8030 lines
371 KiB
YAML
8030 lines
371 KiB
YAML
---
|
|
# This manifest was generated by flux. DO NOT EDIT.
|
|
# Flux Version: v2.1.2
|
|
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
pod-security.kubernetes.io/warn: restricted
|
|
pod-security.kubernetes.io/warn-version: latest
|
|
name: flux-system
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: allow-egress
|
|
namespace: flux-system
|
|
spec:
|
|
egress:
|
|
- {}
|
|
ingress:
|
|
- from:
|
|
- podSelector: {}
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: allow-scraping
|
|
namespace: flux-system
|
|
spec:
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector: {}
|
|
ports:
|
|
- port: 8080
|
|
protocol: TCP
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: allow-webhooks
|
|
namespace: flux-system
|
|
spec:
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector: {}
|
|
podSelector:
|
|
matchLabels:
|
|
app: notification-controller
|
|
policyTypes:
|
|
- Ingress
|
|
---
|
|
apiVersion: v1
|
|
kind: ResourceQuota
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: critical-pods-flux-system
|
|
namespace: flux-system
|
|
spec:
|
|
hard:
|
|
pods: "1000"
|
|
scopeSelector:
|
|
matchExpressions:
|
|
- operator: In
|
|
scopeName: PriorityClass
|
|
values:
|
|
- system-node-critical
|
|
- system-cluster-critical
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: crd-controller-flux-system
|
|
rules:
|
|
- apiGroups:
|
|
- source.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- kustomize.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- helm.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- notification.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- image.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
- secrets
|
|
- configmaps
|
|
- serviceaccounts
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps/status
|
|
verbs:
|
|
- get
|
|
- update
|
|
- patch
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
|
name: flux-edit-flux-system
|
|
rules:
|
|
- apiGroups:
|
|
- notification.toolkit.fluxcd.io
|
|
- source.toolkit.fluxcd.io
|
|
- helm.toolkit.fluxcd.io
|
|
- image.toolkit.fluxcd.io
|
|
- kustomize.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- deletecollection
|
|
- patch
|
|
- update
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
|
name: flux-view-flux-system
|
|
rules:
|
|
- apiGroups:
|
|
- notification.toolkit.fluxcd.io
|
|
- source.toolkit.fluxcd.io
|
|
- helm.toolkit.fluxcd.io
|
|
- image.toolkit.fluxcd.io
|
|
- kustomize.toolkit.fluxcd.io
|
|
resources:
|
|
- '*'
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: cluster-reconciler-flux-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kustomize-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: helm-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: crd-controller-flux-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: crd-controller-flux-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kustomize-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: helm-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: source-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: notification-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: image-reflector-controller
|
|
namespace: flux-system
|
|
- kind: ServiceAccount
|
|
name: image-automation-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: buckets.source.toolkit.fluxcd.io
|
|
spec:
|
|
group: source.toolkit.fluxcd.io
|
|
names:
|
|
kind: Bucket
|
|
listKind: BucketList
|
|
plural: buckets
|
|
singular: bucket
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.endpoint
|
|
name: Endpoint
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Bucket is the Schema for the buckets API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: BucketSpec defines the desired state of an S3 compatible
|
|
bucket
|
|
properties:
|
|
accessFrom:
|
|
description: AccessFrom defines an Access Control List for allowing
|
|
cross-namespace references to this object.
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
bucketName:
|
|
description: The bucket name.
|
|
type: string
|
|
endpoint:
|
|
description: The bucket endpoint address.
|
|
type: string
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
insecure:
|
|
description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
|
|
type: boolean
|
|
interval:
|
|
description: The interval at which to check for bucket updates.
|
|
type: string
|
|
provider:
|
|
default: generic
|
|
description: The S3 compatible storage provider name, default ('generic').
|
|
enum:
|
|
- generic
|
|
- aws
|
|
- gcp
|
|
type: string
|
|
region:
|
|
description: The bucket region.
|
|
type: string
|
|
secretRef:
|
|
description: The name of the secret containing authentication credentials
|
|
for the Bucket.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: The timeout for download operations, defaults to 60s.
|
|
type: string
|
|
required:
|
|
- bucketName
|
|
- endpoint
|
|
- interval
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: BucketStatus defines the observed state of a bucket
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
Bucket sync.
|
|
properties:
|
|
checksum:
|
|
description: Checksum is the SHA256 checksum of the artifact.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of this artifact.
|
|
format: date-time
|
|
type: string
|
|
path:
|
|
description: Path is the relative file path of this artifact.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm index timestamp, a Helm chart version, etc.
|
|
type: string
|
|
url:
|
|
description: URL is the HTTP address of this artifact.
|
|
type: string
|
|
required:
|
|
- path
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the Bucket.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the download link for the artifact output of the
|
|
last Bucket sync.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.endpoint
|
|
name: Endpoint
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Bucket is the Schema for the buckets API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: BucketSpec specifies the required configuration to produce
|
|
an Artifact for an object storage bucket.
|
|
properties:
|
|
accessFrom:
|
|
description: 'AccessFrom specifies an Access Control List for allowing
|
|
cross-namespace references to this object. NOTE: Not implemented,
|
|
provisional as of https://github.com/fluxcd/flux2/pull/2092'
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
bucketName:
|
|
description: BucketName is the name of the object storage bucket.
|
|
type: string
|
|
endpoint:
|
|
description: Endpoint is the object storage address the BucketName
|
|
is located at.
|
|
type: string
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
insecure:
|
|
description: Insecure allows connecting to a non-TLS HTTP Endpoint.
|
|
type: boolean
|
|
interval:
|
|
description: Interval at which the Bucket Endpoint is checked for
|
|
updates. This interval is approximate and may be subject to jitter
|
|
to ensure efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
provider:
|
|
default: generic
|
|
description: Provider of the object storage bucket. Defaults to 'generic',
|
|
which expects an S3 (API) compatible object storage.
|
|
enum:
|
|
- generic
|
|
- aws
|
|
- gcp
|
|
- azure
|
|
type: string
|
|
region:
|
|
description: Region of the Endpoint where the BucketName is located
|
|
in.
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing authentication
|
|
credentials for the Bucket.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend the reconciliation
|
|
of this Bucket.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: Timeout for fetch operations, defaults to 60s.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
required:
|
|
- bucketName
|
|
- endpoint
|
|
- interval
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: BucketStatus records the observed state of a Bucket.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the last successful Bucket reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the Bucket.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the Bucket object.
|
|
format: int64
|
|
type: integer
|
|
observedIgnore:
|
|
description: ObservedIgnore is the observed exclusion patterns used
|
|
for constructing the source artifact.
|
|
type: string
|
|
url:
|
|
description: URL is the dynamic fetch link for the latest Artifact.
|
|
It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
|
|
data is recommended.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: gitrepositories.source.toolkit.fluxcd.io
|
|
spec:
|
|
group: source.toolkit.fluxcd.io
|
|
names:
|
|
kind: GitRepository
|
|
listKind: GitRepositoryList
|
|
plural: gitrepositories
|
|
shortNames:
|
|
- gitrepo
|
|
singular: gitrepository
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: GitRepository is the Schema for the gitrepositories API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: GitRepositorySpec specifies the required configuration to
|
|
produce an Artifact for a Git repository.
|
|
properties:
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
include:
|
|
description: Include specifies a list of GitRepository resources which
|
|
Artifacts should be included in the Artifact produced for this GitRepository.
|
|
items:
|
|
description: GitRepositoryInclude specifies a local reference to
|
|
a GitRepository which Artifact (sub-)contents must be included,
|
|
and where they should be placed.
|
|
properties:
|
|
fromPath:
|
|
description: FromPath specifies the path to copy contents from,
|
|
defaults to the root of the Artifact.
|
|
type: string
|
|
repository:
|
|
description: GitRepositoryRef specifies the GitRepository which
|
|
Artifact contents must be included.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
toPath:
|
|
description: ToPath specifies the path to copy contents to,
|
|
defaults to the name of the GitRepositoryRef.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: Interval at which the GitRepository URL is checked for
|
|
updates. This interval is approximate and may be subject to jitter
|
|
to ensure efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
proxySecretRef:
|
|
description: ProxySecretRef specifies the Secret containing the proxy
|
|
configuration to use while communicating with the Git server.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
recurseSubmodules:
|
|
description: RecurseSubmodules enables the initialization of all submodules
|
|
within the GitRepository as cloned from the URL, using their default
|
|
settings.
|
|
type: boolean
|
|
ref:
|
|
description: Reference specifies the Git reference to resolve and
|
|
monitor for changes, defaults to the 'master' branch.
|
|
properties:
|
|
branch:
|
|
description: Branch to check out, defaults to 'master' if no other
|
|
field is defined.
|
|
type: string
|
|
commit:
|
|
description: "Commit SHA to check out, takes precedence over all
|
|
reference fields. \n This can be combined with Branch to shallow
|
|
clone the branch, in which the commit is expected to exist."
|
|
type: string
|
|
name:
|
|
description: "Name of the reference to check out; takes precedence
|
|
over Branch, Tag and SemVer. \n It must be a valid Git reference:
|
|
https://git-scm.com/docs/git-check-ref-format#_description Examples:
|
|
\"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
|
|
\"refs/merge-requests/1/head\""
|
|
type: string
|
|
semver:
|
|
description: SemVer tag expression to check out, takes precedence
|
|
over Tag.
|
|
type: string
|
|
tag:
|
|
description: Tag to check out, takes precedence over Branch.
|
|
type: string
|
|
type: object
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing authentication
|
|
credentials for the GitRepository. For HTTPS repositories the Secret
|
|
must contain 'username' and 'password' fields for basic auth or
|
|
'bearerToken' field for token auth. For SSH repositories the Secret
|
|
must contain 'identity' and 'known_hosts' fields.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend the reconciliation
|
|
of this GitRepository.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: Timeout for Git operations like cloning, defaults to
|
|
60s.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
url:
|
|
description: URL specifies the Git repository URL, it can be an HTTP/S
|
|
or SSH address.
|
|
pattern: ^(http|https|ssh)://.*$
|
|
type: string
|
|
verify:
|
|
description: Verification specifies the configuration to verify the
|
|
Git commit signature(s).
|
|
properties:
|
|
mode:
|
|
default: HEAD
|
|
description: "Mode specifies which Git object(s) should be verified.
|
|
\n The variants \"head\" and \"HEAD\" both imply the same thing,
|
|
i.e. verify the commit that the HEAD of the Git repository points
|
|
to. The variant \"head\" solely exists to ensure backwards compatibility."
|
|
enum:
|
|
- head
|
|
- HEAD
|
|
- Tag
|
|
- TagAndHEAD
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing the public
|
|
keys of trusted Git authors.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: GitRepositoryStatus records the observed state of a Git repository.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the last successful GitRepository
|
|
reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the GitRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
includedArtifacts:
|
|
description: IncludedArtifacts contains a list of the last successfully
|
|
included Artifacts as instructed by GitRepositorySpec.Include.
|
|
items:
|
|
description: Artifact represents the output of a Source reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of
|
|
'<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI
|
|
annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact.
|
|
It can be used to locate the file in the root of the Artifact
|
|
storage on the local file system of the controller managing
|
|
the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the GitRepository object.
|
|
format: int64
|
|
type: integer
|
|
observedIgnore:
|
|
description: ObservedIgnore is the observed exclusion patterns used
|
|
for constructing the source artifact.
|
|
type: string
|
|
observedInclude:
|
|
description: ObservedInclude is the observed list of GitRepository
|
|
resources used to produce the current Artifact.
|
|
items:
|
|
description: GitRepositoryInclude specifies a local reference to
|
|
a GitRepository which Artifact (sub-)contents must be included,
|
|
and where they should be placed.
|
|
properties:
|
|
fromPath:
|
|
description: FromPath specifies the path to copy contents from,
|
|
defaults to the root of the Artifact.
|
|
type: string
|
|
repository:
|
|
description: GitRepositoryRef specifies the GitRepository which
|
|
Artifact contents must be included.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
toPath:
|
|
description: ToPath specifies the path to copy contents to,
|
|
defaults to the name of the GitRepositoryRef.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
type: array
|
|
observedRecurseSubmodules:
|
|
description: ObservedRecurseSubmodules is the observed resource submodules
|
|
configuration used to produce the current Artifact.
|
|
type: boolean
|
|
sourceVerificationMode:
|
|
description: SourceVerificationMode is the last used verification
|
|
mode indicating which Git object(s) have been verified.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
deprecated: true
|
|
deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: GitRepository is the Schema for the gitrepositories API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: GitRepositorySpec defines the desired state of a Git repository.
|
|
properties:
|
|
accessFrom:
|
|
description: AccessFrom defines an Access Control List for allowing
|
|
cross-namespace references to this object.
