Merge pull request #1878 from rohansood10/fix/1434-prometheus-error-messages

Include HTTP status code in Prometheus error responses
Merge pull request #1874 from mtfurlan/fix/mesh-router-warn-unknown
2026-03-03 02:00:18 +00:00 · 2026-03-02 19:13:43 +05:30 · 2026-02-27 12:46:16 +05:30 · 2026-02-20 11:40:39 -05:00 · 2026-02-19 03:11:46 -08:00 · 2025-12-29 18:38:24 +05:30
764 changed files with 54707 additions and 15888 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,280 +0,0 @@
 version: 2.1
 jobs:
  build-binary:
    docker:
      - image: circleci/golang:1.14
    working_directory: ~/build
    steps:
      - checkout
      - restore_cache:
          keys:
            - go-mod-v3-{{ checksum "go.sum" }}
      - run:
          name: Run go mod download
          command: go mod download
      - run:
          name: Check code formatting
          command: go install golang.org/x/tools/cmd/goimports && make test-fmt
      - run:
          name: Build Flagger
          command: |
            CGO_ENABLED=0 GOOS=linux go build \
                -ldflags "-s -w -X github.com/weaveworks/flagger/pkg/version.REVISION=${CIRCLE_SHA1}" \
                -a -installsuffix cgo -o bin/flagger ./cmd/flagger/*.go
      - run:
          name: Build Flagger load tester
          command: |
            CGO_ENABLED=0 GOOS=linux go build \
                -a -installsuffix cgo -o bin/loadtester ./cmd/loadtester/*.go
      - run:
          name: Run unit tests
          command: |
            go test -race -coverprofile=coverage.txt -covermode=atomic $(go list ./pkg/...)
            bash <(curl -s https://codecov.io/bash)
      - run:
          name: Verify code gen
          command: make test-codegen
      - save_cache:
          key: go-mod-v3-{{ checksum "go.sum" }}
          paths:
            - "/go/pkg/mod/"
      - persist_to_workspace:
          root: bin
          paths:
            - flagger
            - loadtester
  push-container:
    docker:
      - image: circleci/golang:1.14
    steps:
      - checkout
      - setup_remote_docker:
          docker_layer_caching: true
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/container-push.sh
  push-binary:
    docker:
      - image: circleci/golang:1.14
    working_directory: ~/build
    steps:
      - checkout
      - setup_remote_docker:
          docker_layer_caching: true
      - restore_cache:
          keys:
            - go-mod-v3-{{ checksum "go.sum" }}
      - run: make release-notes
      - run: github-release-notes -org weaveworks -repo flagger -since-latest-release -include-author > /tmp/release.txt
      - run: test/goreleaser.sh
  e2e-kubernetes-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh v1.18.2
      - run: test/e2e-kubernetes.sh
      - run: test/e2e-kubernetes-tests-deployment.sh
      - run: test/e2e-kubernetes-cleanup.sh
      - run: test/e2e-kubernetes-tests-daemonset.sh
  e2e-istio-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh v1.18.2
      - run: test/e2e-istio.sh
      - run: test/e2e-istio-dependencies.sh
      - run: test/e2e-istio-tests.sh
      - run: test/e2e-istio-tests-skip-analysis.sh
      - run: test/e2e-kubernetes-cleanup.sh
      - run: test/e2e-istio-dependencies.sh
      - run: test/e2e-istio-tests-delegate.sh
  e2e-gloo-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh
      - run: test/e2e-gloo.sh
      - run: test/e2e-gloo-tests.sh
  e2e-nginx-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh
      - run: test/e2e-nginx.sh
      - run: test/e2e-nginx-tests.sh
      - run: test/e2e-nginx-cleanup.sh
      - run: test/e2e-nginx-custom-annotations.sh
      - run: test/e2e-nginx-tests.sh
  e2e-linkerd-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh
      - run: test/e2e-linkerd.sh
      - run: test/e2e-linkerd-tests.sh
  e2e-contour-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh
      - run: test/e2e-contour.sh
      - run: test/e2e-contour-tests.sh
  e2e-skipper-testing:
    machine: true
    steps:
      - checkout
      - attach_workspace:
          at: /tmp/bin
      - run: test/container-build.sh
      - run: test/e2e-kind.sh
      - run: test/e2e-skipper.sh
      - run: test/e2e-skipper-tests.sh
      - run: test/e2e-skipper-cleanup.sh
  push-helm-charts:
    docker:
      - image: circleci/golang:1.14
    steps:
      - checkout
      - run:
          name: Install kubectl
          command: sudo curl -L https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && sudo chmod +x /usr/local/bin/kubectl
      - run:
          name: Install helm
          command: sudo curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz | tar xz && sudo mv linux-amd64/helm /bin/helm && sudo rm -rf linux-amd64
      - run:
          name: Initialize helm
          command:  helm init --client-only --kubeconfig=$HOME/.kube/kubeconfig
      - run:
          name: Lint charts
          command: |
            helm lint ./charts/*
      - run:
          name: Package charts
          command: |
            mkdir $HOME/charts
            helm package ./charts/* --destination $HOME/charts
      - run:
          name: Publish charts
          command: |
            if echo "${CIRCLE_TAG}" | grep v; then
              REPOSITORY="https://weaveworksbot:${GITHUB_TOKEN}@github.com/weaveworks/flagger.git"
              git config user.email weaveworksbot@users.noreply.github.com
              git config user.name weaveworksbot
              git remote set-url origin ${REPOSITORY}
              git checkout gh-pages
              mv -f $HOME/charts/*.tgz .
              helm repo index . --url https://flagger.app
              git add .
              git commit -m "Publish Helm charts v${CIRCLE_TAG}"
              git push origin gh-pages
            else
              echo "Not a release! Skip charts publish"
            fi
 workflows:
  version: 2
  build-test-push:
    jobs:
      - build-binary:
          filters:
            branches:
              ignore:
                - gh-pages
                - /^user-.*/
      - e2e-kubernetes-testing:
          requires:
            - build-binary
      - e2e-istio-testing:
          requires:
            - build-binary
      - e2e-gloo-testing:
          requires:
            - build-binary
      - e2e-nginx-testing:
          requires:
            - build-binary
      - e2e-linkerd-testing:
          requires:
            - build-binary
      - e2e-contour-testing:
          requires:
            - build-binary
      - e2e-skipper-testing:
          requires:
            - build-binary
      - push-container:
          requires:
            - build-binary
            - e2e-kubernetes-testing
            - e2e-istio-testing
            - e2e-gloo-testing
            - e2e-nginx-testing
            - e2e-linkerd-testing
            - e2e-skipper-testing
          filters:
            branches:
              only:
                - master
  release:
    jobs:
      - build-binary:
          filters:
            branches:
              ignore: /.*/
            tags:
              ignore: /^chart.*/
      - push-container:
          requires:
            - build-binary
          filters:
            branches:
              ignore: /.*/
            tags:
              ignore: /^chart.*/
      - push-binary:
          requires:
            - push-container
          filters:
            branches:
              ignore: /.*/
            tags:
              ignore: /^chart.*/
      - push-helm-charts:
          requires:
            - push-container
          filters:
            branches:
              ignore: /.*/
            tags:
              ignore: /^chart.*/
--- a/.clomonitor.yml
+++ b/.clomonitor.yml
@@ -0,0 +1,3 @@
 exemptions:
  - check: analytics
    reason: "We don't track people"
--- a/.gitbook.yaml
+++ b/.gitbook.yaml
@@ -5,10 +5,14 @@ redirects:
  usage/progressive-delivery: tutorials/istio-progressive-delivery.md
  usage/ab-testing: tutorials/istio-ab-testing.md
  usage/blue-green: tutorials/kubernetes-blue-green.md
  usage/appmesh-progressive-delivery: tutorials/appmesh-progressive-delivery.md
  usage/linkerd-progressive-delivery: tutorials/linkerd-progressive-delivery.md
  usage/contour-progressive-delivery: tutorials/contour-progressive-delivery.md
  usage/gloo-progressive-delivery: tutorials/gloo-progressive-delivery.md
  usage/nginx-progressive-delivery: tutorials/nginx-progressive-delivery.md
  usage/skipper-progressive-delivery: tutorials/skipper-progressive-delivery.md
  usage/crossover-progressive-delivery: tutorials/crossover-progressive-delivery.md
  usage/traefik-progressive-delivery: tutorials/traefik-progressive-delivery.md
  usage/kuma-progressive-delivery: tutorials/kuma-progressive-delivery.md
  usage/gatewayapi-progressive-delivery: tutorials/gatewayapi-progressive-delivery.md
  usage/apisix-progressive-delivery: tutorials/apisix-progressive-delivery.md
  usage/knative-progressive-delivery: tutorials/knative-progressive-delivery.md
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-*   @stefanprodan
+*   @stefanprodan @aryan9600
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,29 @@
 ---
 name: Bug report
 about: Create a report to help us improve this project
 title: ''
 assignees: ''
 ---
 ### Describe the bug
 A clear and concise description of what the bug is.
 Please provide the Canary definition and Flagger logs.
 ### To Reproduce
 <!--
 Steps to reproduce the behaviour
 -->
 ### Expected behavior
 A clear and concise description of what you expected to happen.
 ### Additional context
 - Flagger version:
 - Kubernetes version:   
 - Service Mesh provider:
 - Ingress provider:
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,2 @@
 blank_issues_enabled: true
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,19 @@
 ---
 name: Feature Request
 about: I have a suggestion (and may want to implement it 🙂)!
 title: ''
 assignees: ''
 ---
 ## Describe the feature
 What problem are you trying to solve?
 ### Proposed solution
 What do you want to happen? Add any considered drawbacks.
 ### Any alternatives you've considered?
 Is there another way to solve this problem that isn't as good a solution?
--- a/.github/_main.workflow
+++ b/.github/_main.workflow
@@ -1,17 +0,0 @@
 workflow "Publish Helm charts" {
  on = "push"
  resolves = ["helm-push"]
 }
 action "helm-lint" {
  uses = "stefanprodan/gh-actions/helm@master"
  args = ["lint charts/*"]
 }
 action "helm-push" {
  needs = ["helm-lint"]
  uses = "stefanprodan/gh-actions/helm-gh-pages@master"
  args = ["charts/*","https://flagger.app"]
  secrets = ["GITHUB_TOKEN"]
 }
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,17 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    labels: ["area/ci", "dependencies"]
    groups:
      # Group all updates together, so that they are all applied in a single PR.
      # Grouped updates are currently in beta and is subject to change.
      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
      ci:
        patterns:
          - "*"
    schedule:
      # By default, this will be on a monday.
      interval: "weekly"
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,52 @@
 name: build
 on:
  workflow_dispatch:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
 permissions:
  contents: read
 jobs:
  build-flagger:
    runs-on:
      group: "Default Larger Runners"
      labels: ubuntu-latest-16-cores
    steps:
      - name: Checkout
        uses: actions/checkout@v5
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
          go-version: 1.25.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Download modules
        run: |
          go mod download
          go install golang.org/x/tools/cmd/goimports@latest
      - name: Run linters
        run: make fmt test-codegen
      - name: Verify CRDs
        run: make verify-crd
      - name: Run tests
        run: go test -race -coverprofile=coverage.txt -covermode=atomic $(go list ./pkg/...)
      - name: Check if working tree is dirty
        run: |
          if [[ $(git diff --stat) != '' ]]; then
            git --no-pager diff
            echo 'run make test and commit changes'
            exit 1
          fi
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          file: ./coverage.txt
      - name: Build container image
        run: docker build -t test/flagger:latest .
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -0,0 +1,62 @@
 name: e2e
 on:
  workflow_dispatch:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
 permissions:
  contents: read
 jobs:
  e2e-test:
    runs-on:
      group: "Default Larger Runners"
      labels: ubuntu-latest-16-cores
    strategy:
      fail-fast: false
      matrix:
        provider:
          # service mesh
          - istio
          - linkerd
          - kuma
          # ingress controllers
          - contour
          - nginx
          - traefik
          - gloo
          - skipper
          - kubernetes
          - gatewayapi
          - keda
          - apisix
          - knative
    steps:
      - name: Checkout
        uses: actions/checkout@v5
      - name: Setup Kubernetes
        uses: helm/kind-action@v1.12.0
        if: matrix.provider != 'skipper'
        with:
          version: v0.23.0
          cluster_name: kind
          node_image: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
      - name: Setup Kubernetes for skipper
        uses: helm/kind-action@v1.12.0
        if: matrix.provider == 'skipper'
        with:
          version: v0.23.0
          cluster_name: kind
          node_image: kindest/node:v1.24.12@sha256:0bdca26bd7fe65c823640b14253ea7bac4baad9336b332c94850f84d8102f873
      - name: Build container image
        run: |
          docker build -t test/flagger:latest .
          kind load docker-image test/flagger:latest
      - name: Run tests
        run: |
          ./test/${{ matrix['provider'] }}/run.sh
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -0,0 +1,20 @@
 name: helm
 on:
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  release-charts:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v5
      - name: Publish Helm charts
        uses: stefanprodan/helm-gh-pages@v1.7.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          charts_url: https://flagger.app
--- a/.github/workflows/push-ld.yml
+++ b/.github/workflows/push-ld.yml
@@ -0,0 +1,63 @@
 name: push-ld
 on:
  workflow_dispatch:
 env:
  IMAGE: "ghcr.io/fluxcd/flagger-loadtester"
 permissions:
  contents: read
 jobs:
  release-load-tester:
    runs-on:
      group: "Default Larger Runners"
    permissions:
      id-token: write
      packages: write
    steps:
      - uses: actions/checkout@v5
      - uses: sigstore/cosign-installer@v3.10.0
      - name: Prepare
        id: prep
        run: |
          VERSION=$(grep 'VERSION' cmd/loadtester/main.go | head -1 | awk '{ print $4 }' | tr -d '"')
          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3
      - name: Setup Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: fluxcdbot
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Generate image meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.IMAGE }}
          tags: |
            type=raw,value=${{ steps.prep.outputs.VERSION }}
      - name: Publish image
        id: build-push
        uses: docker/build-push-action@v6
        with:
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile.loadtester
          platforms: linux/amd64,linux/arm64
          build-args: |
            REVISION=${{ github.sha }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Sign image
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,153 @@
 name: release
 on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:
    inputs:
      tag:
        description: 'image tag prefix'
        default: 'rc'
        required: true
 permissions:
  contents: read
 env:
  IMAGE: "ghcr.io/fluxcd/${{ github.event.repository.name }}"
 jobs:
  release-flagger:
    outputs:
      hashes: ${{ steps.slsa.outputs.hashes }}
    runs-on:
      group: "Default Larger Runners"
    permissions:
      contents: write # needed to write releases
      id-token: write # needed for keyless signing
      packages: write # needed for ghcr access
    steps:
      - uses: actions/checkout@v5
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
          go-version: 1.25.x
      - uses: fluxcd/flux2/action@main
      - uses: sigstore/cosign-installer@v3.10.0
      - name: Prepare
        id: prep
        run: |
          if [[ ${GITHUB_EVENT_NAME} = "workflow_dispatch" ]]; then
            VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}"
          else
            VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
          fi
          CHANGELOG="https://github.com/fluxcd/flagger/blob/main/CHANGELOG.md#$(echo $VERSION | tr -d '.')"
          echo "[CHANGELOG](${CHANGELOG})" > notes.md
          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3
      - name: Setup Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: fluxcdbot
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Generate image meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.IMAGE }}
          tags: |
            type=raw,value=${{ steps.prep.outputs.VERSION }}
      - name: Publish image
        id: build-push
        uses: docker/build-push-action@v6
        with:
          sbom: true
          provenance: true
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          build-args: |
            REVISON=${{ github.sha }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
      - name: Sign image
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
          cosign sign --yes ${{ env.IMAGE }}@${{ steps.build-push.outputs.digest }}
      - name: Publish signed manifests to GHCR
        if: startsWith(github.ref, 'refs/tags/v')
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
          OCI_URL=$(flux push artifact \
            oci://ghcr.io/fluxcd/flagger-manifests:${{ steps.prep.outputs.VERSION }} \
            --path="./kustomize" \
            --source="$(git config --get remote.origin.url)" \
            --revision="${{ steps.prep.outputs.VERSION }}/$(git rev-parse HEAD)" \
            --output json | \
            jq -r '. | .repository + "@" + .digest')
          cosign sign --yes ${OCI_URL}
      - name: Publish Helm charts
        if: startsWith(github.ref, 'refs/tags/v')
        uses: stefanprodan/helm-gh-pages@v1.7.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          charts_url: https://flagger.app
          linting: off
      - uses: fluxcd/pkg/actions/helm@main
        with:
          version: 3.12.3
      - name: Publish signed Helm chart to GHCR
        if: startsWith(github.ref, 'refs/tags/v')
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
          helm package charts/flagger
          helm push flagger-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/fluxcd/charts |& tee .digest
          cosign sign --yes ghcr.io/fluxcd/charts/flagger@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
          rm flagger-${{ steps.prep.outputs.VERSION }}.tgz
          rm .digest
      - uses: anchore/sbom-action/download-syft@v0
      - name: Create release and SBOM
        id: run-goreleaser
        uses: goreleaser/goreleaser-action@v6
        if: startsWith(github.ref, 'refs/tags/v')
        with:
          version: latest
          args: release --release-notes=notes.md --clean --skip=validate
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate SLSA metadata
        id: slsa
        if: startsWith(github.ref, 'refs/tags/v')
        env:
          ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
        run: |
          set -euo pipefail
          hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
          echo "hashes=$hashes" >> $GITHUB_OUTPUT
  release-provenance:
    needs: [release-flagger]
    if: startsWith(github.ref, 'refs/tags/v')
    permissions:
      actions: read # for detecting the Github Actions environment.
      id-token: write # for creating OIDC tokens for signing.
      contents: write # for uploading attestations to GitHub releases.
    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
    with:
      provenance-name: "provenance.intoto.jsonl"
      base64-subjects: "${{ needs.release-flagger.outputs.hashes }}"
      upload-assets: true
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,45 @@
 name: scan
 on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  schedule:
    - cron: '18 10 * * 3'
 permissions:
  contents: read
 jobs:
  scan-fossa:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v5
      - name: Run FOSSA scan and upload build data
        uses: fossa-contrib/fossa-action@v3
        with:
          # FOSSA Push-Only API Token
          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
          github-token: ${{ github.token }}
  scan-codeql:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
      - name: Setup Go
        uses: actions/setup-go@v6
        with:
          go-version: 1.25.x
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: go
      - name: Autobuild
        uses: github/codeql-action/autobuild@v4
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ artifacts/gcloud/
 Makefile.dev
 vendor
 coverage.txt
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,18 +1,31 @@
 project_name: flagger
 builds:
-  - main: ./cmd/flagger
+  - skip: true
-    binary: flagger
+
-    ldflags: -s -w -X github.com/weaveworks/flagger/pkg/version.REVISION={{.Commit}}
+release:
-    goos:
+  prerelease: auto
-      - linux
+
-    goarch:
+source:
-      - amd64
+  enabled: true
  name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
 sboms:
  - id: source
    artifacts: source
    documents:
      - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
 signs:
  - cmd: cosign
    env:
-      - CGO_ENABLED=0
+      - COSIGN_EXPERIMENTAL=1
-archives:
+    certificate: '${artifact}.pem'
-  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    args:
-    files:
+      - sign-blob
-    - none*
+      - "--yes"
-changelog:
+      - '--output-certificate=${certificate}'
-  filters:
+      - '--output-signature=${signature}'
-    exclude:
+      - '${artifact}'
-      - '^CircleCI'
+    artifacts: checksum
    output: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
 ## Code of Conduct
 Flagger follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,10 +14,28 @@ Origin (DCO). This document was created by the Linux Kernel community and is a
 simple statement that you, as a contributor, have the legal right to make the
 contribution.
