From 5e0f8f103e7aaf403bc99d6112e447a10d6ca6ea Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 2 Jun 2026 14:45:52 +0500 Subject: [PATCH] ++ --- 1.yaml | 6417 +++++++++++++++++++ apps/mapper/brusnika-stage/helmrelease.yaml | 182 +- 2 files changed, 6507 insertions(+), 92 deletions(-) create mode 100644 1.yaml diff --git a/1.yaml b/1.yaml new file mode 100644 index 0000000..83791dc --- /dev/null +++ b/1.yaml @@ -0,0 +1,6417 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest + name: flux-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mapper +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: enabled + name: vault +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: critical-pods-flux-system + namespace: flux-system +spec: + hard: + pods: "1000" + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical + - system-cluster-critical +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 + name: v1beta2 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects. + properties: + eventMetadata: + additionalProperties: + type: string + description: "EventMetadata is an optional field for adding metadata + to events dispatched by the\ncontroller. This can be used for enhancing + the context of the event. If a field\nwould override one already + present on the original event as generated by the emitter,\nthen + the override doesn't happen, i.e. the original value is preserved, + and an info\nlog is printed. " + type: object + eventSeverity: + default: info + description: "EventSeverity specifies how to filter events based on + severity.\nIf set to 'info' no events will be filtered. " + enum: + - info + - error + type: string + eventSources: + description: "EventSources specifies how to filter events based\non + the involved object kind, name and namespace. " + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + exclusionList: + description: "ExclusionList specifies a list of Golang regular expressions\nto + be used for excluding messages. " + items: + type: string + type: array + inclusionList: + description: "InclusionList specifies a list of Golang regular expressions\nto + be used for including messages. " + items: + type: string + type: array + providerRef: + description: ProviderRef specifies which Provider this Alert should + use. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: Summary holds a short description of the impact and affected + cluster. + maxLength: 255 + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Alert. " + type: boolean + required: + - eventSources + - providerRef + type: object + status: + default: + observedGeneration: -1 + description: AlertStatus defines the observed state of the Alert. + properties: + conditions: + description: Conditions holds the conditions for the Alert. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta3 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects. + properties: + eventMetadata: + additionalProperties: + type: string + description: "EventMetadata is an optional field for adding metadata + to events dispatched by the\ncontroller. This can be used for enhancing + the context of the event. If a field\nwould override one already + present on the original event as generated by the emitter,\nthen + the override doesn't happen, i.e. the original value is preserved, + and an info\nlog is printed. " + type: object + eventSeverity: + default: info + description: "EventSeverity specifies how to filter events based on + severity.\nIf set to 'info' no events will be filtered. " + enum: + - info + - error + type: string + eventSources: + description: "EventSources specifies how to filter events based\non + the involved object kind, name and namespace. " + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + exclusionList: + description: "ExclusionList specifies a list of Golang regular expressions\nto + be used for excluding messages. " + items: + type: string + type: array + inclusionList: + description: "InclusionList specifies a list of Golang regular expressions\nto + be used for including messages. " + items: + type: string + type: array + providerRef: + description: ProviderRef specifies which Provider this Alert should + use. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + summary: + description: "Summary holds a short description of the impact and + affected cluster.\nDeprecated: Use EventMetadata instead. " + maxLength: 255 + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Alert. " + type: boolean + required: + - eventSources + - providerRef + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "BucketSpec specifies the required configuration to produce + an Artifact for\nan object storage bucket. " + properties: + bucketName: + description: BucketName is the name of the object storage bucket. + type: string + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nbucket. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis + field is only supported for the `generic` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + endpoint: + description: Endpoint is the object storage address the BucketName + is located at. + type: string + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP Endpoint. + type: boolean + interval: + description: "Interval at which the Bucket Endpoint is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + prefix: + description: Prefix to use for server-side filtering of files in the + Bucket. + type: string + provider: + default: generic + description: "Provider of the object storage bucket.\nDefaults to + 'generic', which expects an S3 (API) compatible object\nstorage. + \ " + enum: + - generic + - aws + - gcp + - azure + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the Bucket server. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + region: + description: Region of the Endpoint where the BucketName is located + in. + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the Bucket. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate\nthe bucket. This field is only supported for + the 'gcp' and 'aws' providers.\nFor more information about workload + identity:\nhttps://fluxcd.io/flux/components/source/buckets/#workload-identity + \ " + type: string + sts: + description: "STS specifies the required configuration to use a Security + Token\nService for fetching temporary credentials to authenticate + in a\nBucket provider.\n\nThis field is only supported for the `aws` + and `generic` providers. " + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret + containing\neither or both of\n\n- a PEM-encoded client certificate + (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA + certificate (`ca.crt`)\n\nand whichever are supplied, will be + used for connecting to the\nSTS endpoint. The client cert and + key are useful if you are\nauthenticating with a certificate; + the CA cert is useful if\nyou are using a self-signed server + certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis + field is only supported for the `ldap` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + endpoint: + description: "Endpoint is the HTTP/S endpoint of the Security + Token Service from\nwhere temporary credentials will be fetched. + \ " + pattern: ^(http|https)://.*$ + type: string + provider: + description: Provider of the Security Token Service. + enum: + - aws + - ldap + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the STS endpoint. This Secret must contain + the fields `username`\nand `password` and is supported only + for the `ldap` provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - endpoint + - provider + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nBucket. " + type: boolean + timeout: + default: 60s + description: Timeout for fetch operations, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + required: + - bucketName + - endpoint + - interval + type: object + x-kubernetes-validations: + - message: STS configuration is only supported for the 'aws' and 'generic' + Bucket providers + rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) + - message: '''aws'' is the only supported STS provider for the ''aws'' + Bucket provider' + rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider + == 'aws' + - message: '''ldap'' is the only supported STS provider for the ''generic'' + Bucket provider' + rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider + == 'ldap' + - message: spec.sts.secretRef is not required for the 'aws' STS provider + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' + - message: spec.sts.certSecretRef is not required for the 'aws' STS provider + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' + - message: ServiceAccountName is not supported for the 'generic' Bucket + provider + rule: self.provider != 'generic' || !has(self.serviceAccountName) + - message: cannot set both .spec.secretRef and .spec.serviceAccountName + rule: '!has(self.secretRef) || !has(self.serviceAccountName)' + status: + default: + observedGeneration: -1 + description: BucketStatus records the observed state of a Bucket. + properties: + artifact: + description: Artifact represents the last successful Bucket reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Bucket object. + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: externalartifacts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: ExternalArtifact + listKind: ExternalArtifactList + plural: externalartifacts + singular: externalartifact + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.sourceRef.name + name: Source + type: string + name: v1 + schema: + openAPIV3Schema: + description: ExternalArtifact is the Schema for the external artifacts API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ExternalArtifactSpec defines the desired state of ExternalArtifact + properties: + sourceRef: + description: "SourceRef points to the Kubernetes custom resource for\nwhich + the artifact is generated. " + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: object + status: + description: ExternalArtifactStatus defines the observed state of ExternalArtifact + properties: + artifact: + description: Artifact represents the output of an ExternalArtifact + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the ExternalArtifact. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "GitRepositorySpec specifies the required configuration to + produce an\nArtifact for a Git repository. " + properties: + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + include: + description: "Include specifies a list of GitRepository resources + which Artifacts\nshould be included in the Artifact produced for + this GitRepository. " + items: + description: "GitRepositoryInclude specifies a local reference to + a GitRepository which\nArtifact (sub-)contents must be included, + and where they should be placed. " + properties: + fromPath: + description: "FromPath specifies the path to copy contents from, + defaults to the root\nof the Artifact. " + type: string + repository: + description: "GitRepositoryRef specifies the GitRepository which + Artifact contents\nmust be included. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: "ToPath specifies the path to copy contents to, + defaults to the name of\nthe GitRepositoryRef. " + type: string + required: + - repository + type: object + type: array + interval: + description: "Interval at which the GitRepository URL is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + provider: + description: "Provider used for authentication, can be 'azure', 'github', + 'generic'.\nWhen not specified, defaults to 'generic'. " + enum: + - generic + - azure + - github + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the Git server. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + recurseSubmodules: + description: "RecurseSubmodules enables the initialization of all + submodules within\nthe GitRepository as cloned from the URL, using + their default settings. " + type: boolean + ref: + description: "Reference specifies the Git reference to resolve and + monitor for\nchanges, defaults to the 'master' branch. " + properties: + branch: + description: Branch to check out, defaults to 'master' if no other + field is defined. + type: string + commit: + description: "Commit SHA to check out, takes precedence over all + reference fields.\n\nThis can be combined with Branch to shallow + clone the branch, in which\nthe commit is expected to exist. + \ " + type: string + name: + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description\nExamples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\" " + type: string + semver: + description: SemVer tag expression to check out, takes precedence + over Tag. + type: string + tag: + description: Tag to check out, takes precedence over Branch. + type: string + type: object + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials for\nthe GitRepository.