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
gitImplementation:
|
|
default: go-git
|
|
description: Determines which git client library to use. Defaults
|
|
to go-git, valid values are ('go-git', 'libgit2').
|
|
enum:
|
|
- go-git
|
|
- libgit2
|
|
type: string
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
include:
|
|
description: Extra git repositories to map into the repository
|
|
items:
|
|
description: GitRepositoryInclude defines a source with a from and
|
|
to path.
|
|
properties:
|
|
fromPath:
|
|
description: The path to copy contents from, defaults to the
|
|
root directory.
|
|
type: string
|
|
repository:
|
|
description: Reference to a GitRepository to include.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
toPath:
|
|
description: The path to copy contents to, defaults to the name
|
|
of the source ref.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: The interval at which to check for repository updates.
|
|
type: string
|
|
recurseSubmodules:
|
|
description: When enabled, after the clone is created, initializes
|
|
all submodules within, using their default settings. This option
|
|
is available only when using the 'go-git' GitImplementation.
|
|
type: boolean
|
|
ref:
|
|
description: The Git reference to checkout and monitor for changes,
|
|
defaults to master branch.
|
|
properties:
|
|
branch:
|
|
description: The Git branch to checkout, defaults to master.
|
|
type: string
|
|
commit:
|
|
description: The Git commit SHA to checkout, if specified Tag
|
|
filters will be ignored.
|
|
type: string
|
|
semver:
|
|
description: The Git tag semver expression, takes precedence over
|
|
Tag.
|
|
type: string
|
|
tag:
|
|
description: The Git tag to checkout, takes precedence over Branch.
|
|
type: string
|
|
type: object
|
|
secretRef:
|
|
description: The secret name containing the Git credentials. For HTTPS
|
|
repositories the secret must contain username and password fields.
|
|
For SSH repositories the secret must contain identity and known_hosts
|
|
fields.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: The timeout for remote Git operations like cloning, defaults
|
|
to 60s.
|
|
type: string
|
|
url:
|
|
description: The repository URL, can be a HTTP/S or SSH address.
|
|
pattern: ^(http|https|ssh)://.*$
|
|
type: string
|
|
verify:
|
|
description: Verify OpenPGP signature for the Git commit HEAD points
|
|
to.
|
|
properties:
|
|
mode:
|
|
description: Mode describes what git object should be verified,
|
|
currently ('head').
|
|
enum:
|
|
- head
|
|
type: string
|
|
secretRef:
|
|
description: The secret name containing the public keys of all
|
|
trusted Git authors.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- mode
|
|
type: object
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: GitRepositoryStatus defines the observed state of a Git repository.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
repository sync.
|
|
properties:
|
|
checksum:
|
|
description: Checksum is the SHA256 checksum of the artifact.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of this artifact.
|
|
format: date-time
|
|
type: string
|
|
path:
|
|
description: Path is the relative file path of this artifact.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm index timestamp, a Helm chart version, etc.
|
|
type: string
|
|
url:
|
|
description: URL is the HTTP address of this artifact.
|
|
type: string
|
|
required:
|
|
- path
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the GitRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
includedArtifacts:
|
|
description: IncludedArtifacts represents the included artifacts from
|
|
the last successful repository sync.
|
|
items:
|
|
description: Artifact represents the output of a source synchronisation.
|
|
properties:
|
|
checksum:
|
|
description: Checksum is the SHA256 checksum of the artifact.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of this artifact.
|
|
format: date-time
|
|
type: string
|
|
path:
|
|
description: Path is the relative file path of this artifact.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm index timestamp, a Helm chart version, etc.
|
|
type: string
|
|
url:
|
|
description: URL is the HTTP address of this artifact.
|
|
type: string
|
|
required:
|
|
- path
|
|
- url
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the download link for the artifact output of the
|
|
last repository sync.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
deprecated: true
|
|
deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: GitRepository is the Schema for the gitrepositories API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: GitRepositorySpec specifies the required configuration to
|
|
produce an Artifact for a Git repository.
|
|
properties:
|
|
accessFrom:
|
|
description: 'AccessFrom specifies an Access Control List for allowing
|
|
cross-namespace references to this object. NOTE: Not implemented,
|
|
provisional as of https://github.com/fluxcd/flux2/pull/2092'
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
gitImplementation:
|
|
default: go-git
|
|
description: 'GitImplementation specifies which Git client library
|
|
implementation to use. Defaults to ''go-git'', valid values are
|
|
(''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
|
|
now that ''go-git'' is the only supported implementation.'
|
|
enum:
|
|
- go-git
|
|
- libgit2
|
|
type: string
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
include:
|
|
description: Include specifies a list of GitRepository resources which
|
|
Artifacts should be included in the Artifact produced for this GitRepository.
|
|
items:
|
|
description: GitRepositoryInclude specifies a local reference to
|
|
a GitRepository which Artifact (sub-)contents must be included,
|
|
and where they should be placed.
|
|
properties:
|
|
fromPath:
|
|
description: FromPath specifies the path to copy contents from,
|
|
defaults to the root of the Artifact.
|
|
type: string
|
|
repository:
|
|
description: GitRepositoryRef specifies the GitRepository which
|
|
Artifact contents must be included.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
toPath:
|
|
description: ToPath specifies the path to copy contents to,
|
|
defaults to the name of the GitRepositoryRef.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: Interval at which to check the GitRepository for updates.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
recurseSubmodules:
|
|
description: RecurseSubmodules enables the initialization of all submodules
|
|
within the GitRepository as cloned from the URL, using their default
|
|
settings.
|
|
type: boolean
|
|
ref:
|
|
description: Reference specifies the Git reference to resolve and
|
|
monitor for changes, defaults to the 'master' branch.
|
|
properties:
|
|
branch:
|
|
description: Branch to check out, defaults to 'master' if no other
|
|
field is defined.
|
|
type: string
|
|
commit:
|
|
description: "Commit SHA to check out, takes precedence over all
|
|
reference fields. \n This can be combined with Branch to shallow
|
|
clone the branch, in which the commit is expected to exist."
|
|
type: string
|
|
name:
|
|
description: "Name of the reference to check out; takes precedence
|
|
over Branch, Tag and SemVer. \n It must be a valid Git reference:
|
|
https://git-scm.com/docs/git-check-ref-format#_description Examples:
|
|
\"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
|
|
\"refs/merge-requests/1/head\""
|
|
type: string
|
|
semver:
|
|
description: SemVer tag expression to check out, takes precedence
|
|
over Tag.
|
|
type: string
|
|
tag:
|
|
description: Tag to check out, takes precedence over Branch.
|
|
type: string
|
|
type: object
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing authentication
|
|
credentials for the GitRepository. For HTTPS repositories the Secret
|
|
must contain 'username' and 'password' fields for basic auth or
|
|
'bearerToken' field for token auth. For SSH repositories the Secret
|
|
must contain 'identity' and 'known_hosts' fields.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend the reconciliation
|
|
of this GitRepository.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: Timeout for Git operations like cloning, defaults to
|
|
60s.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
url:
|
|
description: URL specifies the Git repository URL, it can be an HTTP/S
|
|
or SSH address.
|
|
pattern: ^(http|https|ssh)://.*$
|
|
type: string
|
|
verify:
|
|
description: Verification specifies the configuration to verify the
|
|
Git commit signature(s).
|
|
properties:
|
|
mode:
|
|
description: Mode specifies what Git object should be verified,
|
|
currently ('head').
|
|
enum:
|
|
- head
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing the public
|
|
keys of trusted Git authors.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- mode
|
|
- secretRef
|
|
type: object
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: GitRepositoryStatus records the observed state of a Git repository.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the last successful GitRepository
|
|
reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the GitRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
contentConfigChecksum:
|
|
description: "ContentConfigChecksum is a checksum of all the configurations
|
|
related to the content of the source artifact: - .spec.ignore -
|
|
.spec.recurseSubmodules - .spec.included and the checksum of the
|
|
included artifacts observed in .status.observedGeneration version
|
|
of the object. This can be used to determine if the content of the
|
|
included repository has changed. It has the format of `<algo>:<checksum>`,
|
|
for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
|
|
fields for observed artifact content config in the status."
|
|
type: string
|
|
includedArtifacts:
|
|
description: IncludedArtifacts contains a list of the last successfully
|
|
included Artifacts as instructed by GitRepositorySpec.Include.
|
|
items:
|
|
description: Artifact represents the output of a Source reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of
|
|
'<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI
|
|
annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact.
|
|
It can be used to locate the file in the root of the Artifact
|
|
storage on the local file system of the controller managing
|
|
the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the GitRepository object.
|
|
format: int64
|
|
type: integer
|
|
observedIgnore:
|
|
description: ObservedIgnore is the observed exclusion patterns used
|
|
for constructing the source artifact.
|
|
type: string
|
|
observedInclude:
|
|
description: ObservedInclude is the observed list of GitRepository
|
|
resources used to to produce the current Artifact.
|
|
items:
|
|
description: GitRepositoryInclude specifies a local reference to
|
|
a GitRepository which Artifact (sub-)contents must be included,
|
|
and where they should be placed.
|
|
properties:
|
|
fromPath:
|
|
description: FromPath specifies the path to copy contents from,
|
|
defaults to the root of the Artifact.
|
|
type: string
|
|
repository:
|
|
description: GitRepositoryRef specifies the GitRepository which
|
|
Artifact contents must be included.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
toPath:
|
|
description: ToPath specifies the path to copy contents to,
|
|
defaults to the name of the GitRepositoryRef.
|
|
type: string
|
|
required:
|
|
- repository
|
|
type: object
|
|
type: array
|
|
observedRecurseSubmodules:
|
|
description: ObservedRecurseSubmodules is the observed resource submodules
|
|
configuration used to produce the current Artifact.
|
|
type: boolean
|
|
url:
|
|
description: URL is the dynamic fetch link for the latest Artifact.
|
|
It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
|
|
data is recommended.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: helmcharts.source.toolkit.fluxcd.io
|
|
spec:
|
|
group: source.toolkit.fluxcd.io
|
|
names:
|
|
kind: HelmChart
|
|
listKind: HelmChartList
|
|
plural: helmcharts
|
|
shortNames:
|
|
- hc
|
|
singular: helmchart
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.chart
|
|
name: Chart
|
|
type: string
|
|
- jsonPath: .spec.version
|
|
name: Version
|
|
type: string
|
|
- jsonPath: .spec.sourceRef.kind
|
|
name: Source Kind
|
|
type: string
|
|
- jsonPath: .spec.sourceRef.name
|
|
name: Source Name
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: HelmChart is the Schema for the helmcharts API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: HelmChartSpec defines the desired state of a Helm chart.
|
|
properties:
|
|
accessFrom:
|
|
description: AccessFrom defines an Access Control List for allowing
|
|
cross-namespace references to this object.
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
chart:
|
|
description: The name or path the Helm chart is available at in the
|
|
SourceRef.
|
|
type: string
|
|
interval:
|
|
description: The interval at which to check the Source for updates.
|
|
type: string
|
|
reconcileStrategy:
|
|
default: ChartVersion
|
|
description: Determines what enables the creation of a new artifact.
|
|
Valid values are ('ChartVersion', 'Revision'). See the documentation
|
|
of the values for an explanation on their behavior. Defaults to
|
|
ChartVersion when omitted.
|
|
enum:
|
|
- ChartVersion
|
|
- Revision
|
|
type: string
|
|
sourceRef:
|
|
description: The reference to the Source the chart is available at.
|
|
properties:
|
|
apiVersion:
|
|
description: APIVersion of the referent.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent, valid values are ('HelmRepository',
|
|
'GitRepository', 'Bucket').
|
|
enum:
|
|
- HelmRepository
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
valuesFile:
|
|
description: Alternative values file to use as the default chart values,
|
|
expected to be a relative path in the SourceRef. Deprecated in favor
|
|
of ValuesFiles, for backwards compatibility the file defined here
|
|
is merged before the ValuesFiles items. Ignored when omitted.
|
|
type: string
|
|
valuesFiles:
|
|
description: Alternative list of values files to use as the chart
|
|
values (values.yaml is not included by default), expected to be
|
|
a relative path in the SourceRef. Values files are merged in the
|
|
order of this list with the last file overriding the first. Ignored
|
|
when omitted.
|
|
items:
|
|
type: string
|
|
type: array
|
|
version:
|
|
default: '*'
|
|
description: The chart version semver expression, ignored for charts
|
|
from GitRepository and Bucket sources. Defaults to latest when omitted.
|
|
type: string
|
|
required:
|
|
- chart
|
|
- interval
|
|
- sourceRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: HelmChartStatus defines the observed state of the HelmChart.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
chart sync.
|
|
properties:
|
|
checksum:
|
|
description: Checksum is the SHA256 checksum of the artifact.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of this artifact.
|
|
format: date-time
|
|
type: string
|
|
path:
|
|
description: Path is the relative file path of this artifact.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm index timestamp, a Helm chart version, etc.
|
|
type: string
|
|
url:
|
|
description: URL is the HTTP address of this artifact.
|
|
type: string
|
|
required:
|
|
- path
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the HelmChart.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the download link for the last chart pulled.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.chart
|
|
name: Chart
|
|
type: string
|
|
- jsonPath: .spec.version
|
|
name: Version
|
|
type: string
|
|
- jsonPath: .spec.sourceRef.kind
|
|
name: Source Kind
|
|
type: string
|
|
- jsonPath: .spec.sourceRef.name
|
|
name: Source Name
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: HelmChart is the Schema for the helmcharts API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: HelmChartSpec specifies the desired state of a Helm chart.
|
|
properties:
|
|
accessFrom:
|
|
description: 'AccessFrom specifies an Access Control List for allowing
|
|
cross-namespace references to this object. NOTE: Not implemented,
|
|
provisional as of https://github.com/fluxcd/flux2/pull/2092'
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
chart:
|
|
description: Chart is the name or path the Helm chart is available
|
|
at in the SourceRef.
|
|
type: string
|
|
interval:
|
|
description: Interval at which the HelmChart SourceRef is checked
|
|
for updates. This interval is approximate and may be subject to
|
|
jitter to ensure efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
reconcileStrategy:
|
|
default: ChartVersion
|
|
description: ReconcileStrategy determines what enables the creation
|
|
of a new artifact. Valid values are ('ChartVersion', 'Revision').
|
|
See the documentation of the values for an explanation on their
|
|
behavior. Defaults to ChartVersion when omitted.
|
|
enum:
|
|
- ChartVersion
|
|
- Revision
|
|
type: string
|
|
sourceRef:
|
|
description: SourceRef is the reference to the Source the chart is
|
|
available at.
|
|
properties:
|
|
apiVersion:
|
|
description: APIVersion of the referent.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent, valid values are ('HelmRepository',
|
|
'GitRepository', 'Bucket').
|
|
enum:
|
|
- HelmRepository
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
valuesFile:
|
|
description: ValuesFile is an alternative values file to use as the
|
|
default chart values, expected to be a relative path in the SourceRef.
|
|
Deprecated in favor of ValuesFiles, for backwards compatibility
|
|
the file specified here is merged before the ValuesFiles items.
|
|
Ignored when omitted.
|
|
type: string
|
|
valuesFiles:
|
|
description: ValuesFiles is an alternative list of values files to
|
|
use as the chart values (values.yaml is not included by default),
|
|
expected to be a relative path in the SourceRef. Values files are
|
|
merged in the order of this list with the last file overriding the
|
|
first. Ignored when omitted.
|
|
items:
|
|
type: string
|
|
type: array
|
|
verify:
|
|
description: Verify contains the secret name containing the trusted
|
|
public keys used to verify the signature and specifies which provider
|
|
to use to check whether OCI image is authentic. This field is only
|
|
supported when using HelmRepository source with spec.type 'oci'.
|
|
Chart dependencies, which are not bundled in the umbrella chart
|
|
artifact, are not verified.
|
|
properties:
|
|
provider:
|
|
default: cosign
|
|
description: Provider specifies the technology used to sign the
|
|
OCI Artifact.
|
|
enum:
|
|
- cosign
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Kubernetes Secret containing
|
|
the trusted public keys.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
version:
|
|
default: '*'
|
|
description: Version is the chart version semver expression, ignored
|
|
for charts from GitRepository and Bucket sources. Defaults to latest
|
|
when omitted.
|
|
type: string
|
|
required:
|
|
- chart
|
|
- interval
|
|
- sourceRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: HelmChartStatus records the observed state of the HelmChart.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the HelmChart.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedChartName:
|
|
description: ObservedChartName is the last observed chart name as
|
|
specified by the resolved chart reference.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the HelmChart object.
|
|
format: int64
|
|
type: integer
|
|
observedSourceArtifactRevision:
|
|
description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
|
|
of the HelmChartSpec.SourceRef.
|
|
type: string
|
|
url:
|
|
description: URL is the dynamic fetch link for the latest Artifact.
|
|
It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
|
|
data is recommended.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: helmrepositories.source.toolkit.fluxcd.io
|
|
spec:
|
|
group: source.toolkit.fluxcd.io
|
|
names:
|
|
kind: HelmRepository
|
|
listKind: HelmRepositoryList
|
|
plural: helmrepositories
|
|
shortNames:
|
|
- helmrepo
|
|
singular: helmrepository
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: HelmRepository is the Schema for the helmrepositories API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: HelmRepositorySpec defines the reference to a Helm repository.
|
|
properties:
|
|
accessFrom:
|
|
description: AccessFrom defines an Access Control List for allowing
|
|
cross-namespace references to this object.
