Development build

This is a development build of the main branch and not meant for production use.
Docker images are also available via: ghcr.io/kluctl/kluctl:v2.28.0-devel

Changelog

• 4b284bf Fix link to anchor alwaysDeploy (#1424)
• 17e56fd Fix wording for kluctl.io/ignore-conflicts annotation (#1425)
• 01944b8 Implement multidoc support for vars sources (#1371)
• feb122b Merge pull request #1403 from macmoritz/feat-go-jinja2-load-latest-git-sha
• 8a9b194 Merge pull request #1404 from kluctl/refactor-lib-git
• 00a19fe Merge pull request #1431 from kluctl/chore-update-deps
• caf1810 Merge pull request #1441 from kluctl/dependabot/github_actions/actions/checkout-6
• 96007f5 Merge pull request #1442 from kluctl/dependabot/github_actions/docker/setup-qemu-action-4
• f42b555 Merge pull request #1464 from kluctl/fix-tests
• c6a9b9e Merge pull request #1465 from kluctl/feat-remove-deprecated
• 803e060 Remove helm-pull command description from documentation (#1419)
• fa9619f Revert "chore: add gitpython files"
• bf1214d Upgrade go-git to current v6 alpha (#1454)
• 1a8bf8b chore(deps): Bump actions/checkout from 4 to 5 (#1363)
• 850a1e2 chore(deps): Bump actions/checkout from 5 to 6 (#1413)
• 307b5a0 chore(deps): Bump actions/setup-go from 5 to 6 (#1390)
• fa0199c chore(deps): Bump actions/setup-node from 4 to 6 (#1396)
• fd5c2fc chore(deps): Bump actions/setup-python from 5 to 6 (#1389)
• 566fe12 chore(deps): Bump chainguard/wolfi-base from 1c6a858 to b78bb98 (#1453)
• dc33740 chore(deps): Bump chainguard/wolfi-base from 8652670 to 34977aa (#1474)
• 740f983 chore(deps): Bump chainguard/wolfi-base from b78bb98 to 8652670 (#1467)
• 3831985 chore(deps): Bump docker/login-action from 3 to 4 (#1429)
• b9d3759 chore(deps): Bump docker/setup-buildx-action from 3 to 4 (#1427)
• 81fbce7 chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#1375)
• 7798d65 chore(deps): Bump github.com/docker/cli (#1357)
• e5c13e5 chore(deps): Bump github.com/docker/cli (#1415)
• 21706c0 chore(deps): Bump github.com/docker/cli (#1440)
• e2590a3 chore(deps): Bump github.com/fluxcd/pkg/oci from 0.66.0 to 0.68.0 (#1479)
• 889cf8f chore(deps): Bump github.com/getsops/sops/v3 from 3.13.0 to 3.13.1 (#1443)
• 8165d1a chore(deps): Bump github.com/google/go-containerregistry (#1445)
• 8e93ff9 chore(deps): Bump github.com/googleapis/gax-go/v2 from 2.14.2 to 2.15.0 (#1352)
• 26b430c chore(deps): Bump github.com/googleapis/gax-go/v2 from 2.15.0 to 2.16.0 (#1411)
• 9201bff chore(deps): Bump github.com/onsi/gomega from 1.37.0 to 1.38.3 (#1406)
• 2e6d434 chore(deps): Bump github.com/onsi/gomega from 1.40.0 to 1.41.0 (#1461)
• 67ef3b1 chore(deps): Bump github.com/prometheus/client_golang (#1386)
• 3ba6c2c chore(deps): Bump github.com/spf13/cobra from 1.9.1 to 1.10.2 (#1407)
• caf1c79 chore(deps): Bump github.com/spf13/pflag from 1.0.7 to 1.0.10 (#1384)
• d99ecc2 chore(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#1378)
• f335e2a chore(deps): Bump golang.org/x/net in the golang-x group (#1466)
• 892bb35 chore(deps): Bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#1439)
• 6d98aba chore(deps): Bump google.golang.org/protobuf from 1.36.6 to 1.36.8 (#1376)
• f3da6fb chore(deps): Bump goreleaser/goreleaser-action from 6 to 7 (#1422)
• 3f0d440 chore(deps): Bump helm.sh/helm/v3 from 3.18.3 to 3.18.6 (#1367)
• d17b505 chore(deps): Bump helm.sh/helm/v3 from 3.20.2 to 3.21.0 (#1444)
