v0.12.5

Notes

This is a bugfix release, with a few dependency bumps.

Bugfixes

• Fix edge case issue with SSH Helm chart downloads with keys by @p-se in #3882

What's Changed

• Update gomod-k8s-dependencies to v0.32.6 (release/v0.12) by @renovate-rancher[bot] in #3820
• Update dependency go to v1.23.11 (release/v0.12) by @renovate-rancher[bot] in #3869
• [v0.12] Bump Helm to v3.18.4 by @thardeck in #3874

Full Changelog: v0.12.4...v0.12.5

v0.13.0

Notable changes

• HelmOps and OCI storage receive new features and are no longer experimental
• Improved traceability for built images
• More accurate and lightweight resource status updates

Additions

• Fleet now supports a new, user-driven bundle scan method, for more flexibility. The usual scanning method is still supported (docs), by @0xavi0 in #3480
• When using SSH to point to a git repository, Fleet checks host keys by default, rejecting connection attempts to
  unknown hosts (docs), by @weyfonk in #3523
• Replica counts are now configurable, for controllers as well as agents (docs), by @p-se in #3457
• Fleet can now handle a separate webhook secret for each GitRepo (docs), by @0xavi0 in #3490
• Fleet charts support extra labels and annotations, propagating them to controller deployments by @0xavi0 in #3531 and by @p-se in #3664
• Agent leader election is now configurable (example), by @p-se in #3463
• The old service account migration is removed by @weyfonk in #3601
• Fleet no longer computes resource keys in bundle statuses by @manno in #3681
• Fleet supports new gitjob metrics (docs) by @p-se in #3649
• Agent management is now able to use a label to skip clusters by @manno in #3744

HelmOps

HelmOps is no longer experimental.
HelmOp resources (renamed from HelmApp) now support:

• Polling Helm repositories
• Semantic versioning constraints (with this known issue for OCI charts)
• Preventing bundle naming collision between GitOps and HelmOps bundles
• Installing Helm charts in setups with strict TLS mode enabled

Metrics and cluster statuses now include HelmOps data.
See the Fleet documentation for more details.

OCI Storage

OCI storage is no longer experimental, and is enabled by default, although bundles will not use it by default.
It can still be disabled by setting OCI_STORAGE=false in extraEnv when installing Fleet.
It also supports:

• Garbage collection, on a best-effort basis
• Better traceability of secrets involved in OCI storage, by:
  • labeling secrets cloned by Fleet to downstream clusters
  • generating an event when deleting an OCI artifact results in an error

See the Fleet documentation for more details.

Traceability improvements

Provenance of Docker manifests is now attested. Patch by @thardeck in #3846

Bugfixes

• Status updates have received special attention:

  • GitRepo statuses are now more stable when multiple bundles are non-ready by @rbreddy in
    #3485
  • GitRepo status updates are optimised by @rbreddy in #3604
  • GitRepo status reconciliations from bundle status changes now uses a delay, to optimise performance when multiple
    changes happen within a short time span by @aruiz14 in #3558
  • Bundledeployment status updates are optimised by @manno in #3887
  • Drift detection no longer leads to resource updates with empty diffs by @aruiz14 in
    #3555
  • Fleet uses newer readiness detection fixes from Wrangler, to improve readiness detection for some resources by
    @weyfonk in #3853
  • Downstream agents are able to report their statuses upstream again by @manno in #3702

• And life cycles of resources have not been left behind:

  • New filters against cluster events trigger bundle deployment creation less often by @manno in
    #3796
  • Fleet now deletes bundle deployments which are obsolete as a result of either:
    • no longer being targeted by @0xavi0 in #3509
    • GitRepo/Bundle targets changes by @aruiz14 in #3438

• The Fleet CLI:

  • Returns more readable error messages when used in git jobs by @0xavi0 in #3559
  • Uses the controller-runtime client, patch by @0xavi0 in #3670

• Configuration is now more robust:

  • Config updates trigger cluster imports in a more selective way:
    • Only for changes to relevant fields by @weyfonk in #3551
    • Only if a valid apiServerURL is available by @aruiz14 in #3837
  • Using options.Helm could previously cause panics, fixed by @0xavi0 in #3567
  • Creating a GitRepo with an empty repo URL is no longer possible, by @weyfonk in #3582
  • Bundle deployments' and HelmOps' ignore options are now omitted when empty by @weyfonk in #3842

And also:

• Failing to download a chart returns a more informative error by @0xavi0 in #3593
• Using SSH with keys to download Helm charts should work again by @p-se in #3863

What's Changed

• The benchmark suite:

  • Outputs a report improved by @manno in #3550
  • Skips the create-150-bundle benchmark when targeting more than 1000 clusters by @manno in
    #3861

• Helm and OCI access secrets cloned to downstream clusters use specific secret types by @weyfonk in
  #3647

• Fleet uses secrets for storing OCI registry details by @0xavi0 in #3692

• When a GitRepo is deleted, so are its metrics by @p-se in #3686

• fleet apply has received a few tweaks, enabling it to scan bundles concurrently by @aruiz14 in
  #3721

• Fleet's rollout feature has shiny new docs, check them out!