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
interval:
|
|
description: The interval at which to check the upstream for updates.
|
|
type: string
|
|
passCredentials:
|
|
description: PassCredentials allows the credentials from the SecretRef
|
|
to be passed on to a host that does not match the host as defined
|
|
in URL. This may be required if the host of the advertised chart
|
|
URLs in the index differ from the defined URL. Enabling this should
|
|
be done with caution, as it can potentially result in credentials
|
|
getting stolen in a MITM-attack.
|
|
type: boolean
|
|
secretRef:
|
|
description: The name of the secret containing authentication credentials
|
|
for the Helm repository. For HTTP/S basic auth the secret must contain
|
|
username and password fields. For TLS the secret must contain a
|
|
certFile and keyFile, and/or caFile fields.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: The timeout of index downloading, defaults to 60s.
|
|
type: string
|
|
url:
|
|
description: The Helm repository URL, a valid URL contains at least
|
|
a protocol and host.
|
|
type: string
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
repository sync.
|
|
properties:
|
|
checksum:
|
|
description: Checksum is the SHA256 checksum of the artifact.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of this artifact.
|
|
format: date-time
|
|
type: string
|
|
path:
|
|
description: Path is the relative file path of this artifact.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm index timestamp, a Helm chart version, etc.
|
|
type: string
|
|
url:
|
|
description: URL is the HTTP address of this artifact.
|
|
type: string
|
|
required:
|
|
- path
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the HelmRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the download link for the last index fetched.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: HelmRepository is the Schema for the helmrepositories API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: HelmRepositorySpec specifies the required configuration to
|
|
produce an Artifact for a Helm repository index YAML.
|
|
properties:
|
|
accessFrom:
|
|
description: 'AccessFrom specifies an Access Control List for allowing
|
|
cross-namespace references to this object. NOTE: Not implemented,
|
|
provisional as of https://github.com/fluxcd/flux2/pull/2092'
|
|
properties:
|
|
namespaceSelectors:
|
|
description: NamespaceSelectors is the list of namespace selectors
|
|
to which this ACL applies. Items in this list are evaluated
|
|
using a logical OR operation.
|
|
items:
|
|
description: NamespaceSelector selects the namespaces to which
|
|
this ACL applies. An empty map of MatchLabels matches all
|
|
namespaces in a cluster.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs.
|
|
A single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is
|
|
"key", the operator is "In", and the values array contains
|
|
only "value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
required:
|
|
- namespaceSelectors
|
|
type: object
|
|
certSecretRef:
|
|
description: "CertSecretRef can be given the name of a Secret containing
|
|
either or both of \n - a PEM-encoded client certificate (`tls.crt`)
|
|
and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
|
|
\n and whichever are supplied, will be used for connecting to the
|
|
registry. The client cert and key are useful if you are authenticating
|
|
with a certificate; the CA cert is useful if you are using a self-signed
|
|
server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
|
|
\n It takes precedence over the values specified in the Secret referred
|
|
to by `.spec.secretRef`."
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
interval:
|
|
description: Interval at which the HelmRepository URL is checked for
|
|
updates. This interval is approximate and may be subject to jitter
|
|
to ensure efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
passCredentials:
|
|
description: PassCredentials allows the credentials from the SecretRef
|
|
to be passed on to a host that does not match the host as defined
|
|
in URL. This may be required if the host of the advertised chart
|
|
URLs in the index differ from the defined URL. Enabling this should
|
|
be done with caution, as it can potentially result in credentials
|
|
getting stolen in a MITM-attack.
|
|
type: boolean
|
|
provider:
|
|
default: generic
|
|
description: Provider used for authentication, can be 'aws', 'azure',
|
|
'gcp' or 'generic'. This field is optional, and only taken into
|
|
account if the .spec.type field is set to 'oci'. When not specified,
|
|
defaults to 'generic'.
|
|
enum:
|
|
- generic
|
|
- aws
|
|
- azure
|
|
- gcp
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing authentication
|
|
credentials for the HelmRepository. For HTTP/S basic auth the secret
|
|
must contain 'username' and 'password' fields. Support for TLS auth
|
|
using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
|
|
Please use `.spec.certSecretRef` instead.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend the reconciliation
|
|
of this HelmRepository.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: Timeout is used for the index fetch operation for an
|
|
HTTPS helm repository, and for remote OCI Repository operations
|
|
like pulling for an OCI helm repository. Its default value is 60s.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
type:
|
|
description: Type of the HelmRepository. When this field is set to "oci",
|
|
the URL field value must be prefixed with "oci://".
|
|
enum:
|
|
- default
|
|
- oci
|
|
type: string
|
|
url:
|
|
description: URL of the Helm repository, a valid URL contains at least
|
|
a protocol and host.
|
|
type: string
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: HelmRepositoryStatus records the observed state of the HelmRepository.
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the last successful HelmRepository
|
|
reconciliation.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the HelmRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the HelmRepository object.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the dynamic fetch link for the latest Artifact.
|
|
It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
|
|
data is recommended.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: ocirepositories.source.toolkit.fluxcd.io
|
|
spec:
|
|
group: source.toolkit.fluxcd.io
|
|
names:
|
|
kind: OCIRepository
|
|
listKind: OCIRepositoryList
|
|
plural: ocirepositories
|
|
shortNames:
|
|
- ocirepo
|
|
singular: ocirepository
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.url
|
|
name: URL
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: OCIRepository is the Schema for the ocirepositories API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: OCIRepositorySpec defines the desired state of OCIRepository
|
|
properties:
|
|
certSecretRef:
|
|
description: "CertSecretRef can be given the name of a Secret containing
|
|
either or both of \n - a PEM-encoded client certificate (`tls.crt`)
|
|
and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
|
|
\n and whichever are supplied, will be used for connecting to the
|
|
registry. The client cert and key are useful if you are authenticating
|
|
with a certificate; the CA cert is useful if you are using a self-signed
|
|
server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
|
|
\n Note: Support for the `caFile`, `certFile` and `keyFile` keys
|
|
have been deprecated."
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
ignore:
|
|
description: Ignore overrides the set of excluded patterns in the
|
|
.sourceignore format (which is the same as .gitignore). If not provided,
|
|
a default will be used, consult the documentation for your version
|
|
to find out what those are.
|
|
type: string
|
|
insecure:
|
|
description: Insecure allows connecting to a non-TLS HTTP container
|
|
registry.
|
|
type: boolean
|
|
interval:
|
|
description: Interval at which the OCIRepository URL is checked for
|
|
updates. This interval is approximate and may be subject to jitter
|
|
to ensure efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
layerSelector:
|
|
description: LayerSelector specifies which layer should be extracted
|
|
from the OCI artifact. When not specified, the first layer found
|
|
in the artifact is selected.
|
|
properties:
|
|
mediaType:
|
|
description: MediaType specifies the OCI media type of the layer
|
|
which should be extracted from the OCI Artifact. The first layer
|
|
matching this type is selected.
|
|
type: string
|
|
operation:
|
|
description: Operation specifies how the selected layer should
|
|
be processed. By default, the layer compressed content is extracted
|
|
to storage. When the operation is set to 'copy', the layer compressed
|
|
content is persisted to storage as it is.
|
|
enum:
|
|
- extract
|
|
- copy
|
|
type: string
|
|
type: object
|
|
provider:
|
|
default: generic
|
|
description: The provider used for authentication, can be 'aws', 'azure',
|
|
'gcp' or 'generic'. When not specified, defaults to 'generic'.
|
|
enum:
|
|
- generic
|
|
- aws
|
|
- azure
|
|
- gcp
|
|
type: string
|
|
ref:
|
|
description: The OCI reference to pull and monitor for changes, defaults
|
|
to the latest tag.
|
|
properties:
|
|
digest:
|
|
description: Digest is the image digest to pull, takes precedence
|
|
over SemVer. The value should be in the format 'sha256:<HASH>'.
|
|
type: string
|
|
semver:
|
|
description: SemVer is the range of tags to pull selecting the
|
|
latest within the range, takes precedence over Tag.
|
|
type: string
|
|
tag:
|
|
description: Tag is the image tag to pull, defaults to latest.
|
|
type: string
|
|
type: object
|
|
secretRef:
|
|
description: SecretRef contains the secret name containing the registry
|
|
login credentials to resolve image metadata. The secret must be
|
|
of type kubernetes.io/dockerconfigjson.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
serviceAccountName:
|
|
description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
|
|
used to authenticate the image pull if the service account has attached
|
|
pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
|
|
type: string
|
|
suspend:
|
|
description: This flag tells the controller to suspend the reconciliation
|
|
of this source.
|
|
type: boolean
|
|
timeout:
|
|
default: 60s
|
|
description: The timeout for remote OCI Repository operations like
|
|
pulling, defaults to 60s.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
url:
|
|
description: URL is a reference to an OCI artifact repository hosted
|
|
on a remote container registry.
|
|
pattern: ^oci://.*$
|
|
type: string
|
|
verify:
|
|
description: Verify contains the secret name containing the trusted
|
|
public keys used to verify the signature and specifies which provider
|
|
to use to check whether OCI image is authentic.
|
|
properties:
|
|
provider:
|
|
default: cosign
|
|
description: Provider specifies the technology used to sign the
|
|
OCI Artifact.
|
|
enum:
|
|
- cosign
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Kubernetes Secret containing
|
|
the trusted public keys.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
required:
|
|
- interval
|
|
- url
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: OCIRepositoryStatus defines the observed state of OCIRepository
|
|
properties:
|
|
artifact:
|
|
description: Artifact represents the output of the last successful
|
|
OCI Repository sync.
|
|
properties:
|
|
digest:
|
|
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
|
|
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
|
|
type: string
|
|
lastUpdateTime:
|
|
description: LastUpdateTime is the timestamp corresponding to
|
|
the last update of the Artifact.
|
|
format: date-time
|
|
type: string
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: Metadata holds upstream information such as OCI annotations.
|
|
type: object
|
|
path:
|
|
description: Path is the relative file path of the Artifact. It
|
|
can be used to locate the file in the root of the Artifact storage
|
|
on the local file system of the controller managing the Source.
|
|
type: string
|
|
revision:
|
|
description: Revision is a human-readable identifier traceable
|
|
in the origin source system. It can be a Git commit SHA, Git
|
|
tag, a Helm chart version, etc.
|
|
type: string
|
|
size:
|
|
description: Size is the number of bytes in the file.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: URL is the HTTP address of the Artifact as exposed
|
|
by the controller managing the Source. It can be used to retrieve
|
|
the Artifact for consumption, e.g. by another controller applying
|
|
the Artifact contents.
|
|
type: string
|
|
required:
|
|
- lastUpdateTime
|
|
- path
|
|
- revision
|
|
- url
|
|
type: object
|
|
conditions:
|
|
description: Conditions holds the conditions for the OCIRepository.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
contentConfigChecksum:
|
|
description: "ContentConfigChecksum is a checksum of all the configurations
|
|
related to the content of the source artifact: - .spec.ignore -
|
|
.spec.layerSelector observed in .status.observedGeneration version
|
|
of the object. This can be used to determine if the content configuration
|
|
has changed and the artifact needs to be rebuilt. It has the format
|
|
of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
|
|
Replaced with explicit fields for observed artifact content config
|
|
in the status."
|
|
type: string
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
observedIgnore:
|
|
description: ObservedIgnore is the observed exclusion patterns used
|
|
for constructing the source artifact.
|
|
type: string
|
|
observedLayerSelector:
|
|
description: ObservedLayerSelector is the observed layer selector
|
|
used for constructing the source artifact.
|
|
properties:
|
|
mediaType:
|
|
description: MediaType specifies the OCI media type of the layer
|
|
which should be extracted from the OCI Artifact. The first layer
|
|
matching this type is selected.
|
|
type: string
|
|
operation:
|
|
description: Operation specifies how the selected layer should
|
|
be processed. By default, the layer compressed content is extracted
|
|
to storage. When the operation is set to 'copy', the layer compressed
|
|
content is persisted to storage as it is.
|
|
enum:
|
|
- extract
|
|
- copy
|
|
type: string
|
|
type: object
|
|
url:
|
|
description: URL is the download link for the artifact output of the
|
|
last OCI Repository sync.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: source-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: source-controller
|
|
namespace: flux-system
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: http
|
|
selector:
|
|
app: source-controller
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: source-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: source-controller
|
|
namespace: flux-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: source-controller
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
app: source-controller
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
|
|
- --watch-all-namespaces=true
|
|
- --log-level=info
|
|
- --log-encoding=json
|
|
- --enable-leader-election
|
|
- --storage-path=/data
|
|
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
|
|
env:
|
|
- name: RUNTIME_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: TUF_ROOT
|
|
value: /tmp/.sigstore
|
|
image: ghcr.io/fluxcd/source-controller:v1.1.2
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 9090
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: http-prom
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
priorityClassName: system-cluster-critical
|
|
securityContext:
|
|
fsGroup: 1337
|
|
serviceAccountName: source-controller
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: data
|
|
- emptyDir: {}
|
|
name: tmp
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: kustomize-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: kustomizations.kustomize.toolkit.fluxcd.io
|
|
spec:
|
|
group: kustomize.toolkit.fluxcd.io
|
|
names:
|
|
kind: Kustomization
|
|
listKind: KustomizationList
|
|
plural: kustomizations
|
|
shortNames:
|
|
- ks
|
|
singular: kustomization
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Kustomization is the Schema for the kustomizations API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: KustomizationSpec defines the configuration to calculate
|
|
the desired state from a Source using Kustomize.
|
|
properties:
|
|
commonMetadata:
|
|
description: CommonMetadata specifies the common labels and annotations
|
|
that are applied to all resources. Any existing label or annotation
|
|
will be overridden if its key matches a common one.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: Annotations to be added to the object's metadata.