\nFor HTTPS repositories the + Secret must contain 'username' and 'password'\nfields for basic + auth or 'bearerToken' field for token auth.\nFor SSH repositories + the Secret must contain 'identity'\nand 'known_hosts' fields. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to\nauthenticate to the GitRepository. This field is only supported + for 'azure' provider. " + type: string + sparseCheckout: + description: "SparseCheckout specifies a list of directories to checkout + when cloning\nthe repository. If specified, only these directories + are included in the\nArtifact produced for this GitRepository. " + items: + type: string + type: array + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nGitRepository. " + type: boolean + timeout: + default: 60s + description: Timeout for Git operations like cloning, defaults to + 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: URL specifies the Git repository URL, it can be an HTTP/S + or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: "Verification specifies the configuration to verify the + Git commit\nsignature(s). " + properties: + mode: + default: HEAD + description: "Mode specifies which Git object(s) should be verified.\n\nThe + variants \"head\" and \"HEAD\" both imply the same thing, i.e. + verify\nthe commit that the HEAD of the Git repository points + to. The variant\n\"head\" solely exists to ensure backwards + compatibility. " + enum: + - head + - HEAD + - Tag + - TagAndHEAD + type: string + secretRef: + description: "SecretRef specifies the Secret containing the public + keys of trusted Git\nauthors. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - secretRef + type: object + required: + - interval + - url + type: object + x-kubernetes-validations: + - message: serviceAccountName can only be set when provider is 'azure' + rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider + == ''azure'')' + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus records the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the last successful GitRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: "IncludedArtifacts contains a list of the last successfully + included\nArtifacts as instructed by GitRepositorySpec.Include. + \ " + items: + description: Artifact represents the output of a Source reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of + ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding + to the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI + annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, + Git tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to + retrieve the Artifact for\nconsumption, e.g. by another controller + applying the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the GitRepository\nobject. " + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + observedInclude: + description: "ObservedInclude is the observed list of GitRepository + resources used to\nproduce the current Artifact. " + items: + description: "GitRepositoryInclude specifies a local reference to + a GitRepository which\nArtifact (sub-)contents must be included, + and where they should be placed. " + properties: + fromPath: + description: "FromPath specifies the path to copy contents from, + defaults to the root\nof the Artifact. " + type: string + repository: + description: "GitRepositoryRef specifies the GitRepository which + Artifact contents\nmust be included. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: "ToPath specifies the path to copy contents to, + defaults to the name of\nthe GitRepositoryRef. " + type: string + required: + - repository + type: object + type: array + observedRecurseSubmodules: + description: "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration + used to produce the current Artifact. " + type: boolean + observedSparseCheckout: + description: "ObservedSparseCheckout is the observed list of directories + used to\nproduce the current Artifact. " + items: + type: string + type: array + sourceVerificationMode: + description: "SourceVerificationMode is the last used verification + mode indicating\nwhich Git object(s) have been verified. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: HelmChartSpec specifies the desired state of a Helm chart. + properties: + chart: + description: "Chart is the name or path the Helm chart is available + at in the\nSourceRef. " + type: string + ignoreMissingValuesFiles: + description: "IgnoreMissingValuesFiles controls whether to silently + ignore missing values\nfiles rather than failing. " + type: boolean + interval: + description: "Interval at which the HelmChart SourceRef is checked + for updates.\nThis interval is approximate and may be subject to + jitter to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: "ReconcileStrategy determines what enables the creation + of a new artifact.\nValid values are ('ChartVersion', 'Revision').\nSee + the documentation of the values for an explanation on their behavior.\nDefaults + to ChartVersion when omitted. " + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: SourceRef is the reference to the Source the chart is + available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: "Kind of the referent, valid values are ('HelmRepository', + 'GitRepository',\n'Bucket'). " + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nsource. " + type: boolean + valuesFiles: + description: "ValuesFiles is an alternative list of values files to + use as the chart\nvalues (values.yaml is not included by default), + expected to be a\nrelative path in the SourceRef.\nValues files + are merged in the order of this list with the last file\noverriding + the first. Ignored when omitted. " + items: + type: string + type: array + verify: + description: "Verify contains the secret name containing the trusted + public keys\nused to verify the signature and specifies which provider + to use to check\nwhether OCI image is authentic.\nThis field is + only supported when using HelmRepository source with spec.type 'oci'.\nChart + dependencies, which are not bundled in the umbrella chart artifact, + are not verified. " + properties: + matchOIDCIdentity: + description: "MatchOIDCIdentity specifies the identity matching + criteria to use\nwhile verifying an OCI artifact which was signed + using Cosign keyless\nsigning. The artifact's identity is deemed + to be verified if any of the\nspecified matchers match against + the identity. " + items: + description: "OIDCIdentityMatch specifies options for verifying + the certificate identity,\ni.e. the issuer and the subject + of the certificate. " + properties: + issuer: + description: "Issuer specifies the regex pattern to match + against to verify\nthe OIDC issuer in the Fulcio certificate. + The pattern must be a\nvalid Go regular expression. " + type: string + subject: + description: "Subject specifies the regex pattern to match + against to verify\nthe identity subject in the Fulcio + certificate. The pattern must\nbe a valid Go regular expression. + \ " + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret containing + the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: "Version is the chart version semver expression, ignored + for charts from\nGitRepository and Bucket sources. Defaults to latest + when omitted. " + type: string + required: + - chart + - interval + - sourceRef + type: object + x-kubernetes-validations: + - message: spec.verify is only supported when spec.sourceRef.kind is 'HelmRepository' + rule: '!has(self.verify) || self.sourceRef.kind == ''HelmRepository''' + status: + default: + observedGeneration: -1 + description: HelmChartStatus records the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedChartName: + description: "ObservedChartName is the last observed chart name as + specified by the\nresolved chart reference. " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the HelmChart\nobject. " + format: int64 + type: integer + observedSourceArtifactRevision: + description: "ObservedSourceArtifactRevision is the last observed + Artifact.Revision\nof the HelmChartSpec.SourceRef. " + type: string + observedValuesFiles: + description: "ObservedValuesFiles are the observed value files of + the last successful\nreconciliation.\nIt matches the chart in the + last successfully reconciled artifact. " + items: + type: string + type: array + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v2 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: "Chart defines the template of the v1.HelmChart that + should be created\nfor this HelmRelease. " + properties: + metadata: + description: ObjectMeta holds the template for metadata like labels + and annotations. + properties: + annotations: + additionalProperties: + type: string + description: "Annotations is an unstructured key value map + stored with a resource that may be\nset by external tools + to store and retrieve arbitrary metadata. They are not\nqueryable + and should be preserved when modifying objects.\nMore info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + \ " + type: object + labels: + additionalProperties: + type: string + description: "Map of string keys and values that can be used + to organize and categorize\n(scope and select) objects.\nMore + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + \ " + type: object + type: object + spec: + description: Spec holds the template for the v1.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + maxLength: 2048 + minLength: 1 + type: string + ignoreMissingValuesFiles: + description: IgnoreMissingValuesFiles controls whether to + silently ignore missing values files rather than failing. + type: boolean + interval: + description: "Interval at which to check the v1.Source for + updates. Defaults to\n'HelmReleaseSpec.Interval'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: "Determines what enables the creation of a new + artifact. Valid values are\n('ChartVersion', 'Revision').\nSee + the documentation of the values for an explanation on their + behavior.\nDefaults to ChartVersion when omitted. " + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The name and namespace of the v1.Source the chart + is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - kind + - name + type: object + valuesFiles: + description: "Alternative list of values files to use as the + chart values (values.yaml\nis not included by default), + expected to be a relative path in the SourceRef.\nValues + files are merged in the order of this list with the last + file overriding\nthe first. Ignored when omitted. " + items: + type: string + type: array + verify: + description: "Verify contains the secret name containing the + trusted public keys\nused to verify the signature and specifies + which provider to use to check\nwhether OCI image is authentic.\nThis + field is only supported for OCI sources.\nChart dependencies, + which are not bundled in the umbrella chart artifact,\nare + not verified. " + properties: + provider: + default: cosign + description: Provider specifies the technology used to + sign the OCI Helm chart. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret + containing the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: "Version semver expression, ignored for charts + from v1.GitRepository and\nv1beta2.Bucket sources. Defaults + to latest when omitted. " + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + chartRef: + description: "ChartRef holds a reference to a source controller resource + containing the\nHelm chart artifact. " + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - HelmChart + - ExternalArtifact + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kubernetes\nresource object that contains the reference. + \ " + maxLength: 63 + minLength: 1 + type: string + required: + - kind + - name + type: object + commonMetadata: + description: "CommonMetadata specifies the common labels and annotations + that are\napplied to all resources. Any existing label or annotation + will be\noverridden if its key matches a common one. " + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + dependsOn: + description: "DependsOn may contain a DependencyReference slice with\nreferences + to HelmRelease resources that must be ready before this HelmRelease\ncan + be reconciled. " + items: + description: DependencyReference defines a HelmRelease dependency + on another HelmRelease resource. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the HelmRelease\nresource object that contains the reference. + \ " + type: string + readyExpr: + description: "ReadyExpr is a CEL expression that can be used + to assess the readiness\nof a dependency. When specified, + the built-in readiness check\nis replaced by the logic defined + in the CEL expression.