• 908cbde chore(deps): Bump helm.sh/helm/v4 from 4.2.0 to 4.2.1 (#1480)
• b563ad5 chore(deps): Bump k8s.io/apiextensions-apiserver (#1435)
• 9d13279 chore(deps): Bump k8s.io/apiextensions-apiserver (#1481)
• 4ee3c70 chore(deps): Bump sigs.k8s.io/kustomize/kyaml from 0.20.0 to 0.21.0 (#1412)
• 1d3b86b chore(deps): Bump the all group across 1 directory with 2 updates (#1433)
• 589755f chore(deps): Bump the all group across 1 directory with 2 updates (#1447)
• bb190df chore(deps): Bump the all group across 1 directory with 3 updates (#1478)
• 2950fb1 chore(deps): Bump the all group across 1 directory with 5 updates (#1455)
• 78037ac chore(deps): Bump the aws-sdk group with 2 updates (#1469)
• f6dd5a4 chore(deps): Bump the aws-sdk group with 6 updates (#1377)
• cdd5aa6 chore(deps): Bump the aws-sdk group with 6 updates (#1409)
• 334cdf6 chore(deps): Bump the azure-sdk group across 1 directory with 2 updates (#1362)
• ca50daa chore(deps): Bump the azure-sdk group with 2 updates (#1410)
• 855cc19 chore(deps): Bump the golang-x group across 1 directory with 2 updates (#1373)
• f7c3701 chore(deps): Bump the golang-x group with 4 updates (#1405)
• 3d3ba74 chore(deps): Bump the k8s-io group with 4 updates (#1361)
• 7ac4fa3 chore(deps): Bump the k8s-io group with 4 updates (#1365)
• 67197ac chore(deps): Bump the k8s-io group with 4 updates (#1374)
• 393a190 feat: Allow to ignore known hosts
• 7241aeb feat: Expire ssh pool sessions in the background
• 505b600 feat: Finally remove deprecated helm credentialsId and spec.helmCredentials support
• 0812479 feat: Implement kluct.io/ignore annotation (#1372)
• a5218b4 feat: Introduce Delete() for MirroredGitRepo
• 75744d7 feat: Introduce FindCommitByRef and remove compatibility code for old string based refs
• 25f6359 feat: Remove deprecated support for string based git refs
• 2ed711c feat: Remove support for KLUCTL_GIT_PREFIX_PATH environment variable
• 2cfba60 feat: Remove support for deprecated spec.source.credentials
• d2858ac feat: Remove support for deprecated spec.source.secretRef
• 9b114e4 feat: Remove support for legacy repo overrides
• 59dc938 feat: Remove warning about latestVersion usage for get_image
• 28098db feat: Remove warning about using projects without specifying mandatory target
• ec33e3a feat: Upgrade helm to v4
• f6828c6 feat: Upgrade helm to v4 (#1472)
• ad2da77 feat: Use shared clone instead of custom poor mans clone
• 825e7fa feat: add load-latest-git-sha with GitPython
• 58f19b0 feat: migrate git code to dulwich
• 4a24160 fix: Add tini to docker image image and use it to avoid zombie gpg-agents
• 165a242 fix: Create empty /etc/ssh/ssh_known_hosts to fix go-git issues
• ef16903 fix: Deployments Dir only checked if "when" condition is true (#1397)
• e0820b7 fix: Do not fetch unchanged mirrored git repos
• 40046ca fix: Fall back to "git status" when wt.Status() of go-git fails (#1438)
• 2bad07d fix: Fix AnnotatedEventf call
• aa36463 fix: Fix LoadGitignorePaths on windows
• 768f058 fix: Fix missing BuildSSHClientConfig
• 4d68f34 fix: Implement proper oci caching and fix cache cleanup (#1471)
• 0596684 fix: Let LoadGitignorePaths actually return the paths and not the patterns
• f7fff25 fix: Pin urllib3 to fixed version to avoid auto-upgrades
• a7ad6fe fix: Upgrade go-embed-python to introduce .gitattributes files
• 4ff5857 fix: Use AlternateFS can actually find the shared objects
• 3bab6bf fix: honor ignoreMissing when a clusterSecret/clust...