-## Chat
+We require all commits to be signed. By signing off with your signature, you
 certify that you wrote the patch or otherwise have the right to contribute the
 material by the rules of the [DCO](DCO):
 `Signed-off-by: Jane Doe <jane.doe@example.com>`
 The signature must contain your real name
 (sorry, no pseudonyms or anonymous contributions)
 If your `user.name` and `user.email` are configured in your Git config,
 you can sign your commit automatically with `git commit -s`.
 ## Communications
 The project uses Slack: To join the conversation, simply join the
-[Weave community](https://slack.weave.works/) Slack workspace #flagger channel.
+[CNCF](https://slack.cncf.io/) Slack workspace and use the
 [#flagger](https://cloud-native.slack.com/messages/flagger/) channel.
 The developers use a mailing list to discuss development as well.
 Simply subscribe to [flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
 to join the conversation (this will also add an invitation to your
 Google calendar for our [Flux
 meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)).
 ## Getting Started
@@ -69,4 +87,3 @@ For Flagger we prefer the following rules for good commit messages:
 The [following article](https://chris.beams.io/posts/git-commit/#seven-rules)
 has some more helpful advice on documenting your work.
 This doc is adapted from [FluxCD](https://github.com/fluxcd/flux/blob/master/CONTRIBUTING.md).
--- a/36
+++ b/36
@@ -0,0 +1,36 @@
 Developer Certificate of Origin
 Version 1.1
 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
 660 York Street, Suite 102,
 San Francisco, CA 94110 USA
 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
 Developer's Certificate of Origin 1.1
 By making a contribution to this project, I certify that:
 (a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or
 (b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or
 (c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.
 (d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.
--- a/35
+++ b/35
@@ -1,9 +1,40 @@
-FROM alpine:3.12
+ARG GO_VERSION=1.25
 ARG XX_VERSION=1.6.1
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS builder
 # copy build utilities
 COPY --from=xx / /
 ARG TARGETPLATFORM
 ARG REVISON
 WORKDIR /workspace
 # copy modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
 # cache modules
 RUN go mod download
 # copy source code
 COPY cmd/ cmd/
 COPY pkg/ pkg/
 # build
 ENV CGO_ENABLED=0
 RUN xx-go build \
    -ldflags "-s -w -X github.com/fluxcd/flagger/pkg/version.REVISION=${REVISON}" \
    -a -o flagger ./cmd/flagger
 FROM alpine:3.22
 RUN apk --no-cache add ca-certificates
 USER nobody
-COPY --chown=nobody:nobody /bin/flagger .
+COPY --from=builder --chown=nobody:nobody /workspace/flagger .
 ENTRYPOINT ["./flagger"]
--- a/Dockerfile.loadtester
+++ b/Dockerfile.loadtester
@@ -1,59 +1,64 @@
-FROM alpine:3.11 as build
+FROM golang:1.25-alpine AS builder
-RUN apk --no-cache add alpine-sdk perl curl
+ARG TARGETPLATFORM
 ARG TARGETARCH
 ARG REVISION
-RUN curl -sSLo hey "https://storage.googleapis.com/hey-release/hey_linux_amd64" && \
+RUN apk --no-cache add alpine-sdk perl curl bash tar
 chmod +x hey && mv hey /usr/local/bin/hey
-RUN HELM2_VERSION=2.16.8 && \
+RUN HELM3_VERSION=3.19.0 && \
-curl -sSL "https://get.helm.sh/helm-v${HELM2_VERSION}-linux-amd64.tar.gz" | tar xvz && \
+curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-${TARGETARCH}.tar.gz" | tar xvz && \
-chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helm && \
+chmod +x linux-${TARGETARCH}/helm && mv linux-${TARGETARCH}/helm /usr/local/bin/helm
 chmod +x linux-amd64/tiller && mv linux-amd64/tiller /usr/local/bin/tiller
-RUN HELM3_VERSION=3.2.3 && \
+RUN KUBECTL_VERSION=v1.34.1 &&  \
-curl -sSL "https://get.helm.sh/helm-v${HELM3_VERSION}-linux-amd64.tar.gz" | tar xvz && \
+curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && \
-chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/helmv3
+chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
-RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
+RUN GRPC_HEALTH_PROBE_VERSION=v0.4.35 && \
-wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \
+wget -qO /usr/local/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH} && \
 chmod +x /usr/local/bin/grpc_health_probe
-RUN GHZ_VERSION=0.39.0 && \
+RUN GHZ_VERSION=0.120.0 && \
-curl -sSL "https://github.com/bojand/ghz/releases/download/v${GHZ_VERSION}/ghz_${GHZ_VERSION}_Linux_x86_64.tar.gz" | tar xz -C /tmp && \
+curl -sSL "https://github.com/bojand/ghz/archive/refs/tags/v${GHZ_VERSION}.tar.gz" | tar xz -C /tmp && \
-mv /tmp/ghz /usr/local/bin && chmod +x /usr/local/bin/ghz
+cd /tmp/ghz-${GHZ_VERSION}/cmd/ghz && GOARCH=$TARGETARCH go build . && mv ghz /usr/local/bin && \
 chmod +x /usr/local/bin/ghz
-RUN HELM_TILLER_VERSION=0.9.3 && \
+WORKDIR /workspace
 curl -sSL "https://github.com/rimusz/helm-tiller/archive/v${HELM_TILLER_VERSION}.tar.gz" | tar xz -C /tmp && \
 mv /tmp/helm-tiller-${HELM_TILLER_VERSION} /tmp/helm-tiller
-RUN WRK_VERSION=4.0.2 && \
+# copy modules manifests
-cd /tmp && git clone -b ${WRK_VERSION} https://github.com/wg/wrk
+COPY go.mod go.mod
-RUN cd /tmp/wrk && make
+COPY go.sum go.sum
-FROM bash:5.0
+# cache modules
 RUN go mod download
 # copy source code
 COPY cmd/ cmd/
 COPY pkg/ pkg/
 # build
 RUN CGO_ENABLED=0 go build -o loadtester ./cmd/loadtester/*
 FROM bash:5.2
 ARG TARGETPLATFORM
 RUN addgroup -S app && \
 adduser -S -g app app && \
-apk --no-cache add ca-certificates curl jq libgcc
+apk --no-cache add ca-certificates curl jq libgcc wrk hey git
 WORKDIR /home/app
-COPY --from=bats/bats:v1.1.0 /opt/bats/ /opt/bats/
+COPY --from=bats/bats:1.11.1 /opt/bats/ /opt/bats/
 RUN ln -s /opt/bats/bin/bats /usr/local/bin/
-COPY --from=build /usr/local/bin/hey /usr/local/bin/
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/
-COPY --from=build /tmp/wrk/wrk /usr/local/bin/
+COPY --from=builder /usr/local/bin/ghz /usr/local/bin/
-COPY --from=build /usr/local/bin/helm /usr/local/bin/
+COPY --from=builder /usr/local/bin/grpc_health_probe /usr/local/bin/
-COPY --from=build /usr/local/bin/tiller /usr/local/bin/
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/
 COPY --from=build /usr/local/bin/ghz /usr/local/bin/
 COPY --from=build /usr/local/bin/helmv3 /usr/local/bin/
 COPY --from=build /usr/local/bin/grpc_health_probe /usr/local/bin/
 COPY --from=build /tmp/helm-tiller /tmp/helm-tiller
 ADD https://raw.githubusercontent.com/grpc/grpc-proto/master/grpc/health/v1/health.proto /tmp/ghz/health.proto
 COPY ./bin/loadtester .
 RUN chown -R app:app ./
 RUN chown -R app:app /tmp/ghz
@@ -63,7 +68,6 @@ USER app
 RUN hey -n 1 -c 1 https://flagger.app > /dev/null && echo $? | grep 0
 RUN wrk -d 1s -c 1 -t 1 https://flagger.app > /dev/null && echo $? | grep 0
-# install Helm v2 plugins
+COPY --from=builder --chown=app:app /workspace/loadtester .
 RUN helm init --client-only && helm plugin install /tmp/helm-tiller
 ENTRYPOINT ["./loadtester"]
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -0,0 +1,5 @@
 # Flagger Governance
 The Flagger project is governed by the [Flux governance document](https://github.com/fluxcd/community/blob/main/GOVERNANCE.md),
 involvement is defined in the [Flux community roles document](chttps://github.com/fluxcd/community/blob/main/community-roles.md),
 and processes can be found in the [Flux process document](https://github.com/fluxcd/community/blob/main/PROCESS.md).
--- a/2
+++ b/2
@@ -186,7 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
-   Copyright 2018 Weaveworks. All rights reserved.
+   Copyright [yyyy] [name of copyright owner]
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/11
+++ b/11
@@ -1,6 +1,9 @@
 The maintainers are generally available in Slack at
-https://weave-community.slack.com/messages/flagger/ (obtain an invitation
+https://cloud-native.slack.com/messages/flagger/ (obtain an invitation
-at https://slack.weave.works/).
+at https://slack.cncf.io/).
-Stefan Prodan, Weaveworks <stefan@weave.works> (Slack: @stefan Twitter: @stefanprodan)
+In alphabetical order:
-Takeshi Yoneda, DMM.com <cz.rk.t0415y.g@gmail.com> (Slack: @mathetake Twitter: @mathetake)
+
 Sanskar Jaiswal, Independent <jaiswalsanskar078@gmail.com> (github: @aryan9600, slack: aryan9600)
 Stefan Prodan, ControlPlane <stefan.prodan@gmail.com> (github: @stefanprodan, slack: stefanprodan)
 Takeshi Yoneda, Tetrate <takeshi@tetrate.io> (github: @mathetake, slack: mathetake)
--- a/51
+++ b/51
@@ -3,22 +3,16 @@ VERSION?=$(shell grep 'VERSION' pkg/version/version.go | awk '{ print $$4 }' | t
 LT_VERSION?=$(shell grep 'VERSION' cmd/loadtester/main.go | awk '{ print $$4 }' | tr -d '"' | head -n1)
 build:
-	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 GOOS=linux go build  \
+	CGO_ENABLED=0 go build -a -o ./bin/flagger ./cmd/flagger
 		-ldflags "-s -w -X github.com/weaveworks/flagger/pkg/version.REVISION=$${GIT_COMMIT}" \
 		-a -installsuffix cgo -o ./bin/flagger ./cmd/flagger/*
 	docker build -t weaveworks/flagger:$(TAG) . -f Dockerfile
-push:
+tidy:
-	docker tag weaveworks/flagger:$(TAG) weaveworks/flagger:$(VERSION)
+	rm -f go.sum; go mod tidy -compat=1.25
-	docker push weaveworks/flagger:$(VERSION)
+
 vet:
 	go vet ./...
 fmt:
-	gofmt -l -s -w ./
+	go fmt ./...
 	goimports -l -w ./
 test-fmt:
 	gofmt -l -s ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
 	goimports -l ./ | grep ".*\.go"; if [ "$$?" = "0" ]; then exit 1; fi
 codegen:
 	./hack/update-codegen.sh
@@ -26,35 +20,38 @@ codegen:
 test-codegen:
 	./hack/verify-codegen.sh
-test: test-fmt test-codegen
+test: fmt test-codegen
 	go test ./...
 test-coverage: fmt test-codegen
 	go test -coverprofile cover.out ./...
 	go tool cover -html=cover.out
 	rm cover.out
 crd:
 	cat artifacts/flagger/crd.yaml > charts/flagger/crds/crd.yaml
 	cat artifacts/flagger/crd.yaml > kustomize/base/flagger/crd.yaml
 verify-crd:
 	./hack/verify-crd.sh
 version-set:
 	@next="$(TAG)" && \
 	current="$(VERSION)" && \
-	sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
+	sed -i "s/$$current/$$next/g" pkg/version/version.go && \
-	sed -i '' "s/flagger:$$current/flagger:$$next/g" artifacts/flagger/deployment.yaml && \
+	sed -i "s/flagger:$$current/flagger:$$next/g" artifacts/flagger/deployment.yaml && \
-	sed -i '' "s/tag: $$current/tag: $$next/g" charts/flagger/values.yaml && \
+	sed -i "s/tag: $$current/tag: $$next/g" charts/flagger/values.yaml && \
-	sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/flagger/Chart.yaml && \
+	sed -i "s/appVersion: $$current/appVersion: $$next/g" charts/flagger/Chart.yaml && \
-	sed -i '' "s/version: $$current/version: $$next/g" charts/flagger/Chart.yaml && \
+	sed -i "s/version: $$current/version: $$next/g" charts/flagger/Chart.yaml && \
-	sed -i '' "s/newTag: $$current/newTag: $$next/g" kustomize/base/flagger/kustomization.yaml && \
+	sed -i "s/newTag: $$current/newTag: $$next/g" kustomize/base/flagger/kustomization.yaml && \
 	echo "Version $$next set in code, deployment, chart and kustomize"
 release:
 	git tag "v$(VERSION)"
 	git push origin "v$(VERSION)"
 release-notes:
 	cd /tmp && GH_REL_URL="https://github.com/buchanae/github-release-notes/releases/download/0.2.0/github-release-notes-linux-amd64-0.2.0.tar.gz" && \
    curl -sSL $${GH_REL_URL} | tar xz && sudo mv github-release-notes /usr/local/bin/
 loadtester-build:
-	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ./bin/loadtester ./cmd/loadtester/*
+	docker build -t ghcr.io/fluxcd/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
 	docker build -t weaveworks/flagger-loadtester:$(LT_VERSION) . -f Dockerfile.loadtester
 loadtester-push:
-	docker push weaveworks/flagger-loadtester:$(LT_VERSION)
+	docker push ghcr.io/fluxcd/flagger-loadtester:$(LT_VERSION)
--- a/README.md
+++ b/README.md
@@ -1,67 +1,53 @@
-# flagger
+ # Flagger
-[![build](https://img.shields.io/circleci/build/github/weaveworks/flagger/master.svg)](https://circleci.com/gh/weaveworks/flagger)
+[![release](https://img.shields.io/github/release/fluxcd/flagger/all.svg)](https://github.com/fluxcd/flagger/releases)
-[![report](https://goreportcard.com/badge/github.com/weaveworks/flagger)](https://goreportcard.com/report/github.com/weaveworks/flagger)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4783/badge)](https://bestpractices.coreinfrastructure.org/projects/4783)
-[![codecov](https://codecov.io/gh/weaveworks/flagger/branch/master/graph/badge.svg)](https://codecov.io/gh/weaveworks/flagger)
+[![report](https://goreportcard.com/badge/github.com/fluxcd/flagger)](https://goreportcard.com/report/github.com/fluxcd/flagger)
-[![license](https://img.shields.io/github/license/weaveworks/flagger.svg)](https://github.com/weaveworks/flagger/blob/master/LICENSE)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflagger.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflagger?ref=badge_shield)
-[![release](https://img.shields.io/github/release/weaveworks/flagger/all.svg)](https://github.com/weaveworks/flagger/releases)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/flagger)](https://artifacthub.io/packages/search?repo=flagger)
 [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/flagger/badge)](https://clomonitor.io/projects/cncf/flagger)
 Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes. 
 It reduces the risk of introducing a new software version in production
 by gradually shifting traffic to the new version while measuring metrics and running conformance tests.
-![flagger-overview](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/diagrams/flagger-canary-overview.png)
+![flagger-overview](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-overview.png)
 Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
-using a service mesh (App Mesh, Istio, Linkerd) or an ingress controller (Contour, Gloo, NGINX, Skipper) for traffic routing.
+and integrates with various Kubernetes ingress controllers, service mesh, and monitoring solutions.
-For release analysis, Flagger can query Prometheus, Datadog or CloudWatch
+
-and for alerting it uses Slack, MS Teams, Discord and Rocket.
+Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) graduated project
 and part of the [Flux](https://fluxcd.io) family of GitOps tools.
 ### Documentation
-Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.app).
+The Flagger documentation can be found at [docs.flagger.app](https://docs.flagger.app/main).
 * Install
-  * [Flagger install on Kubernetes](https://docs.flagger.app/install/flagger-install-on-kubernetes)
+  * [Flagger Install with Flux](https://docs.flagger.app/main/install/flagger-install-with-flux)
 * Usage
-  * [How it works](https://docs.flagger.app/usage/how-it-works)
+  * [How it works](https://docs.flagger.app/main/usage/how-it-works)
-  * [Deployment strategies](https://docs.flagger.app/usage/deployment-strategies)
+  * [Deployment strategies](https://docs.flagger.app/main/usage/deployment-strategies)
-  * [Metrics analysis](https://docs.flagger.app/usage/metrics)
+  * [Metrics analysis](https://docs.flagger.app/main/usage/metrics)
-  * [Webhooks](https://docs.flagger.app/usage/webhooks)
+  * [Webhooks](https://docs.flagger.app/main/usage/webhooks)
-  * [Alerting](https://docs.flagger.app/usage/alerting)
+  * [Alerting](https://docs.flagger.app/main/usage/alerting)
-  * [Monitoring](https://docs.flagger.app/usage/monitoring)
+  * [Monitoring](https://docs.flagger.app/main/usage/monitoring)
 * Tutorials
  * [App Mesh](https://docs.flagger.app/tutorials/appmesh-progressive-delivery)
  * [Istio](https://docs.flagger.app/tutorials/istio-progressive-delivery)
  * [Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
  * [Contour](https://docs.flagger.app/tutorials/contour-progressive-delivery)
  * [Gloo](https://docs.flagger.app/tutorials/gloo-progressive-delivery)
  * [NGINX Ingress](https://docs.flagger.app/tutorials/nginx-progressive-delivery)
  * [Skipper](https://docs.flagger.app/tutorials/skipper-progressive-delivery)
  * [Kubernetes Blue/Green](https://docs.flagger.app/tutorials/kubernetes-blue-green)
-### Who is using Flagger
+### Adopters
-List of organizations using Flagger:
+The list of production users can be found at [fluxcd.io/adopters/#flagger](https://fluxcd.io/adopters/#flagger).
-* [Chick-fil-A](https://www.chick-fil-a.com)
+If you are using Flagger, please
-* [Capra Consulting](https://www.capraconsulting.no)
+[submit a PR to add your organization](https://github.com/fluxcd/website/blob/main/data/adopters/2-flagger.yaml) to the list!
 * [DMM.com](https://dmm-corp.com)
 * [MediaMarktSaturn](https://www.mediamarktsaturn.com)
 * [Weaveworks](https://weave.works)
 * [Jumia Group](https://group.jumia.com)
 * [eLife](https://elifesciences.org/)
 If you are using Flagger, please submit a PR to add your organization to the list!
 ### Canary CRD
 Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
-then creates a series of objects (Kubernetes deployments, ClusterIP services, service mesh or ingress routes).
+then creates a series of objects (Kubernetes deployments, ClusterIP services, service mesh, or ingress routes).
 These objects expose the application on the mesh and drive the canary analysis and promotion.
 Flagger keeps track of ConfigMaps and Secrets referenced by a Kubernetes Deployment and triggers a canary analysis if any of those objects change.
-When promoting a workload in production, both code (container images) and configuration (config maps and secrets) are being synchronised.
+When promoting a workload in production, both code (container images) and configuration (config maps and secrets) are being synchronized.