\nTo make the CEL expression additive + to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` + must be set to `true`. " + type: string + required: + - name + type: object + type: array + driftDetection: + description: "DriftDetection holds the configuration for detecting + and handling\ndifferences between the manifest in the Helm storage + and the resources\ncurrently existing in the cluster. " + properties: + ignore: + description: "Ignore contains a list of rules for specifying which + changes to ignore\nduring diffing. " + items: + description: "IgnoreRule defines a rule to selectively disregard + specific changes during\nthe drift detection process. " + properties: + paths: + description: "Paths is a list of JSON Pointer (RFC 6901) + paths to be excluded from\nconsideration in a Kubernetes + object. " + items: + type: string + type: array + target: + description: "Target is a selector for specifying Kubernetes + objects to which this\nrule applies.\nIf Target is not + set, the Paths will be ignored for all Kubernetes\nobjects + within the manifest of the Helm release. " + properties: + annotationSelector: + description: "AnnotationSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select resources + from.\nTogether with Version and Kind it is capable + of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select resources + from.\nTogether with Group and Version it is capable + of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select resources + from.\nTogether with Group and Kind it is capable + of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - paths + type: object + type: array + mode: + description: "Mode defines how differences should be handled between + the Helm manifest\nand the manifest currently applied to the + cluster.\nIf not explicitly set, it defaults to DiffModeDisabled. + \ " + enum: + - enabled + - warn + - disabled + type: string + type: object + healthCheckExprs: + description: "HealthCheckExprs is a list of healthcheck expressions + for evaluating the\nhealth of custom resources using Common Expression + Language (CEL).\nThe expressions are evaluated only when the specific + Helm action\ntaking place has wait enabled, i.e. DisableWait is + false, and the\n'poller' WaitStrategy is used. " + items: + description: CustomHealthCheck defines the health check for custom + resources. + properties: + apiVersion: + description: APIVersion of the custom resource under evaluation. + type: string + current: + description: "Current is the CEL expression that determines + if the status\nof the custom resource has reached the desired + state. " + type: string + failed: + description: "Failed is the CEL expression that determines if + the status\nof the custom resource has failed to reach the + desired state. " + type: string + inProgress: + description: "InProgress is the CEL expression that determines + if the status\nof the custom resource has not yet reached + the desired state. " + type: string + kind: + description: Kind of the custom resource under evaluation. + type: string + required: + - apiVersion + - current + - kind + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according\nto the CRD upgrade policy provided here. Valid values + are `Skip`,\n`Create` or `CreateReplace`. Default is `Create` + and if omitted\nCRDs are installed but not updated.\n\nSkip: + do neither install nor replace (update) any CRDs.\n\nCreate: + new CRDs are created, existing CRDs are neither updated nor + deleted.\n\nCreateReplace: new CRDs are created, existing CRDs + are updated (replaced)\nbut not deleted.\n\nBy default, CRDs + are applied (installed) during Helm install action.\nWith this + option users can opt in to CRD replace existing CRDs on Helm\ninstall + actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. + \ " + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: "CreateNamespace tells the Helm install action to + create the\nHelmReleaseSpec.TargetNamespace if it does not exist + yet.\nOn uninstall, the namespace will not be garbage collected. + \ " + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: "DisableOpenAPIValidation prevents the Helm install + action from validating\nrendered templates against the Kubernetes + OpenAPI Schema. " + type: boolean + disableSchemaValidation: + description: "DisableSchemaValidation prevents the Helm install + action from validating\nthe values against the JSON Schema. + \ " + type: boolean + disableTakeOwnership: + description: "DisableTakeOwnership disables taking ownership of + existing resources\nduring the Helm install action. Defaults + to false. " + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\ninstall has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\ninstall has been performed. " + type: boolean + remediation: + description: "Remediation holds the remediation configuration + for when the Helm install\naction for the HelmRelease fails. + The default is to not perform any action. " + properties: + ignoreTestFailures: + description: "IgnoreTestFailures tells the controller to skip + remediation when the Helm\ntests are run after an install + action but fail. Defaults to\n'Test.IgnoreFailures'. " + type: boolean + remediateLastFailure: + description: "RemediateLastFailure tells the controller to + remediate the last failure, when\nno retries remain. Defaults + to 'false'. " + type: boolean + retries: + description: "Retries is the number of retries that should + be attempted on failures before\nbailing. Remediation, using + an uninstall, is performed between each attempt.\nDefaults + to '0', a negative integer equals to unlimited retries. + \ " + type: integer + type: object + replace: + description: "Replace tells the Helm install action to re-use + the 'ReleaseName', but only\nif that name is a deleted release + which remains in the history. " + type: boolean + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during install.\nDefaults to true (or false when UseHelm3Defaults + feature gate is enabled). " + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated + use CRD policy (`crds`) attribute with value `Skip` instead. + \ " + type: boolean + strategy: + description: "Strategy defines the install strategy to use for + this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' + when the\nDefaultToRetryOnFailure feature gate is enabled. " + properties: + name: + description: Name of the install strategy. + enum: + - RemediateOnFailure + - RetryOnFailure + type: string + retryInterval: + description: "RetryInterval is the interval at which to retry + a failed install.\nCan be used only when Name is set to + RetryOnFailure.\nDefaults to '5m'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: .retryInterval cannot be set when .name is 'RemediateOnFailure' + rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure''' + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: "KubeConfig for reconciling the HelmRelease on a remote + cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces + the controller to act on behalf of that Service Account at the\ntarget + cluster.\nIf the --default-service-account flag is set, its value + will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis + empty. " + properties: + configMapRef: + description: "ConfigMapRef holds an optional name of a ConfigMap + that contains\nthe following keys:\n\n- `provider`: the provider + to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- + `cluster`: the fully qualified resource name of the Kubernetes\n + \ cluster in the cloud provider API. Not used by the `generic`\n + \ provider. Required when one of `address` or `ca.crt` is not + set.\n- `address`: the address of the Kubernetes API server. + Required\n for `generic`. For the other providers, if not + specified, the\n first address in the cluster resource will + be used, and if\n specified, it must match one of the addresses + in the cluster\n resource.\n If audiences is not set, will + be used as the audience for the\n `generic` provider.\n- `ca.crt`: + the optional PEM-encoded CA certificate for the\n Kubernetes + API server. If not set, the controller will use the\n CA certificate + from the cluster resource.\n- `audiences`: the optional audiences + as a list of\n line-break-separated strings for the Kubernetes + ServiceAccount\n token. Defaults to the `address` for the + `generic` provider, or\n to specific values for the other + providers depending on the\n provider.\n- `serviceAccountName`: + the optional name of the Kubernetes\n ServiceAccount in the + same namespace that should be used\n for authentication. If + not specified, the controller\n ServiceAccount will be used.\n\nMutually + exclusive with SecretRef. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef holds an optional name of a secret that + contains a key with\nthe kubeconfig file as the value. If no + key is set, the key will default\nto 'value'. Mutually exclusive + with ConfigMapRef.\nIt is recommended that the kubeconfig is + self-contained, and the secret\nis regularly updated if credentials + such as a cloud-access-token expire.\nCloud specific `cmd-path` + auth helpers will not function without adding\nbinaries and + credentials to the Pod that is responsible for reconciling\nKubernetes + resources. Supported only for the generic provider. " + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: has(self.configMapRef) || has(self.secretRef) + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: '!has(self.configMapRef) || !has(self.secretRef)' + maxHistory: + description: "MaxHistory is the number of revisions saved by Helm + for this HelmRelease.\nUse '0' for an unlimited number of revisions; + defaults to '5'. " + type: integer + persistentClient: + description: "PersistentClient tells the controller to use a persistent + Kubernetes\nclient for this release. When enabled, the client will + be reused for the\nduration of the reconciliation, instead of being + created and destroyed\nfor each (step of a) Helm action.\n\nThis + can improve performance, but may cause issues with some Helm charts\nthat + for example do create Custom Resource Definitions during installation\noutside + Helm's CRD lifecycle hooks, which are then not observed to be\navailable + by e.g. post-install hooks.\n\nIf not set, it defaults to true. + \ " + type: boolean + postRenderers: + description: "PostRenderers holds an array of Helm PostRenderers, + which will be applied in order\nof their definition. " + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: "Images is a list of (image name, new name, + new tag or digest)\nfor changing image names, tags or + digests. This can also be achieved with a\npatch, but + this operator is simpler to specify. " + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: "Digest is the value used to replace + the original image tag.\nIf digest is present NewTag + value is ignored. " + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patches: + description: "Strategic merge and JSON patches, defined + as inline YAML objects,\ncapable of targeting objects + based on kind, label and annotation selectors. " + items: + description: "Patch contains an inline StrategicMerge + or JSON6902 patch, and the target the patch should\nbe + applied to. " + properties: + patch: + description: "Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with\nan array + of operation objects. " + type: string + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: "AnnotationSelector is a string that + follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select + resources from.\nTogether with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select + resources from.\nTogether with Group and Version + it is capable of unambiguously\nidentifying + and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select + resources from.\nTogether with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - patch + type: object + type: array + type: object + type: object + type: array + releaseName: + description: "ReleaseName used for the Helm release. Defaults to a + composition of\n'[TargetNamespace-]Name'. " + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: "CleanupOnFail allows deletion of new resources created + during the Helm\nrollback action when it fails. " + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\nrollback has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\nrollback has been performed. " + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: "Recreate performs pod restarts for any managed workloads.\n\nDeprecated: + This behavior was deprecated in Helm 3:\n - Deprecation: https://github.com/helm/helm/pull/6463\n + \ - Removal: https://github.com/helm/helm/pull/31023\nAfter + helm-controller was upgraded to the Helm 4 SDK,\nthis field + is no longer functional and will print a\nwarning if set to + true. It will also be removed in a\nfuture release. " + type: boolean + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during rollback.