532) - Set Kubernetes 1.32 as min supported version by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5533](https://github.com/fluxcd/flux2/pull/5533) - build(deps): bump the ci group with 6 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;5535](https://github.com/fluxcd/flux2/pull/5535) - Add support for custom storage namespace in HelmRelease creation by [@&#8203;prasad89](https://github.com/prasad89) in [#&#8203;5534](https://github.com/fluxcd/flux2/pull/5534) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5537](https://github.com/fluxcd/flux2/pull/5537) - ci: remove cron schedule from update by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5539](https://github.com/fluxcd/flux2/pull/5539) - Update source-watcher to v2.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5540](https://github.com/fluxcd/flux2/pull/5540) - Add `--show-history` flag to `debug kustomization` by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5541](https://github.com/fluxcd/flux2/pull/5541) - Update image-automation-controller to v1.0.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5542](https://github.com/fluxcd/flux2/pull/5542) - `fluxcd/flux2/action`: Determine latest version without using GitHub API by [@&#8203;RussellAult](https://github.com/RussellAult) in [#&#8203;5509](https://github.com/fluxcd/flux2/pull/5509) #### New Contributors - [@&#8203;JIbald](https://github.com/JIbald) made their first contribution in [#&#8203;5388](https://github.com/fluxcd/flux2/pull/5388) - [@&#8203;ba-work](https://github.com/ba-work) made their first contribution in [#&#8203;5389](https://github.com/fluxcd/flux2/pull/5389) - [@&#8203;cappyzawa](https://github.com/cappyzawa) made their first contribution in [#&#8203;5407](https://github.com/fluxcd/flux2/pull/5407) - [@&#8203;reiSh6phoo9o](https://github.com/reiSh6phoo9o) made their first contribution in [#&#8203;5402](https://github.com/fluxcd/flux2/pull/5402) - [@&#8203;pinkavaj](https://github.com/pinkavaj) made their first contribution in [#&#8203;5440](https://github.com/fluxcd/flux2/pull/5440) - [@&#8203;mohiuddin-khan-shiam](https://github.com/mohiuddin-khan-shiam) made their first contribution in [#&#8203;5414](https://github.com/fluxcd/flux2/pull/5414) - [@&#8203;adri1197](https://github.com/adri1197) made their first contribution in [#&#8203;5321](https://github.com/fluxcd/flux2/pull/5321) - [@&#8203;hawkaii](https://github.com/hawkaii) made their first contribution in [#&#8203;5505](https://github.com/fluxcd/flux2/pull/5505) - [@&#8203;lukas8219](https://github.com/lukas8219) made their first contribution in [#&#8203;5492](https://github.com/fluxcd/flux2/pull/5492) - [@&#8203;prasad89](https://github.com/prasad89) made their first contribution in [#&#8203;5534](https://github.com/fluxcd/flux2/pull/5534) - [@&#8203;RussellAult](https://github.com/RussellAult) made their first contribution in [#&#8203;5509](https://github.com/fluxcd/flux2/pull/5509) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.6.0...v2.7.0> ### [`v2.6.4`](https://github.com/fluxcd/flux2/releases/tag/v2.6.4) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4) #### Highlights Flux v2.6.4 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix for SOPS decryption with US Government KMS keys failing with the error: ``` STS: AssumeRoleWithWebIdentity, https response error\n StatusCode: 0, RequestID: , request send failed, Post\n \"https://sts.arn.amazonaws.com/\": dial tcp: lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host ``` #### Components changelog - kustomize-controller [v1.6.1](https://github.com/fluxcd/kustomize-controller/blob/v1.6.1/CHANGELOG.md) #### CLI changed - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5444](https://github.com/fluxcd/flux2/pull/5444) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.6.3...v2.6.4> ### [`v2.6.3`](https://github.com/fluxcd/flux2/releases/tag/v2.6.3) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3) #### Highlights Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix for `rsa-sha2-512` and `rsa-sha2-256` algorithms not being prioritized for `ssh-rsa` host keys in source-controller, image-automation-controller and Flux CLI bootstrap. #### Components changelog - source-controller [v1.6.2](https://github.com/fluxcd/source-controller/blob/v1.6.2/CHANGELOG.md) - image-automation-controller [v0.41.2](https://github.com/fluxcd/image-automation-controller/blob/v0.41.2/CHANGELOG.md) #### CLI changed - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5427](https://github.com/fluxcd/flux2/pull/5427) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3> ### [`v2.6.2`](https://github.com/fluxcd/flux2/releases/tag/v2.6.2) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2) #### Highlights Flux v2.6.