Kluctl v2.27.0 comes with new features, improvements and fixes.

New Features and Improvements

Metrics show last deployment start time

• The prometheus metrics will now show last_deploy_start_timestamp_seconds. See docs for more details.

Bugfixes and improvements

• All dependencies have been updated to the latest versions
• Don't add bogus : to image names when there is no tag in the OciRef (36cc227)
• Immediately patch lastPrepareError instead of doing it at the end of the reconciliation (#1315) (f56ba0f)
• Store deployment name/namespace for results in annotations instead of labels (#1310) (bfa8376)
• Return error instead of nil when command result can't be found (#1309) (72805eb)

Contributors

Thanks you to all the contributors who participated in this release:

• @jgrasl

Changelog

For a detailed list of changes, see the release comparison: v2.26.0...v2.27.0

Kluctl v2.26.0 comes with new features, improvements and fixes.

New Features and Improvements

Helm Charts via Git

You can now use Helm Charts located in Git, without any need to release them in any form. This is done by directly providing the Git url und branch/tag information. See this documentation for more details: https://kluctl.io/docs/kluctl/deployments/helm/#git

List target names

The command kluctl list-targets not supports --only-names to list only the names of existing targets.

Passing Git credentials

You can now pass Git credentials via CLI and environment variables.

Bugfixes and improvements

• Kluctl should be able to handle situations better in which you have limited permissions, e.g. only permissions to a single namespace.
• Kluctl will now prevent . and .. as default tags when such pathes are used as deployment items.
• The GitOps controller will now clean up temporary gpg-agents when SOPS+GPG is used, preventing resource exhaustion.

Contributors

Thanks you to all the contributors who participated in this release:

• @aljoshare
• @mfrehe
• @dankaiser1808

Changelog

For a detailed list of changes, see the release comparison: v2.25.0...v2.26.0

Kluctl v2.25.1 is a minor release comes with improvements and fixes.

Bugfixes and improvements

• Kluctl will not warn about deprecated regexes anymore when it starts up
• Using Custom Resources for a CRD that is deployed in the same deployment will be more reliable from now on

Changelog

For a detailed list of changes, see the release comparison: v2.25.0...v2.25.1

Kluctl v2.25.0 comes with new features, improvements and fixes.

Breaking changes

Removal of the sealed-secrets integration

v2.25.0 finally removes the deprecated (and hidden) sealed-secrets integration. If you still use it, please switch to either SOPS or external-secrets.

New Features and Improvements

System Python support

Kluctl can now optionally use the system provided Python distribution instead of the embedded distribution. This can be enabled via the --use-system-python or via the KLUCTL_USE_SYSTEM_PYTHON=1 environment variable. This is mostly useful for maintainers of distributed packages, e.g. NixOS.

load_base64 function

You can now use load_base64 to load binary files and auto-convert these into their base64 representation.

Path prefix for the webui

The Webui can now be run under a non-root prefix, e.g. https://example.com/kluctl-webui/ instead of only https://example.com/. Use --path-prefix in the kluctl webui run command to set the path prefix. Also read the installation instructions for the Kluctl Webui.

Other new features

• kluctl helm-update will now also show the old version along updated versions.

Bugfixes and improvements

• The docker image now contains the gpg and gpg-agent packages so that SOPS with GPG is working properly.
• A few unnecessary warnings that happened while gathering orphan objects are now hidden.
• The batch.kubernetes.io/controller-uid labels inside Jobs are now ignored in diffs.
• Kluctl will not fail anymore when the local Git repo has no commits

Changelog

For a detailed list of changes, see the release comparison: v2.24.0...v2.25.0

Kluctl v2.24.1 is a patch release with fixes and minor improvements only.

If you use the kluctl-controller, you should update to v2.24.1 as otherwise the Helm integration might fail in some situations.

Do not forget to read through the v2.24.0 release notes before upgrading from v2.22.x.

