Open source projects usually have a large network of dependencies connected to a code base that will eventually build and compile into a package that may, in turn become the dependency of another project. That is why concerns about open source as a potential vector for critical vulnerabilities have always existed despite Linus’ law. Flux was able to reach a CVE count of zero due to its maintainers limiting the amount of dependencies used....
We are proud to announce that the CNCF Technical Oversight Committee promoted Flux to Incubation status. This is testament to the dedication of a community that deeply believes in GitOps principles as the way to operate your applications and infrastructure, and scale more efficiently. Read more about the future of Flux and Flux v2
Flux v2 October updates include: new naming convention, details about the 0.2.0 release, details about our focus of governance and community within the Flux project, including some excellent new resources to read, watch and listen too. Read the blog for more information.
This is the first blog post in a series which accompanies the development of the GitOps Toolkit on the road to delivering Flux v2 and more. We want to highlight what has been developed in the past weeks, who has contributed and what you can look forward to. And if you are curious, how to try it out for yourself.
We are proud to announce GitOps with Flux v2 and GitOps Toolkit. Flux v2 addresses many user requests such as support for synching multiple git repos and provides a smoother "Day 2"experience. The GitOps Toolkit is a set of core GitOps operators that work in concert, and Flux v2 is an off-the-shelf composition of those components that gives you equivalent capabilities to the original Flux.
Weave Flux, a project developed by us and later donated to the CNCF is one of two tools placed in the Adopt category in the CNCF’s newly rolled out Technology Radar. Read about the process and results of the Technology Radar and our CTO, Cornelia Davis’ reflections on what this all means.