• Rate limiting settings now use defaults from Kubernetes' client-go instead of disabling rate limiting altogether, by @manno in #3848

• This version bumps Go to 1.24.0 by @thardeck in #3679

• Fleet v0.13.0 supports Kubernetes 1.33, by @thardeck in #3734

New Contributors

• @rbreddy made their first contribution in #3485

Full Changelog: v0.13.0-rc.3...v0.13.0

v0.13.0-rc.4

What's Changed

• Revert "Use local image files for chart icons" by @p-se in #3906

Full Changelog: v0.13.0-rc.3...v0.13.0-rc.4

v0.13.0-rc.3

Notable changes

• HelmOps and OCI storage receive new features and are no longer experimental
• Improved traceability for built images
• More accurate and lightweight resource status updates

Additions

• Fleet now supports a new, user-driven bundle scan method, for more flexibility. The usual scanning method is still supported (docs), by @0xavi0 in #3480
• When using SSH to point to a git repository, Fleet checks host keys by default, rejecting connection attempts to
  unknown hosts (docs), by @weyfonk in #3523
• Replica counts are now configurable, for controllers as well as agents (docs), by @p-se in #3457
• Fleet can now handle a separate webhook secret for each GitRepo (docs), by @0xavi0 in #3490
• Fleet charts support extra labels and annotations, propagating them to controller deployments by @0xavi0 in #3531 and by @p-se in #3664
• Agent leader election is now configurable (example), by @p-se in #3463
• The old service account migration is removed by @weyfonk in #3601
• Fleet no longer computes resource keys in bundle statuses by @manno in #3681
• Fleet supports new gitjob metrics (docs) by @p-se in #3649
• Agent management is now able to use a label to skip clusters by @manno in #3744

HelmOps

HelmOps is no longer experimental.
HelmOp resources (renamed from HelmApp) now support:

• Polling Helm repositories
• Semantic versioning constraints (with this known issue for OCI charts)
• Preventing bundle naming collision between GitOps and HelmOps bundles
• Installing Helm charts in setups with strict TLS mode enabled

Metrics and cluster statuses now include HelmOps data.
See the Fleet documentation for more details.

OCI Storage

OCI storage is no longer experimental, and is enabled by default, although bundles will not use it by default.
It can still be disabled by setting OCI_STORAGE=false in extraEnv when installing Fleet.
It also supports:

• Garbage collection, on a best-effort basis
• Better traceability of secrets involved in OCI storage, by:
  • labeling secrets cloned by Fleet to downstream clusters
  • generating an event when deleting an OCI artifact results in an error

See the Fleet documentation for more details.

Traceability improvements

Provenance of Docker manifests is now attested. Patch by @thardeck in #3846

Bugfixes

• Status updates have received special attention:

  • GitRepo statuses are now more stable when multiple bundles are non-ready by @rbreddy in
    #3485
  • GitRepo status updates are optimised by @rbreddy in #3604
  • GitRepo status reconciliations from bundle status changes now uses a delay, to optimise performance when multiple
    changes happen within a short time span by @aruiz14 in #3558
  • Bundledeployment status updates are optimised by @manno in #3887
  • Drift detection no longer leads to resource updates with empty diffs by @aruiz14 in
    #3555
  • Fleet uses newer readiness detection fixes from Wrangler, to improve readiness detection for some resources by
    @weyfonk in #3853
  • Downstream agents are able to report their statuses upstream again by @manno in #3702

• And life cycles of resources have not been left behind:

  • New filters against cluster events trigger bundle deployment creation less often by @manno in
    #3796
  • Fleet now deletes bundle deployments which are obsolete as a result of either:
    • no longer being targeted by @0xavi0 in #3509
    • GitRepo/Bundle targets changes by @aruiz14 in #3438

• The Fleet CLI:

  • Returns more readable error messages when used in git jobs by @0xavi0 in #3559
  • Uses the controller-runtime client, patch by @0xavi0 in #3670

• Configuration is now more robust:

  • Config updates trigger cluster imports in a more selective way:
    • Only for changes to relevant fields by @weyfonk in #3551
    • Only if a valid apiServerURL is available by @aruiz14 in #3837
  • Using options.Helm could previously cause panics, fixed by @0xavi0 in #3567
  • Creating a GitRepo with an empty repo URL is no longer possible, by @weyfonk in #3582
  • Bundle deployments' and HelmOps' ignore options are now omitted when empty by @weyfonk in #3842

And also:

• Failing to download a chart returns a more informative error by @0xavi0 in #3593
• Using SSH with keys to download Helm charts should work again by @p-se in #3863

What's Changed

• The benchmark suite:

  • Outputs a report improved by @manno in #3550
  • Skips the create-150-bundle benchmark when targeting more than 1000 clusters by @manno in
    #3861

• Helm and OCI access secrets cloned to downstream clusters use specific secret types by @weyfonk in
  #3647

• Fleet uses secrets for storing OCI registry details by @0xavi0 in #3692

• When a GitRepo is deleted, so are its metrics by @p-se in #3686

• fleet apply has received a few tweaks, enabling it to scan bundles concurrently by @aruiz14 in
  #3721

• Fleet's rollout feature has shiny new docs, check them out!