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix authentication for `flux push artifact --provider=azure` on Azure DevOps runners. - Fix OIDC authentication for [Amazon ECR Public](https://fluxcd.io/flux/integrations/aws/#for-amazon-public-elastic-container-registry) in source-controller and image-reflector-controller. - Fix `knownhosts key mismatch` regression bug in the Flux CLI, source-controller and image-automation-controller. #### Components changelog - source-controller [v1.6.1](https://github.com/fluxcd/source-controller/blob/v1.6.1/CHANGELOG.md) - image-reflector-controller [v0.35.2](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.2/CHANGELOG.md) - image-automation-controller [v0.41.1](https://github.com/fluxcd/image-automation-controller/blob/v0.41.1/CHANGELOG.md) #### CLI changelog - \[release/v2.6.x] fix: Allow Azure CLI calls in `flux push artifact --provider azure` on DevOps runners by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5396](https://github.com/fluxcd/flux2/pull/5396) - \[release/v2.6.x] Fix `knownhosts key mismatch` regression bug by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5405](https://github.com/fluxcd/flux2/pull/5405) - \[release/v2.6.x] Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5410](https://github.com/fluxcd/flux2/pull/5410) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.6.1...v2.6.2> ### [`v2.6.1`](https://github.com/fluxcd/flux2/releases/tag/v2.6.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1) #### Highlights Flux v2.6.1 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix a bug introduced in image-reflector-controller v0.35.0 that was causing spurious error events for policies during image repository reconciliation. - Fix excessive logging in image-reflector-controller after a restart when the image tags cache is empty. #### Components changelog - image-reflector-controller [v0.35.1](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.1/CHANGELOG.md) #### CLI changelog - \[release/v2.6.x] Update image-reflector-controller to v0.35.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5382](https://github.com/fluxcd/flux2/pull/5382) - \[release/v2.6.x] Add digest pinning to image automation testing by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5384](https://github.com/fluxcd/flux2/pull/5384) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.6.0...v2.6.1> ### [`v2.6.0`](https://github.com/fluxcd/flux2/releases/tag/v2.6.0) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.5.1...v2.6.0) #### Highlights Flux v2.6.0 is a feature release. Users are encouraged to upgrade for the best experience. For a compressive overview of new features and API changes included in this release, please refer to the [Announcing Flux 2.6 GA blog post](https://fluxcd.io/blog/2025/05/flux-v2.6.0/). Overview of the new features: - General availability release for the Flux OCI Artifacts APIs and `flux artifact` commands - Support for OCI digests pinning (ImagePolicy, ImageUpdateAutomation) - Object-level workload identity authentication (OCIRepository, ImageRepository, Kustomization, Alert Provider) - Cache registry credentials for cloud providers (OCIRepository, ImageRepository) - Git HTTP/S Mutual TLS authentication (GitRepository, ImageUpdateAutomation) - Support for sparse checkout (GitRepository) - Support for GitHub App authentication (Alert Provider) - Support for managed Identity authentication to Azure Event Hub (Alert Provider) - Customize the ID of the Git commit status with CEL expressions (Alert Provider) - `WaitForTermination` deletion policy (Kustomization) - `DisableChartDigestTracking` feature gate (HelmRelease) ❤️ Big thanks to all the Flux contributors that helped us with this release! ##### Kubernetes compatibility This release is compatible with the following Kubernetes versions: | Kubernetes version | Minimum required | | ------------------ | ---------------- | | `v1.31` | `>= 1.31.0` | | `v1.32` | `>= 1.32.0` | | `v1.33` | `>= 1.33.0` | > \[!NOTE] > Note that the Flux project offers support only for the latest three minor versions of Kubernetes. > Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as > [ControlPlane](https://control-plane.io/enterprise-for-flux-cd/) that provide enterprise support for Flux. ##### OpenShift compatibility Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using [Flux Operator](https://operatorhub.io/operator/flux-operator). The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage. #### Upgrade procedure Upgrade Flux from `v2.5.0` to `v2.6.0` by following the [upgrade guide](https://fluxcd.io/flux/installation/upgrade/). To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git: 1. Set `apiVersion: source.toolkit.fluxcd.io/v1` in the YAML files that contain `OCIRepository` definitions. 