Changelog

• f8d8557 fix: Don't try to find pre-pulled chart when skipPrePull is true
• 3ddc589 fix: Error out when no .helm-charts dir was found/provided
• ec035c3 fix: Fix error message in helm-pull/helm-update (#1060)

Kluctl v2.24.0 comes with new features, improvements and fixes.

New Features and Improvements

Conflict resolution management via deployment.yaml

You can now configure conflict resolution via the conflictResolution field in deployments and sub-deployments. This allows you to fix all warnings that happen due to expected external changes, e.g. ValidatingWebhookConfiguration's CA updates that happen after applying the webkooks or cert-manager CA injections that happen by the cert-manager ca-injector.

Ignoring all Kluctl metadata in diffs

kluctl diff now support --ignore-kluctl-metadata, which will omit all diffs in for fields that are automatically added by kluctl. This includes labels for tags and discriminators and annotations for the deployment item path. This is useful when you perform refactorings that lead to a lot of metadata changes, for example when you move a deployment to another directory, which can easily cause hundreds or thousands of tag and annotation updates.

Better jsonpath support

JSON Path support has been improved to properly support wildcards and script expressions. This applies to all places where a JSON Path is used to select/match one or more fields, e.g. in conflictResolution and ignoreForDiff.

Other new features

• You can now override the discriminator in all commands that work with it. To do so, pass the --discriminator flag to the command. This is for example useful when you need to prune or delete deployments for which the discriminator has changed.
• kluctl controller install now accepts a --kubeconfig flag.

Bugfixes and improvements

• Kluctl will not fail anymore when RBAC permissions are not sufficient for some not strictly necessary features. Instead, Kluctl will warn you about reduced functionality.
• kluctl helm-pull is now working for Kluctl library projects.
• Validation warnings are now listed in the output of kluctl validate.
• The pre-pulled Helm Charts directory (.helm-charts) is now searched in all directories that lead to the root of the project. This allows better support for Kluctl Library projects.

Changelog

For a detailed list of changes, see the release comparison: v2.23.0...v2.24.0

Kluctl v2.23.5 is a patch release with fixes and minor improvements only.

Do not forget to read through the v2.23.0 release notes before upgrading from v2.22.x.

Changelog

• 9c1680d fix: Also deep-clone aws config in buildTarget (#992)
• a251a4e fix: Also try LIST on namespaces when GET on kube-system fails
• 45ace5c fix: Do not execute rollback hooks
• 4e9281a fix: Don't fail when LIST permissions for namespaces are missing
• 8af2b3a fix: Fix crash in GetFirstObject that happens if a nil list is encountered (#982)
• ef3d5b4 fix: Ignore delete hooks on validation
• 4ea1e49 fix: Ignore rollback hooks when validating
• 5e7da01 fix: Make namespace optional in clusterObject vars source (#986)
• b6580b8 fix: Only warn when permissions are not sufficient for the result store
• 335d766 fix: Upgrade go-jinja2 to latest main branch to fix local vars with get_var/render
• a9326e2 fix: Warn about delete/rollback hooks not being supported
• 65103de fix: Warn when Kluctl is unable to determine the cluster ID
• 6d91f1f fix: always use the target context for validation

For a detailed list of changes, see the release comparison: v2.23.4...v2.23.5

Kluctl v2.23.4 is a patch release with fixes and minor improvements only.

Do not forget to read through the v2.23.0 release notes before upgrading from v2.22.x.

Changelog

• 71f5df5 chore(deps): Bump actions/cache from 3 to 4 (#965)
• 4d01301 chore(deps): Bump github.com/go-playground/validator/v10 (#959)
• 041633e chore(deps): Bump the aws-sdk group with 2 updates (#966)
• cc3db5d chore(deps): Bump the k8s-io group with 3 updates (#963)
• 6e0b863 feat: Unconditionally assume an object is managed by Kluctl if kluctl.io/force-managed=true
• 6fd8298 tests Add tests for pruning with kluctl.io/force-managed

Kluctl v2.23.3 is a patch release with fixes only.

Do not forget to read through the v2.23.0 release notes before upgrading from v2.22.x.

Changelog

• 3ca8f62 fix: Skip hooks when determining objects to wait for readiness