 For a deployment named _podinfo_, a canary promotion can be defined using Flagger's custom resource:
@@ -73,7 +59,8 @@ metadata:
  namespace: test
 spec:
  # service mesh provider (optional)
-  # can be: kubernetes, istio, linkerd, appmesh, nginx, skipper, contour, gloo, supergloo
+  # can be: kubernetes, istio, linkerd, kuma, knative, nginx, contour, gloo, traefik, skipper
  # for Gateway API implementations: gatewayapi:v1 and gatewayapi:v1beta1
  provider: istio
  # deployment reference
  targetRef:
@@ -85,7 +72,7 @@ spec:
  progressDeadlineSeconds: 60
  # HPA reference (optional)
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
@@ -184,70 +171,93 @@ For more details on how the canary analysis and promotion works please [read the
 **Service Mesh**
-| Feature                                    | App Mesh           | Istio              | Linkerd            |  Kubernetes CNI    |
+| Feature                                    | Istio              | Linkerd            | Kuma               | Knative            | Kubernetes CNI     |
-| ------------------------------------------ | ------------------ | ------------------ | ------------------ |  ----------------- |
+|--------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
-| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
-| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
+| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
-| Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: |
+| Blue/Green deployments (traffic mirroring) | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| Request success rate check (L7 metric)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
-| Request duration check (L7 metric)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: |
+| Request duration check (L7 metric)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
-| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 **Ingress**
-| Feature                                    | Contour            | Gloo               | NGINX              | Skipper            |
+| Feature                                   | Contour            | Gloo               | NGINX              | Skipper            | Traefik            | Apache APISIX      |
-| ------------------------------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
+|-------------------------------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|
-| Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Canary deployments (weighted traffic)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_minus_sign: |
+| A/B testing (headers and cookies routing) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: |
-| Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Blue/Green deployments (traffic switch)   | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Webhooks (acceptance/load testing)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Manual gating (approve/pause/resume)      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request success rate check (L7 metric)     | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
+| Request success rate check (L7 metric)    | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Request duration check (L7 metric)         | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: |
+| Request duration check (L7 metric)        | :heavy_check_mark: | :heavy_check_mark: | :heavy_minus_sign: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Custom metric checks                      | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 **Networking Interface**
 | Feature                                    | Gateway API        | SMI                |
 |--------------------------------------------|--------------------|--------------------|
 | Canary deployments (weighted traffic)      | :heavy_check_mark: | :heavy_check_mark: |
 | Canary deployments with session affinity   | :heavy_check_mark: | :heavy_minus_sign: |
 | A/B testing (headers and cookies routing)  | :heavy_check_mark: | :heavy_minus_sign: |
 | Blue/Green deployments (traffic switch)    | :heavy_check_mark: | :heavy_check_mark: |
 | Blue/Green deployments (traffic mirroring) | :heavy_minus_sign: | :heavy_minus_sign: |
 | Webhooks (acceptance/load testing)         | :heavy_check_mark: | :heavy_check_mark: |
 | Manual gating (approve/pause/resume)       | :heavy_check_mark: | :heavy_check_mark: |
 | Request success rate check (L7 metric)     | :heavy_minus_sign: | :heavy_minus_sign: |
 | Request duration check (L7 metric)         | :heavy_minus_sign: | :heavy_minus_sign: |
 | Custom metric checks                       | :heavy_check_mark: | :heavy_check_mark: |
 For all the [Gateway API](https://gateway-api.sigs.k8s.io/) compatible ingress controllers and service meshes,
 the [Prometheus MetricTemplates](https://docs.flagger.app/usage/metrics#prometheus)
 can be used to implement the request success rate and request duration checks.
 ### Roadmap
-#### [GitOps Toolkit](https://github.com/fluxcd/toolkit) compatibility
+#### [GitOps Toolkit](https://fluxcd.io/flux/components/) compatibility
-* Migrate Flagger to Kubernetes controller-runtime and [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)
+- Migrate Flagger to Kubernetes controller-runtime and [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)
-* Make the Canary status compatible with [kstatus](https://github.com/kubernetes-sigs/cli-utils)
+- Make the Canary status compatible with [kstatus](https://github.com/kubernetes-sigs/cli-utils)
-* Make Flagger emit Kubernetes events compatible with Flux v2 notification API
+- Make Flagger emit Kubernetes events compatible with Flux v2 notification API
-* Migrate CI to GitHub Actions and publish AMD64, ARM64 and ARMv7 container images
+- Integrate Flagger into Flux v2 as the progressive delivery component
 * Integrate Flagger into Flux v2 as the progressive delivery component
 #### Integrations
-* Add support for Kubernetes [Ingress v2](https://github.com/kubernetes-sigs/service-apis)
+- Migrate Linkerd, Kuma and other service mesh integrations to Gateway API
 * Add support for SMI compatible service mesh solutions like Open Service Mesh and Consul Connect
 * Add support for ingress controllers like HAProxy and ALB
 * Add support for metrics providers like InfluxDB, Stackdriver, SignalFX
 ### Contributing
 Flagger is Apache 2.0 licensed and accepts contributions via GitHub pull requests.
 To start contributing please read the [development guide](https://docs.flagger.app/dev/dev-guide).
-When submitting bug reports please include as much details as possible:
+When submitting bug reports please include as many details as possible:
-* which Flagger version
+- which Flagger version
-* which Flagger CRD version
+- which Kubernetes version
-* which Kubernetes version
+- what configuration (canary, ingress and workloads definitions)
-* what configuration (canary, ingress and workloads definitions)
+- what happened (Flagger and Proxy logs)
 * what happened (Flagger and Proxy logs)
-### Getting Help
+### Communication
-If you have any questions about Flagger and progressive delivery:
+Here is a list of good entry points into our community, how we stay in touch and how you can meet us as a team.
-* Read the Flagger [docs](https://docs.flagger.app).
+- Slack: Join in and talk to us in the `#flagger` channel on [CNCF Slack](https://slack.cncf.io/).
-* Invite yourself to the [Weave community slack](https://slack.weave.works/)
+- Public meetings: We run weekly meetings - join one of the upcoming dev meetings from the [Flux calendar](https://fluxcd.io/#calendar).
-  and join the [#flagger](https://weave-community.slack.com/messages/flagger/) channel.
+- Blog: Stay up to date with the latest news on [the Flux blog](https://fluxcd.io/blog/).
-* Join the [Weave User Group](https://www.meetup.com/pro/Weave/) and get invited to online talks,
+- Mailing list: To be updated on Flux and Flagger progress regularly, please [join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
  hands-on training and meetups in your area.
 * File an [issue](https://github.com/weaveworks/flagger/issues/new).
-Your feedback is always welcome!
+#### Subscribing to the flux-dev calendar
 To add the meetings to your e.g. Google calendar
 1. visit the [Flux calendar](https://lists.cncf.io/g/cncf-flux-dev/calendar)
 2. click on "Subscribe to Calendar" at the very bottom of the page
 3. copy the iCalendar URL
 4. open e.g. your Google calendar
 5. find the "add calendar" option
 6. choose "add by URL"
 7. paste iCalendar URL (ends with `.ics`)
 8. done
--- a/artifacts/examples/appmesh-abtest.yaml
+++ b/artifacts/examples/appmesh-abtest.yaml
@@ -1,62 +0,0 @@
 apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
  name: podinfo
  namespace: test
 spec:
  provider: appmesh
  progressDeadlineSeconds: 600
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: podinfo
  autoscalerRef:
    apiVersion: autoscaling/v2beta1
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
    port: 80
    targetPort: 9898
    meshName: global
    retries:
      attempts: 3
      perTryTimeout: 5s
      retryOn: "gateway-error,client-error,stream-error"
    timeout: 35s
    match:
      - uri:
          prefix: /
    rewrite:
      uri: /
  analysis:
    interval: 15s
    threshold: 10
    iterations: 10
    match:
    - headers:
        x-canary:
          exact: "insider"
    metrics:
    - name: request-success-rate
      thresholdRange:
        min: 99
      interval: 1m
    - name: request-duration
      thresholdRange:
        max: 500
      interval: 30s
    webhooks:
    - name: conformance-test
      type: pre-rollout
      url: http://flagger-loadtester.test/
      timeout: 15s
      metadata:
        type: "bash"
        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
    - name: load-test
      type: rollout
      url: http://flagger-loadtester.test/
      timeout: 5s
      metadata:
        type: cmd
        cmd: "hey -z 1m -q 10 -c 2 -H 'X-Canary: insider' http://podinfo-canary.test/"
--- a/artifacts/examples/appmesh-canary.yaml
+++ b/artifacts/examples/appmesh-canary.yaml
@@ -1,59 +0,0 @@
 apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
  name: podinfo
  namespace: test
 spec:
  provider: appmesh
  progressDeadlineSeconds: 600
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: podinfo
  autoscalerRef:
    apiVersion: autoscaling/v2beta1
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
    port: 80
    targetPort: http
    meshName: global
    retries:
      attempts: 3
      perTryTimeout: 5s
      retryOn: "gateway-error,client-error,stream-error"
    timeout: 35s
    match:
      - uri:
          prefix: /
    rewrite:
      uri: /
  analysis:
    interval: 15s
    threshold: 10
    maxWeight: 50
    stepWeight: 5
    metrics:
    - name: request-success-rate
      thresholdRange:
        min: 99
      interval: 1m
    - name: request-duration
      thresholdRange:
        max: 500
      interval: 30s
    webhooks:
    - name: conformance-test
      type: pre-rollout
      url: http://flagger-loadtester.test/
      timeout: 15s
      metadata:
        type: "bash"
        cmd: "curl -sd 'test' http://podinfo-canary.test/token | grep token"
    - name: load-test
      type: rollout
      url: http://flagger-loadtester.test/
      timeout: 5s
      metadata:
        type: cmd
        cmd: "hey -z 1m -q 10 -c 2 http://podinfo-canary.test/"
--- a/artifacts/examples/istio-abtest.yaml
+++ b/artifacts/examples/istio-abtest.yaml
@@ -10,7 +10,7 @@ spec:
    kind: Deployment
    name: podinfo
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
@@ -20,7 +20,7 @@ spec:
    portName: http
    portDiscovery: true
    gateways:
-      - public-gateway.istio-system.svc.cluster.local
+      - istio-system/public-gateway
      - mesh
    hosts:
      - app.example.com
--- a/artifacts/examples/istio-canary.yaml
+++ b/artifacts/examples/istio-canary.yaml
@@ -11,7 +11,7 @@ spec:
    kind: Deployment
    name: podinfo
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
@@ -21,7 +21,7 @@ spec:
    portName: http
    portDiscovery: true
    gateways:
-    - public-gateway.istio-system.svc.cluster.local
+    - istio-system/public-gateway
    - mesh
    hosts:
    - app.example.com
--- a/artifacts/examples/kuma-canary.yaml
+++ b/artifacts/examples/kuma-canary.yaml
@@ -0,0 +1,50 @@
 apiVersion: flagger.app/v1beta1
 kind: Canary
 metadata:
  name: podinfo
  namespace: test
  annotations:
    kuma.io/mesh: default
 spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: podinfo
  progressDeadlineSeconds: 60
  service:
    port: 9898
    targetPort: 9898
    apex:
      annotations:
        9898.service.kuma.io/protocol: "http"
    canary:
      annotations:
        9898.service.kuma.io/protocol: "http"
    primary:
      annotations:
        9898.service.kuma.io/protocol: "http"
  analysis:
    interval: 15s
    threshold: 15
    maxWeight: 50
    stepWeight: 10
    metrics:
      - name: request-success-rate
        threshold: 99
        interval: 1m
      - name: request-duration
        threshold: 500
        interval: 30s
    webhooks:
      - name: acceptance-test
        type: pre-rollout
        url: http://flagger-loadtester.test/
        timeout: 30s
        metadata:
          type: bash
          cmd: "curl -sd 'test' http://podinfo-canary.test:9898/token | grep token"
      - name: load-test
        type: rollout
        url: http://flagger-loadtester.test/
        metadata:
          cmd: "hey -z 2m -q 10 -c 2 http://podinfo-canary.test:9898/"
--- a/artifacts/examples/linkerd-canary-steps.yaml
+++ b/artifacts/examples/linkerd-canary-steps.yaml
@@ -11,7 +11,7 @@ spec:
    kind: Deployment
    name: podinfo
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
--- a/artifacts/examples/linkerd-canary.yaml
+++ b/artifacts/examples/linkerd-canary.yaml
@@ -11,7 +11,7 @@ spec:
    kind: Deployment
    name: podinfo
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name: podinfo
  service:
--- a/artifacts/flagger/account.yaml
+++ b/artifacts/flagger/account.yaml
@@ -6,7 +6,7 @@ metadata:
  labels:
    app: flagger
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: flagger
@@ -31,6 +31,18 @@ rules:
      - update
      - patch
      - delete
  - apiGroups:
      - "coordination.k8s.io"
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - apps
    resources:
@@ -78,6 +90,7 @@ rules:
    resources:
      - canaries
      - canaries/status
      - canaries/finalizers
      - metrictemplates
      - metrictemplates/status
      - alertproviders
@@ -153,8 +166,19 @@ rules:
    resources:
      - upstreams
      - upstreams/finalizers
-      - upstreamgroups
+    verbs:
-      - upstreamgroups/finalizers
+      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - gateway.solo.io
    resources:
      - routetables
      - routetables/finalizers
    verbs:
      - get
      - list
@@ -176,12 +200,63 @@ rules:
      - update
      - patch
      - delete
  - apiGroups:
      - kuma.io
    resources:
      - trafficroutes
      - trafficroutes/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - gateway.networking.k8s.io
    resources:
      - httproutes
      - httproutes/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - keda.sh
    resources:
      - scaledobjects
      - scaledobjects/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - apisix.apache.org
    resources:
      - apisixroutes
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - nonResourceURLs:
      - /version
    verbs:
      - get
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: flagger
--- a/artifacts/flagger/crd.yaml
+++ b/artifacts/flagger/crd.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: canaries.flagger.app
@@ -6,70 +6,80 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: Canary
    listKind: CanaryList
    plural: canaries
    singular: canary
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
    - name: v1alpha3
      served: true
      storage: false
    - name: v1alpha2
      served: false
      storage: false
    - name: v1alpha1
      served: false
      storage: false
  names:
    plural: canaries
    singular: canary
    kind: Canary
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Status
          type: string
-      JSONPath: .status.phase
+          jsonPath: .status.phase
        - name: Weight
          type: string
-      JSONPath: .status.canaryWeight
+          jsonPath: .status.canaryWeight
        - name: Suspended
          type: boolean
          jsonPath: .spec.suspend
          priority: 1
        - name: FailedChecks
          type: string
-      JSONPath: .status.failedChecks
+          jsonPath: .status.failedChecks
          priority: 1
        - name: Interval
          type: string
-      JSONPath: .spec.analysis.interval
+          jsonPath: .spec.analysis.interval
          priority: 1
        - name: Mirror
          type: boolean
-      JSONPath: .spec.analysis.mirror
+          jsonPath: .spec.analysis.mirror
          priority: 1
        - name: StepWeight
          type: string
-      JSONPath: .spec.analysis.stepWeight
+          jsonPath: .spec.analysis.stepWeight
          priority: 1
        - name: StepWeights
          type: string
-      JSONPath: .spec.analysis.stepWeights
+          jsonPath: .spec.analysis.stepWeights
          priority: 1
        - name: MaxWeight
          type: string
-      JSONPath: .spec.analysis.maxWeight
+          jsonPath: .spec.analysis.maxWeight
          priority: 1
        - name: LastTransitionTime
          type: string
-      JSONPath: .status.lastTransitionTime
+          jsonPath: .status.lastTransitionTime
-  validation:
+      schema:
        openAPIV3Schema:
          description: Canary is the Schema for the Canary API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: CanarySpec defines the desired state of a Canary.
              type: object
              required:
                - targetRef
            - service
                - analysis
              properties:
                provider:
@@ -97,7 +107,7 @@ spec:
                    name:
                      type: string
                autoscalerRef:
-              description: HPA selector
+                  description: Scaler selector
                  type: object
                  required: ["apiVersion", "kind", "name"]
                  properties:
@@ -107,10 +117,24 @@ spec:
                      type: string
                      enum:
                        - HorizontalPodAutoscaler
                        - ScaledObject
                    name:
                      type: string
                    primaryScalerQueries:
                      type: object
                      additionalProperties:
                        type: string
                    primaryScalerReplicas:
                      type: object
                      properties:
                        minReplicas:
                          type: integer
                          minimum: 1
                        maxReplicas:
                          type: integer
                          minimum: 1
                ingressRef:
-              description: NGINX ingress selector
+                  description: Ingress selector
                  type: object
                  required: ["apiVersion", "kind", "name"]
                  properties:
@@ -122,6 +146,34 @@ spec:
                        - Ingress
                    name:
                      type: string
                routeRef:
                  description: APISIX route selector
                  type: object
                  required: [ "apiVersion", "kind", "name" ]
                  properties:
                    apiVersion:
                      type: string
                    kind:
                      type: string
                      enum:
                        - ApisixRoute
                    name:
                      type: string
                upstreamRef:
                  description: Gloo Upstream selector
                  type: object
                  required: [ "apiVersion", "kind", "name" ]
                  properties:
                    apiVersion:
                      type: string
                    kind:
                      type: string
                      enum:
                        - Upstream
                    name:
                      type: string
                    namespace:
                      type: string
                service:
                  description: Kubernetes Service spec
                  type: object
@@ -136,13 +188,24 @@ spec:
                    portName:
                      description: Container port name
                      type: string
                    appProtocol:
                      description: Application protocol of the port
                      type: string
                    trafficDistribution:
                      description: Traffic distribution of the service
                      type: string
                      enum:
                        - PreferClose
                        - PreferSameZone
                        - PreferSameNode
                    targetPort:
                      description: Container target port name
-                  anyOf:
+                      x-kubernetes-int-or-string: true
                    - type: string
                    - type: number
                    portDiscovery:
-                  description: Enable port dicovery
+                      description: Enable port discovery
                      type: boolean
                    headless:
                      description: Headless if set to true, generates headless Kubernetes services.
                      type: boolean
                    timeout:
                      description: HTTP or gRPC request timeout
@@ -167,15 +230,23 @@ spec:
                      description: URI match conditions
                      type: array
                      items:
                    type: object
                        properties:
-                      uri:
+                          authority:
                        type: object
                            oneOf:
-                          - required: ["exact"]
+                              - not:
-                          - required: ["prefix"]
+                                  anyOf:
-                          - required: ["suffix"]
+                                    - required:
-                          - required: ["regex"]
+                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
@@ -183,12 +254,223 @@ spec:
                              prefix:
                                format: string
                                type: string
-                          suffix:
+                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          gateways:
                            description:
                              Names of gateways where the rule should be
                              applied.
                            items:
                              format: string
                              type: string
                            type: array
                          headers:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            type: object
                          ignoreUriCase:
                            description:
                              Flag to specify whether the URI matching should
                              be case-insensitive.
                            type: boolean
                          method:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          name:
                            description: The name assigned to a match.
                            format: string
                            type: string
                          port:
                            description:
                              Specifies the ports on the host that is being
                              addressed.
                            type: integer
                          queryParams:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            description: Query parameters for matching.
                            type: object
                          scheme:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          sourceLabels:
                            additionalProperties:
                              format: string
                              type: string
                            type: object
                          sourceNamespace:
                            description:
                              Source namespace constraining the applicability
                              of a rule to workloads in that namespace.
                            format: string
                            type: string
                          uri:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          withoutHeaders:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            description:
                              withoutHeader has the same syntax with the
                              header, but has opposite meaning.