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: Labels to be added to the object's metadata.
|
|
type: object
|
|
type: object
|
|
components:
|
|
description: Components specifies relative paths to specifications
|
|
of other Components.
|
|
items:
|
|
type: string
|
|
type: array
|
|
decryption:
|
|
description: Decrypt Kubernetes secrets before applying them on the
|
|
cluster.
|
|
properties:
|
|
provider:
|
|
description: Provider is the name of the decryption engine.
|
|
enum:
|
|
- sops
|
|
type: string
|
|
secretRef:
|
|
description: The secret name containing the private OpenPGP keys
|
|
used for decryption.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
dependsOn:
|
|
description: DependsOn may contain a meta.NamespacedObjectReference
|
|
slice with references to Kustomization resources that must be ready
|
|
before this Kustomization can be reconciled.
|
|
items:
|
|
description: NamespacedObjectReference contains enough information
|
|
to locate the referenced Kubernetes resource object in any namespace.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
force:
|
|
default: false
|
|
description: Force instructs the controller to recreate resources
|
|
when patching fails due to an immutable field change.
|
|
type: boolean
|
|
healthChecks:
|
|
description: A list of resources to be included in the health assessment.
|
|
items:
|
|
description: NamespacedObjectKindReference contains enough information
|
|
to locate the typed referenced Kubernetes resource object in any
|
|
namespace.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent, if not specified the
|
|
Kubernetes preferred version will be used.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
images:
|
|
description: Images is a list of (image name, new name, new tag or
|
|
digest) for changing image names, tags or digests. This can also
|
|
be achieved with a patch, but this operator is simpler to specify.
|
|
items:
|
|
description: Image contains an image name, a new name, a new tag
|
|
or digest, which will replace the original name and tag.
|
|
properties:
|
|
digest:
|
|
description: Digest is the value used to replace the original
|
|
image tag. If digest is present NewTag value is ignored.
|
|
type: string
|
|
name:
|
|
description: Name is a tag-less image name.
|
|
type: string
|
|
newName:
|
|
description: NewName is the value used to replace the original
|
|
name.
|
|
type: string
|
|
newTag:
|
|
description: NewTag is the value used to replace the original
|
|
tag.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: The interval at which to reconcile the Kustomization.
|
|
This interval is approximate and may be subject to jitter to ensure
|
|
efficient use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
kubeConfig:
|
|
description: The KubeConfig for reconciling the Kustomization on a
|
|
remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
|
|
forces the controller to act on behalf of that Service Account at
|
|
the target cluster. If the --default-service-account flag is set,
|
|
its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
|
|
is empty.
|
|
properties:
|
|
secretRef:
|
|
description: SecretRef holds the name of a secret that contains
|
|
a key with the kubeconfig file as the value. If no key is set,
|
|
the key will default to 'value'. It is recommended that the
|
|
kubeconfig is self-contained, and the secret is regularly updated
|
|
if credentials such as a cloud-access-token expire. Cloud specific
|
|
`cmd-path` auth helpers will not function without adding binaries
|
|
and credentials to the Pod that is responsible for reconciling
|
|
Kubernetes resources.
|
|
properties:
|
|
key:
|
|
description: Key in the Secret, when not specified an implementation-specific
|
|
default key is used.
|
|
type: string
|
|
name:
|
|
description: Name of the Secret.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
patches:
|
|
description: Strategic merge and JSON patches, defined as inline YAML
|
|
objects, capable of targeting objects based on kind, label and annotation
|
|
selectors.
|
|
items:
|
|
description: Patch contains an inline StrategicMerge or JSON6902
|
|
patch, and the target the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains an inline StrategicMerge patch or
|
|
an inline JSON6902 patch with an array of operation objects.
|
|
type: string
|
|
target:
|
|
description: Target points to the resources that the patch document
|
|
should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select resources
|
|
from. Together with Version and Kind it is capable of
|
|
unambiguously identifying and/or selecting resources.
|
|
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources from.
|
|
Together with Group and Version it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows the
|
|
label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select resources
|
|
from. Together with Group and Kind it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to the directory containing the kustomization.yaml
|
|
file, or the set of plain YAMLs a kustomization.yaml should be generated
|
|
for. Defaults to 'None', which translates to the root path of the
|
|
SourceRef.
|
|
type: string
|
|
postBuild:
|
|
description: PostBuild describes which actions to perform on the YAML
|
|
manifest generated by building the kustomize overlay.
|
|
properties:
|
|
substitute:
|
|
additionalProperties:
|
|
type: string
|
|
description: Substitute holds a map of key/value pairs. The variables
|
|
defined in your YAML manifests that match any of the keys defined
|
|
in the map will be substituted with the set value. Includes
|
|
support for bash string replacement functions e.g. ${var:=default},
|
|
${var:position} and ${var/substring/replacement}.
|
|
type: object
|
|
substituteFrom:
|
|
description: SubstituteFrom holds references to ConfigMaps and
|
|
Secrets containing the variables and their values to be substituted
|
|
in the YAML manifests. The ConfigMap and the Secret data keys
|
|
represent the var names, and they must match the vars declared
|
|
in the manifests for the substitution to happen.
|
|
items:
|
|
description: SubstituteReference contains a reference to a resource
|
|
containing the variables name and value.
|
|
properties:
|
|
kind:
|
|
description: Kind of the values referent, valid values are
|
|
('Secret', 'ConfigMap').
|
|
enum:
|
|
- Secret
|
|
- ConfigMap
|
|
type: string
|
|
name:
|
|
description: Name of the values referent. Should reside
|
|
in the same namespace as the referring resource.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
optional:
|
|
default: false
|
|
description: Optional indicates whether the referenced resource
|
|
must exist, or whether to tolerate its absence. If true
|
|
and the referenced resource is absent, proceed as if the
|
|
resource was present but empty, without any variables
|
|
defined.
|
|
type: boolean
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
prune:
|
|
description: Prune enables garbage collection.
|
|
type: boolean
|
|
retryInterval:
|
|
description: The interval at which to retry a previously failed reconciliation.
|
|
When not specified, the controller uses the KustomizationSpec.Interval
|
|
value to retry failures.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
serviceAccountName:
|
|
description: The name of the Kubernetes service account to impersonate
|
|
when reconciling this Kustomization.
|
|
type: string
|
|
sourceRef:
|
|
description: Reference of the source where the kustomization file
|
|
is.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
enum:
|
|
- OCIRepository
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, defaults to the namespace
|
|
of the Kubernetes resource object that contains the reference.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
kustomize executions, it does not apply to already started executions.
|
|
Defaults to false.
|
|
type: boolean
|
|
targetNamespace:
|
|
description: TargetNamespace sets or overrides the namespace in the
|
|
kustomization.yaml file.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
timeout:
|
|
description: Timeout for validation, apply and health checking operations.
|
|
Defaults to 'Interval' duration.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
wait:
|
|
description: Wait instructs the controller to check the health of
|
|
all the reconciled resources. When enabled, the HealthChecks are
|
|
ignored. Defaults to false.
|
|
type: boolean
|
|
required:
|
|
- interval
|
|
- prune
|
|
- sourceRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: KustomizationStatus defines the observed state of a kustomization.
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
inventory:
|
|
description: Inventory contains the list of Kubernetes resource object
|
|
references that have been successfully applied.
|
|
properties:
|
|
entries:
|
|
description: Entries of Kubernetes resource object references.
|
|
items:
|
|
description: ResourceRef contains the information necessary
|
|
to locate a resource within a cluster.
|
|
properties:
|
|
id:
|
|
description: ID is the string representation of the Kubernetes
|
|
resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
|
|
type: string
|
|
v:
|
|
description: Version is the API version of the Kubernetes
|
|
resource object's kind.
|
|
type: string
|
|
required:
|
|
- id
|
|
- v
|
|
type: object
|
|
type: array
|
|
required:
|
|
- entries
|
|
type: object
|
|
lastAppliedRevision:
|
|
description: The last successfully applied revision. Equals the Revision
|
|
of the applied Artifact from the referenced Source.
|
|
type: string
|
|
lastAttemptedRevision:
|
|
description: LastAttemptedRevision is the revision of the last reconciliation
|
|
attempt.
|
|
type: string
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last reconciled generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
deprecated: true
|
|
deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Kustomization is the Schema for the kustomizations API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: KustomizationSpec defines the desired state of a kustomization.
|
|
properties:
|
|
decryption:
|
|
description: Decrypt Kubernetes secrets before applying them on the
|
|
cluster.
|
|
properties:
|
|
provider:
|
|
description: Provider is the name of the decryption engine.
|
|
enum:
|
|
- sops
|
|
type: string
|
|
secretRef:
|
|
description: The secret name containing the private OpenPGP keys
|
|
used for decryption.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
dependsOn:
|
|
description: DependsOn may contain a meta.NamespacedObjectReference
|
|
slice with references to Kustomization resources that must be ready
|
|
before this Kustomization can be reconciled.
|
|
items:
|
|
description: NamespacedObjectReference contains enough information
|
|
to locate the referenced Kubernetes resource object in any namespace.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
force:
|
|
default: false
|
|
description: Force instructs the controller to recreate resources
|
|
when patching fails due to an immutable field change.
|
|
type: boolean
|
|
healthChecks:
|
|
description: A list of resources to be included in the health assessment.
|
|
items:
|
|
description: NamespacedObjectKindReference contains enough information
|
|
to locate the typed referenced Kubernetes resource object in any
|
|
namespace.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent, if not specified the
|
|
Kubernetes preferred version will be used.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
images:
|
|
description: Images is a list of (image name, new name, new tag or
|
|
digest) for changing image names, tags or digests. This can also
|
|
be achieved with a patch, but this operator is simpler to specify.
|
|
items:
|
|
description: Image contains an image name, a new name, a new tag
|
|
or digest, which will replace the original name and tag.
|
|
properties:
|
|
digest:
|
|
description: Digest is the value used to replace the original
|
|
image tag. If digest is present NewTag value is ignored.
|
|
type: string
|
|
name:
|
|
description: Name is a tag-less image name.
|
|
type: string
|
|
newName:
|
|
description: NewName is the value used to replace the original
|
|
name.
|
|
type: string
|
|
newTag:
|
|
description: NewTag is the value used to replace the original
|
|
tag.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: The interval at which to reconcile the Kustomization.
|
|
type: string
|
|
kubeConfig:
|
|
description: The KubeConfig for reconciling the Kustomization on a
|
|
remote cluster. When specified, KubeConfig takes precedence over
|
|
ServiceAccountName.
|
|
properties:
|
|
secretRef:
|
|
description: SecretRef holds the name to a secret that contains
|
|
a 'value' key with the kubeconfig file as the value. It must
|
|
be in the same namespace as the Kustomization. It is recommended
|
|
that the kubeconfig is self-contained, and the secret is regularly
|
|
updated if credentials such as a cloud-access-token expire.
|
|
Cloud specific `cmd-path` auth helpers will not function without
|
|
adding binaries and credentials to the Pod that is responsible
|
|
for reconciling the Kustomization.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: object
|
|
patches:
|
|
description: Strategic merge and JSON patches, defined as inline YAML
|
|
objects, capable of targeting objects based on kind, label and annotation
|
|
selectors.
|
|
items:
|
|
description: Patch contains an inline StrategicMerge or JSON6902
|
|
patch, and the target the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains an inline StrategicMerge patch or
|
|
an inline JSON6902 patch with an array of operation objects.
|
|
type: string
|
|
target:
|
|
description: Target points to the resources that the patch document
|
|
should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select resources
|
|
from. Together with Version and Kind it is capable of
|
|
unambiguously identifying and/or selecting resources.
|
|
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources from.
|
|
Together with Group and Version it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows the
|
|
label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select resources
|
|
from. Together with Group and Kind it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
type: object
|
|
type: array
|
|
patchesJson6902:
|
|
description: JSON 6902 patches, defined as inline YAML objects.
|
|
items:
|
|
description: JSON6902Patch contains a JSON6902 patch and the target
|
|
the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains the JSON6902 patch document with
|
|
an array of operation objects.
|
|
items:
|
|
description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
properties:
|
|
from:
|
|
description: From contains a JSON-pointer value that references
|
|
a location within the target document where the operation
|
|
is performed. The meaning of the value depends on the
|
|
value of Op, and is NOT taken into account by all operations.
|
|
type: string
|
|
op:
|
|
description: Op indicates the operation to perform. Its
|
|
value MUST be one of "add", "remove", "replace", "move",
|
|
"copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
enum:
|
|
- test
|
|
- remove
|
|
- add
|
|
- replace
|
|
- move
|
|
- copy
|
|
type: string
|
|
path:
|
|
description: Path contains the JSON-pointer value that
|
|
references a location within the target document where
|
|
the operation is performed. The meaning of the value
|
|
depends on the value of Op.
|
|
type: string
|
|
value:
|
|
description: Value contains a valid JSON structure. The
|
|
meaning of the value depends on the value of Op, and
|
|
is NOT taken into account by all operations.
