From 668c07b23f652e50e9dbc75902223970dd64c2da Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 2 Jun 2026 14:52:53 +0500 Subject: [PATCH] ++ --- 1.yaml | 6417 ------------------- apps/mapper/brusnika-stage/helmrelease.yaml | 10 +- 2 files changed, 5 insertions(+), 6422 deletions(-) delete mode 100644 1.yaml diff --git a/1.yaml b/1.yaml deleted file mode 100644 index 83791dc..0000000 --- a/1.yaml +++ /dev/null @@ -1,6417 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: mapper ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test ---- -apiVersion: v1 -kind: Namespace -metadata: - labels: - istio-injection: enabled - name: vault ---- -apiVersion: v1 -kind: ResourceQuota -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: critical-pods-flux-system - namespace: flux-system -spec: - hard: - pods: "1000" - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical - - system-cluster-critical ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: "EventMetadata is an optional field for adding metadata - to events dispatched by the\ncontroller. This can be used for enhancing - the context of the event. If a field\nwould override one already - present on the original event as generated by the emitter,\nthen - the override doesn't happen, i.e. the original value is preserved, - and an info\nlog is printed. " - type: object - eventSeverity: - default: info - description: "EventSeverity specifies how to filter events based on - severity.\nIf set to 'info' no events will be filtered. " - enum: - - info - - error - type: string - eventSources: - description: "EventSources specifies how to filter events based\non - the involved object kind, name and namespace. " - items: - description: "CrossNamespaceObjectReference contains enough information - to let you locate the\ntyped referenced object at cluster level - \ " - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: "MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels\nmap is equivalent to an element - of matchExpressions, whose key field is \"key\", the\noperator - is \"In\", and the values array contains only \"value\". The - requirements are ANDed.\nMatchLabels requires the name to - be set to `*`. " - type: object - name: - description: "Name of the referent\nIf multiple resources are - targeted `*` may be set. " - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: "ExclusionList specifies a list of Golang regular expressions\nto - be used for excluding messages. " - items: - type: string - type: array - inclusionList: - description: "InclusionList specifies a list of Golang regular expressions\nto - be used for including messages. " - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this Alert. " - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: "EventMetadata is an optional field for adding metadata - to events dispatched by the\ncontroller. This can be used for enhancing - the context of the event. If a field\nwould override one already - present on the original event as generated by the emitter,\nthen - the override doesn't happen, i.e. the original value is preserved, - and an info\nlog is printed. " - type: object - eventSeverity: - default: info - description: "EventSeverity specifies how to filter events based on - severity.\nIf set to 'info' no events will be filtered. " - enum: - - info - - error - type: string - eventSources: - description: "EventSources specifies how to filter events based\non - the involved object kind, name and namespace. " - items: - description: "CrossNamespaceObjectReference contains enough information - to let you locate the\ntyped referenced object at cluster level - \ " - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: "MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels\nmap is equivalent to an element - of matchExpressions, whose key field is \"key\", the\noperator - is \"In\", and the values array contains only \"value\". The - requirements are ANDed.\nMatchLabels requires the name to - be set to `*`. " - type: object - name: - description: "Name of the referent\nIf multiple resources are - targeted `*` may be set. " - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: "ExclusionList specifies a list of Golang regular expressions\nto - be used for excluding messages. " - items: - type: string - type: array - inclusionList: - description: "InclusionList specifies a list of Golang regular expressions\nto - be used for including messages. " - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: "Summary holds a short description of the impact and - affected cluster.\nDeprecated: Use EventMetadata instead. " - maxLength: 255 - type: string - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this Alert. " - type: boolean - required: - - eventSources - - providerRef - type: object - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: "BucketSpec specifies the required configuration to produce - an Artifact for\nan object storage bucket. " - properties: - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither - or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and - private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand - whichever are supplied, will be used for connecting to the\nbucket. - The client cert and key are useful if you are\nauthenticating with - a certificate; the CA cert is useful if\nyou are using a self-signed - server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis - field is only supported for the `generic` provider. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: "Ignore overrides the set of excluded patterns in the - .sourceignore format\n(which is the same as .gitignore). If not - provided, a default will be used,\nconsult the documentation for - your version to find out what those are. " - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: "Interval at which the Bucket Endpoint is checked for - updates.\nThis interval is approximate and may be subject to jitter - to ensure\nefficient use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - prefix: - description: Prefix to use for server-side filtering of files in the - Bucket. - type: string - provider: - default: generic - description: "Provider of the object storage bucket.\nDefaults to - 'generic', which expects an S3 (API) compatible object\nstorage. - \ " - enum: - - generic - - aws - - gcp - - azure - type: string - proxySecretRef: - description: "ProxySecretRef specifies the Secret containing the proxy - configuration\nto use while communicating with the Bucket server. - \ " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: "SecretRef specifies the Secret containing authentication - credentials\nfor the Bucket. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: "ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate\nthe bucket. This field is only supported for - the 'gcp' and 'aws' providers.\nFor more information about workload - identity:\nhttps://fluxcd.io/flux/components/source/buckets/#workload-identity - \ " - type: string - sts: - description: "STS specifies the required configuration to use a Security - Token\nService for fetching temporary credentials to authenticate - in a\nBucket provider.\n\nThis field is only supported for the `aws` - and `generic` providers. " - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a Secret - containing\neither or both of\n\n- a PEM-encoded client certificate - (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA - certificate (`ca.crt`)\n\nand whichever are supplied, will be - used for connecting to the\nSTS endpoint. The client cert and - key are useful if you are\nauthenticating with a certificate; - the CA cert is useful if\nyou are using a self-signed server - certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis - field is only supported for the `ldap` provider. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: "Endpoint is the HTTP/S endpoint of the Security - Token Service from\nwhere temporary credentials will be fetched. - \ " - pattern: ^(http|https)://.*$ - type: string - provider: - description: Provider of the Security Token Service. - enum: - - aws - - ldap - type: string - secretRef: - description: "SecretRef specifies the Secret containing authentication - credentials\nfor the STS endpoint. This Secret must contain - the fields `username`\nand `password` and is supported only - for the `ldap` provider. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - endpoint - - provider - type: object - suspend: - description: "Suspend tells the controller to suspend the reconciliation - of this\nBucket. " - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - x-kubernetes-validations: - - message: STS configuration is only supported for the 'aws' and 'generic' - Bucket providers - rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) - - message: '''aws'' is the only supported STS provider for the ''aws'' - Bucket provider' - rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider - == 'aws' - - message: '''ldap'' is the only supported STS provider for the ''generic'' - Bucket provider' - rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider - == 'ldap' - - message: spec.sts.secretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' - - message: spec.sts.certSecretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' - - message: ServiceAccountName is not supported for the 'generic' Bucket - provider - rule: self.provider != 'generic' || !has(self.serviceAccountName) - - message: cannot set both .spec.secretRef and .spec.serviceAccountName - rule: '!has(self.secretRef) || !has(self.serviceAccountName)' - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: "ObservedIgnore is the observed exclusion patterns used - for constructing\nthe source artifact. " - type: string - url: - description: "URL is the dynamic fetch link for the latest Artifact.\nIt - is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact - data is recommended. " - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: externalartifacts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: ExternalArtifact - listKind: ExternalArtifactList - plural: externalartifacts - singular: externalartifact - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .spec.sourceRef.name - name: Source - type: string - name: v1 - schema: - openAPIV3Schema: - description: ExternalArtifact is the Schema for the external artifacts API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: ExternalArtifactSpec defines the desired state of ExternalArtifact - properties: - sourceRef: - description: "SourceRef points to the Kubernetes custom resource for\nwhich - the artifact is generated. " - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: object - status: - description: ExternalArtifactStatus defines the observed state of ExternalArtifact - properties: - artifact: - description: Artifact represents the output of an ExternalArtifact - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the ExternalArtifact. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: "GitRepositorySpec specifies the required configuration to - produce an\nArtifact for a Git repository. " - properties: - ignore: - description: "Ignore overrides the set of excluded patterns in the - .sourceignore format\n(which is the same as .gitignore). If not - provided, a default will be used,\nconsult the documentation for - your version to find out what those are. " - type: string - include: - description: "Include specifies a list of GitRepository resources - which Artifacts\nshould be included in the Artifact produced for - this GitRepository. " - items: - description: "GitRepositoryInclude specifies a local reference to - a GitRepository which\nArtifact (sub-)contents must be included, - and where they should be placed. " - properties: - fromPath: - description: "FromPath specifies the path to copy contents from, - defaults to the root\nof the Artifact. " - type: string - repository: - description: "GitRepositoryRef specifies the GitRepository which - Artifact contents\nmust be included. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: "ToPath specifies the path to copy contents to, - defaults to the name of\nthe GitRepositoryRef. " - type: string - required: - - repository - type: object - type: array - interval: - description: "Interval at which the GitRepository URL is checked for - updates.\nThis interval is approximate and may be subject to jitter - to ensure\nefficient use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - description: "Provider used for authentication, can be 'azure', 'github', - 'generic'.\nWhen not specified, defaults to 'generic'. " - enum: - - generic - - azure - - github - type: string - proxySecretRef: - description: "ProxySecretRef specifies the Secret containing the proxy - configuration\nto use while communicating with the Git server. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - recurseSubmodules: - description: "RecurseSubmodules enables the initialization of all - submodules within\nthe GitRepository as cloned from the URL, using - their default settings. " - type: boolean - ref: - description: "Reference specifies the Git reference to resolve and - monitor for\nchanges, defaults to the 'master' branch. " - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields.\n\nThis can be combined with Branch to shallow - clone the branch, in which\nthe commit is expected to exist. - \ " - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description\nExamples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\" " - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: "SecretRef specifies the Secret containing authentication - credentials for\nthe GitRepository.\nFor HTTPS repositories the - Secret must contain 'username' and 'password'\nfields for basic - auth or 'bearerToken' field for token auth.\nFor SSH repositories - the Secret must contain 'identity'\nand 'known_hosts' fields. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: "ServiceAccountName is the name of the Kubernetes ServiceAccount - used to\nauthenticate to the GitRepository. This field is only supported - for 'azure' provider. " - type: string - sparseCheckout: - description: "SparseCheckout specifies a list of directories to checkout - when cloning\nthe repository. If specified, only these directories - are included in the\nArtifact produced for this GitRepository. " - items: - type: string - type: array - suspend: - description: "Suspend tells the controller to suspend the reconciliation - of this\nGitRepository. " - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: "Verification specifies the configuration to verify the - Git commit\nsignature(s). " - properties: - mode: - default: HEAD - description: "Mode specifies which Git object(s) should be verified.\n\nThe - variants \"head\" and \"HEAD\" both imply the same thing, i.e. - verify\nthe commit that the HEAD of the Git repository points - to. The variant\n\"head\" solely exists to ensure backwards - compatibility. " - enum: - - head - - HEAD - - Tag - - TagAndHEAD - type: string - secretRef: - description: "SecretRef specifies the Secret containing the public - keys of trusted Git\nauthors. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - secretRef - type: object - required: - - interval - - url - type: object - x-kubernetes-validations: - - message: serviceAccountName can only be set when provider is 'azure' - rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider - == ''azure'')' - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: "IncludedArtifacts contains a list of the last successfully - included\nArtifacts as instructed by GitRepositorySpec.Include. - \ " - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding - to the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, - Git tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to - retrieve the Artifact for\nconsumption, e.g. by another controller - applying the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: "ObservedGeneration is the last observed generation of - the GitRepository\nobject. " - format: int64 - type: integer - observedIgnore: - description: "ObservedIgnore is the observed exclusion patterns used - for constructing\nthe source artifact. " - type: string - observedInclude: - description: "ObservedInclude is the observed list of GitRepository - resources used to\nproduce the current Artifact. " - items: - description: "GitRepositoryInclude specifies a local reference to - a GitRepository which\nArtifact (sub-)contents must be included, - and where they should be placed. " - properties: - fromPath: - description: "FromPath specifies the path to copy contents from, - defaults to the root\nof the Artifact. " - type: string - repository: - description: "GitRepositoryRef specifies the GitRepository which - Artifact contents\nmust be included. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: "ToPath specifies the path to copy contents to, - defaults to the name of\nthe GitRepositoryRef. " - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration - used to produce the current Artifact. " - type: boolean - observedSparseCheckout: - description: "ObservedSparseCheckout is the observed list of directories - used to\nproduce the current Artifact. " - items: - type: string - type: array - sourceVerificationMode: - description: "SourceVerificationMode is the last used verification - mode indicating\nwhich Git object(s) have been verified. " - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - chart: - description: "Chart is the name or path the Helm chart is available - at in the\nSourceRef. " - type: string - ignoreMissingValuesFiles: - description: "IgnoreMissingValuesFiles controls whether to silently - ignore missing values\nfiles rather than failing. " - type: boolean - interval: - description: "Interval at which the HelmChart SourceRef is checked - for updates.\nThis interval is approximate and may be subject to - jitter to ensure\nefficient use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: "ReconcileStrategy determines what enables the creation - of a new artifact.\nValid values are ('ChartVersion', 'Revision').\nSee - the documentation of the values for an explanation on their behavior.\nDefaults - to ChartVersion when omitted. " - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: "Kind of the referent, valid values are ('HelmRepository', - 'GitRepository',\n'Bucket'). " - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: "Suspend tells the controller to suspend the reconciliation - of this\nsource. " - type: boolean - valuesFiles: - description: "ValuesFiles is an alternative list of values files to - use as the chart\nvalues (values.yaml is not included by default), - expected to be a\nrelative path in the SourceRef.\nValues files - are merged in the order of this list with the last file\noverriding - the first. Ignored when omitted. " - items: - type: string - type: array - verify: - description: "Verify contains the secret name containing the trusted - public keys\nused to verify the signature and specifies which provider - to use to check\nwhether OCI image is authentic.\nThis field is - only supported when using HelmRepository source with spec.type 'oci'.\nChart - dependencies, which are not bundled in the umbrella chart artifact, - are not verified. " - properties: - matchOIDCIdentity: - description: "MatchOIDCIdentity specifies the identity matching - criteria to use\nwhile verifying an OCI artifact which was signed - using Cosign keyless\nsigning. The artifact's identity is deemed - to be verified if any of the\nspecified matchers match against - the identity. " - items: - description: "OIDCIdentityMatch specifies options for verifying - the certificate identity,\ni.e. the issuer and the subject - of the certificate. " - properties: - issuer: - description: "Issuer specifies the regex pattern to match - against to verify\nthe OIDC issuer in the Fulcio certificate. - The pattern must be a\nvalid Go regular expression. " - type: string - subject: - description: "Subject specifies the regex pattern to match - against to verify\nthe identity subject in the Fulcio - certificate. The pattern must\nbe a valid Go regular expression. - \ " - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: "SecretRef specifies the Kubernetes Secret containing - the\ntrusted public keys. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: "Version is the chart version semver expression, ignored - for charts from\nGitRepository and Bucket sources. Defaults to latest - when omitted. " - type: string - required: - - chart - - interval - - sourceRef - type: object - x-kubernetes-validations: - - message: spec.verify is only supported when spec.sourceRef.kind is 'HelmRepository' - rule: '!has(self.verify) || self.sourceRef.kind == ''HelmRepository''' - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedChartName: - description: "ObservedChartName is the last observed chart name as - specified by the\nresolved chart reference. " - type: string - observedGeneration: - description: "ObservedGeneration is the last observed generation of - the HelmChart\nobject. " - format: int64 - type: integer - observedSourceArtifactRevision: - description: "ObservedSourceArtifactRevision is the last observed - Artifact.Revision\nof the HelmChartSpec.SourceRef. " - type: string - observedValuesFiles: - description: "ObservedValuesFiles are the observed value files of - the last successful\nreconciliation.