image-reflector-controller
image-reflector-controller copied to clipboard
fluxcd
GitOps Toolkit controller that scans container registries
We have configured the ECR repository to be the ImageRepository with ecr-auto-login enabled and image policy as below to select the latest pre-release versions. But the policy is not picking...
The [DEVELOPMENT.md](https://github.com/fluxcd/image-reflector-controller/blob/main/DEVELOPMENT.md) could be improved to help users trying to debug problems or reproduce reported issues. Things we could expand on: - Suspend objects that are irrelevant to the test...
### Describe the bug I run Flux on AWS EKS 1.21.5. I've noticed that after the last Flux update, sometimes happens that the `image-reflector-controller` pod is restarted due to `OOM...
`cert-manager`, `traefik` and other tools, as I observed create certificates in secrets with the following keys `tls.key`, `tls.crt`. However, the `image-reflector-controller` assumes `certFile` and `keyFile`. We then have to copy-paste...
The Source Controller has examples on how the new conditions should be documented: - [Git Repository Conditions]. - [Helm Repository Conditions]. - [Helm Chart Conditions]. [Git Repository Conditions]: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1beta2/gitrepositories.md#conditions [Helm...
High-level points covered on this: - Roll-out new Flux Controller best practices, based on [K8S API Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md). - [KStatus](https://github.com/kubernetes-sigs/cli-utils/blob/master/pkg/kstatus/README.md) aligned with the one implemented on [source-controller](https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1beta2/gitrepositories.md#conditions). - Improved code testing...
As reported in https://github.com/fluxcd/image-reflector-controller/pull/165#discussion_r694677790, sending an event on every successful scan is considered too spammy. Consider e.g., limiting those events to just the scans that discover new tags.
You sometimes want to use the digest of an image, rather than the tag; e.g., if you are interested in exactly reproducible builds. For that reason, it'd be useful to...
Azure Workload Identity is the next generation of workload contextual authentication, which [replaces the existing Azure Pod Identity](https://cloudblogs.microsoft.com/opensource/2022/01/18/announcing-azure-active-directory-azure-ad-workload-identity-for-kubernetes/). For more information: https://azure.github.io/azure-workload-identity/docs/introduction.html
"The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects." As of...