Update structure for Flux 2.7

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

Author: stefanprodan

.github/workflows/e2e.yaml

@@ -11,15 +11,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup Flux
         uses: fluxcd/flux2/action@main
       - name: Setup Kubernetes
-        uses: helm/kind-action@v1.7.0
+        uses: helm/kind-action@v1.12.0
         with:
           cluster_name: flux
+          version: v0.30.0
+          node_image: kindest/node:v1.33.4
       - name: Install Flux in Kubernetes Kind
-        run: flux install
+        run: flux install --components-extra source-watcher
       - name: Setup cluster reconciliation
         run: |
           flux create source git flux-system \
@@ -38,6 +40,8 @@ jobs:
       - name: Verify helm reconciliation
         run: |
           kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
+      - name: List deployed resources
+        run: flux tree ks flux-system
       - name: Debug failure
         if: failure()
         run: |

.github/workflows/test.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup yq
         uses: fluxcd/pkg/actions/yq@main
       - name: Setup kubeconform

README.md

@@ -14,7 +14,7 @@ upgrade the Helm releases to their latest chart version based on semver ranges.
 
 ## Prerequisites
 
-You will need a Kubernetes cluster version 1.28 or newer.
+You will need a Kubernetes cluster version 1.33 or newer.
 For a quick local test, you can use [Kubernetes kind](https://kind.sigs.k8s.io/docs/user/quick-start/).
 Any other Kubernetes setup will work as well though.
 
@@ -122,7 +122,7 @@ spec:
         - host: podinfo.staging
 ```
 
-Note that with ` version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
+Note that with `version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
 the `HelmRelease` to the latest chart version including alpha, beta and pre-releases.
 
 In **apps/production/** dir we have a Kustomize patch with the production specific values:
@@ -164,31 +164,41 @@ The infrastructure is structured into:
     └── kustomization.yaml
 ```
 
-In **infrastructure/controllers/** dir we have the Flux `HelmRepository` and `HelmRelease` definitions such as:
+In **infrastructure/controllers/** dir we have the Flux definitions such as:
 
 ```yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: oci://quay.io/jetstack/charts/cert-manager
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x"
+---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: "1.x"
-      sourceRef:
-        kind: HelmRepository
-        name: cert-manager
-        namespace: cert-manager
-      interval: 12h
+  interval: 12h
+  chartRef:
+    kind: OCIRepository
+    name: cert-manager
   values:
-    installCRDs: true
+    crds:
+      enabled: true
+      keep: false
 ```
 
-Note that with ` interval: 12h` we configure Flux to pull the Helm repository index every twelfth hours to check for updates.
-If the new chart version that matches the `1.x` semver range is found, Flux will upgrade the release.
+Note that in the `OCIRepository` we configure Flux to check for new chart versions every 24 hours.
+If a newer chart is found that matches the `semver: 1.x` constraint, Flux will upgrade the release accordingly.
 
 In **infrastructure/configs/** dir we have Kubernetes custom resources, such as the Let's Encrypt issuer:
 
@@ -258,18 +268,20 @@ metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/staging
+    kind: ExternalArtifact
+    name: apps
+  path: ./staging
   prune: true
   wait: true
 ```
 
-Note that with `path: ./apps/staging` we configure Flux to sync the staging Kustomize overlay and 
+Note that with `path: ./staging` we configure Flux to sync the apps staging Kustomize overlay and 
 with `dependsOn` we tell Flux to create the infrastructure items before deploying the apps.
 
 Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name:
@@ -290,6 +302,7 @@ Set the kubectl context to your staging cluster and bootstrap Flux:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=staging \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -328,6 +341,7 @@ Bootstrap Flux on production by setting the context and path to your production
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=production \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -383,6 +397,7 @@ Set the kubectl context and path to your dev cluster and bootstrap Flux:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=dev \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -400,6 +415,7 @@ Bootstrap the `production-clone` cluster:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=production-clone \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \

clusters/production/apps.yaml

@@ -5,13 +5,14 @@ metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/production
+    kind: ExternalArtifact
+    name: apps
+  path: ./production
   prune: true
   wait: true
-  timeout: 5m0s

clusters/production/artifacts.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: source.extensions.fluxcd.io/v1beta1
+kind: ArtifactGenerator
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  sources:
+    - alias: monorepo
+      kind: GitRepository
+      name: flux-system
+  artifacts:
+    - name: infrastructure
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/infrastructure/**"
+          to: "@artifact/"
+    - name: apps
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/apps/**"
+          to: "@artifact/"

clusters/production/infrastructure.yaml

@@ -6,12 +6,12 @@ metadata:
   namespace: flux-system
 spec:
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./controllers
   prune: true
   wait: true
 ---
@@ -24,12 +24,12 @@ spec:
   dependsOn:
     - name: infra-controllers
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./configs
   prune: true
   patches:
     - patch: |

clusters/staging/apps.yaml

@@ -1,16 +1,18 @@
+---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/staging
+    kind: ExternalArtifact
+    name: apps
+  path: ./staging
   prune: true
   wait: true
-  timeout: 5m0s

clusters/staging/artifacts.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: source.extensions.fluxcd.io/v1beta1
+kind: ArtifactGenerator
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  sources:
+    - alias: monorepo
+      kind: GitRepository
+      name: flux-system
+  artifacts:
+    - name: infrastructure
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/infrastructure/**"
+          to: "@artifact/"
+    - name: apps
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/apps/**"
+          to: "@artifact/"

clusters/staging/infrastructure.yaml

@@ -6,12 +6,12 @@ metadata:
   namespace: flux-system
 spec:
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./controllers
   prune: true
   wait: true
 ---
@@ -24,12 +24,12 @@ spec:
   dependsOn:
     - name: infra-controllers
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./configs
   prune: true
   patches:
     - patch: |

infrastructure/controllers/cert-manager.yaml

@@ -7,30 +7,37 @@ metadata:
     toolkit.fluxcd.io/tenant: sre-team
 ---
 apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
+kind: OCIRepository
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
   interval: 24h
-  url: https://charts.jetstack.io
+  url: oci://quay.io/jetstack/charts/cert-manager
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x"
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: "1.x"
-      sourceRef:
-        kind: HelmRepository
-        name: cert-manager
-        namespace: cert-manager
-      interval: 12h
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chartRef:
+    kind: OCIRepository
+    name: cert-manager
   values:
     crds:
       enabled: true