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
required:
|
|
- op
|
|
- path
|
|
type: object
|
|
type: array
|
|
target:
|
|
description: Target points to the resources that the patch document
|
|
should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select resources
|
|
from. Together with Version and Kind it is capable of
|
|
unambiguously identifying and/or selecting resources.
|
|
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources from.
|
|
Together with Group and Version it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows the
|
|
label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select resources
|
|
from. Together with Group and Kind it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
- target
|
|
type: object
|
|
type: array
|
|
patchesStrategicMerge:
|
|
description: Strategic merge patches, defined as inline YAML objects.
|
|
items:
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: array
|
|
path:
|
|
description: Path to the directory containing the kustomization.yaml
|
|
file, or the set of plain YAMLs a kustomization.yaml should be generated
|
|
for. Defaults to 'None', which translates to the root path of the
|
|
SourceRef.
|
|
type: string
|
|
postBuild:
|
|
description: PostBuild describes which actions to perform on the YAML
|
|
manifest generated by building the kustomize overlay.
|
|
properties:
|
|
substitute:
|
|
additionalProperties:
|
|
type: string
|
|
description: Substitute holds a map of key/value pairs. The variables
|
|
defined in your YAML manifests that match any of the keys defined
|
|
in the map will be substituted with the set value. Includes
|
|
support for bash string replacement functions e.g. ${var:=default},
|
|
${var:position} and ${var/substring/replacement}.
|
|
type: object
|
|
substituteFrom:
|
|
description: SubstituteFrom holds references to ConfigMaps and
|
|
Secrets containing the variables and their values to be substituted
|
|
in the YAML manifests. The ConfigMap and the Secret data keys
|
|
represent the var names and they must match the vars declared
|
|
in the manifests for the substitution to happen.
|
|
items:
|
|
description: SubstituteReference contains a reference to a resource
|
|
containing the variables name and value.
|
|
properties:
|
|
kind:
|
|
description: Kind of the values referent, valid values are
|
|
('Secret', 'ConfigMap').
|
|
enum:
|
|
- Secret
|
|
- ConfigMap
|
|
type: string
|
|
name:
|
|
description: Name of the values referent. Should reside
|
|
in the same namespace as the referring resource.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
prune:
|
|
description: Prune enables garbage collection.
|
|
type: boolean
|
|
retryInterval:
|
|
description: The interval at which to retry a previously failed reconciliation.
|
|
When not specified, the controller uses the KustomizationSpec.Interval
|
|
value to retry failures.
|
|
type: string
|
|
serviceAccountName:
|
|
description: The name of the Kubernetes service account to impersonate
|
|
when reconciling this Kustomization.
|
|
type: string
|
|
sourceRef:
|
|
description: Reference of the source where the kustomization file
|
|
is.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, defaults to the Kustomization
|
|
namespace
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
kustomize executions, it does not apply to already started executions.
|
|
Defaults to false.
|
|
type: boolean
|
|
targetNamespace:
|
|
description: TargetNamespace sets or overrides the namespace in the
|
|
kustomization.yaml file.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
timeout:
|
|
description: Timeout for validation, apply and health checking operations.
|
|
Defaults to 'Interval' duration.
|
|
type: string
|
|
validation:
|
|
description: Validate the Kubernetes objects before applying them
|
|
on the cluster. The validation strategy can be 'client' (local dry-run),
|
|
'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
|
|
validation will fallback to 'client' if set to 'server' because
|
|
server-side validation is not supported in this scenario.
|
|
enum:
|
|
- none
|
|
- client
|
|
- server
|
|
type: string
|
|
required:
|
|
- interval
|
|
- prune
|
|
- sourceRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: KustomizationStatus defines the observed state of a kustomization.
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastAppliedRevision:
|
|
description: The last successfully applied revision. The revision
|
|
format for Git sources is <branch|tag>/<commit-sha>.
|
|
type: string
|
|
lastAttemptedRevision:
|
|
description: LastAttemptedRevision is the revision of the last reconciliation
|
|
attempt.
|
|
type: string
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last reconciled generation.
|
|
format: int64
|
|
type: integer
|
|
snapshot:
|
|
description: The last successfully applied revision metadata.
|
|
properties:
|
|
checksum:
|
|
description: The manifests sha1 checksum.
|
|
type: string
|
|
entries:
|
|
description: A list of Kubernetes kinds grouped by namespace.
|
|
items:
|
|
description: Snapshot holds the metadata of namespaced Kubernetes
|
|
objects
|
|
properties:
|
|
kinds:
|
|
additionalProperties:
|
|
type: string
|
|
description: The list of Kubernetes kinds.
|
|
type: object
|
|
namespace:
|
|
description: The namespace of this entry.
|
|
type: string
|
|
required:
|
|
- kinds
|
|
type: object
|
|
type: array
|
|
required:
|
|
- checksum
|
|
- entries
|
|
type: object
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
deprecated: true
|
|
deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Kustomization is the Schema for the kustomizations API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: KustomizationSpec defines the configuration to calculate
|
|
the desired state from a Source using Kustomize.
|
|
properties:
|
|
commonMetadata:
|
|
description: CommonMetadata specifies the common labels and annotations
|
|
that are applied to all resources. Any existing label or annotation
|
|
will be overridden if its key matches a common one.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: Annotations to be added to the object's metadata.
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: Labels to be added to the object's metadata.
|
|
type: object
|
|
type: object
|
|
components:
|
|
description: Components specifies relative paths to specifications
|
|
of other Components.
|
|
items:
|
|
type: string
|
|
type: array
|
|
decryption:
|
|
description: Decrypt Kubernetes secrets before applying them on the
|
|
cluster.
|
|
properties:
|
|
provider:
|
|
description: Provider is the name of the decryption engine.
|
|
enum:
|
|
- sops
|
|
type: string
|
|
secretRef:
|
|
description: The secret name containing the private OpenPGP keys
|
|
used for decryption.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
dependsOn:
|
|
description: DependsOn may contain a meta.NamespacedObjectReference
|
|
slice with references to Kustomization resources that must be ready
|
|
before this Kustomization can be reconciled.
|
|
items:
|
|
description: NamespacedObjectReference contains enough information
|
|
to locate the referenced Kubernetes resource object in any namespace.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
force:
|
|
default: false
|
|
description: Force instructs the controller to recreate resources
|
|
when patching fails due to an immutable field change.
|
|
type: boolean
|
|
healthChecks:
|
|
description: A list of resources to be included in the health assessment.
|
|
items:
|
|
description: NamespacedObjectKindReference contains enough information
|
|
to locate the typed referenced Kubernetes resource object in any
|
|
namespace.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent, if not specified the
|
|
Kubernetes preferred version will be used.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
images:
|
|
description: Images is a list of (image name, new name, new tag or
|
|
digest) for changing image names, tags or digests. This can also
|
|
be achieved with a patch, but this operator is simpler to specify.
|
|
items:
|
|
description: Image contains an image name, a new name, a new tag
|
|
or digest, which will replace the original name and tag.
|
|
properties:
|
|
digest:
|
|
description: Digest is the value used to replace the original
|
|
image tag. If digest is present NewTag value is ignored.
|
|
type: string
|
|
name:
|
|
description: Name is a tag-less image name.
|
|
type: string
|
|
newName:
|
|
description: NewName is the value used to replace the original
|
|
name.
|
|
type: string
|
|
newTag:
|
|
description: NewTag is the value used to replace the original
|
|
tag.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
interval:
|
|
description: The interval at which to reconcile the Kustomization.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
kubeConfig:
|
|
description: The KubeConfig for reconciling the Kustomization on a
|
|
remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
|
|
forces the controller to act on behalf of that Service Account at
|
|
the target cluster. If the --default-service-account flag is set,
|
|
its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
|
|
is empty.
|
|
properties:
|
|
secretRef:
|
|
description: SecretRef holds the name of a secret that contains
|
|
a key with the kubeconfig file as the value. If no key is set,
|
|
the key will default to 'value'. It is recommended that the
|
|
kubeconfig is self-contained, and the secret is regularly updated
|
|
if credentials such as a cloud-access-token expire. Cloud specific
|
|
`cmd-path` auth helpers will not function without adding binaries
|
|
and credentials to the Pod that is responsible for reconciling
|
|
Kubernetes resources.
|
|
properties:
|
|
key:
|
|
description: Key in the Secret, when not specified an implementation-specific
|
|
default key is used.
|
|
type: string
|
|
name:
|
|
description: Name of the Secret.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
patches:
|
|
description: Strategic merge and JSON patches, defined as inline YAML
|
|
objects, capable of targeting objects based on kind, label and annotation
|
|
selectors.
|
|
items:
|
|
description: Patch contains an inline StrategicMerge or JSON6902
|
|
patch, and the target the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains an inline StrategicMerge patch or
|
|
an inline JSON6902 patch with an array of operation objects.
|
|
type: string
|
|
target:
|
|
description: Target points to the resources that the patch document
|
|
should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select resources
|
|
from. Together with Version and Kind it is capable of
|
|
unambiguously identifying and/or selecting resources.
|
|
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources from.
|
|
Together with Group and Version it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows the
|
|
label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select resources
|
|
from. Together with Group and Kind it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
type: object
|
|
type: array
|
|
patchesJson6902:
|
|
description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
|
|
Use Patches instead.'
|
|
items:
|
|
description: JSON6902Patch contains a JSON6902 patch and the target
|
|
the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains the JSON6902 patch document with
|
|
an array of operation objects.
|
|
items:
|
|
description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
properties:
|
|
from:
|
|
description: From contains a JSON-pointer value that references
|
|
a location within the target document where the operation
|
|
is performed. The meaning of the value depends on the
|
|
value of Op, and is NOT taken into account by all operations.
|
|
type: string
|
|
op:
|
|
description: Op indicates the operation to perform. Its
|
|
value MUST be one of "add", "remove", "replace", "move",
|
|
"copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
enum:
|
|
- test
|
|
- remove
|
|
- add
|
|
- replace
|
|
- move
|
|
- copy
|
|
type: string
|
|
path:
|
|
description: Path contains the JSON-pointer value that
|
|
references a location within the target document where
|
|
the operation is performed. The meaning of the value
|
|
depends on the value of Op.
|
|
type: string
|
|
value:
|
|
description: Value contains a valid JSON structure. The
|
|
meaning of the value depends on the value of Op, and
|
|
is NOT taken into account by all operations.
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
required:
|
|
- op
|
|
- path
|
|
type: object
|
|
type: array
|
|
target:
|
|
description: Target points to the resources that the patch document
|
|
should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select resources
|
|
from. Together with Version and Kind it is capable of
|
|
unambiguously identifying and/or selecting resources.
|
|
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources from.
|
|
Together with Group and Version it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows the
|
|
label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select resources
|
|
from. Together with Group and Kind it is capable of unambiguously
|
|
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
- target
|
|
type: object
|
|
type: array
|
|
patchesStrategicMerge:
|
|
description: 'Strategic merge patches, defined as inline YAML objects.
|
|
Deprecated: Use Patches instead.'
|
|
items:
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: array
|
|
path:
|
|
description: Path to the directory containing the kustomization.yaml
|
|
file, or the set of plain YAMLs a kustomization.yaml should be generated
|
|
for. Defaults to 'None', which translates to the root path of the
|
|
SourceRef.
|
|
type: string
|
|
postBuild:
|
|
description: PostBuild describes which actions to perform on the YAML
|
|
manifest generated by building the kustomize overlay.
|
|
properties:
|
|
substitute:
|
|
additionalProperties:
|
|
type: string
|
|
description: Substitute holds a map of key/value pairs. The variables
|
|
defined in your YAML manifests that match any of the keys defined
|
|
in the map will be substituted with the set value. Includes
|
|
support for bash string replacement functions e.g. ${var:=default},
|
|
${var:position} and ${var/substring/replacement}.
|
|
type: object
|
|
substituteFrom:
|
|
description: SubstituteFrom holds references to ConfigMaps and
|
|
Secrets containing the variables and their values to be substituted
|
|
in the YAML manifests. The ConfigMap and the Secret data keys
|
|
represent the var names and they must match the vars declared
|
|
in the manifests for the substitution to happen.
|
|
items:
|
|
description: SubstituteReference contains a reference to a resource
|
|
containing the variables name and value.
|
|
properties:
|
|
kind:
|
|
description: Kind of the values referent, valid values are
|
|
('Secret', 'ConfigMap').
|
|
enum:
|
|
- Secret
|
|
- ConfigMap
|
|
type: string
|
|
name:
|
|
description: Name of the values referent. Should reside
|
|
in the same namespace as the referring resource.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
optional:
|
|
default: false
|
|
description: Optional indicates whether the referenced resource
|
|
must exist, or whether to tolerate its absence. If true
|
|
and the referenced resource is absent, proceed as if the
|
|
resource was present but empty, without any variables
|
|
defined.
|
|
type: boolean
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
prune:
|
|
description: Prune enables garbage collection.
|
|
type: boolean
|
|
retryInterval:
|
|
description: The interval at which to retry a previously failed reconciliation.
|
|
When not specified, the controller uses the KustomizationSpec.Interval
|
|
value to retry failures.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
serviceAccountName:
|
|
description: The name of the Kubernetes service account to impersonate
|
|
when reconciling this Kustomization.
|
|
type: string
|
|
sourceRef:
|
|
description: Reference of the source where the kustomization file
|
|
is.
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
enum:
|
|
- OCIRepository
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, defaults to the namespace
|
|
of the Kubernetes resource object that contains the reference.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
kustomize executions, it does not apply to already started executions.
|
|
Defaults to false.
|
|
type: boolean
|
|
targetNamespace:
|
|
description: TargetNamespace sets or overrides the namespace in the
|
|
kustomization.yaml file.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
timeout:
|
|
description: Timeout for validation, apply and health checking operations.
|
|
Defaults to 'Interval' duration.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
validation:
|
|
description: 'Deprecated: Not used in v1beta2.'
|
|
enum:
|
|
- none
|
|
- client
|
|
- server
|
|
type: string
|
|
wait:
|
|
description: Wait instructs the controller to check the health of
|
|
all the reconciled resources. When enabled, the HealthChecks are
|
|
ignored. Defaults to false.
|
|
type: boolean
|
|
required:
|
|
- interval
|
|
- prune
|
|
- sourceRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: KustomizationStatus defines the observed state of a kustomization.