                            type: object
                        type: object
                    retries:
                      description: Retry policy for HTTP requests
                      type: object
@@ -211,6 +493,54 @@ spec:
                        uri:
                          format: string
                          type: string
                        authority:
                          format: string
                          type: string
                        type:
                          format: string
                          type: string
                    mirror:
                      description: Mirror defines a schema for a filter that mirrors requests.
                      type: array
                      items:
                        type: object
                        properties:
                          backendRef:
                            properties:
                              group:
                                default: ""
                                maxLength: 253
                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                type: string
                              kind:
                                default: Service
                                maxLength: 63
                                minLength: 1
                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                                type: string
                              name:
                                maxLength: 253
                                minLength: 1
                                type: string
                              namespace:
                                maxLength: 63
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                              port:
                                format: int32
                                maximum: 65535
                                minimum: 1
                                type: integer
                            required:
                            - name
                            type: object
                            x-kubernetes-validations:
                            - message: Must have port for Service reference
                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
                                ? has(self.port) : true'
                      required:
                      - backendRef
                    headers:
                      description: Headers operations
                      type: object
@@ -256,6 +586,45 @@ spec:
                      type: array
                      items:
                        type: string
                    gatewayRefs:
                      description: The list of parent Gateways for a HTTPRoute
                      maxItems: 32
                      type: array
                      items:
                        required:
                        - name
                        type: object
                        properties:
                          group:
                            default: gateway.networking.k8s.io
                            maxLength: 253
                            pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                            type: string
                          kind:
                            default: Gateway
                            maxLength: 63
                            minLength: 1
                            pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                            type: string
                          name:
                            maxLength: 253
                            minLength: 1
                            type: string
                          namespace:
                            maxLength: 63
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                          sectionName:
                            maxLength: 253
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                            type: string
                          port:
                            format: int32
                            maximum: 65535
                            minimum: 1
                            type: integer
                    corsPolicy:
                      description: Istio Cross-Origin Resource Sharing policy (CORS)
                      type: object
@@ -314,6 +683,7 @@ spec:
                      type: object
                      properties:
                        connectionPool:
                          type: object
                          properties:
                            http:
                              description: HTTP connection pool settings.
@@ -445,6 +815,10 @@ spec:
                                - LEAST_CONN
                                - RANDOM
                                - PASSTHROUGH
                                - LEAST_REQUEST
                              type: string
                            warmupDurationSecs:
                              description: Represents the warmup duration of Service.
                              type: string
                        outlierDetection:
                          description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -542,12 +916,27 @@ spec:
                          type: object
                          additionalProperties:
                            type: string
                    unmanagedMetadata:
                      description: UnmanagedMetadata is a list of metadata keys that should be ignored by Flagger.
                      type: object
                      properties:
                        annotations:
                          type: array
                          items:
                            type: string
                        labels:
                          type: array
                          items:
                            type: string
                skipAnalysis:
                  description: Skip analysis and promote canary
                  type: boolean
                revertOnDeletion:
                  description: Revert mutated resources to original spec on deletion
                  type: boolean
                suspend:
                  description: Suspend Canary disabling/pausing all canary runs
                  type: boolean
                analysis:
                  description: Canary analysis for this canary
                  type: object
@@ -586,6 +975,12 @@ spec:
                    mirrorWeight:
                      description: Weight of traffic to be mirrored
                      type: number
                    primaryReadyThreshold:
                      description: Percentage of pods that need to be available to consider primary as ready
                      type: number
                    canaryReadyThreshold:
                      description: Percentage of pods that need to be available to consider canary as ready
                      type: number
                    match:
                      description: A/B testing match conditions
                      type: array
@@ -615,6 +1010,34 @@ spec:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                  format: string
                                  type: string
                          queryParams:
                            description: Query parameters for matching.
                            type: object
                            additionalProperties:
                              oneOf:
                              - not:
                                  anyOf:
                                  - required:
                                    - exact
                                  - required:
                                    - prefix
                                  - required:
                                    - regex
                              - required:
                                - exact
                              - required:
                                - prefix
                              - required:
                                - regex
                              properties:
                                exact:
                                  type: string
                                prefix:
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  type: string
                              type: object
                          sourceLabels:
                            description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                            type: object
@@ -662,6 +1085,42 @@ spec:
                              namespace:
                                description: Namespace of this metric template
                                type: string
                          templateVariables:
                            description: Additional variables to be used in the metrics query (key-value pairs)
                            type: object
                            additionalProperties:
                              type: string
                    alerts:
                      description: Alert list for this canary analysis
                      type: array
                      items:
                        type: object
                        required:
                          - providerRef
                          - name
                        properties:
                          name:
                            description: Name of the this alert
                            type: string
                          severity:
                            description: Severity level can be info, warn, error (default info)
                            type: string
                            enum:
                              - ""
                              - info
                              - warn
                              - error
                          providerRef:
                            description: Alert provider reference
                            type: object
                            required: ["name"]
                            properties:
                              name:
                                description: Name of the alert provider
                                type: string
                              namespace:
                                description: Namespace of the alert provider
                                type: string
                    webhooks:
                      description: Webhook list for this canary
                      type: array
@@ -684,6 +1143,10 @@ spec:
                              - post-rollout
                              - event
                              - rollback
                              - confirm-traffic-increase
                          muteAlert:
                            description: Mute all alerts for the webhook
                            type: boolean
                          url:
                            description: URL address of this webhook
                            type: string
@@ -692,12 +1155,57 @@ spec:
                            description: Request timeout for this webhook
                            type: string
                            pattern: "^[0-9]+(m|s)"
                          retries:
                            description: Number of retries for this webhook
                            type: number
                          disableTLS:
                            description: Disable TLS verification for this webhook
                            type: boolean
                          metadata:
                            description: Metadata (key-value pairs) for this webhook
                            type: object
                            additionalProperties:
                              type: string
                    sessionAffinity:
                      description: SessionAffinity represents the session affinity settings for a canary run.
                      type: object
                      required: [ "cookieName" ]
                      properties:
                        cookieName:
                          description: CookieName is the key that will be used for the session affinity cookie.
                          type: string
                        primaryCookieName:
                          description: CookieName is the key that will be used for the session affinity cookie.
                          type: string
                        domain:
                          description: Domain defines the host to which the cookie will be sent.
                          type: string
                        httpOnly:
                          description: HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
                          type: boolean
                        maxAge:
                          description: MaxAge indicates the number of seconds until the session affinity cookie will expire.
                          default: 86400
                          type: number
                        partitioned:
                          description: Partitioned indicates that the cookie should be stored using partitioned storage.
                          type: boolean
                        path:
                          description: Path indicates the path that must exist in the requested URL for the browser to send the Cookie header.
                          type: string
                        sameSite:
                          description: SameSite controls whether or not a cookie is sent with cross-site requests.
                          type: string
                          enum:
                            - Strict
                            - Lax
                            - None
                        secure:
                          description: "Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)"
                          type: boolean
            status:
              description: CanaryStatus defines the observed state of a canary.
              type: object
              properties:
                phase:
                  description: Analysis phase of this canary
@@ -708,28 +1216,46 @@ spec:
                    - Initialized
                    - Waiting
                    - Progressing
                    - WaitingPromotion
                    - Promoting
                    - Finalising
                    - Succeeded
                    - Failed
                    - Terminating
                    - Terminated
            canaryWeight:
              description: Traffic weight routed to canary
              type: number
                failedChecks:
                  description: Failed check count of the current canary analysis
                  type: number
                canaryWeight:
                  description: Traffic weight routed to canary
                  type: number
                iterations:
                  description: Iteration count of the current canary analysis
                  type: number
                trackedConfigs:
                  description: TrackedConfig of this canary
                  additionalProperties:
                    type: string
                  type: object
                lastAppliedSpec:
                  description: LastAppliedSpec of this canary
                  type: string
                lastPromotedSpec:
                  description: LastPromotedSpec of this canary
                  type: string
                lastTransitionTime:
                  description: LastTransitionTime of this canary
                  format: date-time
                  type: string
                sessionAffinityCookie:
                  description: Session affinity cookie of the current canary run
                  type: string
                primarySessionAffinityCookie:
                  description: Primary session affinity cookie of the current canary run
                  type: string
                previousSessionAffinityCookie:
                  description: Session affinity cookie of the previous canary run
                  type: string
                conditions:
                  description: Status conditions of this canary
                  type: array
@@ -758,7 +1284,7 @@ spec:
                        description: Type of this condition
                        type: string
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: metrictemplates.flagger.app
@@ -766,31 +1292,44 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: MetricTemplate
    listKind: MetricTemplateList
    plural: metrictemplates
    singular: metrictemplate
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
    - name: v1alpha1
      served: true
      storage: false
  names:
    plural: metrictemplates
    singular: metrictemplate
    kind: MetricTemplate
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Provider
          type: string
-      JSONPath: .spec.provider.type
+          jsonPath: .spec.provider.type
-  validation:
+      schema:
        openAPIV3Schema:
          description: MetricTemplate is the Schema for the MetricTemplates API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: MetricTemplateSpec defines the desired state of a MetricTemplate.
              type: object
              required:
                - provider
                - query
@@ -808,11 +1347,23 @@ spec:
                        - prometheus
                        - influxdb
                        - datadog
                        - stackdriver
                        - cloudwatch
                        - newrelic
                        - graphite
                        - dynatrace
                        - keptn
                        - splunk
                    address:
                      description: API address of this provider
                      type: string
                    headers:
                      description: Headers to add to HTTP(S) requests
                      type: object
                      additionalProperties:
                        type: array
                        items:
                          type: string
                    secretRef:
                      description: Kubernetes secret reference containing the provider credentials
                      type: object
@@ -825,11 +1376,14 @@ spec:
                    region:
                      description: Region of the provider
                      type: string
                    insecureSkipVerify:
                      description: Disable SSL certificate validation for the provider address
                      type: boolean
                query:
                  description: Query of this metric template
                  type: string
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: alertproviders.flagger.app
@@ -837,28 +1391,44 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: AlertProvider
    listKind: AlertProviderList
    plural: alertproviders
    singular: alertprovider
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
  names:
    plural: alertproviders
    singular: alertprovider
    kind: AlertProvider
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Type
          type: string
-      JSONPath: .spec.type
+          jsonPath: .spec.type
-  validation:
+      schema:
        openAPIV3Schema:
          description: AlertProvider is the Schema for the AlertProvider API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: AlertProviderSpec defines the desired state of a AlertProvider.
              type: object
              oneOf:
                - required:
                    - type
@@ -875,9 +1445,19 @@ spec:
                    - msteams
                    - discord
                    - rocket
                    - gchat
                channel:
                  description: Alert channel for this provider
                  type: string
                username:
                  description: Bot username for this provider
                  type: string
                address:
                  description: Hook URL address of this provider
                  type: string
                proxy:
                  description: Http/s proxy of this provider
                  type: string
                secretRef:
                  description: Kubernetes secret reference containing the provider address
                  type: object
--- a/artifacts/flagger/deployment.yaml
+++ b/artifacts/flagger/deployment.yaml
@@ -22,7 +22,7 @@ spec:
      serviceAccountName: flagger
      containers:
      - name: flagger
-        image: weaveworks/flagger:1.3.0
+        image: ghcr.io/fluxcd/flagger:1.42.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/charts/flagger/Chart.yaml
+++ b/charts/flagger/Chart.yaml
@@ -1,14 +1,14 @@
 apiVersion: v1
 name: flagger
-version: 1.3.0
+version: 1.42.0
-appVersion: 1.3.0
+appVersion: 1.42.0
-kubeVersion: ">=1.11.0-0"
+kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger is a progressive delivery operator for Kubernetes
 home: https://flagger.app
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
+icon: https://raw.githubusercontent.com/fluxcd/flagger/main/docs/logo/flagger-icon.png
 sources:
-  - https://github.com/weaveworks/flagger
+  - https://github.com/fluxcd/flagger
 maintainers:
  - name: stefanprodan
    url: https://github.com/stefanprodan
@@ -18,8 +18,11 @@ keywords:
  - istio
  - appmesh
  - linkerd
  - kuma
  - smi
  - gloo
  - contour
  - nginx
  - traefik
  - gitops
  - canary
--- a/charts/flagger/LICENSE
+++ b/charts/flagger/LICENSE
@@ -186,7 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
-   Copyright 2018 Weaveworks. All rights reserved.
+   Copyright [yyyy] [name of copyright owner]
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/charts/flagger/README.md
+++ b/charts/flagger/README.md
@@ -1,18 +1,18 @@
 # Flagger
-[Flagger](https://github.com/weaveworks/flagger) is an operator that automates the release process of applications on Kubernetes. 
+[Flagger](https://github.com/fluxcd/flagger) is a progressive delivery tool that automates the release process
 for applications running on Kubernetes. It reduces the risk of introducing a new software version in production
 by gradually shifting traffic to the new version while measuring metrics and running conformance tests.
-Flagger can run automated application analysis, testing, promotion and rollback for the following deployment strategies:
+Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
-* Canary Release (progressive traffic shifting)
+and integrates with various Kubernetes ingress controllers, service mesh and monitoring solutions.
 * A/B Testing (HTTP headers and cookies traffic routing)
 * Blue/Green (traffic switching and mirroring)
-Flagger works with service mesh solutions (Istio, Linkerd, AWS App Mesh) and with Kubernetes ingress controllers (NGINX, Skipper, Gloo, Contour).
+Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) project
-Flagger can be configured to send alerts to various chat platforms such as Slack, Microsoft Teams, Discord and Rocket.
+and part of [Flux](https://fluxcd.io) family of GitOps tools.
 ## Prerequisites
-* Kubernetes >= 1.14
+* Kubernetes >= 1.19
 ## Installing the Chart
@@ -25,7 +25,7 @@ $ helm repo add flagger https://flagger.app
 Install Flagger's custom resource definitions:
 ```console
-$ kubectl apply -f https://raw.githubusercontent.com/weaveworks/flagger/master/artifacts/flagger/crd.yaml
+$ kubectl apply -f https://raw.githubusercontent.com/fluxcd/flagger/main/artifacts/flagger/crd.yaml
 ```
 To install Flagger for **Istio**:
@@ -37,13 +37,16 @@ $ helm upgrade -i flagger flagger/flagger \
    --set metricsServer=http://prometheus:9090
 ```
-To install Flagger for **Linkerd**:
+To install Flagger for **Linkerd** (requires Linkerd Viz extension):
 ```console
 # Note that linkerdAuthPolicy.create=true is only required for Linkerd 2.12 and
 # later
 $ helm upgrade -i flagger flagger/flagger \
-    --namespace=linkerd \
+    --namespace=flagger-system \
    --set meshProvider=linkerd \
-    --set metricsServer=http://linkerd-prometheus:9090
+    --set metricsServer=http://prometheus.linkerd-viz:9090 \
    --set linkerdAuthPolicy.create=true
 ```
 To install Flagger for **AWS App Mesh**:
@@ -55,6 +58,16 @@ $ helm upgrade -i flagger flagger/flagger \
    --set metricsServer=http://appmesh-prometheus:9090
 ```
 To install Flagger for **Kuma Service Mesh** (requires Kuma to have been installed with Prometheus):
 ```console
 $ helm upgrade -i flagger flagger/flagger \
    --namespace=kuma-system \
    --set meshProvider=kuma \
    --set metricsServer=http://prometheus-server.kuma-metrics:80
 ```
 To install Flagger and Prometheus for **NGINX** Ingress (requires controller metrics enabled):
 ```console
@@ -64,7 +77,7 @@ $ helm upgrade -i flagger flagger/flagger \
    --set prometheus.install=true
 ```
-To install Flagger and Prometheus for **Gloo** (requires Gloo discovery enabled):
+To install Flagger and Prometheus for **Gloo** (no longer requires Gloo discovery):
 ```console
 $ helm upgrade -i flagger flagger/flagger \
@@ -83,6 +96,24 @@ $ helm upgrade -i flagger flagger/flagger \
    --set prometheus.install=true
 ```
 To install Flagger and Prometheus for **Traefik**:
 ```console
 $ helm upgrade -i flagger flagger/flagger \
    --namespace=traefik \
    --set prometheus.install=true \
    --set meshProvider=traefik
 ```
 If you need to add labels to the flagger deployment or pods, you can pass the labels as parameters as shown below.
 ```console
 helm upgrade -i flagger flagger/flagger \
 <other parameters> \
 --set podLabels.<labelName>=<labelValue> \
 --set deploymentLabels.<labelName>=<labelValue> 
 ```
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
 ## Uninstalling the Chart
@@ -99,49 +130,64 @@ The command removes all the Kubernetes components associated with the chart and
 The following tables lists the configurable parameters of the Flagger chart and their default values.