2. Add an annotation `api.fluxcd.io/upgrade: "v2.6.0"` to the `OCIRepository` resources. (this is not required if Flux Operator is used for upgrade) 3. Commit, push, and reconcile the API version changes. Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the deprecated versions will be removed after 6 months. #### Components changelog - source-controller [v1.6.0](https://github.com/fluxcd/source-controller/blob/v1.6.0/CHANGELOG.md) - kustomize-controller [v1.6.0](https://github.com/fluxcd/kustomize-controller/blob/v1.6.0/CHANGELOG.md) - notification-controller [v1.6.0](https://github.com/fluxcd/notification-controller/blob/v1.6.0/CHANGELOG.md) - helm-controller [v1.3.0](https://github.com/fluxcd/helm-controller/blob/v1.3.0/CHANGELOG.md) - image-reflector-controller [v0.35.0](https://github.com/fluxcd/image-reflector-controller/blob/v0.35.0/CHANGELOG.md) - image-automation-controller [v0.41.0](https://github.com/fluxcd/image-automation-controller/blob/v0.41.0/CHANGELOG.md) ##### New Documentation - [OCIRepository v1 specification](https://fluxcd.io/flux/components/source/ocirepositories/) - [AWS integrations](https://fluxcd.io/flux/integrations/aws/) - [Azure integrations](https://fluxcd.io/flux/integrations/azure/) - [GCP integrations](https://fluxcd.io/flux/integrations/gcp/) #### What's Changed - fix: correct name on github app secret by [@&#8203;NotAwar](https://github.com/NotAwar) in [#&#8203;5202](https://github.com/fluxcd/flux2/pull/5202) - Update RFC 0008 and RFC 0009 milestones by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5141](https://github.com/fluxcd/flux2/pull/5141) - Update kustomize-controller to v1.5.1 by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5214](https://github.com/fluxcd/flux2/pull/5214) - Update backport labels for 2.5 by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5215](https://github.com/fluxcd/flux2/pull/5215) - Fix command debug hr not taking targetPath into account by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5227](https://github.com/fluxcd/flux2/pull/5227) - Remove redundant space. by [@&#8203;laiminhtrung1997](https://github.com/laiminhtrung1997) in [#&#8203;5038](https://github.com/fluxcd/flux2/pull/5038) - ci: switch to goreleaser changelog generation by [@&#8203;y-eight](https://github.com/y-eight) in [#&#8203;5284](https://github.com/fluxcd/flux2/pull/5284) - change: use the default ephemeral GITHUB\_TOKEN instead of the static one by [@&#8203;piontec](https://github.com/piontec) in [#&#8203;5282](https://github.com/fluxcd/flux2/pull/5282) - add: OSSF scorecard configuration file - ignore false-positive by [@&#8203;piontec](https://github.com/piontec) in [#&#8203;5287](https://github.com/fluxcd/flux2/pull/5287) - build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;5295](https://github.com/fluxcd/flux2/pull/5295) - Allow to pull/push artifacts to insecure registries without TLS by [@&#8203;mottetm](https://github.com/mottetm) in [#&#8203;5299](https://github.com/fluxcd/flux2/pull/5299) - \[RFC-0010] Multi-Tenant Workload Identity by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5209](https://github.com/fluxcd/flux2/pull/5209) - flux diff: Reset target struct before decoding by [@&#8203;maboehm](https://github.com/maboehm) in [#&#8203;5302](https://github.com/fluxcd/flux2/pull/5302) - fix: allow recursive dry-run over local sources by [@&#8203;niveau0](https://github.com/niveau0) in [#&#8203;5219](https://github.com/fluxcd/flux2/pull/5219) - Run conformance tests for Kubernetes 1.33.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5318](https://github.com/fluxcd/flux2/pull/5318) - Update to Kubernetes 1.33.0 and Go 1.24.0 by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5323](https://github.com/fluxcd/flux2/pull/5323) - \[RFC-0010] Remove EKS Pod Identity from the proposal by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5309](https://github.com/fluxcd/flux2/pull/5309) - \[RFC-0010] Add RBAC for creating service account tokens by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5332](https://github.com/fluxcd/flux2/pull/5332) - Upgrade fluxcd/pkg auth, oci, git and git/gogit by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5333](https://github.com/fluxcd/flux2/pull/5333) - Fix exit code handling in get command by [@&#8203;dgunzy](https://github.com/dgunzy) in [#&#8203;5338](https://github.com/fluxcd/flux2/pull/5338) - build(deps): bump the ci group across 1 directory with 18 updates by [@&#8203;dependabot](https://github.com/dependabot) in [#&#8203;5325](https://github.com/fluxcd/flux2/pull/5325) - Fix `flux trace` for HRs from `OCIRepository`s by [@&#8203;makkes](https://github.com/makkes) in [#&#8203;5349](https://github.com/fluxcd/flux2/pull/5349) - Fix e2e workflow by [@&#8203;makkes](https://github.com/makkes) in [#&#8203;5351](https://github.com/fluxcd/flux2/pull/5351) - \[RFC-0010] Update RFC to include opt-in feature gate by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5354](https://github.com/fluxcd/flux2/pull/5354) - \[RFC-0010] Update RFC feature gate behavior by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5355](https://github.com/fluxcd/flux2/pull/5355) - Upgrade fluxcd/pkg packages by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5356](https://github.com/fluxcd/flux2/pull/5356) - Upgrade fluxcd/pkg packages by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5357](https://github.com/fluxcd/flux2/pull/5357) - Set Kubernetes 1.31 as min supported version by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5364](https://github.com/fluxcd/flux2/pull/5364) - Update dependencies by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5366](https://github.com/fluxcd/flux2/pull/5366) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5368](https://github.com/fluxcd/flux2/pull/5368) - Promote artifact commands to stable by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5369](https://github.com/fluxcd/flux2/pull/5369) - Add --interval and --reflect-digest flags to flux create image policy by [@&#8203;matheuscscp](https://github.com/matheuscscp) in [#&#8203;5345](https://github.com/fluxcd/flux2/pull/5345) - Update CLI to OCIRepository v1 (GA) by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5371](https://github.com/fluxcd/flux2/pull/5371) - Update dependabot config by [@&#8203;stefanprodan](https://github.com/stefanprodan) in [#&#8203;5373](https://github.com/fluxcd/flux2/pull/5373) - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5370](https://github.com/fluxcd/flux2/pull/5370) #### New Contributors - [@&#8203;NotAwar](https://github.com/NotAwar) made their first contribution in [#&#8203;5202](https://github.com/fluxcd/flux2/pull/5202) - [@&#8203;laiminhtrung1997](https://github.com/laiminhtrung1997) made their first contribution in [#&#8203;5038](https://github.com/fluxcd/flux2/pull/5038) - [@&#8203;y-eight](https://github.com/y-eight) made their first contribution in [#&#8203;5284](https://github.com/fluxcd/flux2/pull/5284) - [@&#8203;piontec](https://github.com/piontec) made their first contribution in [#&#8203;5282](https://github.com/fluxcd/flux2/pull/5282) - [@&#8203;mottetm](https://github.com/mottetm) made their first contribution in [#&#8203;5299](https://github.com/fluxcd/flux2/pull/5299) - [@&#8203;maboehm](https://github.com/maboehm) made their first contribution in [#&#8203;5302](https://github.com/fluxcd/flux2/pull/5302) - [@&#8203;niveau0](https://github.com/niveau0) made their first contribution in [#&#8203;5219](https://github.com/fluxcd/flux2/pull/5219) - [@&#8203;dgunzy](https://github.com/dgunzy) made their first contribution in [#&#8203;5338](https://github.com/fluxcd/flux2/pull/5338) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.5.0...v2.6.0> ### [`v2.5.1`](https://github.com/fluxcd/flux2/releases/tag/v2.5.1) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.5.0...v2.5.1) #### Highlights Flux v2.5.1 is a patch release which comes with various fixes. Users are encouraged to upgrade for the best experience. Fixes: - Fix a bug introduced in kustomize-controller v1.5.0 that was causing spurious logging for deprecated API versions and health check failures. - Sanitize the kustomize-controller logs when encountering errors during SOPS decryption. #### Components changelog - kustomize-controller [v1.5.1](https://github.com/fluxcd/kustomize-controller/blob/v1.5.1/CHANGELOG.md) #### CLI Changelog - PR [#&#8203;5215](https://github.com/fluxcd/flux2/issues/5215) - [@&#8203;matheuscscp](https://github.com/matheuscscp) - Update backport labels for 2.5 - PR [#&#8203;5214](https://github.com/fluxcd/flux2/issues/5214) - [@&#8203;fluxcdbot](https://github.com/fluxcdbot) - Update kustomize-controller to v1.5.1 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoiZnJlc2gtc3RhcnQiLCJsYWJlbHMiOltdfQ==-->

Renovate added 1 commit 2026-05-22 14:46:34 +00:00

Update dependency fluxcd/flux2 to v2.8.8 c695d744eb

Lumpiasty merged commit 201e402c14 into fresh-start 2026-05-22 14:56:36 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Renovate Lumpiasty

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Lumpiasty/klaster#301