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
inventory:
|
|
description: Inventory contains the list of Kubernetes resource object
|
|
references that have been successfully applied.
|
|
properties:
|
|
entries:
|
|
description: Entries of Kubernetes resource object references.
|
|
items:
|
|
description: ResourceRef contains the information necessary
|
|
to locate a resource within a cluster.
|
|
properties:
|
|
id:
|
|
description: ID is the string representation of the Kubernetes
|
|
resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
|
|
type: string
|
|
v:
|
|
description: Version is the API version of the Kubernetes
|
|
resource object's kind.
|
|
type: string
|
|
required:
|
|
- id
|
|
- v
|
|
type: object
|
|
type: array
|
|
required:
|
|
- entries
|
|
type: object
|
|
lastAppliedRevision:
|
|
description: The last successfully applied revision. Equals the Revision
|
|
of the applied Artifact from the referenced Source.
|
|
type: string
|
|
lastAttemptedRevision:
|
|
description: LastAttemptedRevision is the revision of the last reconciliation
|
|
attempt.
|
|
type: string
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last reconciled generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: kustomize-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: kustomize-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: kustomize-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: kustomize-controller
|
|
namespace: flux-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: kustomize-controller
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
app: kustomize-controller
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
|
|
- --watch-all-namespaces=true
|
|
- --log-level=info
|
|
- --log-encoding=json
|
|
- --enable-leader-election
|
|
env:
|
|
- name: RUNTIME_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
image: ghcr.io/fluxcd/kustomize-controller:v1.1.1
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http-prom
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: healthz
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: temp
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
priorityClassName: system-cluster-critical
|
|
securityContext:
|
|
fsGroup: 1337
|
|
serviceAccountName: kustomize-controller
|
|
terminationGracePeriodSeconds: 60
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: temp
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: helm-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: helmreleases.helm.toolkit.fluxcd.io
|
|
spec:
|
|
group: helm.toolkit.fluxcd.io
|
|
names:
|
|
kind: HelmRelease
|
|
listKind: HelmReleaseList
|
|
plural: helmreleases
|
|
shortNames:
|
|
- hr
|
|
singular: helmrelease
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v2beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: HelmRelease is the Schema for the helmreleases API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: HelmReleaseSpec defines the desired state of a Helm release.
|
|
properties:
|
|
chart:
|
|
description: Chart defines the template of the v1beta2.HelmChart that
|
|
should be created for this HelmRelease.
|
|
properties:
|
|
metadata:
|
|
description: ObjectMeta holds the template for metadata like labels
|
|
and annotations.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Annotations is an unstructured key value map
|
|
stored with a resource that may be set by external tools
|
|
to store and retrieve arbitrary metadata. They are not queryable
|
|
and should be preserved when modifying objects. More info:
|
|
https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: 'Map of string keys and values that can be used
|
|
to organize and categorize (scope and select) objects. More
|
|
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'
|
|
type: object
|
|
type: object
|
|
spec:
|
|
description: Spec holds the template for the v1beta2.HelmChartSpec
|
|
for this HelmRelease.
|
|
properties:
|
|
chart:
|
|
description: The name or path the Helm chart is available
|
|
at in the SourceRef.
|
|
type: string
|
|
interval:
|
|
description: Interval at which to check the v1beta2.Source
|
|
for updates. Defaults to 'HelmReleaseSpec.Interval'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
reconcileStrategy:
|
|
default: ChartVersion
|
|
description: Determines what enables the creation of a new
|
|
artifact. Valid values are ('ChartVersion', 'Revision').
|
|
See the documentation of the values for an explanation on
|
|
their behavior. Defaults to ChartVersion when omitted.
|
|
enum:
|
|
- ChartVersion
|
|
- Revision
|
|
type: string
|
|
sourceRef:
|
|
description: The name and namespace of the v1beta2.Source
|
|
the chart is available at.
|
|
properties:
|
|
apiVersion:
|
|
description: APIVersion of the referent.
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent.
|
|
enum:
|
|
- HelmRepository
|
|
- GitRepository
|
|
- Bucket
|
|
type: string
|
|
name:
|
|
description: Name of the referent.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
valuesFile:
|
|
description: Alternative values file to use as the default
|
|
chart values, expected to be a relative path in the SourceRef.
|
|
Deprecated in favor of ValuesFiles, for backwards compatibility
|
|
the file defined here is merged before the ValuesFiles items.
|
|
Ignored when omitted.
|
|
type: string
|
|
valuesFiles:
|
|
description: Alternative list of values files to use as the
|
|
chart values (values.yaml is not included by default), expected
|
|
to be a relative path in the SourceRef. Values files are
|
|
merged in the order of this list with the last file overriding
|
|
the first. Ignored when omitted.
|
|
items:
|
|
type: string
|
|
type: array
|
|
verify:
|
|
description: Verify contains the secret name containing the
|
|
trusted public keys used to verify the signature and specifies
|
|
which provider to use to check whether OCI image is authentic.
|
|
This field is only supported for OCI sources. Chart dependencies,
|
|
which are not bundled in the umbrella chart artifact, are
|
|
not verified.
|
|
properties:
|
|
provider:
|
|
default: cosign
|
|
description: Provider specifies the technology used to
|
|
sign the OCI Helm chart.
|
|
enum:
|
|
- cosign
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Kubernetes Secret
|
|
containing the trusted public keys.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- provider
|
|
type: object
|
|
version:
|
|
default: '*'
|
|
description: Version semver expression, ignored for charts
|
|
from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
|
|
to latest when omitted.
|
|
type: string
|
|
required:
|
|
- chart
|
|
- sourceRef
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
dependsOn:
|
|
description: DependsOn may contain a meta.NamespacedObjectReference
|
|
slice with references to HelmRelease resources that must be ready
|
|
before this HelmRelease can be reconciled.
|
|
items:
|
|
description: NamespacedObjectReference contains enough information
|
|
to locate the referenced Kubernetes resource object in any namespace.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent, when not specified it
|
|
acts as LocalObjectReference.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
install:
|
|
description: Install holds the configuration for Helm install actions
|
|
for this HelmRelease.
|
|
properties:
|
|
crds:
|
|
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
|
|
according to the CRD upgrade policy provided here. Valid values
|
|
are `Skip`, `Create` or `CreateReplace`. Default is `Create`
|
|
and if omitted CRDs are installed but not updated. \n Skip:
|
|
do neither install nor replace (update) any CRDs. \n Create:
|
|
new CRDs are created, existing CRDs are neither updated nor
|
|
deleted. \n CreateReplace: new CRDs are created, existing CRDs
|
|
are updated (replaced) but not deleted. \n By default, CRDs
|
|
are applied (installed) during Helm install action. With this
|
|
option users can opt-in to CRD replace existing CRDs on Helm
|
|
install actions, which is not (yet) natively supported by Helm.
|
|
https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
|
|
enum:
|
|
- Skip
|
|
- Create
|
|
- CreateReplace
|
|
type: string
|
|
createNamespace:
|
|
description: CreateNamespace tells the Helm install action to
|
|
create the HelmReleaseSpec.TargetNamespace if it does not exist
|
|
yet. On uninstall, the namespace will not be garbage collected.
|
|
type: boolean
|
|
disableHooks:
|
|
description: DisableHooks prevents hooks from running during the
|
|
Helm install action.
|
|
type: boolean
|
|
disableOpenAPIValidation:
|
|
description: DisableOpenAPIValidation prevents the Helm install
|
|
action from validating rendered templates against the Kubernetes
|
|
OpenAPI Schema.
|
|
type: boolean
|
|
disableWait:
|
|
description: DisableWait disables the waiting for resources to
|
|
be ready after a Helm install has been performed.
|
|
type: boolean
|
|
disableWaitForJobs:
|
|
description: DisableWaitForJobs disables waiting for jobs to complete
|
|
after a Helm install has been performed.
|
|
type: boolean
|
|
remediation:
|
|
description: Remediation holds the remediation configuration for
|
|
when the Helm install action for the HelmRelease fails. The
|
|
default is to not perform any action.
|
|
properties:
|
|
ignoreTestFailures:
|
|
description: IgnoreTestFailures tells the controller to skip
|
|
remediation when the Helm tests are run after an install
|
|
action but fail. Defaults to 'Test.IgnoreFailures'.
|
|
type: boolean
|
|
remediateLastFailure:
|
|
description: RemediateLastFailure tells the controller to
|
|
remediate the last failure, when no retries remain. Defaults
|
|
to 'false'.
|
|
type: boolean
|
|
retries:
|
|
description: Retries is the number of retries that should
|
|
be attempted on failures before bailing. Remediation, using
|
|
an uninstall, is performed between each attempt. Defaults
|
|
to '0', a negative integer equals to unlimited retries.
|
|
type: integer
|
|
type: object
|
|
replace:
|
|
description: Replace tells the Helm install action to re-use the
|
|
'ReleaseName', but only if that name is a deleted release which
|
|
remains in the history.
|
|
type: boolean
|
|
skipCRDs:
|
|
description: "SkipCRDs tells the Helm install action to not install
|
|
any CRDs. By default, CRDs are installed if not already present.
|
|
\n Deprecated use CRD policy (`crds`) attribute with value `Skip`
|
|
instead."
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation (like Jobs for hooks) during the performance of a
|
|
Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
type: object
|
|
interval:
|
|
description: Interval at which to reconcile the Helm release. This
|
|
interval is approximate and may be subject to jitter to ensure efficient
|
|
use of resources.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
kubeConfig:
|
|
description: KubeConfig for reconciling the HelmRelease on a remote
|
|
cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
|
|
forces the controller to act on behalf of that Service Account at
|
|
the target cluster. If the --default-service-account flag is set,
|
|
its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
|
|
is empty.
|
|
properties:
|
|
secretRef:
|
|
description: SecretRef holds the name of a secret that contains
|
|
a key with the kubeconfig file as the value. If no key is set,
|
|
the key will default to 'value'. It is recommended that the
|
|
kubeconfig is self-contained, and the secret is regularly updated
|
|
if credentials such as a cloud-access-token expire. Cloud specific
|
|
`cmd-path` auth helpers will not function without adding binaries
|
|
and credentials to the Pod that is responsible for reconciling
|
|
Kubernetes resources.
|
|
properties:
|
|
key:
|
|
description: Key in the Secret, when not specified an implementation-specific
|
|
default key is used.
|
|
type: string
|
|
name:
|
|
description: Name of the Secret.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- secretRef
|
|
type: object
|
|
maxHistory:
|
|
description: MaxHistory is the number of revisions saved by Helm for
|
|
this HelmRelease. Use '0' for an unlimited number of revisions;
|
|
defaults to '10'.
|
|
type: integer
|
|
persistentClient:
|
|
description: "PersistentClient tells the controller to use a persistent
|
|
Kubernetes client for this release. When enabled, the client will
|
|
be reused for the duration of the reconciliation, instead of being
|
|
created and destroyed for each (step of a) Helm action. \n This
|
|
can improve performance, but may cause issues with some Helm charts
|
|
that for example do create Custom Resource Definitions during installation
|
|
outside Helm's CRD lifecycle hooks, which are then not observed
|
|
to be available by e.g. post-install hooks. \n If not set, it defaults
|
|
to true."
|
|
type: boolean
|
|
postRenderers:
|
|
description: PostRenderers holds an array of Helm PostRenderers, which
|
|
will be applied in order of their definition.
|
|
items:
|
|
description: PostRenderer contains a Helm PostRenderer specification.
|
|
properties:
|
|
kustomize:
|
|
description: Kustomization to apply as PostRenderer.
|
|
properties:
|
|
images:
|
|
description: Images is a list of (image name, new name,
|
|
new tag or digest) for changing image names, tags or digests.
|
|
This can also be achieved with a patch, but this operator
|
|
is simpler to specify.
|
|
items:
|
|
description: Image contains an image name, a new name,
|
|
a new tag or digest, which will replace the original
|
|
name and tag.
|
|
properties:
|
|
digest:
|
|
description: Digest is the value used to replace the
|
|
original image tag. If digest is present NewTag
|
|
value is ignored.
|
|
type: string
|
|
name:
|
|
description: Name is a tag-less image name.
|
|
type: string
|
|
newName:
|
|
description: NewName is the value used to replace
|
|
the original name.
|
|
type: string
|
|
newTag:
|
|
description: NewTag is the value used to replace the
|
|
original tag.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
patches:
|
|
description: Strategic merge and JSON patches, defined as
|
|
inline YAML objects, capable of targeting objects based
|
|
on kind, label and annotation selectors.
|
|
items:
|
|
description: Patch contains an inline StrategicMerge or
|
|
JSON6902 patch, and the target the patch should be applied
|
|
to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains an inline StrategicMerge
|
|
patch or an inline JSON6902 patch with an array
|
|
of operation objects.
|
|
type: string
|
|
target:
|
|
description: Target points to the resources that the
|
|
patch document should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that
|
|
follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select
|
|
resources from. Together with Version and Kind
|
|
it is capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources
|
|
from. Together with Group and Version it is
|
|
capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select
|
|
resources from. Together with Group and Kind
|
|
it is capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
type: object
|
|
type: array
|
|
patchesJson6902:
|
|
description: JSON 6902 patches, defined as inline YAML objects.
|
|
items:
|
|
description: JSON6902Patch contains a JSON6902 patch and
|
|
the target the patch should be applied to.
|
|
properties:
|
|
patch:
|
|
description: Patch contains the JSON6902 patch document
|
|
with an array of operation objects.
|
|
items:
|
|
description: JSON6902 is a JSON6902 operation object.
|
|
https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
properties:
|
|
from:
|
|
description: From contains a JSON-pointer value
|
|
that references a location within the target
|
|
document where the operation is performed.
|
|
The meaning of the value depends on the value
|
|
of Op, and is NOT taken into account by all
|
|
operations.
|
|
type: string
|
|
op:
|
|
description: Op indicates the operation to perform.
|
|
Its value MUST be one of "add", "remove",
|
|
"replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
|
|
enum:
|
|
- test
|
|
- remove
|
|
- add
|
|
- replace
|
|
- move
|
|
- copy
|
|
type: string
|
|
path:
|
|
description: Path contains the JSON-pointer
|
|
value that references a location within the
|
|
target document where the operation is performed.
|
|
The meaning of the value depends on the value
|
|
of Op.
|
|
type: string
|
|
value:
|
|
description: Value contains a valid JSON structure.
|
|
The meaning of the value depends on the value
|
|
of Op, and is NOT taken into account by all
|
|
operations.
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
required:
|
|
- op
|
|
- path
|
|
type: object
|
|
type: array
|
|
target:
|
|
description: Target points to the resources that the
|
|
patch document should be applied to.
|
|
properties:
|
|
annotationSelector:
|
|
description: AnnotationSelector is a string that
|
|
follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource annotations.
|
|
type: string
|
|
group:
|
|
description: Group is the API group to select
|
|
resources from. Together with Version and Kind
|
|
it is capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
kind:
|
|
description: Kind of the API Group to select resources
|
|
from. Together with Group and Version it is
|
|
capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
labelSelector:
|
|
description: LabelSelector is a string that follows
|
|
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
|
|
It matches with the resource labels.
|
|
type: string
|
|
name:
|
|
description: Name to match resources with.
|
|
type: string
|
|
namespace:
|
|
description: Namespace to select resources from.
|
|
type: string
|
|
version:
|
|
description: Version of the API Group to select
|
|
resources from. Together with Group and Kind
|
|
it is capable of unambiguously identifying and/or
|
|
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
|
|
type: string
|
|
type: object
|
|
required:
|
|
- patch
|
|
- target
|
|
type: object
|
|
type: array
|
|
patchesStrategicMerge:
|
|
description: Strategic merge patches, defined as inline
|
|
YAML objects.
|
|
items:
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
releaseName:
|
|
description: ReleaseName used for the Helm release. Defaults to a
|
|
composition of '[TargetNamespace-]Name'.