-Parameter | Description | Default
+| Parameter                            | Description                                                                                                                                        | Default                               |
--- | --- | ---
+|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
-`image.repository` | Image repository | `weaveworks/flagger`
+| `image.repository`                   | Image repository                                                                                                                                   | `ghcr.io/fluxcd/flagger`              |
-`image.tag` | Image tag | `<VERSION>`
+| `image.tag`                          | Image tag                                                                                                                                          | `<VERSION>`                           |
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
+| `image.pullPolicy`                   | Image pull policy                                                                                                                                  | `IfNotPresent`                        |
-`logLevel` | Log level | `info`
+| `logLevel`                           | Log level                                                                                                                                          | `info`                                |
-`metricsServer` | Prometheus URL, used when `prometheus.install` is `false` | `http://prometheus.istio-system:9090`
+| `metricsServer`                      | Prometheus URL, used when `prometheus.install` is `false`                                                                                          | `http://prometheus.istio-system:9090` |
-`prometheus.install` | If `true`, installs Prometheus configured to scrape all pods in the custer | `false`
+| `prometheus.install`                 | If `true`, installs Prometheus configured to scrape all pods in the custer                                                                         | `false`                               |
-`prometheus.retention` |  Prometheus data retention | `2h`
+| `prometheus.retention`               | Prometheus data retention                                                                                                                          | `2h`                                  |
-`selectorLabels` | List of labels that Flagger uses to create pod selectors | `app,name,app.kubernetes.io/name`
+| `selectorLabels`                     | List of labels that Flagger uses to create pod selectors                                                                                           | `app,name,app.kubernetes.io/name`     |
-`configTracking.enabled` | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment | `true`
+| `serviceMonitor.enabled`             | If `true`, creates service and serviceMonitor for monitoring Flagger metrics                                                                       | `false`                               |
-`eventWebhook` | If set, Flagger will publish events to the given webhook | None
+| `serviceMonitor.honorLabels`         | If `true`, label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels              | `false`                               |
-`slack.url` | Slack incoming webhook | None
+| `serviceMonitor.namespace`           | Namespace Servicemonitor is installed in                                                                                                           | the same namespace                    |
-`slack.channel` | Slack channel | None
+| `serviceMonitor.labels`              | labels for the ServiceMonitor passed to Prometheus Operator                                                                                        | `{}`                                  |
-`slack.user` | Slack username | `flagger`
+| `configTracking.enabled`             | If `true`, flagger will track changes in Secrets and ConfigMaps referenced in the target deployment                                                | `true`                                |
-`msteams.url` | Microsoft Teams incoming webhook | None
+| `eventWebhook`                       | If set, Flagger will publish events to the given webhook                                                                                           | None                                  |
-`podMonitor.enabled` | If `true`, create a PodMonitor for [monitoring the metrics](https://docs.flagger.app/usage/monitoring#metrics) | `false`
+| `slack.url`                          | Slack incoming webhook                                                                                                                             | None                                  |
-`podMonitor.namespace` | Namespace where the PodMonitor is created | the same namespace 
+| `slack.proxyUrl`                     | Slack proxy url                                                                                                                                    | None                                  |
-`podMonitor.interval` | Interval at which metrics should be scraped | `15s` 
+| `slack.channel`                      | Slack channel                                                                                                                                      | None                                  |
-`podMonitor.podMonitor` | Additional labels to add to the PodMonitor | `{}`
+| `slack.user`                         | Slack username                                                                                                                                     | `flagger`                             |
-`leaderElection.enabled` | If `true`, Flagger will run in HA mode | `false`
+| `msteams.url`                        | Microsoft Teams incoming webhook                                                                                                                   | None                                  |
-`leaderElection.replicaCount` | Number of replicas | `1`
+| `msteams.proxyUrl`                   | Microsoft Teams proxy url                                                                                                                          | None                                  |
-`serviceAccount.create` | If `true`, Flagger will create service account | `true`
+| `clusterName`                        | When specified, Flagger will add the cluster name to alerts                                                                                        | `""`                                  |
-`serviceAccount.name` | The name of the service account to create or use. If not set and `serviceAccount.create` is `true`, a name is generated using the Flagger fullname | `""`
+| `podMonitor.enabled`                 | If `true`, create a PodMonitor for [monitoring the metrics](https://docs.flagger.app/usage/monitoring#metrics)                                     | `false`                               |
-`serviceAccount.annotations` | Annotations for service account | `{}`
+| `podMonitor.namespace`               | Namespace where the PodMonitor is created                                                                                                          | the same namespace                    |
-`ingressAnnotationsPrefix` | Annotations prefix for ingresses | `custom.ingress.kubernetes.io`
+| `podMonitor.interval`                | Interval at which metrics should be scraped                                                                                                        | `15s`                                 |
-`includeLabelPrefix` | List of prefixes of labels that are copied when creating primary deployments or daemonsets. Use * to include all | `""`
+| `podMonitor.podMonitor`              | Additional labels to add to the PodMonitor                                                                                                         | `{}`                                  |
-`rbac.create` | If `true`, create and use RBAC resources | `true`
+| `podMonitor.honorLabels`             | If `true`, label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels              | `false`                               |
-`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
+| `leaderElection.enabled`             | If `true`, Flagger will run in HA mode                                                                                                             | `false`                               |
-`crd.create` | If `true`, create Flagger's CRDs (should be enabled for Helm v2 only) | `false`
+| `leaderElection.replicaCount`        | Number of replicas                                                                                                                                 | `1`                                   |
-`resources.requests/cpu` | Pod CPU request | `10m`
+| `serviceAccount.create`              | If `true`, Flagger will create service account                                                                                                     | `true`                                |
-`resources.requests/memory` | Pod memory request | `32Mi`
+| `serviceAccount.name`                | The name of the service account to create or use. If not set and `serviceAccount.create` is `true`, a name is generated using the Flagger fullname | `""`                                  |
-`resources.limits/cpu` | Pod CPU limit | `1000m`
+| `serviceAccount.annotations`         | Annotations for service account                                                                                                                    | `{}`                                  |
-`resources.limits/memory` | Pod memory limit | `512Mi`
+| `ingressAnnotationsPrefix`           | Annotations prefix for ingresses                                                                                                                   | `custom.ingress.kubernetes.io`        |
-`affinity` | Node/pod affinities | None
+| `includeLabelPrefix`                 | List of prefixes of labels that are copied when creating primary deployments or daemonsets. Use * to include all                                   | `""`                                  |
-`nodeSelector` | Node labels for pod assignment | `{}`
+| `rbac.create`                        | If `true`, create and use RBAC resources                                                                                                           | `true`                                |
-`threadiness` | Number of controller workers | `2`
+| `rbac.pspEnabled`                    | If `true`, create and use a restricted pod security policy                                                                                         | `false`                               |
-`tolerations` | List of node taints to tolerate | `[]`
+| `crd.create`                         | If `true`, create Flagger's CRDs (should be enabled for Helm v2 only)                                                                              | `false`                               |
-`istio.kubeconfig.secretName` | The name of the Kubernetes secret containing the Istio shared control plane kubeconfig | None
+| `resources.requests/cpu`             | Pod CPU request                                                                                                                                    | `10m`                                 |
-`istio.kubeconfig.key` | The name of Kubernetes secret data key that contains the Istio control plane kubeconfig | `kubeconfig`
+| `resources.requests/memory`          | Pod memory request                                                                                                                                 | `32Mi`                                |
-`ingressAnnotationsPrefix` | Annotations prefix for NGINX ingresses | None
+| `resources.limits/cpu`               | Pod CPU limit                                                                                                                                      | `1000m`                               |
-`ingressClass` | Ingress class used for annotating HTTPProxy objects, e.g. `contour` | None
+| `resources.limits/memory`            | Pod memory limit                                                                                                                                   | `512Mi`                               |
-`podPriorityClassName` | PriorityClass name for pod priority configuration | ""
+| `affinity`                           | Node/pod affinities                                                                                                                                | prefer spread across hosts            |
 | `nodeSelector`                       | Node labels for pod assignment                                                                                                                     | `{}`                                  |
 | `threadiness`                        | Number of controller workers                                                                                                                       | `2`                                   |
 | `tolerations`                        | List of node taints to tolerate                                                                                                                    | `[]`                                  |
 | `controlplane.kubeconfig.secretName` | The name of the Kubernetes secret containing the service mesh control plane kubeconfig                                                             | None                                  |
 | `controlplane.kubeconfig.key`        | The name of Kubernetes secret data key that contains the service mesh control plane kubeconfig                                                     | `kubeconfig`                          |
 | `ingressAnnotationsPrefix`           | Annotations prefix for NGINX ingresses                                                                                                             | None                                  |
 | `ingressClass`                       | Ingress class used for annotating HTTPProxy objects, e.g. `contour`                                                                                | None                                  |
 | `podPriorityClassName`               | PriorityClass name for pod priority configuration                                                                                                  | ""                                    |
 | `podDisruptionBudget.enabled`        | A PodDisruptionBudget will be created if `true`                                                                                                    | `false`                               |
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `podDisruptionBudget.minAvailable`   | The minimal number of available replicas that will be set in the PodDisruptionBudget                                                               | `1`                                   |
 | `noCrossNamespaceRefs`               | If `true`, cross namespace references to custom resources will be disabled                                                                         | `false`                               |
 | `namespace`                          | When specified, Flagger will restrict itself to watching Canary objects from that namespace                                                        | `""`                                  |
 | `deploymentLabels`                   | Labels to add to Flagger deployment                                                                                                                | `{}`                                  |
 | `podLabels`                          | Labels to add to pods of Flagger deployment                                                                                                        | `{}`                                  |
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,
@@ -161,5 +207,3 @@ $ helm upgrade -i flagger flagger/flagger \
 ```
 > **Tip**: You can use the default [values.yaml](values.yaml)
--- a/charts/flagger/crds/crd.yaml
+++ b/charts/flagger/crds/crd.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: canaries.flagger.app
@@ -6,70 +6,80 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: Canary
    listKind: CanaryList
    plural: canaries
    singular: canary
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
    - name: v1alpha3
      served: true
      storage: false
    - name: v1alpha2
      served: false
      storage: false
    - name: v1alpha1
      served: false
      storage: false
  names:
    plural: canaries
    singular: canary
    kind: Canary
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Status
          type: string
-      JSONPath: .status.phase
+          jsonPath: .status.phase
        - name: Weight
          type: string
-      JSONPath: .status.canaryWeight
+          jsonPath: .status.canaryWeight
        - name: Suspended
          type: boolean
          jsonPath: .spec.suspend
          priority: 1
        - name: FailedChecks
          type: string
-      JSONPath: .status.failedChecks
+          jsonPath: .status.failedChecks
          priority: 1
        - name: Interval
          type: string
-      JSONPath: .spec.analysis.interval
+          jsonPath: .spec.analysis.interval
          priority: 1
        - name: Mirror
          type: boolean
-      JSONPath: .spec.analysis.mirror
+          jsonPath: .spec.analysis.mirror
          priority: 1
        - name: StepWeight
          type: string
-      JSONPath: .spec.analysis.stepWeight
+          jsonPath: .spec.analysis.stepWeight
          priority: 1
        - name: StepWeights
          type: string
-      JSONPath: .spec.analysis.stepWeights
+          jsonPath: .spec.analysis.stepWeights
          priority: 1
        - name: MaxWeight
          type: string
-      JSONPath: .spec.analysis.maxWeight
+          jsonPath: .spec.analysis.maxWeight
          priority: 1
        - name: LastTransitionTime
          type: string
-      JSONPath: .status.lastTransitionTime
+          jsonPath: .status.lastTransitionTime
-  validation:
+      schema:
        openAPIV3Schema:
          description: Canary is the Schema for the Canary API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: CanarySpec defines the desired state of a Canary.
              type: object
              required:
                - targetRef
            - service
                - analysis
              properties:
                provider:
@@ -97,7 +107,7 @@ spec:
                    name:
                      type: string
                autoscalerRef:
-              description: HPA selector
+                  description: Scaler selector
                  type: object
                  required: ["apiVersion", "kind", "name"]
                  properties:
@@ -107,10 +117,24 @@ spec:
                      type: string
                      enum:
                        - HorizontalPodAutoscaler
                        - ScaledObject
                    name:
                      type: string
                    primaryScalerQueries:
                      type: object
                      additionalProperties:
                        type: string
                    primaryScalerReplicas:
                      type: object
                      properties:
                        minReplicas:
                          type: integer
                          minimum: 1
                        maxReplicas:
                          type: integer
                          minimum: 1
                ingressRef:
-              description: NGINX ingress selector
+                  description: Ingress selector
                  type: object
                  required: ["apiVersion", "kind", "name"]
                  properties:
@@ -122,6 +146,34 @@ spec:
                        - Ingress
                    name:
                      type: string
                routeRef:
                  description: APISIX route selector
                  type: object
                  required: [ "apiVersion", "kind", "name" ]
                  properties:
                    apiVersion:
                      type: string
                    kind:
                      type: string
                      enum:
                        - ApisixRoute
                    name:
                      type: string
                upstreamRef:
                  description: Gloo Upstream selector
                  type: object
                  required: [ "apiVersion", "kind", "name" ]
                  properties:
                    apiVersion:
                      type: string
                    kind:
                      type: string
                      enum:
                        - Upstream
                    name:
                      type: string
                    namespace:
                      type: string
                service:
                  description: Kubernetes Service spec
                  type: object
@@ -136,13 +188,24 @@ spec:
                    portName:
                      description: Container port name
                      type: string
                    appProtocol:
                      description: Application protocol of the port
                      type: string
                    trafficDistribution:
                      description: Traffic distribution of the service
                      type: string
                      enum:
                        - PreferClose
                        - PreferSameZone
                        - PreferSameNode
                    targetPort:
                      description: Container target port name
-                  anyOf:
+                      x-kubernetes-int-or-string: true
                    - type: string
                    - type: number
                    portDiscovery:
-                  description: Enable port dicovery
+                      description: Enable port discovery
                      type: boolean
                    headless:
                      description: Headless if set to true, generates headless Kubernetes services.
                      type: boolean
                    timeout:
                      description: HTTP or gRPC request timeout
@@ -167,15 +230,23 @@ spec:
                      description: URI match conditions
                      type: array
                      items:
                    type: object
                        properties:
-                      uri:
+                          authority:
                        type: object
                            oneOf:
-                          - required: ["exact"]
+                              - not:
-                          - required: ["prefix"]
+                                  anyOf:
-                          - required: ["suffix"]
+                                    - required:
-                          - required: ["regex"]
+                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
@@ -183,12 +254,223 @@ spec:
                              prefix:
                                format: string
                                type: string
-                          suffix:
+                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          gateways:
                            description:
                              Names of gateways where the rule should be
                              applied.
                            items:
                              format: string
                              type: string
                            type: array
                          headers:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            type: object
                          ignoreUriCase:
                            description:
                              Flag to specify whether the URI matching should
                              be case-insensitive.
                            type: boolean
                          method:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          name:
                            description: The name assigned to a match.
                            format: string
                            type: string
                          port:
                            description:
                              Specifies the ports on the host that is being
                              addressed.
                            type: integer
                          queryParams:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            description: Query parameters for matching.
                            type: object
                          scheme:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          sourceLabels:
                            additionalProperties:
                              format: string
                              type: string
                            type: object
                          sourceNamespace:
                            description:
                              Source namespace constraining the applicability
                              of a rule to workloads in that namespace.
                            format: string
                            type: string
                          uri:
                            oneOf:
                              - not:
                                  anyOf:
                                    - required:
                                        - exact
                                    - required:
                                        - prefix
                                    - required:
                                        - regex
                              - required:
                                  - exact
                              - required:
                                  - prefix
                              - required:
                                  - regex
                            properties:
                              exact:
                                format: string
                                type: string
                              prefix:
                                format: string
                                type: string
                              regex:
                                description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                format: string
                                type: string
                            type: object
                          withoutHeaders:
                            additionalProperties:
                              oneOf:
                                - not:
                                    anyOf:
                                      - required:
                                          - exact
                                      - required:
                                          - prefix
                                      - required:
                                          - regex
                                - required:
                                    - exact
                                - required:
                                    - prefix
                                - required:
                                    - regex
                              properties:
                                exact:
                                  format: string
                                  type: string
                                prefix:
                                  format: string
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  format: string
                                  type: string
                              type: object
                            description:
                              withoutHeader has the same syntax with the
                              header, but has opposite meaning.
                            type: object
                        type: object
                    retries:
                      description: Retry policy for HTTP requests
                      type: object
@@ -211,6 +493,54 @@ spec:
                        uri:
                          format: string
                          type: string
                        authority:
                          format: string
                          type: string
                        type:
                          format: string
                          type: string
                    mirror:
                      description: Mirror defines a schema for a filter that mirrors requests.
                      type: array
                      items:
                        type: object
                        properties:
                          backendRef:
                            properties:
                              group:
                                default: ""
                                maxLength: 253
                                pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                                type: string
                              kind:
                                default: Service
                                maxLength: 63
                                minLength: 1
                                pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                                type: string
                              name:
                                maxLength: 253
                                minLength: 1
                                type: string
                              namespace:
                                maxLength: 63
                                minLength: 1
                                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                                type: string
                              port:
                                format: int32
                                maximum: 65535
                                minimum: 1
                                type: integer
                            required:
                            - name
                            type: object
                            x-kubernetes-validations:
                            - message: Must have port for Service reference
                              rule: '(size(self.group) == 0 && self.kind == ''Service'')
                                ? has(self.port) : true'
                      required:
                      - backendRef
                    headers:
                      description: Headers operations
                      type: object
@@ -256,6 +586,45 @@ spec:
                      type: array
                      items:
                        type: string
                    gatewayRefs:
                      description: The list of parent Gateways for a HTTPRoute
                      maxItems: 32
                      type: array
                      items:
                        required:
                        - name
                        type: object
                        properties:
                          group:
                            default: gateway.networking.k8s.io
                            maxLength: 253
                            pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                            type: string
                          kind:
                            default: Gateway
                            maxLength: 63
                            minLength: 1
                            pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                            type: string
                          name:
                            maxLength: 253
                            minLength: 1
                            type: string
                          namespace:
                            maxLength: 63
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                            type: string
                          sectionName:
                            maxLength: 253
                            minLength: 1
                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                            type: string
                          port:
                            format: int32
                            maximum: 65535
                            minimum: 1
                            type: integer
                    corsPolicy:
                      description: Istio Cross-Origin Resource Sharing policy (CORS)
                      type: object
@@ -314,6 +683,7 @@ spec:
                      type: object
                      properties:
                        connectionPool:
                          type: object
                          properties:
                            http:
                              description: HTTP connection pool settings.
@@ -445,6 +815,10 @@ spec:
                                - LEAST_CONN
                                - RANDOM
                                - PASSTHROUGH
                                - LEAST_REQUEST
                              type: string
                            warmupDurationSecs:
                              description: Represents the warmup duration of Service.
                              type: string
                        outlierDetection:
                          description: Settings controlling eviction of unhealthy hosts from the load balancing pool.
@@ -542,12 +916,27 @@ spec:
                          type: object
                          additionalProperties:
                            type: string
                    unmanagedMetadata:
                      description: UnmanagedMetadata is a list of metadata keys that should be ignored by Flagger.
                      type: object
                      properties:
                        annotations:
                          type: array
                          items:
                            type: string
                        labels:
                          type: array
                          items:
                            type: string
                skipAnalysis:
                  description: Skip analysis and promote canary
                  type: boolean
                revertOnDeletion:
                  description: Revert mutated resources to original spec on deletion
                  type: boolean
                suspend:
                  description: Suspend Canary disabling/pausing all canary runs
                  type: boolean
                analysis:
                  description: Canary analysis for this canary
                  type: object
@@ -586,6 +975,12 @@ spec:
                    mirrorWeight:
                      description: Weight of traffic to be mirrored
                      type: number
                    primaryReadyThreshold:
                      description: Percentage of pods that need to be available to consider primary as ready
                      type: number
                    canaryReadyThreshold:
                      description: Percentage of pods that need to be available to consider canary as ready
                      type: number
                    match:
                      description: A/B testing match conditions
                      type: array
@@ -615,6 +1010,34 @@ spec:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)
                                  format: string
                                  type: string
                          queryParams:
                            description: Query parameters for matching.
                            type: object
                            additionalProperties:
                              oneOf:
                              - not:
                                  anyOf:
                                  - required:
                                    - exact
                                  - required:
                                    - prefix
                                  - required:
                                    - regex
                              - required:
                                - exact
                              - required:
                                - prefix
                              - required:
                                - regex
                              properties:
                                exact:
                                  type: string
                                prefix:
                                  type: string
                                regex:
                                  description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
                                  type: string
                              type: object
                          sourceLabels:
                            description: Applicable only when the 'mesh' gateway is included in the service.gateways list
                            type: object
@@ -662,6 +1085,42 @@ spec:
                              namespace:
                                description: Namespace of this metric template
                                type: string
                          templateVariables:
                            description: Additional variables to be used in the metrics query (key-value pairs)
                            type: object
                            additionalProperties:
                              type: string
                    alerts:
                      description: Alert list for this canary analysis
                      type: array
                      items:
                        type: object
                        required:
                          - providerRef
                          - name
                        properties:
                          name:
                            description: Name of the this alert
                            type: string
                          severity:
                            description: Severity level can be info, warn, error (default info)
                            type: string
                            enum:
                              - ""
                              - info
                              - warn
                              - error
                          providerRef:
                            description: Alert provider reference
                            type: object
                            required: ["name"]
                            properties:
                              name:
                                description: Name of the alert provider
                                type: string
                              namespace:
                                description: Namespace of the alert provider
                                type: string
                    webhooks:
                      description: Webhook list for this canary
                      type: array
@@ -684,6 +1143,10 @@ spec:
                              - post-rollout
                              - event
                              - rollback
                              - confirm-traffic-increase
                          muteAlert:
                            description: Mute all alerts for the webhook
                            type: boolean
                          url:
                            description: URL address of this webhook
                            type: string
@@ -692,12 +1155,57 @@ spec:
                            description: Request timeout for this webhook
                            type: string
                            pattern: "^[0-9]+(m|s)"
                          retries:
                            description: Number of retries for this webhook
                            type: number
                          disableTLS:
                            description: Disable TLS verification for this webhook
                            type: boolean
                          metadata:
                            description: Metadata (key-value pairs) for this webhook
                            type: object
                            additionalProperties:
                              type: string
                    sessionAffinity:
                      description: SessionAffinity represents the session affinity settings for a canary run.
                      type: object
                      required: [ "cookieName" ]
                      properties:
                        cookieName:
                          description: CookieName is the key that will be used for the session affinity cookie.
                          type: string
                        primaryCookieName:
                          description: CookieName is the key that will be used for the session affinity cookie.
                          type: string
                        domain:
                          description: Domain defines the host to which the cookie will be sent.