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen + \"auto\", server-side apply usage will be based on the release's + previous usage.\nDefaults to \"auto\". " + enum: + - enabled + - disabled + - auto + type: string + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + serviceAccountName: + description: "The name of the Kubernetes service account to impersonate\nwhen + reconciling this HelmRelease. " + maxLength: 253 + minLength: 1 + type: string + storageNamespace: + description: "StorageNamespace used for the Helm storage.\nDefaults + to the namespace of the HelmRelease. " + maxLength: 63 + minLength: 1 + type: string + suspend: + description: "Suspend tells the controller to suspend reconciliation + for this HelmRelease,\nit does not apply to already started reconciliations. + Defaults to false. " + type: boolean + targetNamespace: + description: "TargetNamespace to target when performing operations + for the HelmRelease.\nDefaults to the namespace of the HelmRelease. + \ " + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: "Enable enables Helm test actions for this HelmRelease + after an Helm install\nor upgrade action has been performed. + \ " + type: boolean + filters: + description: Filters is a list of tests to run or exclude from + running. + items: + description: Filter holds the configuration for individual Helm + test filters. + properties: + exclude: + description: Exclude specifies whether the named test should + be excluded. + type: boolean + name: + description: Name is the name of the test. + maxLength: 253 + minLength: 1 + type: string + required: + - name + type: object + type: array + ignoreFailures: + description: "IgnoreFailures tells the controller to skip remediation + when the Helm tests\nare run but fail. Can be overwritten for + tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. " + type: boolean + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation during\nthe performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like Jobs\nfor hooks) during the performance of a Helm + action. Defaults to '5m0s'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + deletionPropagation: + default: background + description: "DeletionPropagation specifies the deletion propagation + policy when\na Helm uninstall is performed. " + enum: + - background + - foreground + - orphan + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: "DisableWait disables waiting for all the resources + to be deleted after\na Helm uninstall is performed. " + type: boolean + keepHistory: + description: "KeepHistory tells Helm to remove all associated + resources and mark the\nrelease as deleted, but retain the release + history. " + type: boolean + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: "CleanupOnFail allows deletion of new resources created + during the Helm\nupgrade action when it fails. " + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according\nto the CRD upgrade policy provided here. Valid values + are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip` + and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip: + do neither install nor replace (update) any CRDs.\n\nCreate: + new CRDs are created, existing CRDs are neither updated nor + deleted.\n\nCreateReplace: new CRDs are created, existing CRDs + are updated (replaced)\nbut not deleted.\n\nBy default, CRDs + are not applied during Helm upgrade action. With this\noption + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. + \ " + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: "DisableOpenAPIValidation prevents the Helm upgrade + action from validating\nrendered templates against the Kubernetes + OpenAPI Schema. " + type: boolean + disableSchemaValidation: + description: "DisableSchemaValidation prevents the Helm upgrade + action from validating\nthe values against the JSON Schema. + \ " + type: boolean + disableTakeOwnership: + description: "DisableTakeOwnership disables taking ownership of + existing resources\nduring the Helm upgrade action. Defaults + to false. " + type: boolean + disableWait: + description: "DisableWait disables the waiting for resources to + be ready after a Helm\nupgrade has been performed. " + type: boolean + disableWaitForJobs: + description: "DisableWaitForJobs disables waiting for jobs to + complete after a Helm\nupgrade has been performed. " + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: "PreserveValues will make Helm reuse the last release's + values and merge in\noverrides from 'Values'. Setting this flag + makes the HelmRelease\nnon-declarative. " + type: boolean + remediation: + description: "Remediation holds the remediation configuration + for when the Helm upgrade\naction for the HelmRelease fails. + The default is to not perform any action. " + properties: + ignoreTestFailures: + description: "IgnoreTestFailures tells the controller to skip + remediation when the Helm\ntests are run after an upgrade + action but fail.\nDefaults to 'Test.IgnoreFailures'. " + type: boolean + remediateLastFailure: + description: "RemediateLastFailure tells the controller to + remediate the last failure, when\nno retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. " + type: boolean + retries: + description: "Retries is the number of retries that should + be attempted on failures before\nbailing. Remediation, using + 'Strategy', is performed between each attempt.\nDefaults + to '0', a negative integer equals to unlimited retries. + \ " + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + serverSideApply: + description: "ServerSideApply enables server-side apply for resources + during upgrade.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen + \"auto\", server-side apply usage will be based on the release's + previous usage.\nDefaults to \"auto\". " + enum: + - enabled + - disabled + - auto + type: string + strategy: + description: "Strategy defines the upgrade strategy to use for + this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' + when the\nDefaultToRetryOnFailure feature gate is enabled. " + properties: + name: + description: Name of the upgrade strategy. + enum: + - RemediateOnFailure + - RetryOnFailure + type: string + retryInterval: + description: "RetryInterval is the interval at which to retry + a failed upgrade.\nCan be used only when Name is set to + RetryOnFailure.\nDefaults to '5m'. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: .retryInterval can only be set when .name is 'RetryOnFailure' + rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure''' + timeout: + description: "Timeout is the time to wait for any individual Kubernetes + operation (like\nJobs for hooks) during the performance of a + Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'. + \ " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: "ValuesFrom holds references to resources containing + Helm values for this HelmRelease,\nand information about how they + should be merged. " + items: + description: "ValuesReference contains a reference to a resource + containing Helm values,\nand optionally the key they can be found + at. " + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: "Name of the values referent. Should reside in + the same namespace as the\nreferring resource. " + maxLength: 253 + minLength: 1 + type: string + optional: + description: "Optional marks this ValuesReference as optional. + When set, a not found error\nfor the values reference is ignored, + but any ValuesKey, TargetPath or\ntransient error will still + result in a reconciliation failure. " + type: boolean + targetPath: + description: "TargetPath is the YAML dot notation path the value + should be merged at. When\nset, the ValuesKey is expected + to be a single flat value. Defaults to 'None',\nwhich results + in the values getting merged at the root. " + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: "ValuesKey is the data key where the values.yaml + or a specific value can be\nfound at. Defaults to 'values.yaml'. + \ " + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + waitStrategy: + description: "WaitStrategy defines Helm's wait strategy for waiting + for applied\nresources to become ready. " + properties: + name: + description: "Name is Helm's wait strategy for waiting for applied + resources to\nbecome ready. One of 'poller' or 'legacy'. The + 'poller' strategy uses\nkstatus to poll resource statuses, while + the 'legacy' strategy uses\nHelm v3's waiting logic.\nDefaults + to 'poller', or to 'legacy' when UseHelm3Defaults feature\ngate + is enabled. " + enum: + - poller + - legacy + type: string + required: + - name + type: object + required: + - interval + type: object + x-kubernetes-validations: + - message: either chart or chartRef must be set + rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) + && has(self.chartRef)) + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: "Failures is the reconciliation failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + helmChart: + description: "HelmChart is the namespaced name of the HelmChart resource + created by\nthe controller for the HelmRelease. " + type: string + history: + description: "History holds the history of Helm releases performed + for this HelmRelease\nup to the last successfully completed release. + \ " + items: + description: "Snapshot captures a point-in-time copy of the status + information for a Helm release,\nas managed by the controller. + \ " + properties: + action: + description: Action is the action that resulted in this snapshot + being created. + type: string + apiVersion: + description: "APIVersion is the API version of the Snapshot.\nWhen + the calculation method of the Digest field is changed, this\nfield + will be used to distinguish between the old and new methods. + \ " + type: string + appVersion: + description: AppVersion is the chart app version of the release + object in storage. + type: string + chartName: + description: ChartName is the chart name of the release object + in storage. + type: string + chartVersion: + description: "ChartVersion is the chart version of the release + object in\nstorage. " + type: string + configDigest: + description: "ConfigDigest is the checksum of the config (better + known as\n\"values\") of the release object in storage.\nIt + has the format of `:`. " + type: string + deleted: + description: Deleted is when the release was deleted. + format: date-time + type: string + digest: + description: "Digest is the checksum of the release object in + storage.\nIt has the format of `:`. " + type: string + firstDeployed: + description: FirstDeployed is when the release was first deployed. + format: date-time + type: string + lastDeployed: + description: LastDeployed is when the release was last deployed. + format: date-time + type: string + name: + description: Name is the name of the release. + type: string + namespace: + description: Namespace is the namespace the release is deployed + to. + type: string + ociDigest: + description: OCIDigest is the digest of the OCI artifact associated + with the release. + type: string + status: + description: Status is the current state of the release. + type: string + testHooks: + additionalProperties: + description: "TestHookStatus holds the status information + for a test hook as observed\nto be run by the controller. + \ " + properties: + lastCompleted: + description: LastCompleted is the time the test hook last + completed. + format: date-time + type: string + lastStarted: + description: LastStarted is the time the test hook was + last started. + format: date-time + type: string + phase: + description: Phase the test hook was observed to be in. + type: string + type: object + description: "TestHooks is the list of test hooks for the release + as observed to be\nrun by the controller. " + type: object + version: + description: Version is the version of the release object in + storage. + type: integer + required: + - chartName + - chartVersion + - configDigest + - digest + - firstDeployed + - lastDeployed + - name + - namespace + - status + - version + type: object + type: array + installFailures: + description: "InstallFailures is the install failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + inventory: + description: "Inventory contains the list of Kubernetes resource object + references\nthat have been applied for this release. " + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: "ID is the string representation of the Kubernetes + resource object's metadata,\nin the format '___'. + \ " + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAttemptedConfigDigest: + description: "LastAttemptedConfigDigest is the digest for the config + (better known as\n\"values\") of the last reconciliation attempt. + \ " + type: string + lastAttemptedGeneration: + description: "LastAttemptedGeneration is the last generation the controller + attempted\nto reconcile. " + format: int64 + type: integer + lastAttemptedReleaseAction: + description: "LastAttemptedReleaseAction is the last release action + performed for this\nHelmRelease. It is used to determine the active + retry or remediation\nstrategy. " + enum: + - install + - upgrade + type: string + lastAttemptedReleaseActionDuration: + description: "LastAttemptedReleaseActionDuration is the duration of + the last\nrelease action performed for this HelmRelease. " + type: string + lastAttemptedRevision: + description: "LastAttemptedRevision is the Source revision of the + last reconciliation\nattempt. For OCIRepository sources, the 12 + first characters of the digest are\nappended to the chart version + e.g. \"1.2.3+1234567890ab\". " + type: string + lastAttemptedRevisionDigest: + description: "LastAttemptedRevisionDigest is the digest of the last + reconciliation attempt.