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
rollback:
|
|
description: Rollback holds the configuration for Helm rollback actions
|
|
for this HelmRelease.
|
|
properties:
|
|
cleanupOnFail:
|
|
description: CleanupOnFail allows deletion of new resources created
|
|
during the Helm rollback action when it fails.
|
|
type: boolean
|
|
disableHooks:
|
|
description: DisableHooks prevents hooks from running during the
|
|
Helm rollback action.
|
|
type: boolean
|
|
disableWait:
|
|
description: DisableWait disables the waiting for resources to
|
|
be ready after a Helm rollback has been performed.
|
|
type: boolean
|
|
disableWaitForJobs:
|
|
description: DisableWaitForJobs disables waiting for jobs to complete
|
|
after a Helm rollback has been performed.
|
|
type: boolean
|
|
force:
|
|
description: Force forces resource updates through a replacement
|
|
strategy.
|
|
type: boolean
|
|
recreate:
|
|
description: Recreate performs pod restarts for the resource if
|
|
applicable.
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation (like Jobs for hooks) during the performance of a
|
|
Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
type: object
|
|
serviceAccountName:
|
|
description: The name of the Kubernetes service account to impersonate
|
|
when reconciling this HelmRelease.
|
|
type: string
|
|
storageNamespace:
|
|
description: StorageNamespace used for the Helm storage. Defaults
|
|
to the namespace of the HelmRelease.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
suspend:
|
|
description: Suspend tells the controller to suspend reconciliation
|
|
for this HelmRelease, it does not apply to already started reconciliations.
|
|
Defaults to false.
|
|
type: boolean
|
|
targetNamespace:
|
|
description: TargetNamespace to target when performing operations
|
|
for the HelmRelease. Defaults to the namespace of the HelmRelease.
|
|
maxLength: 63
|
|
minLength: 1
|
|
type: string
|
|
test:
|
|
description: Test holds the configuration for Helm test actions for
|
|
this HelmRelease.
|
|
properties:
|
|
enable:
|
|
description: Enable enables Helm test actions for this HelmRelease
|
|
after an Helm install or upgrade action has been performed.
|
|
type: boolean
|
|
ignoreFailures:
|
|
description: IgnoreFailures tells the controller to skip remediation
|
|
when the Helm tests are run but fail. Can be overwritten for
|
|
tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
|
|
and 'Upgrade.IgnoreTestFailures'.
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation during the performance of a Helm test action. Defaults
|
|
to 'HelmReleaseSpec.Timeout'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
type: object
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation (like Jobs for hooks) during the performance of a Helm
|
|
action. Defaults to '5m0s'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
uninstall:
|
|
description: Uninstall holds the configuration for Helm uninstall
|
|
actions for this HelmRelease.
|
|
properties:
|
|
deletionPropagation:
|
|
default: background
|
|
description: DeletionPropagation specifies the deletion propagation
|
|
policy when a Helm uninstall is performed.
|
|
enum:
|
|
- background
|
|
- foreground
|
|
- orphan
|
|
type: string
|
|
disableHooks:
|
|
description: DisableHooks prevents hooks from running during the
|
|
Helm rollback action.
|
|
type: boolean
|
|
disableWait:
|
|
description: DisableWait disables waiting for all the resources
|
|
to be deleted after a Helm uninstall is performed.
|
|
type: boolean
|
|
keepHistory:
|
|
description: KeepHistory tells Helm to remove all associated resources
|
|
and mark the release as deleted, but retain the release history.
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation (like Jobs for hooks) during the performance of a
|
|
Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
type: object
|
|
upgrade:
|
|
description: Upgrade holds the configuration for Helm upgrade actions
|
|
for this HelmRelease.
|
|
properties:
|
|
cleanupOnFail:
|
|
description: CleanupOnFail allows deletion of new resources created
|
|
during the Helm upgrade action when it fails.
|
|
type: boolean
|
|
crds:
|
|
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
|
|
according to the CRD upgrade policy provided here. Valid values
|
|
are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
|
|
if omitted CRDs are neither installed nor upgraded. \n Skip:
|
|
do neither install nor replace (update) any CRDs. \n Create:
|
|
new CRDs are created, existing CRDs are neither updated nor
|
|
deleted. \n CreateReplace: new CRDs are created, existing CRDs
|
|
are updated (replaced) but not deleted. \n By default, CRDs
|
|
are not applied during Helm upgrade action. With this option
|
|
users can opt-in to CRD upgrade, which is not (yet) natively
|
|
supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
|
|
enum:
|
|
- Skip
|
|
- Create
|
|
- CreateReplace
|
|
type: string
|
|
disableHooks:
|
|
description: DisableHooks prevents hooks from running during the
|
|
Helm upgrade action.
|
|
type: boolean
|
|
disableOpenAPIValidation:
|
|
description: DisableOpenAPIValidation prevents the Helm upgrade
|
|
action from validating rendered templates against the Kubernetes
|
|
OpenAPI Schema.
|
|
type: boolean
|
|
disableWait:
|
|
description: DisableWait disables the waiting for resources to
|
|
be ready after a Helm upgrade has been performed.
|
|
type: boolean
|
|
disableWaitForJobs:
|
|
description: DisableWaitForJobs disables waiting for jobs to complete
|
|
after a Helm upgrade has been performed.
|
|
type: boolean
|
|
force:
|
|
description: Force forces resource updates through a replacement
|
|
strategy.
|
|
type: boolean
|
|
preserveValues:
|
|
description: PreserveValues will make Helm reuse the last release's
|
|
values and merge in overrides from 'Values'. Setting this flag
|
|
makes the HelmRelease non-declarative.
|
|
type: boolean
|
|
remediation:
|
|
description: Remediation holds the remediation configuration for
|
|
when the Helm upgrade action for the HelmRelease fails. The
|
|
default is to not perform any action.
|
|
properties:
|
|
ignoreTestFailures:
|
|
description: IgnoreTestFailures tells the controller to skip
|
|
remediation when the Helm tests are run after an upgrade
|
|
action but fail. Defaults to 'Test.IgnoreFailures'.
|
|
type: boolean
|
|
remediateLastFailure:
|
|
description: RemediateLastFailure tells the controller to
|
|
remediate the last failure, when no retries remain. Defaults
|
|
to 'false' unless 'Retries' is greater than 0.
|
|
type: boolean
|
|
retries:
|
|
description: Retries is the number of retries that should
|
|
be attempted on failures before bailing. Remediation, using
|
|
'Strategy', is performed between each attempt. Defaults
|
|
to '0', a negative integer equals to unlimited retries.
|
|
type: integer
|
|
strategy:
|
|
description: Strategy to use for failure remediation. Defaults
|
|
to 'rollback'.
|
|
enum:
|
|
- rollback
|
|
- uninstall
|
|
type: string
|
|
type: object
|
|
timeout:
|
|
description: Timeout is the time to wait for any individual Kubernetes
|
|
operation (like Jobs for hooks) during the performance of a
|
|
Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
type: object
|
|
values:
|
|
description: Values holds the values for this Helm release.
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
valuesFrom:
|
|
description: ValuesFrom holds references to resources containing Helm
|
|
values for this HelmRelease, and information about how they should
|
|
be merged.
|
|
items:
|
|
description: ValuesReference contains a reference to a resource
|
|
containing Helm values, and optionally the key they can be found
|
|
at.
|
|
properties:
|
|
kind:
|
|
description: Kind of the values referent, valid values are ('Secret',
|
|
'ConfigMap').
|
|
enum:
|
|
- Secret
|
|
- ConfigMap
|
|
type: string
|
|
name:
|
|
description: Name of the values referent. Should reside in the
|
|
same namespace as the referring resource.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
optional:
|
|
description: Optional marks this ValuesReference as optional.
|
|
When set, a not found error for the values reference is ignored,
|
|
but any ValuesKey, TargetPath or transient error will still
|
|
result in a reconciliation failure.
|
|
type: boolean
|
|
targetPath:
|
|
description: TargetPath is the YAML dot notation path the value
|
|
should be merged at. When set, the ValuesKey is expected to
|
|
be a single flat value. Defaults to 'None', which results
|
|
in the values getting merged at the root.
|
|
maxLength: 250
|
|
pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
|
|
type: string
|
|
valuesKey:
|
|
description: ValuesKey is the data key where the values.yaml
|
|
or a specific value can be found at. Defaults to 'values.yaml'.
|
|
When set, must be a valid Data Key, consisting of alphanumeric
|
|
characters, '-', '_' or '.'.
|
|
maxLength: 253
|
|
pattern: ^[\-._a-zA-Z0-9]+$
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
required:
|
|
- chart
|
|
- interval
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: HelmReleaseStatus defines the observed state of a HelmRelease.
|
|
properties:
|
|
conditions:
|
|
description: Conditions holds the conditions for the HelmRelease.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
failures:
|
|
description: Failures is the reconciliation failure count against
|
|
the latest desired state. It is reset after a successful reconciliation.
|
|
format: int64
|
|
type: integer
|
|
helmChart:
|
|
description: HelmChart is the namespaced name of the HelmChart resource
|
|
created by the controller for the HelmRelease.
|
|
type: string
|
|
installFailures:
|
|
description: InstallFailures is the install failure count against
|
|
the latest desired state. It is reset after a successful reconciliation.
|
|
format: int64
|
|
type: integer
|
|
lastAppliedRevision:
|
|
description: LastAppliedRevision is the revision of the last successfully
|
|
applied source.
|
|
type: string
|
|
lastAttemptedRevision:
|
|
description: LastAttemptedRevision is the revision of the last reconciliation
|
|
attempt.
|
|
type: string
|
|
lastAttemptedValuesChecksum:
|
|
description: LastAttemptedValuesChecksum is the SHA1 checksum of the
|
|
values of the last reconciliation attempt.
|
|
type: string
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
lastReleaseRevision:
|
|
description: LastReleaseRevision is the revision of the last successful
|
|
Helm release.
|
|
type: integer
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
upgradeFailures:
|
|
description: UpgradeFailures is the upgrade failure count against
|
|
the latest desired state. It is reset after a successful reconciliation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: helm-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: helm-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: helm-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: helm-controller
|
|
namespace: flux-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: helm-controller
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
app: helm-controller
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
|
|
- --watch-all-namespaces=true
|
|
- --log-level=info
|
|
- --log-encoding=json
|
|
- --enable-leader-election
|
|
env:
|
|
- name: RUNTIME_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
image: ghcr.io/fluxcd/helm-controller:v0.36.2
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http-prom
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: healthz
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: temp
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
priorityClassName: system-cluster-critical
|
|
securityContext:
|
|
fsGroup: 1337
|
|
serviceAccountName: helm-controller
|
|
terminationGracePeriodSeconds: 600
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: temp
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: alerts.notification.toolkit.fluxcd.io
|
|
spec:
|
|
group: notification.toolkit.fluxcd.io
|
|
names:
|
|
kind: Alert
|
|
listKind: AlertList
|
|
plural: alerts
|
|
singular: alert
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Alert is the Schema for the alerts API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: AlertSpec defines an alerting rule for events involving a
|
|
list of objects
|
|
properties:
|
|
eventSeverity:
|
|
default: info
|
|
description: Filter events based on severity, defaults to ('info').
|
|
If set to 'info' no events will be filtered.
|
|
enum:
|
|
- info
|
|
- error
|
|
type: string
|
|
eventSources:
|
|
description: Filter events based on the involved objects.
|
|
items:
|
|
description: CrossNamespaceObjectReference contains enough information
|
|
to let you locate the typed referenced object at cluster level
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- Bucket
|
|
- GitRepository
|
|
- Kustomization
|
|
- HelmRelease
|
|
- HelmChart
|
|
- HelmRepository
|
|
- ImageRepository
|
|
- ImagePolicy
|
|
- ImageUpdateAutomation
|
|
- OCIRepository
|
|
type: string
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs. A single
|
|
{key,value} in the matchLabels map is equivalent to an element
|
|
of matchExpressions, whose key field is "key", the operator
|
|
is "In", and the values array contains only "value". The requirements
|
|
are ANDed.
|
|
type: object
|
|
name:
|
|
description: Name of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
exclusionList:
|
|
description: A list of Golang regular expressions to be used for excluding
|
|
messages.
|
|
items:
|
|
type: string
|
|
type: array
|
|
providerRef:
|
|
description: Send events using this provider.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
summary:
|
|
description: Short description of the impact and affected cluster.
|
|
type: string
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
events dispatching. Defaults to false.
|
|
type: boolean
|
|
required:
|
|
- eventSources
|
|
- providerRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: AlertStatus defines the observed state of Alert
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Alert is the Schema for the alerts API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: AlertSpec defines an alerting rule for events involving a
|
|
list of objects.
|
|
properties:
|
|
eventMetadata:
|
|
additionalProperties:
|
|
type: string
|
|
description: EventMetadata is an optional field for adding metadata
|
|
to events dispatched by the controller. This can be used for enhancing
|
|
the context of the event. If a field would override one already
|
|
present on the original event as generated by the emitter, then
|
|
the override doesn't happen, i.e. the original value is preserved,
|
|
and an info log is printed.
|
|
type: object
|
|
eventSeverity:
|
|
default: info
|
|
description: EventSeverity specifies how to filter events based on
|
|
severity. If set to 'info' no events will be filtered.
|
|
enum:
|
|
- info
|
|
- error
|
|
type: string
|
|
eventSources:
|
|
description: EventSources specifies how to filter events based on
|
|
the involved object kind, name and namespace.
|
|
items:
|
|
description: CrossNamespaceObjectReference contains enough information
|
|
to let you locate the typed referenced object at cluster level
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- Bucket
|
|
- GitRepository
|
|
- Kustomization
|
|
- HelmRelease
|
|
- HelmChart
|
|
- HelmRepository
|
|
- ImageRepository
|
|
- ImagePolicy
|
|
- ImageUpdateAutomation
|
|
- OCIRepository
|
|
type: string
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs. A single
|
|
{key,value} in the matchLabels map is equivalent to an element
|
|
of matchExpressions, whose key field is "key", the operator
|
|
is "In", and the values array contains only "value". The requirements
|
|
are ANDed. MatchLabels requires the name to be set to `*`.
|
|
type: object
|
|
name:
|
|
description: Name of the referent If multiple resources are
|
|
targeted `*` may be set.
