Stefan Prodan
Stefan Prodan
The dependencies are locked with go.sum. I don't see how nightly builds would help.
The `image-reflector-controller` has nothing to do with Helm. Can you please post here `kubectl describe deployment` for the controller that runs into OOM.
> I wonder if we could have a simple menu of "If you use Flux v1 for X then the equivalent is Y (go here to see how to set...
Kyverno can be used for this, example here: https://github.com/fluxcd/flux2-multi-tenancy/blob/main/infrastructure/kyverno-policies/flux-multi-tenancy.yaml
I'm for reusing a CNCF project than writing something from scratch. Dealing with admission webhooks is hard, we need to setup TLS certs signed by Kubernetes API or depend on...
I don't think we should rely on cert-manager for Flux certs, as this means users have to install cert-manager by hand before Flux. The problem with Kyverno is that it...
> but I think we should at least let users make use of it if they actually have it and maybe even recommend it How could they have cert-manager running...
OPA has made available a Go module for generating and rotating webhook certs that works with controller-runtime https://github.com/open-policy-agent/cert-controller
I'm running Tekton on my clusters and see that webhook crashing quite often....
@cer yes for ingress, no for service mesh. The ingress docs have a different loadtest setup https://fluxcd.io/flagger/tutorials/nginx-progressive-delivery/ With ingress you have two options: - use the external address e.g. `hey...