\nThis is only set for OCIRepository sources. + \ " + type: string + lastAttemptedValuesChecksum: + description: "LastAttemptedValuesChecksum is the SHA1 checksum for + the values of the last\nreconciliation attempt.\n\nDeprecated: Use + LastAttemptedConfigDigest instead. " + type: string + lastHandledForceAt: + description: "LastHandledForceAt holds the value of the most recent\nforce + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + lastHandledResetAt: + description: "LastHandledResetAt holds the value of the most recent + reset request\nvalue, so a change of the annotation value can be + detected. " + type: string + lastReleaseRevision: + description: "LastReleaseRevision is the revision of the last successful + Helm release.\n\nDeprecated: Use History instead. " + type: integer + observedCommonMetadataDigest: + description: "ObservedCommonMetadataDigest is the digest for the common + metadata of\nthe last successful reconciliation attempt. " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedPostRenderersDigest: + description: "ObservedPostRenderersDigest is the digest for the post-renderers + of\nthe last successful reconciliation attempt. " + type: string + storageNamespace: + description: "StorageNamespace is the namespace of the Helm release + storage for the\ncurrent release. " + maxLength: 63 + minLength: 1 + type: string + upgradeFailures: + description: "UpgradeFailures is the upgrade failure count against + the latest desired\nstate. It is reset after a successful reconciliation. + \ " + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "HelmRepositorySpec specifies the required configuration + to produce an\nArtifact for a Helm repository index YAML. " + properties: + accessFrom: + description: "AccessFrom specifies an Access Control List for allowing + cross-namespace\nreferences to this object.\nNOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092 " + properties: + namespaceSelectors: + description: "NamespaceSelectors is the list of namespace selectors + to which this ACL applies.\nItems in this list are evaluated + using a logical OR operation. " + items: + description: "NamespaceSelector selects the namespaces to which + this ACL applies.\nAn empty map of MatchLabels matches all + namespaces in a cluster. " + properties: + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels\nmap is equivalent + to an element of matchExpressions, whose key field is + \"key\", the\noperator is \"In\", and the values array + contains only \"value\". The requirements are ANDed. " + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nregistry. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt + takes precedence over the values specified in the Secret referred\nto + by `.spec.secretRef`. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + insecure: + description: "Insecure allows connecting to a non-TLS HTTP container + registry.\nThis field is only taken into account if the .spec.type + field is set to 'oci'. " + type: boolean + interval: + description: "Interval at which the HelmRepository URL is checked + for updates.\nThis interval is approximate and may be subject to + jitter to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + passCredentials: + description: "PassCredentials allows the credentials from the SecretRef + to be passed\non to a host that does not match the host as defined + in URL.\nThis may be required if the host of the advertised chart + URLs in the\nindex differ from the defined URL.\nEnabling this should + be done with caution, as it can potentially result\nin credentials + getting stolen in a MITM-attack. " + type: boolean + provider: + default: generic + description: "Provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'.\nThis field is optional, and only taken into + account if the .spec.type field is set to 'oci'.\nWhen not specified, + defaults to 'generic'. " + enum: + - generic + - aws + - azure + - gcp + type: string + secretRef: + description: "SecretRef specifies the Secret containing authentication + credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the + secret must contain 'username' and 'password'\nfields.\nSupport + for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys + is deprecated. Please use `.spec.certSecretRef` instead. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend the reconciliation + of this\nHelmRepository. " + type: boolean + timeout: + description: "Timeout is used for the index fetch operation for an + HTTPS helm repository,\nand for remote OCI Repository operations + like pulling for an OCI helm\nchart by the associated HelmChart.\nIts + default value is 60s. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: "Type of the HelmRepository.\nWhen this field is set + to \"oci\", the URL field value must be prefixed with \"oci://\". + \ " + enum: + - default + - oci + type: string + url: + description: "URL of the Helm repository, a valid URL contains at + least a protocol and\nhost. " + pattern: ^(http|https|oci)://.*$ + type: string + required: + - url + type: object + status: + default: + observedGeneration: -1 + description: HelmRepositoryStatus records the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the last successful HelmRepository + reconciliation. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: "ObservedGeneration is the last observed generation of + the HelmRepository\nobject. " + format: int64 + type: integer + url: + description: "URL is the dynamic fetch link for the latest Artifact.\nIt + is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact + data is recommended. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: "KustomizationSpec defines the configuration to calculate + the desired state\nfrom a Source using Kustomize. " + properties: + commonMetadata: + description: "CommonMetadata specifies the common labels and annotations + that are\napplied to all resources. Any existing label or annotation + will be\noverridden if its key matches a common one. " + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to the object's metadata. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to the object's metadata. + type: object + type: object + components: + description: Components specifies relative paths to kustomize Components. + items: + type: string + type: array + decryption: + description: Decrypt Kubernetes secrets before applying them on the + cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: "The secret name containing the private OpenPGP keys + used for decryption.\nA static credential for a cloud provider + defined inside the Secret\ntakes priority to secret-less authentication + with the ServiceAccountName\nfield. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the service account + used to\nauthenticate with KMS services from cloud providers. + If a\nstatic credential for a given cloud provider is defined\ninside + the Secret referenced by SecretRef, that static\ncredential + takes priority. " + type: string + required: + - provider + type: object + deletionPolicy: + description: "DeletionPolicy can be used to control garbage collection + when this\nKustomization is deleted. Valid values are ('MirrorPrune', + 'Delete',\n'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors + the Prune field\n(orphan if false, delete if true). Defaults to + 'MirrorPrune'. " + enum: + - MirrorPrune + - Delete + - WaitForTermination + - Orphan + type: string + dependsOn: + description: "DependsOn may contain a DependencyReference slice\nwith + references to Kustomization resources that must be ready before + this\nKustomization can be reconciled. " + items: + description: DependencyReference defines a Kustomization dependency + on another Kustomization resource. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kustomization\nresource object that contains the reference. + \ " + type: string + readyExpr: + description: "ReadyExpr is a CEL expression that can be used + to assess the readiness\nof a dependency. When specified, + the built-in readiness check\nis replaced by the logic defined + in the CEL expression.\nTo make the CEL expression additive + to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` + must be set to `true`. " + type: string + required: + - name + type: object + type: array + force: + default: false + description: "Force instructs the controller to recreate resources\nwhen + patching fails due to an immutable field change. " + type: boolean + healthCheckExprs: + description: "HealthCheckExprs is a list of healthcheck expressions + for evaluating the\nhealth of custom resources using Common Expression + Language (CEL).\nThe expressions are evaluated only when Wait or + HealthChecks are specified. " + items: + description: CustomHealthCheck defines the health check for custom + resources. + properties: + apiVersion: + description: APIVersion of the custom resource under evaluation. + type: string + current: + description: "Current is the CEL expression that determines + if the status\nof the custom resource has reached the desired + state. " + type: string + failed: + description: "Failed is the CEL expression that determines if + the status\nof the custom resource has failed to reach the + desired state. " + type: string + inProgress: + description: "InProgress is the CEL expression that determines + if the status\nof the custom resource has not yet reached + the desired state. " + type: string + kind: + description: Kind of the custom resource under evaluation. + type: string + required: + - apiVersion + - current + - kind + type: object + type: array + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: "NamespacedObjectKindReference contains enough information + to locate the typed referenced Kubernetes resource object\nin + any namespace. " + properties: + apiVersion: + description: API version of the referent, if not specified the + Kubernetes preferred version will be used. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - kind + - name + type: object + type: array + ignoreMissingComponents: + description: "IgnoreMissingComponents instructs the controller to + ignore Components paths\nnot found in source by removing them from + the generated kustomization.yaml\nbefore running kustomize build. + \ " + type: boolean + images: + description: "Images is a list of (image name, new name, new tag or + digest)\nfor changing image names, tags or digests. This can also + be achieved with a\npatch, but this operator is simpler to specify. + \ " + items: + description: Image contains an image name, a new name, a new tag + or digest, which will replace the original name and tag. + properties: + digest: + description: "Digest is the value used to replace the original + image tag.\nIf digest is present NewTag value is ignored. + \ " + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + required: + - name + type: object + type: array + interval: + description: "The interval at which to reconcile the Kustomization.\nThis + interval is approximate and may be subject to jitter to ensure\nefficient + use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: "The KubeConfig for reconciling the Kustomization on + a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces + the controller to act on behalf of that Service Account at the\ntarget + cluster.\nIf the --default-service-account flag is set, its value + will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis + empty. " + properties: + configMapRef: + description: "ConfigMapRef holds an optional name of a ConfigMap + that contains\nthe following keys:\n\n- `provider`: the provider + to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- + `cluster`: the fully qualified resource name of the Kubernetes\n + \ cluster in the cloud provider API. Not used by the `generic`\n + \ provider. Required when one of `address` or `ca.crt` is not + set.