\nIt matches the chart in the - last successfully reconciled artifact. " - items: - type: string - type: array - url: - description: "URL is the dynamic fetch link for the latest Artifact.\nIt - is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact - data is recommended. " - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: "Chart defines the template of the v1.HelmChart that - should be created\nfor this HelmRelease. " - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map - stored with a resource that may be\nset by external tools - to store and retrieve arbitrary metadata. They are not\nqueryable - and should be preserved when modifying objects.\nMore info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - \ " - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used - to organize and categorize\n(scope and select) objects.\nMore - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - \ " - type: object - type: object - spec: - description: Spec holds the template for the v1.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - maxLength: 2048 - minLength: 1 - type: string - ignoreMissingValuesFiles: - description: IgnoreMissingValuesFiles controls whether to - silently ignore missing values files rather than failing. - type: boolean - interval: - description: "Interval at which to check the v1.Source for - updates. Defaults to\n'HelmReleaseSpec.Interval'. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: "Determines what enables the creation of a new - artifact. Valid values are\n('ChartVersion', 'Revision').\nSee - the documentation of the values for an explanation on their - behavior.\nDefaults to ChartVersion when omitted. " - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1.Source the chart - is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - kind - - name - type: object - valuesFiles: - description: "Alternative list of values files to use as the - chart values (values.yaml\nis not included by default), - expected to be a relative path in the SourceRef.\nValues - files are merged in the order of this list with the last - file overriding\nthe first. Ignored when omitted. " - items: - type: string - type: array - verify: - description: "Verify contains the secret name containing the - trusted public keys\nused to verify the signature and specifies - which provider to use to check\nwhether OCI image is authentic.\nThis - field is only supported for OCI sources.\nChart dependencies, - which are not bundled in the umbrella chart artifact,\nare - not verified. " - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - - notation - type: string - secretRef: - description: "SecretRef specifies the Kubernetes Secret - containing the\ntrusted public keys. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: "Version semver expression, ignored for charts - from v1.GitRepository and\nv1beta2.Bucket sources. Defaults - to latest when omitted. " - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - chartRef: - description: "ChartRef holds a reference to a source controller resource - containing the\nHelm chart artifact. " - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - HelmChart - - ExternalArtifact - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace of the referent, defaults to the namespace - of the Kubernetes\nresource object that contains the reference. - \ " - maxLength: 63 - minLength: 1 - type: string - required: - - kind - - name - type: object - commonMetadata: - description: "CommonMetadata specifies the common labels and annotations - that are\napplied to all resources. Any existing label or annotation - will be\noverridden if its key matches a common one. " - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - dependsOn: - description: "DependsOn may contain a DependencyReference slice with\nreferences - to HelmRelease resources that must be ready before this HelmRelease\ncan - be reconciled. " - items: - description: DependencyReference defines a HelmRelease dependency - on another HelmRelease resource. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: "Namespace of the referent, defaults to the namespace - of the HelmRelease\nresource object that contains the reference. - \ " - type: string - readyExpr: - description: "ReadyExpr is a CEL expression that can be used - to assess the readiness\nof a dependency. When specified, - the built-in readiness check\nis replaced by the logic defined - in the CEL expression.\nTo make the CEL expression additive - to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` - must be set to `true`. " - type: string - required: - - name - type: object - type: array - driftDetection: - description: "DriftDetection holds the configuration for detecting - and handling\ndifferences between the manifest in the Helm storage - and the resources\ncurrently existing in the cluster. " - properties: - ignore: - description: "Ignore contains a list of rules for specifying which - changes to ignore\nduring diffing. " - items: - description: "IgnoreRule defines a rule to selectively disregard - specific changes during\nthe drift detection process. " - properties: - paths: - description: "Paths is a list of JSON Pointer (RFC 6901) - paths to be excluded from\nconsideration in a Kubernetes - object. " - items: - type: string - type: array - target: - description: "Target is a selector for specifying Kubernetes - objects to which this\nrule applies.