                          type: string
                        httpOnly:
                          description: HttpOnly forbids JavaScript from accessing the cookie, for example, through the Document.cookie property.
                          type: boolean
                        maxAge:
                          description: MaxAge indicates the number of seconds until the session affinity cookie will expire.
                          default: 86400
                          type: number
                        partitioned:
                          description: Partitioned indicates that the cookie should be stored using partitioned storage.
                          type: boolean
                        path:
                          description: Path indicates the path that must exist in the requested URL for the browser to send the Cookie header.
                          type: string
                        sameSite:
                          description: SameSite controls whether or not a cookie is sent with cross-site requests.
                          type: string
                          enum:
                            - Strict
                            - Lax
                            - None
                        secure:
                          description: "Secure indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost)"
                          type: boolean
            status:
              description: CanaryStatus defines the observed state of a canary.
              type: object
              properties:
                phase:
                  description: Analysis phase of this canary
@@ -708,28 +1216,46 @@ spec:
                    - Initialized
                    - Waiting
                    - Progressing
                    - WaitingPromotion
                    - Promoting
                    - Finalising
                    - Succeeded
                    - Failed
                    - Terminating
                    - Terminated
            canaryWeight:
              description: Traffic weight routed to canary
              type: number
                failedChecks:
                  description: Failed check count of the current canary analysis
                  type: number
                canaryWeight:
                  description: Traffic weight routed to canary
                  type: number
                iterations:
                  description: Iteration count of the current canary analysis
                  type: number
                trackedConfigs:
                  description: TrackedConfig of this canary
                  additionalProperties:
                    type: string
                  type: object
                lastAppliedSpec:
                  description: LastAppliedSpec of this canary
                  type: string
                lastPromotedSpec:
                  description: LastPromotedSpec of this canary
                  type: string
                lastTransitionTime:
                  description: LastTransitionTime of this canary
                  format: date-time
                  type: string
                sessionAffinityCookie:
                  description: Session affinity cookie of the current canary run
                  type: string
                primarySessionAffinityCookie:
                  description: Primary session affinity cookie of the current canary run
                  type: string
                previousSessionAffinityCookie:
                  description: Session affinity cookie of the previous canary run
                  type: string
                conditions:
                  description: Status conditions of this canary
                  type: array
@@ -758,7 +1284,7 @@ spec:
                        description: Type of this condition
                        type: string
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: metrictemplates.flagger.app
@@ -766,31 +1292,44 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: MetricTemplate
    listKind: MetricTemplateList
    plural: metrictemplates
    singular: metrictemplate
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
    - name: v1alpha1
      served: true
      storage: false
  names:
    plural: metrictemplates
    singular: metrictemplate
    kind: MetricTemplate
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Provider
          type: string
-      JSONPath: .spec.provider.type
+          jsonPath: .spec.provider.type
-  validation:
+      schema:
        openAPIV3Schema:
          description: MetricTemplate is the Schema for the MetricTemplates API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: MetricTemplateSpec defines the desired state of a MetricTemplate.
              type: object
              required:
                - provider
                - query
@@ -808,11 +1347,23 @@ spec:
                        - prometheus
                        - influxdb
                        - datadog
                        - stackdriver
                        - cloudwatch
                        - newrelic
                        - graphite
                        - dynatrace
                        - keptn
                        - splunk
                    address:
                      description: API address of this provider
                      type: string
                    headers:
                      description: Headers to add to HTTP(S) requests
                      type: object
                      additionalProperties:
                        type: array
                        items:
                          type: string
                    secretRef:
                      description: Kubernetes secret reference containing the provider credentials
                      type: object
@@ -825,11 +1376,14 @@ spec:
                    region:
                      description: Region of the provider
                      type: string
                    insecureSkipVerify:
                      description: Disable SSL certificate validation for the provider address
                      type: boolean
                query:
                  description: Query of this metric template
                  type: string
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: alertproviders.flagger.app
@@ -837,28 +1391,44 @@ metadata:
    helm.sh/resource-policy: keep
 spec:
  group: flagger.app
-  version: v1beta1
+  names:
    kind: AlertProvider
    listKind: AlertProviderList
    plural: alertproviders
    singular: alertprovider
    categories:
      - all
  scope: Namespaced
  versions:
    - name: v1beta1
      served: true
      storage: true
  names:
    plural: alertproviders
    singular: alertprovider
    kind: AlertProvider
    categories:
      - all
  scope: Namespaced
      subresources:
        status: {}
      additionalPrinterColumns:
        - name: Type
          type: string
-      JSONPath: .spec.type
+          jsonPath: .spec.type
-  validation:
+      schema:
        openAPIV3Schema:
          description: AlertProvider is the Schema for the AlertProvider API.
          type: object
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: AlertProviderSpec defines the desired state of a AlertProvider.
              type: object
              oneOf:
                - required:
                    - type
@@ -875,9 +1445,19 @@ spec:
                    - msteams
                    - discord
                    - rocket
                    - gchat
                channel:
                  description: Alert channel for this provider
                  type: string
                username:
                  description: Bot username for this provider
                  type: string
                address:
                  description: Hook URL address of this provider
                  type: string
                proxy:
                  description: Http/s proxy of this provider
                  type: string
                secretRef:
                  description: Kubernetes secret reference containing the provider address
                  type: object
--- a/charts/flagger/templates/account.yaml
+++ b/charts/flagger/templates/account.yaml
@@ -3,8 +3,9 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "flagger.serviceAccountName" . }}
-  annotations:
+  namespace: {{ .Release.Namespace }}
  {{- if .Values.serviceAccount.annotations }}
  annotations:
 {{ toYaml .Values.serviceAccount.annotations | indent 4 }}
  {{- end }}
  labels:
--- a/charts/flagger/templates/authorizationpolicy.yaml
+++ b/charts/flagger/templates/authorizationpolicy.yaml
@@ -0,0 +1,16 @@
 {{- if .Values.linkerdAuthPolicy.create }}
 apiVersion: policy.linkerd.io/v1alpha1
 kind: AuthorizationPolicy
 metadata:
  namespace: {{ .Values.linkerdAuthPolicy.namespace }}
  name: prometheus-admin-flagger
 spec:
  targetRef:
    group: policy.linkerd.io
    kind: Server
    name: prometheus-admin
  requiredAuthenticationRefs:
    - kind: ServiceAccount
      name: {{ template "flagger.serviceAccountName" . }}
      namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/flagger/templates/deployment.yaml
+++ b/charts/flagger/templates/deployment.yaml
@@ -2,11 +2,22 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "flagger.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    helm.sh/chart: {{ template "flagger.chart" . }}
    app.kubernetes.io/name: {{ template "flagger.name" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
  {{- if .Values.deploymentLabels }}
  {{- range $key, $value := .Values.deploymentLabels }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  {{- end }}
  {{- with .Values.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: {{ .Values.leaderElection.replicaCount }}
  {{- if eq .Values.leaderElection.enabled false }}
@@ -22,31 +33,34 @@ spec:
      labels:
        app.kubernetes.io/name: {{ template "flagger.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/version: {{ .Chart.AppVersion }}
      {{- if .Values.podLabels }}
      {{- range $key, $value := .Values.podLabels }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      annotations:
        {{- if .Values.podAnnotations }}
 {{ toYaml .Values.podAnnotations | indent 8 }}
        {{- end }}
    spec:
      serviceAccountName: {{ template "flagger.serviceAccountName" . }}
      {{- if .Values.affinity }}
      affinity:
-        podAntiAffinity:
+        {{- tpl (toYaml .Values.affinity) . | nindent 8 }}
-          preferredDuringSchedulingIgnoredDuringExecution:
+      {{- end }}
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: {{ template "flagger.name" . }}
                    app.kubernetes.io/instance: {{ .Release.Name }}
                topologyKey: kubernetes.io/hostname
      {{- if .Values.image.pullSecret }}
      imagePullSecrets:
        - name: {{ .Values.image.pullSecret }}
      {{- end }}
      {{- if .Values.controlplane.kubeconfig.secretName }}
      volumes:
        {{- if .Values.istio.kubeconfig.secretName }}
        - name: kubeconfig
          secret:
-            secretName: "{{ .Values.istio.kubeconfig.secretName }}"
+            secretName: "{{ .Values.controlplane.kubeconfig.secretName }}"
      {{- end }}
        {{- if .Values.additionalVolumes }}
          {{- toYaml .Values.additionalVolumes | nindent 8 -}}
        {{- end }}
      {{- if .Values.podPriorityClassName }}
      priorityClassName: {{ .Values.podPriorityClassName }}
@@ -57,10 +71,10 @@ spec:
          securityContext:
 {{ toYaml .Values.securityContext.context | indent 12 }}
          {{- end }}
          {{- if .Values.controlplane.kubeconfig.secretName }}
          volumeMounts:
            {{- if .Values.istio.kubeconfig.secretName }}
            - name: kubeconfig
-              mountPath: "/tmp/istio-host"
+              mountPath: "/tmp/controlplane"
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -90,6 +104,9 @@ spec:
          {{- if .Values.slack.url }}
          - -slack-url={{ .Values.slack.url }}
          {{- end }}
          {{- if .Values.slack.proxyUrl }}
          - -slack-proxy-url={{ .Values.slack.proxyUrl }}
          {{- end }}
          {{- if .Values.slack.user }}
          - -slack-user={{ .Values.slack.user }}
          {{- end }}
@@ -99,6 +116,9 @@ spec:
          {{- if .Values.msteams.url }}
          - -msteams-url={{ .Values.msteams.url }}
          {{- end }}
          {{- if .Values.msteams.proxyUrl }}
          - -msteams-proxy-url={{ .Values.msteams.proxyUrl }}
          {{- end }}
          {{- if .Values.leaderElection.enabled }}
          - -enable-leader-election=true
          - -leader-election-namespace={{ .Release.Namespace }}
@@ -121,12 +141,18 @@ spec:
          {{- if .Values.kubeconfigBurst }}
          - -kubeconfig-burst={{ .Values.kubeconfigBurst }}
          {{- end }}
-          {{- if .Values.istio.kubeconfig.secretName }}
+          {{- if .Values.controlplane.kubeconfig.secretName }}
-          - -kubeconfig-service-mesh=/tmp/istio-host/{{ .Values.istio.kubeconfig.key }}
+          - -kubeconfig-service-mesh=/tmp/controlplane/{{ .Values.controlplane.kubeconfig.key }}
          {{- end }}
          {{- if .Values.threadiness }}
          - -threadiness={{ .Values.threadiness }}
          {{- end }}
          {{- if .Values.clusterName }}
          - -cluster-name={{ .Values.clusterName }}
          {{- end }}
          {{- if .Values.noCrossNamespaceRefs }}
          - -no-cross-namespace-refs={{ .Values.noCrossNamespaceRefs }}
          {{- end }}
          livenessProbe:
            exec:
              command:
--- a/charts/flagger/templates/pdb.yaml
+++ b/charts/flagger/templates/pdb.yaml
@@ -0,0 +1,16 @@
 {{- if .Values.podDisruptionBudget.enabled }}
 {{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
 apiVersion: policy/v1
 {{- else }}
 apiVersion: policy/v1beta1
 {{- end }}
 kind: PodDisruptionBudget
 metadata:
  name: {{ template "flagger.name" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "flagger.name" . }}
 {{- end }}
--- a/charts/flagger/templates/podmonitor.yaml
+++ b/charts/flagger/templates/podmonitor.yaml
@@ -17,6 +17,7 @@ spec:
  - interval: {{ .Values.podMonitor.interval }}
    path: /metrics
    port: http
    honorLabels: {{ .Values.podMonitor.honorLabels }}
  namespaceSelector:
    matchNames:
    - {{ .Release.Namespace }}
--- a/charts/flagger/templates/prometheus.yaml
+++ b/charts/flagger/templates/prometheus.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.prometheus.install }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ template "flagger.fullname" . }}-prometheus
@@ -24,7 +24,7 @@ rules:
  - nonResourceURLs: ["/metrics"]
    verbs: ["get"]
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "flagger.fullname" . }}-prometheus
@@ -255,7 +255,14 @@ spec:
              mountPath: /etc/prometheus
            - name: data-volume
              mountPath: /prometheus/data
-
+          {{- if .Values.prometheus.securityContext.enabled }}
          securityContext:
 {{ toYaml .Values.prometheus.securityContext.context | indent 12 }}
          {{- end }}
      {{- if .Values.prometheus.pullSecret }}
      imagePullSecrets:
        - name: {{ .Values.prometheus.pullSecret }}
      {{- end }}
      volumes:
        - name: config-volume
          configMap:
--- a/charts/flagger/templates/psp.yaml
+++ b/charts/flagger/templates/psp.yaml
@@ -50,6 +50,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ template "flagger.fullname" . }}-psp
  namespace: {{ .Release.Namespace }}
  labels:
    helm.sh/chart: {{ template "flagger.chart" . }}
    app.kubernetes.io/name: {{ template "flagger.name" . }}
--- a/charts/flagger/templates/rbac.yaml
+++ b/charts/flagger/templates/rbac.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ template "flagger.fullname" . }}
@@ -27,6 +27,18 @@ rules:
      - update
      - patch
      - delete
  - apiGroups:
      - "coordination.k8s.io"
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - apps
    resources:
@@ -74,6 +86,7 @@ rules:
    resources:
      - canaries
      - canaries/status
      - canaries/finalizers
      - metrictemplates
      - metrictemplates/status
      - alertproviders
@@ -149,8 +162,19 @@ rules:
    resources:
      - upstreams
      - upstreams/finalizers
-      - upstreamgroups
+    verbs:
-      - upstreamgroups/finalizers
+      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - gateway.solo.io
    resources:
      - routetables
      - routetables/finalizers
    verbs:
      - get
      - list
@@ -172,12 +196,101 @@ rules:
      - update
      - patch
      - delete
  - apiGroups:
    - traefik.io 
    resources:
    - traefikservices
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
    - delete
  - apiGroups:
      - kuma.io
    resources:
      - trafficroutes
      - trafficroutes/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - gateway.networking.k8s.io
    resources:
      - httproutes
      - httproutes/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - keda.sh
    resources:
      - scaledobjects
      - scaledobjects/finalizers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - apisix.apache.org
    resources:
      - apisixroutes
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - metrics.keptn.sh
    resources:
      - keptnmetrics
      - analyses
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - nonResourceURLs:
      - /version
    verbs:
      - get
  - apiGroups:
      - serving.knative.dev
    resources:
      - services
    verbs:
      - get
      - update
  - apiGroups:
      - serving.knative.dev
    resources:
      - revisions
    verbs:
      - get
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "flagger.fullname" . }}
--- a/charts/flagger/templates/service.yaml
+++ b/charts/flagger/templates/service.yaml
@@ -0,0 +1,19 @@
 {{- if .Values.serviceMonitor.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "flagger.name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "flagger.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
  ports:
    - name: http
      port: 8080
      targetPort: http
      protocol: TCP
  selector:
    app.kubernetes.io/name: {{ template "flagger.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/flagger/templates/servicemonitor.yaml
+++ b/charts/flagger/templates/servicemonitor.yaml
@@ -0,0 +1,29 @@
 {{- if .Values.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "flagger.name" . }}
 {{- if .Values.serviceMonitor.namespace }}
  namespace: {{ .Release.Namespace }}
 {{- end }}
  labels:
    app.kubernetes.io/name: {{ template "flagger.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    {{- with .Values.serviceMonitor.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  endpoints:
    - path: /metrics
      port: http
      interval: 30s
      scrapeTimeout: 30s
      honorLabels: {{ .Values.serviceMonitor.honorLabels }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "flagger.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/flagger/values.yaml
+++ b/charts/flagger/values.yaml
@@ -1,8 +1,11 @@
 # Default values for flagger.
 ## Deployment annotations
 # annotations: {}
 image:
-  repository: weaveworks/flagger
+  repository: ghcr.io/fluxcd/flagger
-  tag: 1.3.0
+  tag: 1.42.0
  pullPolicy: IfNotPresent
  pullSecret:
@@ -13,13 +16,23 @@ podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "8080"
  appmesh.k8s.aws/sidecarInjectorWebhook: disabled
  linkerd.io/inject: enabled
 # priority class name for pod priority configuration
 podPriorityClassName: ""
 metricsServer: "http://prometheus:9090"
-# accepted values are kubernetes, istio, linkerd, appmesh, nginx, gloo or supergloo:mesh.namespace (defaults to istio)
+# creates serviceMonitor for monitoring Flagger metrics
 serviceMonitor:
  enabled: false
  honorLabels: false
  # Set the namespace the ServiceMonitor should be deployed
  # namespace: monitoring
  # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
  # labels:
 # accepted values are kubernetes, istio, linkerd, appmesh, contour, nginx, gloo, skipper, traefik, apisix
 meshProvider: ""
 # single namespace restriction
@@ -50,11 +63,15 @@ securityContext:
 # when specified, flagger will publish events to the provided webhook
 eventWebhook: ""
 # when specified, flagger will add the cluster name to alerts
 clusterName: ""
 slack:
  user: flagger
  channel:
  # incoming webhook https://api.slack.com/incoming-webhooks
  url:
  proxy:
 msteams:
  # MS Teams incoming webhook URL
@@ -65,6 +82,7 @@ podMonitor:
  namespace:
  interval: 15s
  additionalLabels: {}
  honorLabels: false
 #env:
 #- name: SLACK_URL
@@ -72,11 +90,21 @@ podMonitor:
 #    secretKeyRef:
 #      name: slack
 #      key: url
 #- name: SLACK_PROXY_URL
 #  valueFrom:
 #    secretKeyRef:
 #      name: slack
 #      key: proxy-url
 #- name: MSTEAMS_URL
 #  valueFrom:
 #    secretKeyRef:
 #      name: msteams
 #      key: url
 #- name: MSTEAMS_PROXY_URL
 #  valueFrom:
 #    secretKeyRef:
 #      name: msteams
 #      key: proxy-url
 #- name: EVENT_WEBHOOK_URL
 #  valueFrom:
 #    secretKeyRef:
@@ -106,6 +134,13 @@ crd:
  # crd.create: `true` if custom resource definitions should be created
  create: false
 linkerdAuthPolicy:
  # linkerdAuthPolicy.create: Whether to create an AuthorizationPolicy in
  # linkerd viz' namespace to allow flagger to reach viz' prometheus service
  create: false
  # linkerdAuthPolicy.namespace: linkerd-viz' namespace
  namespace: linkerd-viz
 nameOverride: ""
 fullnameOverride: ""
@@ -121,20 +156,54 @@ nodeSelector: {}
 tolerations: []
 affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/name: '{{ template "flagger.name" . }}'
              app.kubernetes.io/instance: '{{ .Release.Name }}'
          topologyKey: kubernetes.io/hostname
 prometheus:
  # to be used with ingress controllers
  install: false
-  image: docker.io/prom/prometheus:v2.21.0
+  image: docker.io/prom/prometheus:v2.41.0
  pullSecret:
  retention: 2h
  # when enabled, it will add a security context for the prometheus pod
  securityContext:
    enabled: false
    context:
      readOnlyRootFilesystem: true
      runAsUser: 10001
 kubeconfigQPS: ""
 kubeconfigBurst: ""
-#  Istio multi-cluster service mesh (shared control plane single-network)
+#  Multi-cluster service mesh (shared control plane single-network)
-# https://istio.io/docs/setup/install/multicluster/shared-vpn/
+controlplane:
 istio:
  kubeconfig:
-    # istio.kubeconfig.secretName: The name of the secret containing the Istio control plane kubeconfig
+    # controlplane.kubeconfig.secretName: The name of the secret containing the mesh control plane kubeconfig
    secretName: ""
-    # istio.kubeconfig.key: The name of secret data key that contains the Istio control plane kubeconfig
+    # controlplane.kubeconfig.key: The name of secret data key that contains the mesh control plane kubeconfig
    key: "kubeconfig"
 podDisruptionBudget:
  enabled: false
  minAvailable: 1
 # Additional labels to be added to pods
 podLabels: {}
 # Additional labels to be added to deployments
 deploymentLabels: { }
 noCrossNamespaceRefs: false
 #Placeholder to supply additional volumes to the flagger pod
 additionalVolumes: {}
  # - name: tmpfs
  #   emptyDir: {}
--- a/charts/grafana/Chart.yaml
+++ b/charts/grafana/Chart.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 name: grafana
-version: 1.5.0
+version: 1.7.0
 appVersion: 7.2.0
 description: Grafana dashboards for monitoring Flagger canary deployments
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
+icon: https://raw.githubusercontent.com/fluxcd/flagger/main/docs/logo/flagger-icon.png
 home: https://flagger.app
 sources:
-  - https://github.com/weaveworks/flagger
+  - https://github.com/fluxcd/flagger
 maintainers:
  - name: stefanprodan
    url: https://github.com/stefanprodan
--- a/charts/grafana/README.md
+++ b/charts/grafana/README.md
@@ -2,7 +2,7 @@
 Grafana dashboards for monitoring progressive deployments powered by Flagger and Prometheus.