\n- `address`: the address of the Kubernetes API server. + Required\n for `generic`. For the other providers, if not + specified, the\n first address in the cluster resource will + be used, and if\n specified, it must match one of the addresses + in the cluster\n resource.\n If audiences is not set, will + be used as the audience for the\n `generic` provider.\n- `ca.crt`: + the optional PEM-encoded CA certificate for the\n Kubernetes + API server. If not set, the controller will use the\n CA certificate + from the cluster resource.\n- `audiences`: the optional audiences + as a list of\n line-break-separated strings for the Kubernetes + ServiceAccount\n token. Defaults to the `address` for the + `generic` provider, or\n to specific values for the other + providers depending on the\n provider.\n- `serviceAccountName`: + the optional name of the Kubernetes\n ServiceAccount in the + same namespace that should be used\n for authentication. If + not specified, the controller\n ServiceAccount will be used.\n\nMutually + exclusive with SecretRef. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef holds an optional name of a secret that + contains a key with\nthe kubeconfig file as the value. If no + key is set, the key will default\nto 'value'. Mutually exclusive + with ConfigMapRef.\nIt is recommended that the kubeconfig is + self-contained, and the secret\nis regularly updated if credentials + such as a cloud-access-token expire.\nCloud specific `cmd-path` + auth helpers will not function without adding\nbinaries and + credentials to the Pod that is responsible for reconciling\nKubernetes + resources. Supported only for the generic provider. " + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: has(self.configMapRef) || has(self.secretRef) + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef + must be specified + rule: '!has(self.configMapRef) || !has(self.secretRef)' + namePrefix: + description: NamePrefix will prefix the names of all managed resources. + maxLength: 200 + minLength: 1 + type: string + nameSuffix: + description: NameSuffix will suffix the names of all managed resources. + maxLength: 200 + minLength: 1 + type: string + patches: + description: "Strategic merge and JSON patches, defined as inline + YAML objects,\ncapable of targeting objects based on kind, label + and annotation selectors. " + items: + description: "Patch contains an inline StrategicMerge or JSON6902 + patch, and the target the patch should\nbe applied to. " + properties: + patch: + description: "Patch contains an inline StrategicMerge patch + or an inline JSON6902 patch with\nan array of operation objects. + \ " + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: "AnnotationSelector is a string that follows + the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource annotations. " + type: string + group: + description: "Group is the API group to select resources + from.\nTogether with Version and Kind it is capable of + unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + kind: + description: "Kind of the API Group to select resources + from.\nTogether with Group and Version it is capable of + unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + labelSelector: + description: "LabelSelector is a string that follows the + label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt + matches with the resource labels. " + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: "Version of the API Group to select resources + from.\nTogether with Group and Kind it is capable of unambiguously + identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + \ " + type: string + type: object + required: + - patch + type: object + type: array + path: + description: "Path to the directory containing the kustomization.yaml + file, or the\nset of plain YAMLs a kustomization.yaml should be + generated for.\nDefaults to 'None', which translates to the root + path of the SourceRef. " + type: string + postBuild: + description: "PostBuild describes which actions to perform on the + YAML manifest\ngenerated by building the kustomize overlay. " + properties: + substitute: + additionalProperties: + type: string + description: "Substitute holds a map of key/value pairs.\nThe + variables defined in your YAML manifests that match any of the + keys\ndefined in the map will be substituted with the set value.\nIncludes + support for bash string replacement functions\ne.g. ${var:=default}, + ${var:position} and ${var/substring/replacement}. " + type: object + substituteFrom: + description: "SubstituteFrom holds references to ConfigMaps and + Secrets containing\nthe variables and their values to be substituted + in the YAML manifests.\nThe ConfigMap and the Secret data keys + represent the var names, and they\nmust match the vars declared + in the manifests for the substitution to\nhappen. " + items: + description: "SubstituteReference contains a reference to a + resource containing\nthe variables name and value. " + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: "Name of the values referent. Should reside + in the same namespace as the\nreferring resource. " + maxLength: 253 + minLength: 1 + type: string + optional: + default: false + description: "Optional indicates whether the referenced + resource must exist, or whether to\ntolerate its absence. + If true and the referenced resource is absent, proceed\nas + if the resource was present but empty, without any variables + defined. " + type: boolean + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: "The interval at which to retry a previously failed reconciliation.\nWhen + not specified, the controller uses the KustomizationSpec.Interval\nvalue + to retry failures. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + serviceAccountName: + description: "The name of the Kubernetes service account to impersonate\nwhen + reconciling this Kustomization. " + type: string + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - OCIRepository + - GitRepository + - Bucket + - ExternalArtifact + type: string + name: + description: Name of the referent. + type: string + namespace: + description: "Namespace of the referent, defaults to the namespace + of the Kubernetes\nresource object that contains the reference. + \ " + type: string + required: + - kind + - name + type: object + suspend: + description: "This flag tells the controller to suspend subsequent + kustomize executions,\nit does not apply to already started executions. + Defaults to false. " + type: boolean + targetNamespace: + description: "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml + file. " + maxLength: 63 + minLength: 1 + type: string + timeout: + description: "Timeout for validation, apply and health checking operations.\nDefaults + to 'Interval' duration. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + wait: + description: "Wait instructs the controller to check the health of + all the reconciled\nresources. When enabled, the HealthChecks are + ignored. Defaults to false. " + type: boolean + required: + - interval + - prune + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + history: + description: "History contains a set of snapshots of the last reconciliation + attempts\ntracking the revision, the state and the duration of each + attempt. " + items: + description: "Snapshot represents a point-in-time record of a group + of resources reconciliation,\nincluding timing information, status, + and a unique digest identifier. " + properties: + digest: + description: Digest is the checksum in the format `:` + of the resources in this snapshot. + type: string + firstReconciled: + description: FirstReconciled is the time when this revision + was first reconciled to the cluster. + format: date-time + type: string + lastReconciled: + description: LastReconciled is the time when this revision was + last reconciled to the cluster. + format: date-time + type: string + lastReconciledDuration: + description: LastReconciledDuration is time it took to reconcile + the resources in this revision. + type: string + lastReconciledStatus: + description: LastReconciledStatus is the status of the last + reconciliation. + type: string + metadata: + additionalProperties: + type: string + description: Metadata contains additional information about + the snapshot. + type: object + totalReconciliations: + description: TotalReconciliations is the total number of reconciliations + that have occurred for this snapshot. + format: int64 + type: integer + required: + - digest + - firstReconciled + - lastReconciled + - lastReconciledDuration + - lastReconciledStatus + - totalReconciliations + type: object + type: array + inventory: + description: "Inventory contains the list of Kubernetes resource object + references that\nhave been successfully applied. " + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: "ID is the string representation of the Kubernetes + resource object's metadata,\nin the format '___'. + \ " + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedOriginRevision: + description: "The last successfully applied origin revision.\nEquals + the origin revision of the applied Artifact from the referenced + Source.\nUsually present on the Metadata of the applied Artifact + and depends on the\nSource type, e.g. for OCI it's the value associated + with the key\n\"org.opencontainers.image.revision\". " + type: string + lastAppliedRevision: + description: "The last successfully applied revision.\nEquals the + Revision of the applied Artifact from the referenced Source. " + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: ocirepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: OCIRepository + listKind: OCIRepositoryList + plural: ocirepositories + shortNames: + - ocirepo + singular: ocirepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: OCIRepository is the Schema for the ocirepositories API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: OCIRepositorySpec defines the desired state of OCIRepository + properties: + certSecretRef: + description: "CertSecretRef can be given the name of a Secret containing\neither + or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and + private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand + whichever are supplied, will be used for connecting to the\nregistry. + The client cert and key are useful if you are\nauthenticating with + a certificate; the CA cert is useful if\nyou are using a self-signed + server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ignore: + description: "Ignore overrides the set of excluded patterns in the + .sourceignore format\n(which is the same as .gitignore). If not + provided, a default will be used,\nconsult the documentation for + your version to find out what those are. " + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP container + registry. + type: boolean + interval: + description: "Interval at which the OCIRepository URL is checked for + updates.\nThis interval is approximate and may be subject to jitter + to ensure\nefficient use of resources. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + layerSelector: + description: "LayerSelector specifies which layer should be extracted + from the OCI artifact.\nWhen not specified, the first layer found + in the artifact is selected. " + properties: + mediaType: + description: "MediaType specifies the OCI media type of the layer\nwhich + should be extracted from the OCI Artifact. The\nfirst layer + matching this type is selected. " + type: string + operation: + description: "Operation specifies how the selected layer should + be processed.\nBy default, the layer compressed content is extracted + to storage.\nWhen the operation is set to 'copy', the layer + compressed content\nis persisted to storage as it is. " + enum: + - extract + - copy + type: string + type: object + provider: + default: generic + description: "The provider used for authentication, can be 'aws', + 'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'. + \ " + enum: + - generic + - aws + - azure + - gcp + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nto use while communicating with the container registry. + \ " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ref: + description: "The OCI reference to pull and monitor for changes,\ndefaults + to the latest tag. " + properties: + digest: + description: "Digest is the image digest to pull, takes precedence + over SemVer.\nThe value should be in the format 'sha256:'. + \ " + type: string + semver: + description: "SemVer is the range of tags to pull selecting the + latest within\nthe range, takes precedence over Tag. " + type: string + semverFilter: + description: SemverFilter is a regex pattern to filter the tags + within the SemVer range. + type: string + tag: + description: Tag is the image tag to pull, defaults to latest. + type: string + type: object + secretRef: + description: "SecretRef contains the secret name containing the registry + login\ncredentials to resolve image metadata.