\nIf Target is not - set, the Paths will be ignored for all Kubernetes\nobjects - within the manifest of the Helm release. " - properties: - annotationSelector: - description: "AnnotationSelector is a string that follows - the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource annotations. " - type: string - group: - description: "Group is the API group to select resources - from.\nTogether with Version and Kind it is capable - of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - kind: - description: "Kind of the API Group to select resources - from.\nTogether with Group and Version it is capable - of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - labelSelector: - description: "LabelSelector is a string that follows - the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource labels. " - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: "Version of the API Group to select resources - from.\nTogether with Group and Kind it is capable - of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - type: object - required: - - paths - type: object - type: array - mode: - description: "Mode defines how differences should be handled between - the Helm manifest\nand the manifest currently applied to the - cluster.\nIf not explicitly set, it defaults to DiffModeDisabled. - \ " - enum: - - enabled - - warn - - disabled - type: string - type: object - healthCheckExprs: - description: "HealthCheckExprs is a list of healthcheck expressions - for evaluating the\nhealth of custom resources using Common Expression - Language (CEL).\nThe expressions are evaluated only when the specific - Helm action\ntaking place has wait enabled, i.e. DisableWait is - false, and the\n'poller' WaitStrategy is used. " - items: - description: CustomHealthCheck defines the health check for custom - resources. - properties: - apiVersion: - description: APIVersion of the custom resource under evaluation. - type: string - current: - description: "Current is the CEL expression that determines - if the status\nof the custom resource has reached the desired - state. " - type: string - failed: - description: "Failed is the CEL expression that determines if - the status\nof the custom resource has failed to reach the - desired state. " - type: string - inProgress: - description: "InProgress is the CEL expression that determines - if the status\nof the custom resource has not yet reached - the desired state. " - type: string - kind: - description: Kind of the custom resource under evaluation. - type: string - required: - - apiVersion - - current - - kind - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according\nto the CRD upgrade policy provided here. Valid values - are `Skip`,\n`Create` or `CreateReplace`. Default is `Create` - and if omitted\nCRDs are installed but not updated.\n\nSkip: - do neither install nor replace (update) any CRDs.\n\nCreate: - new CRDs are created, existing CRDs are neither updated nor - deleted.\n\nCreateReplace: new CRDs are created, existing CRDs - are updated (replaced)\nbut not deleted.\n\nBy default, CRDs - are applied (installed) during Helm install action.\nWith this - option users can opt in to CRD replace existing CRDs on Helm\ninstall - actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. - \ " - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: "CreateNamespace tells the Helm install action to - create the\nHelmReleaseSpec.TargetNamespace if it does not exist - yet.\nOn uninstall, the namespace will not be garbage collected. - \ " - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: "DisableOpenAPIValidation prevents the Helm install - action from validating\nrendered templates against the Kubernetes - OpenAPI Schema. " - type: boolean - disableSchemaValidation: - description: "DisableSchemaValidation prevents the Helm install - action from validating\nthe values against the JSON Schema. - \ " - type: boolean - disableTakeOwnership: - description: "DisableTakeOwnership disables taking ownership of - existing resources\nduring the Helm install action. Defaults - to false. " - type: boolean - disableWait: - description: "DisableWait disables the waiting for resources to - be ready after a Helm\ninstall has been performed. " - type: boolean - disableWaitForJobs: - description: "DisableWaitForJobs disables waiting for jobs to - complete after a Helm\ninstall has been performed. " - type: boolean - remediation: - description: "Remediation holds the remediation configuration - for when the Helm install\naction for the HelmRelease fails. - The default is to not perform any action. " - properties: - ignoreTestFailures: - description: "IgnoreTestFailures tells the controller to skip - remediation when the Helm\ntests are run after an install - action but fail. Defaults to\n'Test.IgnoreFailures'. " - type: boolean - remediateLastFailure: - description: "RemediateLastFailure tells the controller to - remediate the last failure, when\nno retries remain. Defaults - to 'false'. " - type: boolean - retries: - description: "Retries is the number of retries that should - be attempted on failures before\nbailing. Remediation, using - an uninstall, is performed between each attempt.