Closed
Description
The 0.39 release comes with SBOMs and SLSA Provenance attached to all the controllers container images. In addition, all controller images have been update to Alpine 3.17 (which contains CVE fixes for OS packages). Starting with this version, the Flux controllers should consume less memory on busy clusters due to the disabling of Secrets and ConfigMaps caching.
TODOs:
- Enable SBOM and SLSA Provenance for Flux container images #3522
- Disable caching of Secret and ConfigMap resources #3426
- Support specifying bearerToken for git http token authentication pkg#442
- Allow force apply to be configured in metadata kustomize-controller#787
- Add json/yaml output to flux push artifact #3540
Release checklist:
- source-controller v0.34.0
- kustomize-controller v0.33.0
- notification-controller v0.31.0
- helm-controller: v0.29.0
- image-automation-controller v0.29.0
- image-reflector-controller v0.24.0
- flux2 v0.39.0
- terraform-provider-flux v0.23.0
Documentation updates:
- Document
CacheSecretsAndConfigMapsfeature gate - Add SBOMs, SLSA Provenance and CVE scanning to https://fluxcd.io/flux/security/
- Publish Flux release change log to GitHub & Slack