Remove deprecated status fields from OCIRepository v1

stefanprodan · stefanprodan · commit 30d6085b0f7f · 2025-05-08T11:54:42.000+03:00
Signed-off-by: Stefan Prodan &lt;stefan.prodan@gmail.com&gt;
diff --git a/api/v1/ocirepository_types.go b/api/v1/ocirepository_types.go
@@ -108,9 +108,6 @@ type OCIRepositorySpec struct {
 	// authenticating with a certificate; the CA cert is useful if
 	// you are using a self-signed server certificate. The Secret must
 	// be of type `Opaque` or `kubernetes.io/tls`.
-	//
-	// Note: Support for the `caFile`, `certFile` and `keyFile` keys have
-	// been deprecated.
 	// +optional
 	CertSecretRef *meta.LocalObjectReference `json:"certSecretRef,omitempty"`
 
@@ -205,20 +202,6 @@ type OCIRepositoryStatus struct {
 	// +optional
 	Artifact *Artifact `json:"artifact,omitempty"`
 
-	// ContentConfigChecksum is a checksum of all the configurations related to
-	// the content of the source artifact:
-	//  - .spec.ignore
-	//  - .spec.layerSelector
-	// observed in .status.observedGeneration version of the object. This can
-	// be used to determine if the content configuration has changed and the
-	// artifact needs to be rebuilt.
-	// It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
-	//
-	// Deprecated: Replaced with explicit fields for observed artifact content
-	// config in the status.
-	// +optional
-	ContentConfigChecksum string `json:"contentConfigChecksum,omitempty"`
-
 	// ObservedIgnore is the observed exclusion patterns used for constructing
 	// the source artifact.
 	// +optional
diff --git a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml
@@ -68,9 +68,6 @@ spec:
                   authenticating with a certificate; the CA cert is useful if
                   you are using a self-signed server certificate. The Secret must
                   be of type `Opaque` or `kubernetes.io/tls`.
-
-                  Note: Support for the `caFile`, `certFile` and `keyFile` keys have
-                  been deprecated.
                 properties:
                   name:
                     description: Name of the referent.
@@ -364,20 +361,6 @@ spec:
                   - type
                   type: object
                 type: array
-              contentConfigChecksum:
-                description: |-
-                  ContentConfigChecksum is a checksum of all the configurations related to
-                  the content of the source artifact:
-                   - .spec.ignore
-                   - .spec.layerSelector
-                  observed in .status.observedGeneration version of the object. This can
-                  be used to determine if the content configuration has changed and the
-                  artifact needs to be rebuilt.
-                  It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
-
-                  Deprecated: Replaced with explicit fields for observed artifact content
-                  config in the status.
-                type: string
               lastHandledReconcileAt:
                 description: |-
                   LastHandledReconcileAt holds the value of the most recent
diff --git a/docs/api/v1/source.md b/docs/api/v1/source.md
@@ -1196,8 +1196,6 @@ registry. The client cert and key are useful if you are
 authenticating with a certificate; the CA cert is useful if
 you are using a self-signed server certificate. The Secret must
 be of type <code>Opaque</code> or <code>kubernetes.io/tls</code>.</p>
-<p>Note: Support for the <code>caFile</code>, <code>certFile</code> and <code>keyFile</code> keys have
-been deprecated.</p>
 </td>
 </tr>
 <tr>
@@ -3296,8 +3294,6 @@ registry. The client cert and key are useful if you are
 authenticating with a certificate; the CA cert is useful if
 you are using a self-signed server certificate. The Secret must
 be of type <code>Opaque</code> or <code>kubernetes.io/tls</code>.</p>
-<p>Note: Support for the <code>caFile</code>, <code>certFile</code> and <code>keyFile</code> keys have
-been deprecated.</p>
 </td>
 </tr>
 <tr>
@@ -3457,27 +3453,6 @@ Artifact
 </tr>
 <tr>
 <td>
-<code>contentConfigChecksum</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>ContentConfigChecksum is a checksum of all the configurations related to
-the content of the source artifact:
-- .spec.ignore
-- .spec.layerSelector
-observed in .status.observedGeneration version of the object. This can
-be used to determine if the content configuration has changed and the
-artifact needs to be rebuilt.
-It has the format of <code>&lt;algo&gt;:&lt;checksum&gt;</code>, for example: <code>sha256:&lt;checksum&gt;</code>.</p>
-<p>Deprecated: Replaced with explicit fields for observed artifact content
-config in the status.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>observedIgnore</code><br>
 <em>
 string
diff --git a/docs/spec/v1/ocirepositories.md b/docs/spec/v1/ocirepositories.md
@@ -326,10 +326,6 @@ data:
   ca.crt: <BASE64>
 ```
 
-**Warning:** Support for the `caFile`, `certFile` and `keyFile` keys have been
-deprecated. If you have any Secrets using these keys and specified in an
-OCIRepository, the controller will log a deprecation warning.
-
 ### Proxy secret reference
 
 `.spec.proxySecretRef.name` is an optional field used to specify the name of a
@@ -1073,19 +1069,6 @@ configuration issue in the OCIRepository spec. When a reconciliation fails, the
 reconciliation is performed again after the failure, the reason is updated to
 `Progressing`.
 
-### Content Configuration Checksum
-
-The source-controller calculates the SHA256 checksum of the various
-configurations of the OCIRepository that indicate a change in source and
-records it in `.status.contentConfigChecksum`. This field is used to determine
-if the source artifact needs to be rebuilt.
-
-**Deprecation Note:** `contentConfigChecksum` is no longer used and will be
-removed in the next API version. The individual components used for generating
-content configuration checksum now have explicit fields in the status. This
-makes the observations used by the controller for making artifact rebuild
-decisions more transparent and easier to debug.
-
 ### Observed Ignore
 
 The source-controller reports an observed ignore in the OCIRepository's
diff --git a/internal/controller/ocirepository_controller.go b/internal/controller/ocirepository_controller.go
@@ -1218,7 +1218,6 @@ func (r *OCIRepositoryReconciler) reconcileArtifact(ctx context.Context, sp *pat
 	// Record the observations on the object.
 	obj.Status.Artifact = artifact.DeepCopy()
 	obj.Status.Artifact.Metadata = metadata.Metadata
-	obj.Status.ContentConfigChecksum = "" // To be removed in the next API version.
 	obj.Status.ObservedIgnore = obj.Spec.Ignore
 	obj.Status.ObservedLayerSelector = obj.Spec.LayerSelector
 