• Rate limiting settings now use defaults from Kubernetes' client-go instead of disabling rate limiting altogether, by @manno in #3848

• This version bumps Go to 1.24.0 by @thardeck in #3679

• Fleet v0.13.0 supports Kubernetes 1.33, by @thardeck in #3734

New Contributors

• @rbreddy made their first contribution in #3485

Full Changelog: v0.12.4...v0.13.0-rc.3

v0.13.0-rc.2

What's Changed

• Reset HelmOps conditions even if no new version was found by @0xavi0 in #3902

Full Changelog: v0.13.0-rc.1...v0.13.0-rc.2

v0.13.0-rc.1

What's Changed

• Helmops controller resets conditions after recovering from error by @0xavi0 in #3899

Full Changelog: v0.13.0-beta.4...v0.13.0-rc.1

v0.12.5-rc.1

What's Changed

• Update gomod-k8s-dependencies to v0.32.6 (release/v0.12) by @renovate-rancher[bot] in #3820
• Update dependency go to v1.23.11 (release/v0.12) by @renovate-rancher[bot] in #3869
• [v0.12] Bump Helm to v3.18.4 by @thardeck in #3874
• [v0.12] Fix No user exists for uid 1000 by @p-se in #3882

Full Changelog: v0.12.4-rc.3...v0.12.5-rc.1

v0.13.0-beta.4

What's Changed

• Update module github.com/rancher/wrangler/v3 to v3.2.2 (main) by @renovate-rancher[bot] in #3877
• Update module github.com/docker/docker to v28.3.2+incompatible (main) by @renovate-rancher[bot] in #3875
• Update module golang.org/x/sync to v0.16.0 (main) by @renovate-rancher[bot] in #3878
• Remove rate limiting removal by @manno in #3848
• Check Helm for static version by @weyfonk in #3858
• Fix version not being set in non-polling Helmops by @0xavi0 in #3884
• Update module golang.org/x/crypto to v0.40.0 (main) by @renovate-rancher[bot] in #3885
• Use patch to update bundledeployment status by @manno in #3887

Full Changelog: v0.13.0-beta.3...v0.13.0-beta.4

v0.13.0-beta.3

What's Changed

• Use correct platform for attestation by @thardeck in #3852
• Fix release against rancher script by @thardeck in #3850
• Fix end-to-end test for HelmOp install with strict TLS mode by @weyfonk in #3854
• Unit tests for rollout by @p-se in #3780
• Use charts branch dev-v2.12 when testing Fleet in Rancher by @weyfonk in #3860
• Update module github.com/docker/docker to v28.3.1+incompatible (main) by @renovate-rancher in #3857
• Add HelmOps to cluster status and metrics by @weyfonk in #3865
• Apply readiness detection fixes from Wrangler by @weyfonk in #3853
• Update module helm.sh/helm/v3 to v3.18.4 [SECURITY] (main) by @renovate-rancher in #3867
• Update dependency go to v1.24.5 (main) by @renovate-rancher in #3868
• dev-scripts: Fix patching downstream clusters by @p-se in #3864
• Fix No user exists for uid 1000 (#2751) by @p-se in #3863
• Skip create-150-bundle benchmark if more than 1000 clusters by @manno in #3861

Full Changelog: v0.13.0-beta.2...v0.13.0-beta.3

v0.13.0-beta.2

What's Changed

• Update module github.com/docker/docker to v28.3.0+incompatible (main) by @renovate-rancher in #3836
• Avoid trying to import clusters if there is no valid apiServerURL available by @aruiz14 in #3837
• Update gomod-k8s-dependencies to v0.20.0 (main) by @renovate-rancher in #3844
• Update module github.com/Masterminds/semver/v3 to v3.4.0 (main) by @renovate-rancher in #3843
• Enforce validation rules for Helm options in HelmOps by @weyfonk in #3795
• Attest provenance also to Docker manifests by @thardeck in #3846
• Allow ignore options to be omitted when empty by @weyfonk in #3842
• Skip polling for OCI and tarball charts by @weyfonk in #3831
• Prevent dangling HelmOps polling jobs by @weyfonk in #3847
• Enable HelmOps deployments with strict TLS mode by @weyfonk in #3806
• Add step to pull Docker manifest for local inspection by @thardeck in #3849

Full Changelog: v0.13.0-alpha.7...v0.13.0-beta.2