-![flagger-grafana](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/screens/grafana-canary-analysis.png)
+![flagger-grafana](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/screens/grafana-canary-analysis.png)
 ## Prerequisites
--- a/charts/grafana/dashboards/appmesh.json
+++ b/charts/grafana/dashboards/appmesh.json
@@ -1146,7 +1146,6 @@
    "list": [
      {
        "allValue": null,
        "current": null,
        "datasource": "prometheus",
        "definition": "query_result(sum(envoy_cluster_upstream_rq) by (kubernetes_namespace))",
        "hide": 0,
@@ -1168,7 +1167,6 @@
      },
      {
        "allValue": null,
        "current": null,
        "datasource": "prometheus",
        "definition": "query_result(sum(envoy_cluster_upstream_rq{kubernetes_namespace=\"$namespace\",app=~\".*-primary\"}) by (app))",
        "hide": 0,
@@ -1190,7 +1188,6 @@
      },
      {
        "allValue": null,
        "current": null,
        "datasource": "prometheus",
        "definition": "query_result(sum(envoy_cluster_upstream_rq{kubernetes_namespace=\"$namespace\",app!~\".*-primary\"}) by (app))",
        "hide": 0,
--- a/charts/grafana/dashboards/istio.json
+++ b/charts/grafana/dashboards/istio.json
@@ -403,7 +403,7 @@
      "steppedLine": false,
      "targets": [
        {
-          "expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "interval": "",
          "intervalFactor": 1,
@@ -411,7 +411,7 @@
          "refId": "A"
        },
        {
-          "expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "hide": false,
          "intervalFactor": 1,
@@ -419,7 +419,7 @@
          "refId": "B"
        },
        {
-          "expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$primary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "hide": false,
          "intervalFactor": 1,
@@ -509,7 +509,7 @@
      "steppedLine": false,
      "targets": [
        {
-          "expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.50, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "interval": "",
          "intervalFactor": 1,
@@ -517,7 +517,7 @@
          "refId": "A"
        },
        {
-          "expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.90, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "hide": false,
          "intervalFactor": 1,
@@ -525,7 +525,7 @@
          "refId": "B"
        },
        {
-          "expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le))",
+          "expr": "histogram_quantile(0.99, sum(irate(istio_request_duration_milliseconds_bucket{reporter=\"destination\",destination_workload=~\"$canary\", destination_workload_namespace=~\"$namespace\"}[1m])) by (le)) / 1000",
          "format": "time_series",
          "hide": false,
          "intervalFactor": 1,
--- a/charts/grafana/values.yaml
+++ b/charts/grafana/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 image:
  repository: grafana/grafana
-  tag: 7.2.0
+  tag: 7.3.4
  pullPolicy: IfNotPresent
 podAnnotations: {}
--- a/charts/loadtester/Chart.yaml
+++ b/charts/loadtester/Chart.yaml
@@ -1,14 +1,14 @@
 apiVersion: v1
 name: loadtester
-version: 0.18.0
+version: 0.36.0
-appVersion: 0.18.0
+appVersion: 0.36.0
-kubeVersion: ">=1.11.0-0"
+kubeVersion: ">=1.19.0-0"
 engine: gotpl
 description: Flagger's load testing services based on rakyll/hey and bojand/ghz that generates traffic during canary analysis when configured as a webhook.
 home: https://docs.flagger.app
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
+icon: https://raw.githubusercontent.com/fluxcd/flagger/main/docs/logo/flagger-icon.png
 sources:
-  - https://github.com/weaveworks/flagger
+  - https://github.com/fluxcd/flagger
 maintainers:
  - name: stefanprodan
    url: https://github.com/stefanprodan
@@ -19,5 +19,6 @@ keywords:
  - appmesh
  - linkerd
  - gloo
  - smi
  - gitops
  - load testing
--- a/charts/loadtester/README.md
+++ b/charts/loadtester/README.md
@@ -1,13 +1,13 @@
 # Flagger load testing service
-[Flagger's](https://github.com/weaveworks/flagger) load testing service is based on 
+[Flagger's](https://github.com/fluxcd/flagger) load testing service is based on
 [rakyll/hey](https://github.com/rakyll/hey) and
 [bojand/ghz](https://github.com/bojand/ghz).
 It can be used to generate HTTP and gRPC traffic during canary analysis when configured as a webhook.
 ## Prerequisites
-* Kubernetes >= 1.11
+* Kubernetes >= 1.19
 ## Installing the Chart
@@ -26,7 +26,7 @@ helm upgrade -i flagger-loadtester flagger/loadtester
 The command deploys loadtester on the Kubernetes cluster in the default namespace.
 > **Tip**: Note that the namespace where you deploy the load tester should
-> have the Istio, App Mesh or Linkerd sidecar injection enabled
+> have the Istio, App Mesh, Linkerd or Open Service Mesh sidecar injection enabled
 The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -44,32 +44,37 @@ The command removes all the Kubernetes components associated with the chart and
 The following tables lists the configurable parameters of the load tester chart and their default values.
-Parameter | Description | Default
+| Parameter                          | Description                                                                          | Default                             |
--- | --- | ---
+|------------------------------------|--------------------------------------------------------------------------------------|-------------------------------------|
-`image.repository` | Image repository | `quay.io/stefanprodan/flagger-loadtester`
+| `image.repository`                 | Image repository                                                                     | `ghcr.io/fluxcd/flagger-loadtester` |
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
+| `image.pullPolicy`                 | Image pull policy                                                                    | `IfNotPresent`                      |
-`image.tag` | Image tag | `<VERSION>`
+| `image.tag`                        | Image tag                                                                            | `<VERSION>`                         |
-`replicaCount` | Desired number of pods | `1`
+| `replicaCount`                     | Desired number of pods                                                               | `1`                                 |
-`serviceAccountName` | Kubernetes service account name | `none` 
+| `serviceAccountName`               | Kubernetes service account name                                                      | `none`                              |
-`resources.requests.cpu` | CPU requests | `10m`
+| `resources.requests.cpu`           | CPU requests                                                                         | `10m`                               |
-`resources.requests.memory` | Memory requests | `64Mi`
+| `resources.requests.memory`        | Memory requests                                                                      | `64Mi`                              |
-`tolerations` | List of node taints to tolerate | `[]`
+| `tolerations`                      | List of node taints to tolerate                                                      | `[]`                                |
-`affinity` | node/pod affinities | `node`
+| `affinity`                         | node/pod affinities                                                                  | `node`                              |
-`nodeSelector` | Node labels for pod assignment | `{}`
+| `nodeSelector`                     | Node labels for pod assignment                                                       | `{}`                                |
-`service.type` | Type of service | `ClusterIP`
+| `service.type`                     | Type of service                                                                      | `ClusterIP`                         |
-`service.port` | ClusterIP port | `80`
+| `service.port`                     | ClusterIP port                                                                       | `80`                                |
-`cmd.timeout` | Command execution timeout | `1h`
+| `cmd.timeout`                      | Command execution timeout                                                            | `1h`                                |
-`logLevel` | Log level can be debug, info, warning, error or panic | `info`
+| `cmd.namespaceRegexp`              | Restrict access to canaries in matching namespaces                                   | ""                                  |
-`appmesh.enabled` | Create AWS App Mesh v1beta2 virtual node | `false`
+| `logLevel`                         | Log level can be debug, info, warning, error or panic                                | `info`                              |
-`appmesh.backends` | AWS App Mesh virtual services | `none`
+| `appmesh.enabled`                  | Create AWS App Mesh v1beta2 virtual node                                             | `false`                             |
-`istio.enabled` | Create Istio virtual service | `false`
+| `appmesh.backends`                 | AWS App Mesh virtual services                                                        | `none`                              |
-`istio.host` | Loadtester hostname  | `flagger-loadtester.flagger`
+| `istio.enabled`                    | Create Istio virtual service                                                         | `false`                             |
-`istio.gateway.enabled` | Create Istio gateway in namespace | `false`
+| `istio.host`                       | Loadtester hostname                                                                  | `flagger-loadtester.flagger`        |
-`istio.tls.enabled` | Enable TLS in gateway ( TLS secrets should be in namespace ) | `false`
+| `istio.gateway.enabled`            | Create Istio gateway in namespace                                                    | `false`                             |
-`istio.tls.httpsRedirect` | Redirect traffic to TLS port | `false`
+| `istio.tls.enabled`                | Enable TLS in gateway ( TLS secrets should be in namespace )                         | `false`                             |
-`podPriorityClassName` | PriorityClass name for pod priority configuration | ""
+| `istio.tls.httpsRedirect`          | Redirect traffic to TLS port                                                         | `false`                             |
-`securityContext.enabled` | Add securityContext to container | ""
+| `podPriorityClassName`             | PriorityClass name for pod priority configuration                                    | ""                                  |
-`securityContext.context` | securityContext to add | ""
+| `securityContext.enabled`          | Add securityContext to container                                                     | `false`                             |
 | `SecurityContext.context`          | securityContext to add                                                               | ""                                  |
 | `podSecurityContext.enabled`       | Add securityContext to pod                                                           | `false`                             |
 | `podSecurityContext.context`       | securityContext to add                                                               | ""                                  |
 | `podDisruptionBudget.enabled`      | A PodDisruptionBudget will be created if `true`                                      | `false`                             |
 | `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1`                                 |
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade`. For example,
@@ -87,5 +92,3 @@ helm install flagger/loadtester --name flagger-loadtester -f values.yaml
 ```
 > **Tip**: You can use the default [values.yaml](values.yaml)
--- a/charts/loadtester/templates/deployment.yaml
+++ b/charts/loadtester/templates/deployment.yaml
@@ -16,10 +16,15 @@ spec:
    metadata:
      labels:
        app: {{ include "loadtester.name" . }}
        app.kubernetes.io/name: {{ include "loadtester.name" . }}
      {{- range $key, $value := .Values.podLabels }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      annotations:
        appmesh.k8s.aws/ports: "444"
        openservicemesh.io/inbound-port-exclusion-list: "80, 8080"
        {{- if .Values.podAnnotations }}
-{{ toYaml .Values.podAnnotations | indent 8 }}
+          {{- toYaml .Values.podAnnotations | nindent 8 }}
        {{- end }}
    spec:
      {{- if .Values.serviceAccountName }}
@@ -34,7 +39,7 @@ spec:
        - name: {{ .Chart.Name }}
          {{- if .Values.securityContext.enabled }}
          securityContext:
-{{ toYaml .Values.securityContext.context | indent 12 }}
+            {{- toYaml .Values.securityContext.context | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -46,6 +51,7 @@ spec:
            - -port=8080
            - -log-level={{ .Values.logLevel }}
            - -timeout={{ .Values.cmd.timeout }}
            - -namespace-regexp={{ .Values.cmd.namespaceRegexp }}
          livenessProbe:
            exec:
              command:
@@ -66,8 +72,24 @@ spec:
                - --spider
                - http://localhost:8080/healthz
            timeoutSeconds: 5
          {{- if .Values.env }}
          env:
            {{- toYaml .Values.env | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          {{- with .Values.volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- if .Values.image.pullSecret }}
      imagePullSecrets:
        - name: {{ .Values.image.pullSecret }}
      {{- end }}
      {{ with .Values.volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@@ -80,3 +102,7 @@ spec:
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- if .Values.podSecurityContext.enabled }}
      securityContext:
        {{- toYaml .Values.podSecurityContext.context | nindent 12 }}
    {{- end }}
--- a/charts/loadtester/templates/istio-gw.yaml
+++ b/charts/loadtester/templates/istio-gw.yaml
@@ -1,5 +1,5 @@
 {{- if and (.Values.istio.enabled) (.Values.istio.gateway.enabled) }}
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: Gateway
 metadata:
  name: {{ include "loadtester.fullname" . }}
--- a/charts/loadtester/templates/istio-vs.yaml
+++ b/charts/loadtester/templates/istio-vs.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.istio.enabled }}
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
  name: {{ include "loadtester.fullname" . }}
--- a/charts/loadtester/templates/pdb.yaml
+++ b/charts/loadtester/templates/pdb.yaml
@@ -0,0 +1,15 @@
 {{- if .Values.podDisruptionBudget.enabled }}
 {{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}}
 apiVersion: policy/v1
 {{- else }}
 apiVersion: policy/v1beta1
 {{- end }}
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "loadtester.fullname" . }}
 spec:
  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "loadtester.name" . }}
 {{- end }}
--- a/charts/loadtester/templates/rbac.yaml
+++ b/charts/loadtester/templates/rbac.yaml
@@ -51,4 +51,7 @@ metadata:
    app.kubernetes.io/name: {{ template "loadtester.name" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
  {{- if .Values.rbac.serviceAccountAnnotations }}
  annotations: {{ tpl (toYaml .Values.rbac.serviceAccountAnnotations) . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/loadtester/values.yaml
+++ b/charts/loadtester/values.yaml
@@ -1,9 +1,12 @@
 replicaCount: 1
 image:
-  repository: weaveworks/flagger-loadtester
+  repository: ghcr.io/fluxcd/flagger-loadtester
-  tag: 0.18.0
+  tag: 0.36.0
  pullPolicy: IfNotPresent
  pullSecret:
 podLabels: {}
 podAnnotations:
  prometheus.io/scrape: "true"
@@ -14,10 +17,13 @@ podPriorityClassName: ""
 logLevel: info
 cmd:
  timeout: 1h
  namespaceRegexp: ""
 nameOverride: ""
 fullnameOverride: ""
 env: []
 service:
  type: ClusterIP
  port: 80
@@ -27,6 +33,9 @@ resources:
    cpu: 10m
    memory: 64Mi
 volumes: []
 volumeMounts: []
 nodeSelector: {}
 tolerations: []
@@ -45,6 +54,8 @@ rbac:
  #   resources: ["pods"]
  #   verbs: ["list", "get"]
  rules: []
  # annotations to add to the service account
  serviceAccountAnnotations: {}
 # name of an existing service account to use - if not creating rbac resources
 serviceAccountName: ""
@@ -79,3 +90,13 @@ securityContext:
    readOnlyRootFilesystem: true
    runAsUser: 100
    runAsGroup: 101
 podSecurityContext:
  enabled: false
  context:
    fsGroup: 101
    fsGroupChangePolicy: "OnRootMismatch"
 podDisruptionBudget:
  enabled: false
  minAvailable: 1
--- a/charts/podinfo/Chart.yaml
+++ b/charts/podinfo/Chart.yaml
@@ -1,11 +1,11 @@
 apiVersion: v1
-version: 5.0.0
+version: 6.1.4
-appVersion: 5.0.0
+appVersion: 6.1.3
 name: podinfo
 engine: gotpl
 description: Flagger canary deployment demo application
 home: https://docs.flagger.app
-icon: https://raw.githubusercontent.com/weaveworks/flagger/master/docs/logo/weaveworks.png
+icon: https://raw.githubusercontent.com/fluxcd/flagger/main/docs/logo/flagger-icon.png
 sources:
  - https://github.com/stefanprodan/podinfo
 maintainers:
--- a/charts/podinfo/README.md
+++ b/charts/podinfo/README.md
@@ -20,7 +20,7 @@ helm upgrade -i frontend flagger/podinfo \
 --set backend=http://backend.test:9898/echo \
 --set canary.enabled=true \
 --set canary.istioIngress.enabled=true \
--set canary.istioIngress.gateway=public-gateway.istio-system.svc.cluster.local \
+--set canary.istioIngress.gateway=istio-system/public-gateway \
 --set canary.istioIngress.host=frontend.istio.example.com
 ```
--- a/charts/podinfo/templates/canary.yaml
+++ b/charts/podinfo/templates/canary.yaml
@@ -14,7 +14,7 @@ spec:
    kind: Deployment
    name:  {{ template "podinfo.fullname" . }}
  autoscalerRef:
-    apiVersion: autoscaling/v2beta1
+    apiVersion: autoscaling/v2
    kind: HorizontalPodAutoscaler
    name:  {{ template "podinfo.fullname" . }}
  service:
--- a/charts/podinfo/templates/hpa.yaml
+++ b/charts/podinfo/templates/hpa.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.hpa.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "podinfo.fullname" . }}
@@ -20,12 +20,16 @@ spec:
  - type: Resource
    resource:
      name: cpu
-      targetAverageUtilization: {{ .Values.hpa.cpu }}
+      target:
        type: Utilization
        averageUtilization: {{ .Values.hpa.cpu }}
  {{- end }}
  {{- if .Values.hpa.memory }}
  - type: Resource
    resource:
      name: memory
-      targetAverageValue: {{ .Values.hpa.memory }}
+      target:
        type: AverageValue 
        averageValue: {{ .Values.hpa.memory }}
  {{- end }}
 {{- end }}
--- a/charts/podinfo/templates/service.yaml
+++ b/charts/podinfo/templates/service.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.canary.enabled }}
+{{- if and .Values.service.enabled (not .Values.canary.enabled) }}
 apiVersion: v1
 kind: Service
 metadata:
--- a/charts/podinfo/templates/tests/jwt.yaml
+++ b/charts/podinfo/templates/tests/jwt.yaml
@@ -12,6 +12,7 @@ metadata:
    sidecar.istio.io/inject: "false"
    linkerd.io/inject: disabled
    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
    openservicemesh.io/sidecar-injection: disabled
 spec:
  containers:
    - name: tools
--- a/charts/podinfo/values.yaml
+++ b/charts/podinfo/values.yaml
@@ -1,7 +1,7 @@
 # Default values for podinfo.
 image:
  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.0.0
+  tag: 6.1.3
  pullPolicy: IfNotPresent
 podAnnotations: {}
@@ -25,7 +25,7 @@ canary:
  istioIngress:
    enabled: false
    # Istio ingress gateway name
-    gateway: public-gateway.istio-system.svc.cluster.local
+    gateway: istio-system/public-gateway
    # external host name eg. podinfo.example.com
    host:
  analysis:
--- a/cmd/flagger/main.go
+++ b/cmd/flagger/main.go
@@ -1,3 +1,19 @@
 /*
 Copyright 2020 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
@@ -9,7 +25,8 @@ import (
 	"strings"
 	"time"
-	semver "github.com/Masterminds/semver/v3"
+	"github.com/Masterminds/semver/v3"
 	"github.com/go-logr/zapr"
 	"go.uber.org/zap"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
@@ -21,18 +38,21 @@ import (
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	"k8s.io/client-go/transport"
 	_ "k8s.io/code-generator/cmd/client-gen/generators"
 	"k8s.io/klog/v2"
-	"github.com/weaveworks/flagger/pkg/canary"
+	"github.com/fluxcd/flagger/pkg/canary"
-	clientset "github.com/weaveworks/flagger/pkg/client/clientset/versioned"
+	clientset "github.com/fluxcd/flagger/pkg/client/clientset/versioned"
-	informers "github.com/weaveworks/flagger/pkg/client/informers/externalversions"
+	informers "github.com/fluxcd/flagger/pkg/client/informers/externalversions"
-	"github.com/weaveworks/flagger/pkg/controller"
+	"github.com/fluxcd/flagger/pkg/controller"
-	"github.com/weaveworks/flagger/pkg/logger"
+	"github.com/fluxcd/flagger/pkg/logger"
-	"github.com/weaveworks/flagger/pkg/metrics/observers"
+	"github.com/fluxcd/flagger/pkg/metrics/observers"
-	"github.com/weaveworks/flagger/pkg/notifier"
+	"github.com/fluxcd/flagger/pkg/notifier"
-	"github.com/weaveworks/flagger/pkg/router"
+	"github.com/fluxcd/flagger/pkg/router"
-	"github.com/weaveworks/flagger/pkg/server"
+	"github.com/fluxcd/flagger/pkg/server"
-	"github.com/weaveworks/flagger/pkg/signals"
+	"github.com/fluxcd/flagger/pkg/signals"
-	"github.com/weaveworks/flagger/pkg/version"
+	"github.com/fluxcd/flagger/pkg/version"
 	knative "knative.dev/serving/pkg/client/clientset/versioned"
 )
 var (
@@ -45,8 +65,11 @@ var (
 	logLevel                 string
 	port                     string
 	msteamsURL               string
 	msteamsProxyURL          string
 	includeLabelPrefix       string
 	slackURL                 string
 	slackToken               string
 	slackProxyURL            string
 	slackUser                string
 	slackChannel             string
 	eventWebhook             string
@@ -63,6 +86,8 @@ var (
 	enableConfigTracking     bool
 	ver                      bool
 	kubeconfigServiceMesh    string
 	clusterName              string
 	noCrossNamespaceRefs     bool
 )
 func init() {
@@ -75,16 +100,19 @@ func init() {
 	flag.StringVar(&logLevel, "log-level", "debug", "Log level can be: debug, info, warning, error.")