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
exclusionList:
|
|
description: ExclusionList specifies a list of Golang regular expressions
|
|
to be used for excluding messages.
|
|
items:
|
|
type: string
|
|
type: array
|
|
inclusionList:
|
|
description: InclusionList specifies a list of Golang regular expressions
|
|
to be used for including messages.
|
|
items:
|
|
type: string
|
|
type: array
|
|
providerRef:
|
|
description: ProviderRef specifies which Provider this Alert should
|
|
use.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
summary:
|
|
description: Summary holds a short description of the impact and affected
|
|
cluster.
|
|
maxLength: 255
|
|
type: string
|
|
suspend:
|
|
description: Suspend tells the controller to suspend subsequent events
|
|
handling for this Alert.
|
|
type: boolean
|
|
required:
|
|
- eventSources
|
|
- providerRef
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: AlertStatus defines the observed state of the Alert.
|
|
properties:
|
|
conditions:
|
|
description: Conditions holds the conditions for the Alert.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: providers.notification.toolkit.fluxcd.io
|
|
spec:
|
|
group: notification.toolkit.fluxcd.io
|
|
names:
|
|
kind: Provider
|
|
listKind: ProviderList
|
|
plural: providers
|
|
singular: provider
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Provider is the Schema for the providers API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ProviderSpec defines the desired state of Provider
|
|
properties:
|
|
address:
|
|
description: HTTP/S webhook address of this provider
|
|
pattern: ^(http|https)://
|
|
type: string
|
|
certSecretRef:
|
|
description: CertSecretRef can be given the name of a secret containing
|
|
a PEM-encoded CA certificate (`caFile`)
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
channel:
|
|
description: Alert channel for this provider
|
|
type: string
|
|
proxy:
|
|
description: HTTP/S address of the proxy
|
|
pattern: ^(http|https)://
|
|
type: string
|
|
secretRef:
|
|
description: Secret reference containing the provider webhook URL
|
|
using "address" as data key
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
events handling. Defaults to false.
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout for sending alerts to the provider.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
type:
|
|
description: Type of provider
|
|
enum:
|
|
- slack
|
|
- discord
|
|
- msteams
|
|
- rocket
|
|
- generic
|
|
- generic-hmac
|
|
- github
|
|
- gitlab
|
|
- bitbucket
|
|
- azuredevops
|
|
- googlechat
|
|
- webex
|
|
- sentry
|
|
- azureeventhub
|
|
- telegram
|
|
- lark
|
|
- matrix
|
|
- opsgenie
|
|
- alertmanager
|
|
- grafana
|
|
- githubdispatch
|
|
type: string
|
|
username:
|
|
description: Bot username for this provider
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: ProviderStatus defines the observed state of Provider
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last reconciled generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Provider is the Schema for the providers API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ProviderSpec defines the desired state of the Provider.
|
|
properties:
|
|
address:
|
|
description: Address specifies the endpoint, in a generic sense, to
|
|
where alerts are sent. What kind of endpoint depends on the specific
|
|
Provider type being used. For the generic Provider, for example,
|
|
this is an HTTP/S address. For other Provider types this could be
|
|
a project ID or a namespace.
|
|
maxLength: 2048
|
|
type: string
|
|
certSecretRef:
|
|
description: "CertSecretRef specifies the Secret containing a PEM-encoded
|
|
CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile`
|
|
key has been deprecated."
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
channel:
|
|
description: Channel specifies the destination channel where events
|
|
should be posted.
|
|
maxLength: 2048
|
|
type: string
|
|
interval:
|
|
description: Interval at which to reconcile the Provider with its
|
|
Secret references.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
proxy:
|
|
description: Proxy the HTTP/S address of the proxy server.
|
|
maxLength: 2048
|
|
pattern: ^(http|https)://.*$
|
|
type: string
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing the authentication
|
|
credentials for this Provider.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend subsequent events
|
|
handling for this Provider.
|
|
type: boolean
|
|
timeout:
|
|
description: Timeout for sending alerts to the Provider.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
|
|
type: string
|
|
type:
|
|
description: Type specifies which Provider implementation to use.
|
|
enum:
|
|
- slack
|
|
- discord
|
|
- msteams
|
|
- rocket
|
|
- generic
|
|
- generic-hmac
|
|
- github
|
|
- gitlab
|
|
- gitea
|
|
- bitbucket
|
|
- azuredevops
|
|
- googlechat
|
|
- googlepubsub
|
|
- webex
|
|
- sentry
|
|
- azureeventhub
|
|
- telegram
|
|
- lark
|
|
- matrix
|
|
- opsgenie
|
|
- alertmanager
|
|
- grafana
|
|
- githubdispatch
|
|
- pagerduty
|
|
- datadog
|
|
type: string
|
|
username:
|
|
description: Username specifies the name under which events are posted.
|
|
maxLength: 2048
|
|
type: string
|
|
required:
|
|
- type
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: ProviderStatus defines the observed state of the Provider.
|
|
properties:
|
|
conditions:
|
|
description: Conditions holds the conditions for the Provider.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last reconciled generation.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.12.0
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: receivers.notification.toolkit.fluxcd.io
|
|
spec:
|
|
group: notification.toolkit.fluxcd.io
|
|
names:
|
|
kind: Receiver
|
|
listKind: ReceiverList
|
|
plural: receivers
|
|
singular: receiver
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Receiver is the Schema for the receivers API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ReceiverSpec defines the desired state of the Receiver.
|
|
properties:
|
|
events:
|
|
description: Events specifies the list of event types to handle, e.g.
|
|
'push' for GitHub or 'Push Hook' for GitLab.
|
|
items:
|
|
type: string
|
|
type: array
|
|
interval:
|
|
default: 10m
|
|
description: Interval at which to reconcile the Receiver with its
|
|
Secret references.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
resources:
|
|
description: A list of resources to be notified about changes.
|
|
items:
|
|
description: CrossNamespaceObjectReference contains enough information
|
|
to let you locate the typed referenced object at cluster level
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- Bucket
|
|
- GitRepository
|
|
- Kustomization
|
|
- HelmRelease
|
|
- HelmChart
|
|
- HelmRepository
|
|
- ImageRepository
|
|
- ImagePolicy
|
|
- ImageUpdateAutomation
|
|
- OCIRepository
|
|
type: string
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs. A single
|
|
{key,value} in the matchLabels map is equivalent to an element
|
|
of matchExpressions, whose key field is "key", the operator
|
|
is "In", and the values array contains only "value". The requirements
|
|
are ANDed. MatchLabels requires the name to be set to `*`.
|
|
type: object
|
|
name:
|
|
description: Name of the referent If multiple resources are
|
|
targeted `*` may be set.
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing the token used
|
|
to validate the payload authenticity.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend subsequent events
|
|
handling for this receiver.
|
|
type: boolean
|
|
type:
|
|
description: Type of webhook sender, used to determine the validation
|
|
procedure and payload deserialization.
|
|
enum:
|
|
- generic
|
|
- generic-hmac
|
|
- github
|
|
- gitlab
|
|
- bitbucket
|
|
- harbor
|
|
- dockerhub
|
|
- quay
|
|
- gcr
|
|
- nexus
|
|
- acr
|
|
type: string
|
|
required:
|
|
- resources
|
|
- secretRef
|
|
- type
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: ReceiverStatus defines the observed state of the Receiver.
|
|
properties:
|
|
conditions:
|
|
description: Conditions holds the conditions for the Receiver.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the Receiver object.
|
|
format: int64
|
|
type: integer
|
|
webhookPath:
|
|
description: WebhookPath is the generated incoming webhook address
|
|
in the format of '/hook/sha256sum(token+name+namespace)'.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
deprecated: true
|
|
deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Receiver is the Schema for the receivers API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ReceiverSpec defines the desired state of Receiver
|
|
properties:
|
|
events:
|
|
description: A list of events to handle, e.g. 'push' for GitHub or
|
|
'Push Hook' for GitLab.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resources:
|
|
description: A list of resources to be notified about changes.
|
|
items:
|
|
description: CrossNamespaceObjectReference contains enough information
|
|
to let you locate the typed referenced object at cluster level
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- Bucket
|
|
- GitRepository
|
|
- Kustomization
|
|
- HelmRelease
|
|
- HelmChart
|
|
- HelmRepository
|
|
- ImageRepository
|
|
- ImagePolicy
|
|
- ImageUpdateAutomation
|
|
- OCIRepository
|
|
type: string
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs. A single
|
|
{key,value} in the matchLabels map is equivalent to an element
|
|
of matchExpressions, whose key field is "key", the operator
|
|
is "In", and the values array contains only "value". The requirements
|
|
are ANDed.
|
|
type: object
|
|
name:
|
|
description: Name of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
secretRef:
|
|
description: Secret reference containing the token used to validate
|
|
the payload authenticity
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: This flag tells the controller to suspend subsequent
|
|
events handling. Defaults to false.
|
|
type: boolean
|
|
type:
|
|
description: Type of webhook sender, used to determine the validation
|
|
procedure and payload deserialization.
|
|
enum:
|
|
- generic
|
|
- generic-hmac
|
|
- github
|
|
- gitlab
|
|
- bitbucket
|
|
- harbor
|
|
- dockerhub
|
|
- quay
|
|
- gcr
|
|
- nexus
|
|
- acr
|
|
type: string
|
|
required:
|
|
- resources
|
|
- type
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: ReceiverStatus defines the observed state of Receiver
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
|
name: Ready
|
|
type: string
|
|
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
|
name: Status
|
|
type: string
|
|
deprecated: true
|
|
deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1
|
|
name: v1beta2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Receiver is the Schema for the receivers API.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ReceiverSpec defines the desired state of the Receiver.
|
|
properties:
|
|
events:
|
|
description: Events specifies the list of event types to handle, e.g.
|
|
'push' for GitHub or 'Push Hook' for GitLab.
|
|
items:
|
|
type: string
|
|
type: array
|
|
interval:
|
|
description: Interval at which to reconcile the Receiver with its
|
|
Secret references.
|
|
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
|
|
type: string
|
|
resources:
|
|
description: A list of resources to be notified about changes.
|
|
items:
|
|
description: CrossNamespaceObjectReference contains enough information
|
|
to let you locate the typed referenced object at cluster level
|
|
properties:
|
|
apiVersion:
|
|
description: API version of the referent
|
|
type: string
|
|
kind:
|
|
description: Kind of the referent
|
|
enum:
|
|
- Bucket
|
|
- GitRepository
|
|
- Kustomization
|
|
- HelmRelease
|
|
- HelmChart
|
|
- HelmRepository
|
|
- ImageRepository
|
|
- ImagePolicy
|
|
- ImageUpdateAutomation
|
|
- OCIRepository
|
|
type: string
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: MatchLabels is a map of {key,value} pairs. A single
|
|
{key,value} in the matchLabels map is equivalent to an element
|
|
of matchExpressions, whose key field is "key", the operator
|
|
is "In", and the values array contains only "value". The requirements
|
|
are ANDed. MatchLabels requires the name to be set to `*`.
|
|
type: object
|
|
name:
|
|
description: Name of the referent If multiple resources are
|
|
targeted `*` may be set.
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referent
|
|
maxLength: 53
|
|
minLength: 1
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
secretRef:
|
|
description: SecretRef specifies the Secret containing the token used
|
|
to validate the payload authenticity.
|
|
properties:
|
|
name:
|
|
description: Name of the referent.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
suspend:
|
|
description: Suspend tells the controller to suspend subsequent events
|
|
handling for this receiver.
|
|
type: boolean
|
|
type:
|
|
description: Type of webhook sender, used to determine the validation
|
|
procedure and payload deserialization.
|
|
enum:
|
|
- generic
|
|
- generic-hmac
|
|
- github
|
|
- gitlab
|
|
- bitbucket
|
|
- harbor
|
|
- dockerhub
|
|
- quay
|
|
- gcr
|
|
- nexus
|
|
- acr
|
|
type: string
|
|
required:
|
|
- resources
|
|
- type
|
|
type: object
|
|
status:
|
|
default:
|
|
observedGeneration: -1
|
|
description: ReceiverStatus defines the observed state of the Receiver.
|
|
properties:
|
|
conditions:
|
|
description: Conditions holds the conditions for the Receiver.
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
\n type FooStatus struct{ // Represents the observations of a
|
|
foo's current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers
|
|
of specific condition types may define expected values and
|
|
meanings for this field, and whether the values are considered
|
|
a guaranteed API. The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastHandledReconcileAt:
|
|
description: LastHandledReconcileAt holds the value of the most recent
|
|
reconcile request value, so a change of the annotation value can
|
|
be detected.
|
|
type: string
|
|
observedGeneration:
|
|
description: ObservedGeneration is the last observed generation of
|
|
the Receiver object.
|
|
format: int64
|
|
type: integer
|
|
url:
|
|
description: 'URL is the generated incoming webhook address in the
|
|
format of ''/hook/sha256sum(token+name+namespace)''. Deprecated:
|
|
Replaced by WebhookPath.'
|
|
type: string
|
|
webhookPath:
|
|
description: WebhookPath is the generated incoming webhook address
|
|
in the format of '/hook/sha256sum(token+name+namespace)'.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
name: notification-controller
|
|
namespace: flux-system
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: notification-controller
|
|
namespace: flux-system
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: http
|
|
selector:
|
|
app: notification-controller
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: webhook-receiver
|
|
namespace: flux-system
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: http-webhook
|
|
selector:
|
|
app: notification-controller
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: notification-controller
|
|
app.kubernetes.io/instance: flux-system
|
|
app.kubernetes.io/part-of: flux
|
|
app.kubernetes.io/version: v2.1.2
|
|
control-plane: controller
|
|
name: notification-controller
|
|
namespace: flux-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: notification-controller
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
app: notification-controller
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --watch-all-namespaces=true
|
|
- --log-level=info
|
|
- --log-encoding=json
|
|
- --enable-leader-election
|
|
env:
|
|
- name: RUNTIME_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
image: ghcr.io/fluxcd/notification-controller:v1.1.0
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
name: manager
|
|
ports:
|
|
- containerPort: 9090
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 9292
|
|
name: http-webhook
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: http-prom
|
|
protocol: TCP
|
|
- containerPort: 9440
|
|
name: healthz
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: healthz
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: temp
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
securityContext:
|
|
fsGroup: 1337
|
|
serviceAccountName: notification-controller
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: temp
|