\nThe secret must be + of type kubernetes.io/dockerconfigjson. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate\nthe image pull if the service account has + attached pull secrets. For more information:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + \ " + type: string + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote OCI Repository operations like + pulling, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: "URL is a reference to an OCI artifact repository hosted\non + a remote container registry. " + pattern: ^oci://.*$ + type: string + verify: + description: "Verify contains the secret name containing the trusted + public keys\nused to verify the signature and specifies which provider + to use to check\nwhether OCI image is authentic. " + properties: + matchOIDCIdentity: + description: "MatchOIDCIdentity specifies the identity matching + criteria to use\nwhile verifying an OCI artifact which was signed + using Cosign keyless\nsigning. The artifact's identity is deemed + to be verified if any of the\nspecified matchers match against + the identity. " + items: + description: "OIDCIdentityMatch specifies options for verifying + the certificate identity,\ni.e. the issuer and the subject + of the certificate. " + properties: + issuer: + description: "Issuer specifies the regex pattern to match + against to verify\nthe OIDC issuer in the Fulcio certificate. + The pattern must be a\nvalid Go regular expression. " + type: string + subject: + description: "Subject specifies the regex pattern to match + against to verify\nthe identity subject in the Fulcio + certificate. The pattern must\nbe a valid Go regular expression. + \ " + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: "SecretRef specifies the Kubernetes Secret containing + the\ntrusted public keys. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: OCIRepositoryStatus defines the observed state of OCIRepository + properties: + artifact: + description: Artifact represents the output of the last successful + OCI Repository sync. + properties: + digest: + description: Digest is the digest of the file in the form of ':'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: "LastUpdateTime is the timestamp corresponding to + the last update of the\nArtifact. " + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: "Path is the relative file path of the Artifact. + It can be used to locate\nthe file in the root of the Artifact + storage on the local file system of\nthe controller managing + the Source. " + type: string + revision: + description: "Revision is a human-readable identifier traceable + in the origin source\nsystem. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. " + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: "URL is the HTTP address of the Artifact as exposed + by the controller\nmanaging the Source. It can be used to retrieve + the Artifact for\nconsumption, e.g. by another controller applying + the Artifact contents. " + type: string + required: + - digest + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the OCIRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedIgnore: + description: "ObservedIgnore is the observed exclusion patterns used + for constructing\nthe source artifact. " + type: string + observedLayerSelector: + description: "ObservedLayerSelector is the observed layer selector + used for constructing\nthe source artifact. " + properties: + mediaType: + description: "MediaType specifies the OCI media type of the layer\nwhich + should be extracted from the OCI Artifact. The\nfirst layer + matching this type is selected. " + type: string + operation: + description: "Operation specifies how the selected layer should + be processed.\nBy default, the layer compressed content is extracted + to storage.\nWhen the operation is set to 'copy', the layer + compressed content\nis persisted to storage as it is. " + enum: + - extract + - copy + type: string + type: object + url: + description: URL is the download link for the artifact output of the + last OCI Repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 + name: v1beta2 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of the Provider. + properties: + address: + description: "Address specifies the endpoint, in a generic sense, + to where alerts are sent.\nWhat kind of endpoint depends on the + specific Provider type being used.\nFor the generic Provider, for + example, this is an HTTP/S address.\nFor other Provider types this + could be a project ID or a namespace. " + maxLength: 2048 + type: string + certSecretRef: + description: "CertSecretRef specifies the Secret containing\na PEM-encoded + CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` + key has\nbeen deprecated. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + interval: + description: Interval at which to reconcile the Provider with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxy: + description: Proxy the HTTP/S address of the proxy server. + maxLength: 2048 + pattern: ^(http|https)://.*$ + type: string + secretRef: + description: "SecretRef specifies the Secret containing the authentication\ncredentials + for this Provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Provider. " + type: boolean + timeout: + description: Timeout for sending alerts to the Provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type specifies which Provider implementation to use. + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - gitea + - bitbucketserver + - bitbucket + - azuredevops + - googlechat + - googlepubsub + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + - pagerduty + - datadog + type: string + username: + description: Username specifies the name under which events are posted. + maxLength: 2048 + type: string + required: + - type + type: object + status: + default: + observedGeneration: -1 + description: ProviderStatus defines the observed state of the Provider. + properties: + conditions: + description: Conditions holds the conditions for the Provider. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta3 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of the Provider. + properties: + address: + description: "Address specifies the endpoint, in a generic sense, + to where alerts are sent.\nWhat kind of endpoint depends on the + specific Provider type being used.\nFor the generic Provider, for + example, this is an HTTP/S address.\nFor other Provider types this + could be a project ID or a namespace. " + maxLength: 2048 + type: string + certSecretRef: + description: "CertSecretRef specifies the Secret containing TLS certificates\nfor + secure communication.\n\nSupported configurations:\n- CA-only: Server + authentication (provide ca.crt only)\n- mTLS: Mutual authentication + (provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication + with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\", + \"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\", + \"tls.crt\", \"tls.key\" instead. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + channel: + description: Channel specifies the destination channel where events + should be posted. + maxLength: 2048 + type: string + commitStatusExpr: + description: "CommitStatusExpr is a CEL expression that evaluates + to a string value\nthat can be used to generate a custom commit + status message for use\nwith eligible Provider types (github, gitlab, + gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables + are: event, provider,\nand alert. " + type: string + interval: + description: "Interval at which to reconcile the Provider with its + Secret references.\nDeprecated and not used in v1beta3. " + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + proxy: + description: "Proxy the HTTP/S address of the proxy server.\nDeprecated: + Use ProxySecretRef instead. Will be removed in v1. " + maxLength: 2048 + pattern: ^(http|https)://.*$ + type: string + proxySecretRef: + description: "ProxySecretRef specifies the Secret containing the proxy + configuration\nfor this Provider. The Secret should contain an 'address' + key with the\nHTTP/S address of the proxy server. Optional 'username' + and 'password'\nkeys can be provided for proxy authentication. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + secretRef: + description: "SecretRef specifies the Secret containing the authentication\ncredentials + for this Provider. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: "ServiceAccountName is the name of the Kubernetes ServiceAccount + used to\nauthenticate with cloud provider services through workload + identity.\nThis enables multi-tenant authentication without storing + static credentials.\n\nSupported provider types: azureeventhub, + azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1. + Create an OIDC token for the specified ServiceAccount\n2. Exchange + it for cloud provider credentials via STS\n3. Use the obtained credentials + for API authentication\n\nWhen unspecified, controller-level authentication + is used (single-tenant).\n\nAn error is thrown if static credentials + are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity + feature gate to be enabled. " + type: string + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this Provider. " + type: boolean + timeout: + description: Timeout for sending alerts to the Provider. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + type: + description: Type specifies which Provider implementation to use. + enum: + - slack + - discord + - msteams + - rocket + - generic + - generic-hmac + - github + - gitlab + - gitea + - giteapullrequestcomment + - bitbucketserver + - bitbucket + - azuredevops + - googlechat + - googlepubsub + - webex + - sentry + - azureeventhub + - telegram + - lark + - matrix + - opsgenie + - alertmanager + - grafana + - githubdispatch + - githubpullrequestcomment + - gitlabmergerequestcomment + - pagerduty + - datadog + - nats + - zulip + - otel + type: string + username: + description: Username specifies the name under which events are posted. + maxLength: 2048 + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', + 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types + rule: self.type == 'github' || self.type == 'gitlab' || self.type == + 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' + || self.type == 'azuredevops' || !has(self.commitStatusExpr) + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: "Events specifies the list of event types to handle,\ne.g. + 'push' for GitHub or 'Push Hook' for GitLab. " + items: + type: string + type: array + interval: + default: 10m + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resourceFilter: + description: "ResourceFilter is a CEL expression expected to return + a boolean that is\nevaluated for each resource referenced in the + Resources field when a\nwebhook is received. If the expression returns + false then the controller\nwill not request a reconciliation for + the resource.\nWhen the expression is specified the controller will + parse it and mark\nthe object as terminally failed if the expression + is invalid or does not\nreturn a boolean. " + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: "SecretRef specifies the Secret containing the token + used\nto validate the payload authenticity. The Secret must contain + a 'token'\nkey. For GCR receivers, the Secret must also contain + an 'email' key\nwith the IAM service account email configured on + the Pub/Sub push\nsubscription, and may optionally contain an 'audience' + key with the\nexpected OIDC token audience. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this receiver. " + type: boolean + type: + description: "Type of webhook sender, used to determine\nthe validation + procedure and payload deserialization. " + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + - cdevents + type: string + required: + - resources + - secretRef + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + webhookPath: + description: "WebhookPath is the generated incoming webhook address + in the format\nof '/hook/sha256sum(token+name+namespace)'. " + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + deprecated: true + deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 + name: v1beta2 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation + of an object.\nServers should convert recognized schemas to the latest + internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + \ " + type: string + kind: + description: "Kind is a string value representing the REST resource this + object represents.