 	flag.StringVar(&port, "port", "8080", "Port to listen on.")
 	flag.StringVar(&slackURL, "slack-url", "", "Slack hook URL.")
 	flag.StringVar(&slackToken, "slack-token", "", "Slack bot token.")
 	flag.StringVar(&slackProxyURL, "slack-proxy-url", "", "Slack proxy URL.")
 	flag.StringVar(&slackUser, "slack-user", "flagger", "Slack user name.")
 	flag.StringVar(&slackChannel, "slack-channel", "", "Slack channel.")
 	flag.StringVar(&eventWebhook, "event-webhook", "", "Webhook for publishing flagger events")
 	flag.StringVar(&msteamsURL, "msteams-url", "", "MS Teams incoming webhook URL.")
 	flag.StringVar(&msteamsProxyURL, "msteams-proxy-url", "", "MS Teams proxy URL.")
 	flag.StringVar(&includeLabelPrefix, "include-label-prefix", "", "List of prefixes of labels that are copied when creating primary deployments or daemonsets. Use * to include all.")
 	flag.IntVar(&threadiness, "threadiness", 2, "Worker concurrency.")
 	flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
 	flag.StringVar(&zapEncoding, "zap-encoding", "json", "Zap logger encoding.")
 	flag.StringVar(&namespace, "namespace", "", "Namespace that flagger would watch canary object.")
-	flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, gloo, nginx or skipper.")
+	flag.StringVar(&meshProvider, "mesh-provider", "istio", "Service mesh provider, can be istio, linkerd, appmesh, contour, knative, gloo, nginx, skipper, traefik, apisix, osm or kuma.")
 	flag.StringVar(&selectorLabels, "selector-labels", "app,name,app.kubernetes.io/name", "List of pod labels that Flagger uses to create pod selectors.")
 	flag.StringVar(&ingressAnnotationsPrefix, "ingress-annotations-prefix", "nginx.ingress.kubernetes.io", "Annotations prefix for NGINX ingresses.")
 	flag.StringVar(&ingressClass, "ingress-class", "", "Ingress class used for annotating HTTPProxy objects.")
@@ -93,9 +121,12 @@ func init() {
 	flag.BoolVar(&enableConfigTracking, "enable-config-tracking", true, "Enable secrets and configmaps tracking.")
 	flag.BoolVar(&ver, "version", false, "Print version")
 	flag.StringVar(&kubeconfigServiceMesh, "kubeconfig-service-mesh", "", "Path to a kubeconfig for the service mesh control plane cluster.")
 	flag.StringVar(&clusterName, "cluster-name", "", "Cluster name to be included in alert msgs.")
 	flag.BoolVar(&noCrossNamespaceRefs, "no-cross-namespace-refs", false, "When set to true, Flagger can only refer to resources in the same namespace.")
 }
 func main() {
 	klog.InitFlags(nil)
 	flag.Parse()
 	if ver {
@@ -111,6 +142,8 @@ func main() {
 		zap.ReplaceGlobals(logger.Desugar())
 	}
 	klog.SetLogger(zapr.NewLogger(logger.Desugar()))
 	defer logger.Sync()
 	stopCh := signals.SetupSignalHandler()
@@ -135,19 +168,24 @@ func main() {
 		logger.Fatalf("Error building flagger clientset: %s", err.Error())
 	}
 	knativeClient, err := knative.NewForConfig(cfg)
 	if err != nil {
 		logger.Fatalf("Error building knative clientset: %s", err.Error())
 	}
 	// use a remote cluster for routing if a service mesh kubeconfig is specified
 	if kubeconfigServiceMesh == "" {
 		kubeconfigServiceMesh = kubeconfig
 	}
-	cfgHost, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh)
+	serviceMeshCfg, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfigServiceMesh)
 	if err != nil {
 		logger.Fatalf("Error building host kubeconfig: %v", err)
 	}
-	cfgHost.QPS = float32(kubeconfigQPS)
+	serviceMeshCfg.QPS = float32(kubeconfigQPS)
-	cfgHost.Burst = kubeconfigBurst
+	serviceMeshCfg.Burst = kubeconfigBurst
-	meshClient, err := clientset.NewForConfig(cfgHost)
+	meshClient, err := clientset.NewForConfig(serviceMeshCfg)
 	if err != nil {
 		logger.Fatalf("Error building mesh clientset: %v", err)
 	}
@@ -183,7 +221,14 @@ func main() {
 	// start HTTP server
 	go server.ListenAndServe(port, 3*time.Second, logger, stopCh)
-	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient)
+	setOwnerRefs := true
 	// Router shouldn't set OwnerRefs on resources that they create since the
 	// service mesh/ingress controller is in a different cluster.
 	if cfg.Host != serviceMeshCfg.Host {
 		setOwnerRefs = false
 	}
 	routerFactory := router.NewFactory(cfg, kubeClient, flaggerClient, knativeClient, ingressAnnotationsPrefix, ingressClass, logger, meshClient, setOwnerRefs)
 	var configTracker canary.Tracker
 	if enableConfigTracking {
@@ -198,10 +243,11 @@ func main() {
 	includeLabelPrefixArray := strings.Split(includeLabelPrefix, ",")
-	canaryFactory := canary.NewFactory(kubeClient, flaggerClient, configTracker, labels, includeLabelPrefixArray, logger)
+	canaryFactory := canary.NewFactory(kubeClient, flaggerClient, knativeClient, configTracker, labels, includeLabelPrefixArray, logger)
 	c := controller.NewController(
 		kubeClient,
 		knativeClient,
 		flaggerClient,
 		infos,
 		controlLoopInterval,
@@ -213,6 +259,9 @@ func main() {
 		meshProvider,
 		version.VERSION,
 		fromEnv("EVENT_WEBHOOK_URL", eventWebhook),
 		clusterName,
 		noCrossNamespaceRefs,
 		cfg,
 	)
 	// leader election context
@@ -287,7 +336,7 @@ func startLeaderElection(ctx context.Context, run func(), ns string, kubeClient
 	id = id + "_" + string(uuid.NewUUID())
 	lock, err := resourcelock.New(
-		resourcelock.ConfigMapsResourceLock,
+		resourcelock.LeasesResourceLock,
 		ns,
 		configMapName,
 		kubeClient.CoreV1(),
@@ -327,12 +376,15 @@ func startLeaderElection(ctx context.Context, run func(), ns string, kubeClient
 func initNotifier(logger *zap.SugaredLogger) (client notifier.Interface) {
 	provider := "slack"
 	token := fromEnv("SLACK_TOKEN", slackToken)
 	notifierURL := fromEnv("SLACK_URL", slackURL)
 	notifierProxyURL := fromEnv("SLACK_PROXY_URL", slackProxyURL)
 	if msteamsURL != "" || os.Getenv("MSTEAMS_URL") != "" {
 		provider = "msteams"
 		notifierURL = fromEnv("MSTEAMS_URL", msteamsURL)
 		notifierProxyURL = fromEnv("MSTEAMS_PROXY_URL", msteamsProxyURL)
 	}
-	notifierFactory := notifier.NewFactory(notifierURL, slackUser, slackChannel)
+	notifierFactory := notifier.NewFactory(notifierURL, token, notifierProxyURL, slackUser, slackChannel)
 	var err error
 	client, err = notifierFactory.Notifier(provider)
--- a/cmd/loadtester/main.go
+++ b/cmd/loadtester/main.go
@@ -1,21 +1,40 @@
 /*
 Copyright 2020, 2022 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"flag"
 	"log"
 	"regexp"
 	"time"
 	"github.com/weaveworks/flagger/pkg/loadtester"
 	"github.com/weaveworks/flagger/pkg/logger"
 	"github.com/weaveworks/flagger/pkg/signals"
 	"go.uber.org/zap"
 	"github.com/fluxcd/flagger/pkg/loadtester"
 	"github.com/fluxcd/flagger/pkg/logger"
 	"github.com/fluxcd/flagger/pkg/signals"
 )
-var VERSION = "0.18.0"
+var VERSION = "0.36.0"
 var (
 	logLevel          string
 	port              string
 	timeout           time.Duration
 	namespaceRegexp   string
 	zapReplaceGlobals bool
 	zapEncoding       string
 )
@@ -24,6 +43,7 @@ func init() {
 	flag.StringVar(&logLevel, "log-level", "debug", "Log level can be: debug, info, warning, error.")
 	flag.StringVar(&port, "port", "9090", "Port to listen on.")
 	flag.DurationVar(&timeout, "timeout", time.Hour, "Load test exec timeout.")
 	flag.StringVar(&namespaceRegexp, "namespace-regexp", "", "Restrict access to canaries in matching namespaces.")
 	flag.BoolVar(&zapReplaceGlobals, "zap-replace-globals", false, "Whether to change the logging level of the global zap logger.")
 	flag.StringVar(&zapEncoding, "zap-encoding", "json", "Zap logger encoding.")
 }
@@ -50,5 +70,12 @@ func main() {
 	logger.Infof("Starting load tester v%s API on port %s", VERSION, port)
 	gateStorage := loadtester.NewGateStorage("in-memory")
-	loadtester.ListenAndServe(port, time.Minute, logger, taskRunner, gateStorage, stopCh)
+
 	var namespaceRegexpCompiled *regexp.Regexp
 	if namespaceRegexp != "" {
 		namespaceRegexpCompiled = regexp.MustCompile(namespaceRegexp)
 	}
 	authorizer := loadtester.NewAuthorizer(namespaceRegexpCompiled)
 	loadtester.ListenAndServe(port, time.Minute, logger, taskRunner, gateStorage, authorizer, stopCh)
 }
--- a/code-of-conduct.md
+++ b/code-of-conduct.md
@@ -1,73 +0,0 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, gender identity and expression, level of experience,
 education, socio-economic status, nationality, personal appearance, race,
 religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment
 include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or
  advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic
  address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
  professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior
 may be reported by contacting stefan.prodan(at)gmail.com. 
 All complaints will be reviewed and investigated and will result in a response that is deemed
 necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of
 an incident. Further details of specific enforcement policies may be
 posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
--- a/docs/diagrams/flagger-abtest-steps.png
+++ b/docs/diagrams/flagger-abtest-steps.png
--- a/docs/diagrams/flagger-apisix-overview.png
+++ b/docs/diagrams/flagger-apisix-overview.png
--- a/docs/diagrams/flagger-bluegreen-steps.png
+++ b/docs/diagrams/flagger-bluegreen-steps.png
--- a/docs/diagrams/flagger-canary-hpa.png
+++ b/docs/diagrams/flagger-canary-hpa.png
--- a/docs/diagrams/flagger-canary-overview.png
+++ b/docs/diagrams/flagger-canary-overview.png
--- a/docs/diagrams/flagger-canary-steps.png
+++ b/docs/diagrams/flagger-canary-steps.png
--- a/docs/diagrams/flagger-canary-traffic-mirroring.png
+++ b/docs/diagrams/flagger-canary-traffic-mirroring.png
--- a/docs/diagrams/flagger-contour-overview.png
+++ b/docs/diagrams/flagger-contour-overview.png
--- a/docs/diagrams/flagger-flux-gitops.png
+++ b/docs/diagrams/flagger-flux-gitops.png
--- a/docs/diagrams/flagger-gatewayapi-canary.png
+++ b/docs/diagrams/flagger-gatewayapi-canary.png
--- a/docs/diagrams/flagger-gitops-aws.png
+++ b/docs/diagrams/flagger-gitops-aws.png
--- a/docs/diagrams/flagger-gitops-contour.png
+++ b/docs/diagrams/flagger-gitops-contour.png
--- a/docs/diagrams/flagger-gitops-istio.png
+++ b/docs/diagrams/flagger-gitops-istio.png
--- a/docs/diagrams/flagger-gloo-overview.png
+++ b/docs/diagrams/flagger-gloo-overview.png
--- a/docs/diagrams/flagger-kuma-canary.png
+++ b/docs/diagrams/flagger-kuma-canary.png
--- a/docs/diagrams/flagger-linkerd-traffic-split.png
+++ b/docs/diagrams/flagger-linkerd-traffic-split.png
--- a/docs/diagrams/flagger-load-testing.png
+++ b/docs/diagrams/flagger-load-testing.png
--- a/docs/diagrams/flagger-nginx-linkerd.png
+++ b/docs/diagrams/flagger-nginx-linkerd.png
--- a/docs/diagrams/flagger-nginx-overview.png
+++ b/docs/diagrams/flagger-nginx-overview.png
--- a/docs/diagrams/flagger-osm-traffic-split.png
+++ b/docs/diagrams/flagger-osm-traffic-split.png
--- a/docs/diagrams/flagger-overview.png
+++ b/docs/diagrams/flagger-overview.png
--- a/docs/diagrams/flagger-skipper-overview.png
+++ b/docs/diagrams/flagger-skipper-overview.png
--- a/docs/diagrams/flagger-traefik-overview.png
+++ b/docs/diagrams/flagger-traefik-overview.png
--- a/docs/gitbook/README.md
+++ b/docs/gitbook/README.md
@@ -4,35 +4,38 @@ description: Flagger is a progressive delivery Kubernetes operator
 # Introduction
-[Flagger](https://github.com/weaveworks/flagger) is a **Kubernetes** operator that automates the promotion of
+[Flagger](https://github.com/fluxcd/flagger) is a progressive delivery tool that automates the release
-canary deployments using **Istio**, **Linkerd**, **App Mesh**, **NGINX**, **Skipper**, **Contour** or **Gloo** routing for
+process for applications running on Kubernetes. It reduces the risk of introducing a new software
-traffic shifting and **Prometheus** metrics for canary analysis. The canary analysis can be extended with webhooks for
+version in production by gradually shifting traffic to the new version while measuring metrics
-running system integration/acceptance tests, load tests, or any other custom validation.
+and running conformance tests.
-Flagger implements a control loop that gradually shifts traffic to the canary while measuring key performance indicators
+Flagger implements several deployment strategies (Canary releases, A/B testing, Blue/Green mirroring)
-like HTTP requests success rate, requests average duration and pods health.
+using a service mesh or an ingress controller for traffic routing.
-Based on analysis of the **KPIs** a canary is promoted or aborted, and the analysis result is published to **Slack** or **MS Teams**.
+For release analysis, Flagger can query Prometheus, InfluxDB, Datadog, New Relic, CloudWatch, Stackdriver
 or Graphite and for alerting it uses Slack, MS Teams, Discord and Rocket.
-![Flagger overview diagram](https://raw.githubusercontent.com/weaveworks/flagger/master/docs/diagrams/flagger-canary-overview.png)
+![Flagger overview diagram](https://raw.githubusercontent.com/fluxcd/flagger/main/docs/diagrams/flagger-overview.png)
-Flagger can be configured with Kubernetes custom resources and is compatible with any CI/CD solutions made for Kubernetes.
+Flagger can be configured with Kubernetes custom resources and is compatible with
-Since Flagger is declarative and reacts to Kubernetes events,
+any CI/CD solutions made for Kubernetes. Since Flagger is declarative and reacts to Kubernetes events,
-it can be used in **GitOps** pipelines together with Flux CD or JenkinsX.
+it can be used in **GitOps** pipelines together with tools like [Flux CD](install/flagger-install-with-flux.md).
-This project is sponsored by [Weaveworks](https://www.weave.works/)
+Flagger is a [Cloud Native Computing Foundation](https://cncf.io/) graduated project
 and part of [Flux](https://fluxcd.io) family of GitOps tools.
 ## Getting started
-To get started with Flagger, chose one of the supported routing providers
+To get started with Flagger, choose one of the supported routing providers and
-and [install](install/flagger-install-on-kubernetes.md) Flagger with Helm or Kustomize.
+[install](install/flagger-install-with-flux.md) Flagger with Flux CD.
-After install Flagger, you can follow one of the tutorials:
+After installing Flagger, you can follow one of these tutorials to get started:
 **Service mesh tutorials**
 * [Gateway API](tutorials/gatewayapi-progressive-delivery.md)
 * [Istio](tutorials/istio-progressive-delivery.md)
 * [Linkerd](tutorials/linkerd-progressive-delivery.md)
-* [AWS App Mesh](tutorials/appmesh-progressive-delivery.md)
+* [Kuma](tutorials/kuma-progressive-delivery.md)
 **Ingress controller tutorials**
@@ -40,9 +43,8 @@ After install Flagger, you can follow one of the tutorials:
 * [Gloo](tutorials/gloo-progressive-delivery.md)
 * [NGINX Ingress](tutorials/nginx-progressive-delivery.md)
 * [Skipper Ingress](tutorials/skipper-progressive-delivery.md)
 * [Traefik](tutorials/traefik-progressive-delivery.md)
 * [Apache APISIX](tutorials/apisix-progressive-delivery.md)
-**Hands-on GitOps workshops**
+The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, 
-
+please see our [Trademark Usage page](https://www.linuxfoundation.org/legal/trademark-usage).
 * [Istio](https://github.com/stefanprodan/gitops-istio)
 * [Linkerd](https://helm.workshop.flagger.dev)
 * [AWS App Mesh](https://eks.handson.flagger.dev)
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,3 @@`
							`## Code of Conduct`

							`Flagger follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).`