\nServers may infer this from the endpoint the client + submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + \ " + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of the Receiver. + properties: + events: + description: "Events specifies the list of event types to handle,\ne.g. + 'push' for GitHub or 'Push Hook' for GitLab. " + items: + type: string + type: array + interval: + description: Interval at which to reconcile the Receiver with its + Secret references. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + resources: + description: A list of resources to be notified about changes. + items: + description: "CrossNamespaceObjectReference contains enough information + to let you locate the\ntyped referenced object at cluster level + \ " + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + - OCIRepository + - ArtifactGenerator + - ExternalArtifact + type: string + matchLabels: + additionalProperties: + type: string + description: "MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels\nmap is equivalent to an element + of matchExpressions, whose key field is \"key\", the\noperator + is \"In\", and the values array contains only \"value\". The + requirements are ANDed.\nMatchLabels requires the name to + be set to `*`. " + type: object + name: + description: "Name of the referent\nIf multiple resources are + targeted `*` may be set. " + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + secretRef: + description: "SecretRef specifies the Secret containing the token + used\nto validate the payload authenticity. " + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: "Suspend tells the controller to suspend subsequent\nevents + handling for this receiver. " + type: boolean + type: + description: "Type of webhook sender, used to determine\nthe validation + procedure and payload deserialization. " + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - secretRef + - type + type: object + status: + default: + observedGeneration: -1 + description: ReceiverStatus defines the observed state of the Receiver. + properties: + conditions: + description: Conditions holds the conditions for the Receiver. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition + transitioned from one status to another.\nThis should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. " + format: date-time + type: string + message: + description: "message is a human readable message indicating + details about the transition.\nThis may be an empty string. + \ " + maxLength: 32768 + type: string + observedGeneration: + description: "observedGeneration represents the .metadata.generation + that the condition was set based upon.\nFor instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date\nwith respect to the current + state of the instance. " + format: int64 + minimum: 0 + type: integer + reason: + description: "reason contains a programmatic identifier indicating + the reason for the condition's last transition.\nProducers + of specific condition types may define expected values and + meanings for this field,\nand whether the values are considered + a guaranteed API.\nThe value should be a CamelCase string.\nThis + field may not be empty. " + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: "LastHandledReconcileAt holds the value of the most recent\nreconcile + request value, so a change of the annotation value\ncan be detected. + \ " + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Receiver object. + format: int64 + type: integer + url: + description: "URL is the generated incoming webhook address in the + format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated: + Replaced by WebhookPath. " + type: string + webhookPath: + description: "WebhookPath is the generated incoming webhook address + in the format\nof '/hook/sha256sum(token+name+namespace)'. " + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - source.extensions.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - secrets + - configmaps + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- nonResourceURLs: + - /livez/ping + verbs: + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: flux-edit-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: flux-view-flux-system +rules: +- apiGroups: + - notification.toolkit.fluxcd.io + - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io + - helm.toolkit.fluxcd.io + - image.toolkit.fluxcd.io + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +- kind: ServiceAccount + name: source-watcher + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + name: test-http + namespace: test +spec: + ports: + - name: http + port: 80 + targetPort: 5678 + selector: + app: test-http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + app.kubernetes.io/component: helm-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/helm-controller:v1.5.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + app.kubernetes.io/component: kustomize-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/kustomize-controller:v1.8.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + app.kubernetes.io/component: notification-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/notification-controller:v1.8.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 9292 + name: http-webhook + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + app.kubernetes.io/component: source-controller + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + spec: + containers: + - args: + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TUF_ROOT + value: /tmp/.sigstore + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + containerName: manager + resource: limits.memory + image: ghcr.io/fluxcd/source-controller:v1.8.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + protocol: TCP + - containerPort: 8080 + name: http-prom + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: test-http + name: test-http + namespace: test +spec: + replicas: 1 + selector: + matchLabels: + app: test-http + template: + metadata: + labels: + app: test-http + spec: + containers: + - args: + - -text=ok from flux + image: hashicorp/http-echo:1.0.0 + name: http-echo + ports: + - containerPort: 5678 + name: http +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mapper + namespace: mapper +spec: + chart: + spec: + chart: universal-chart + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.7 + install: + remediation: + retries: 3 + interval: 10m + upgrade: + remediation: + retries: 3 + values: + global: + env: _default + services: + backend: + commitSha: "" + deployment: + enabled: true + name: + _default: backend + preprod: backend + production: backend + stage: mapper-backend + port: + _default: 8000 + probes: + liveness: + enabled: false + readiness: + enabled: false + replicaCount: + _default: 1 + preprod: 3 + production: 3 + stage: 1 + resources: + limits: + cpu: + _default: "2.0" + memory: + _default: 512Mi + requests: + cpu: + _default: "1.0" + memory: + _default: 128Mi + enabled: true + envs: + - name: DOCUMENTATION_HOST + value: + _default: https://stage-api.sarex.io/documentations/api/v1 + - name: FLOW_HOST + value: + _default: https://stage-api.sarex.io/flows/api/v1 + - name: DJANGO_HOST + value: + _default: https://stage.sarex.io/api + - name: NOTE_HOST + value: + _default: https://stage-api.sarex.io/notes/api/v1 + - name: REDIS_USE + value: + _default: "0" + preprod: "0" + production: "0" + stage: "0" + - name: TIMEOUT + value: + _default: "120" + preprod: "120" + production: "120" + stage: "120" + gitlabJobUrl: "" + gitlabUri: "" + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:latest + pullPolicy: + _default: IfNotPresent + imagePullSecrets: + enabled: + _default: true + name: + _default: dockerhub + labels: + monitoring: prometheus + owner: "" + service: + enabled: true + name: + _default: backend-service + preprod: backend-service + production: backend-service + stage: mapper-backend-service + port: + _default: 8000 + portName: + _default: http + targetPort: + _default: 8000 + type: + _default: ClusterIP +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vault + namespace: vault +spec: + chart: + spec: + chart: vault-contour + interval: 10m + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + version: 0.1.0 + install: + remediation: + retries: 3 + interval: 5m + timeout: 10m + upgrade: + remediation: + retries: 3 + values: + imagePullSecrets: + - name: regcred + server: + dataStorage: + storageClass: local-path +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./clusters/brusnika-stage + prune: true + sourceRef: + kind: GitRepository + name: flux-system +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt + name: vault + namespace: vault +spec: + ingressClassName: nginx + rules: + - host: vault.stage.brusnika.sarex.lonsdaleites.ru + http: + paths: + - backend: + service: + name: vault-vault-contour + port: + number: 8200 + path: / + pathType: Prefix + tls: + - hosts: + - vault.stage.brusnika.sarex.lonsdaleites.ru + secretName: vault-stage-tls +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v2.8.5 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: master + secretRef: + name: flux-system + url: https://gitea.stage.brusnika.sarex.lonsdaleites.ru/sarex/iac.git +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: yc-oci-charts + namespace: flux-system +spec: + interval: 10m0s + secretRef: + name: yc-cr-auth + type: oci + url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts diff --git a/apps/mapper/brusnika-stage/helmrelease.yaml b/apps/mapper/brusnika-stage/helmrelease.yaml index 2962659..0c7013f 100644 --- a/apps/mapper/brusnika-stage/helmrelease.yaml +++ b/apps/mapper/brusnika-stage/helmrelease.yaml @@ -22,105 +22,103 @@ spec: remediation: retries: 3 values: - universal-chart: - global: - env: _default + global: + env: _default + services: + backend: + enabled: true - services: - backend: + deployment: enabled: true + name: + _default: backend + stage: mapper-backend + preprod: backend + production: backend + replicaCount: + _default: 1 + stage: 1 + preprod: 3 + production: 3 + port: + _default: 8000 + resources: + limits: + cpu: + _default: "2.0" + memory: + _default: 512Mi + requests: + cpu: + _default: "1.0" + memory: + _default: 128Mi + probes: + liveness: + enabled: false + readiness: + enabled: false - deployment: - enabled: true - name: - _default: backend - stage: mapper-backend - preprod: backend - production: backend - replicaCount: - _default: 1 - stage: 1 - preprod: 3 - production: 3 - port: - _default: 8000 - resources: - limits: - cpu: - _default: "2.0" - memory: - _default: 512Mi - requests: - cpu: - _default: "1.0" - memory: - _default: 128Mi - probes: - liveness: - enabled: false - readiness: - enabled: false + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:latest + pullPolicy: + _default: IfNotPresent - image: - name: - _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:latest - pullPolicy: - _default: IfNotPresent + service: + enabled: true + name: + _default: backend-service + stage: mapper-backend-service + preprod: backend-service + production: backend-service + type: + _default: ClusterIP + port: + _default: 8000 + targetPort: + _default: 8000 + portName: + _default: http - service: - enabled: true - name: - _default: backend-service - stage: mapper-backend-service - preprod: backend-service - production: backend-service - type: - _default: ClusterIP - port: - _default: 8000 - targetPort: - _default: 8000 - portName: - _default: http + imagePullSecrets: + enabled: + _default: true + name: + _default: dockerhub - imagePullSecrets: - enabled: - _default: true - name: - _default: dockerhub + labels: + monitoring: prometheus - labels: - monitoring: prometheus + envs: + - name: DOCUMENTATION_HOST + value: + _default: https://stage-api.sarex.io/documentations/api/v1 + - name: FLOW_HOST + value: + _default: https://stage-api.sarex.io/flows/api/v1 + - name: DJANGO_HOST + value: + _default: https://stage.sarex.io/api + - name: NOTE_HOST + value: + _default: https://stage-api.sarex.io/notes/api/v1 + - name: REDIS_USE + value: + _default: "0" + stage: "0" + preprod: "0" + production: "0" + - name: TIMEOUT + value: + _default: "120" + stage: "120" + preprod: "120" + production: "120" - envs: - - name: DOCUMENTATION_HOST - value: - _default: https://stage-api.sarex.io/documentations/api/v1 - - name: FLOW_HOST - value: - _default: https://stage-api.sarex.io/flows/api/v1 - - name: DJANGO_HOST - value: - _default: https://stage.sarex.io/api - - name: NOTE_HOST - value: - _default: https://stage-api.sarex.io/notes/api/v1 - - name: REDIS_USE - value: - _default: "0" - stage: "0" - preprod: "0" - production: "0" - - name: TIMEOUT - value: - _default: "120" - stage: "120" - preprod: "120" - production: "120" - - commitSha: "" - gitlabUri: "" - gitlabJobUrl: "" - owner: "" + commitSha: "" + gitlabUri: "" + gitlabJobUrl: "" + owner: ""