\nDefaults - to '0', a negative integer equals to unlimited retries. - \ " - type: integer - type: object - replace: - description: "Replace tells the Helm install action to re-use - the 'ReleaseName', but only\nif that name is a deleted release - which remains in the history. " - type: boolean - serverSideApply: - description: "ServerSideApply enables server-side apply for resources - during install.\nDefaults to true (or false when UseHelm3Defaults - feature gate is enabled). " - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated - use CRD policy (`crds`) attribute with value `Skip` instead. - \ " - type: boolean - strategy: - description: "Strategy defines the install strategy to use for - this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' - when the\nDefaultToRetryOnFailure feature gate is enabled. " - properties: - name: - description: Name of the install strategy. - enum: - - RemediateOnFailure - - RetryOnFailure - type: string - retryInterval: - description: "RetryInterval is the interval at which to retry - a failed install.\nCan be used only when Name is set to - RetryOnFailure.\nDefaults to '5m'. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - required: - - name - type: object - x-kubernetes-validations: - - message: .retryInterval cannot be set when .name is 'RemediateOnFailure' - rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure''' - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation (like\nJobs for hooks) during the performance of a - Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'. - \ " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: "KubeConfig for reconciling the HelmRelease on a remote - cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces - the controller to act on behalf of that Service Account at the\ntarget - cluster.\nIf the --default-service-account flag is set, its value - will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis - empty. " - properties: - configMapRef: - description: "ConfigMapRef holds an optional name of a ConfigMap - that contains\nthe following keys:\n\n- `provider`: the provider - to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- - `cluster`: the fully qualified resource name of the Kubernetes\n - \ cluster in the cloud provider API. Not used by the `generic`\n - \ provider. Required when one of `address` or `ca.crt` is not - set.\n- `address`: the address of the Kubernetes API server. - Required\n for `generic`. For the other providers, if not - specified, the\n first address in the cluster resource will - be used, and if\n specified, it must match one of the addresses - in the cluster\n resource.\n If audiences is not set, will - be used as the audience for the\n `generic` provider.\n- `ca.crt`: - the optional PEM-encoded CA certificate for the\n Kubernetes - API server. If not set, the controller will use the\n CA certificate - from the cluster resource.\n- `audiences`: the optional audiences - as a list of\n line-break-separated strings for the Kubernetes - ServiceAccount\n token. Defaults to the `address` for the - `generic` provider, or\n to specific values for the other - providers depending on the\n provider.\n- `serviceAccountName`: - the optional name of the Kubernetes\n ServiceAccount in the - same namespace that should be used\n for authentication. If - not specified, the controller\n ServiceAccount will be used.\n\nMutually - exclusive with SecretRef. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - secretRef: - description: "SecretRef holds an optional name of a secret that - contains a key with\nthe kubeconfig file as the value. If no - key is set, the key will default\nto 'value'. Mutually exclusive - with ConfigMapRef.\nIt is recommended that the kubeconfig is - self-contained, and the secret\nis regularly updated if credentials - such as a cloud-access-token expire.\nCloud specific `cmd-path` - auth helpers will not function without adding\nbinaries and - credentials to the Pod that is responsible for reconciling\nKubernetes - resources. Supported only for the generic provider. " - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - x-kubernetes-validations: - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: has(self.configMapRef) || has(self.secretRef) - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: '!has(self.configMapRef) || !has(self.secretRef)' - maxHistory: - description: "MaxHistory is the number of revisions saved by Helm - for this HelmRelease.\nUse '0' for an unlimited number of revisions; - defaults to '5'. " - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes\nclient for this release. When enabled, the client will - be reused for the\nduration of the reconciliation, instead of being - created and destroyed\nfor each (step of a) Helm action.\n\nThis - can improve performance, but may cause issues with some Helm charts\nthat - for example do create Custom Resource Definitions during installation\noutside - Helm's CRD lifecycle hooks, which are then not observed to be\navailable - by e.g. post-install hooks.\n\nIf not set, it defaults to true. - \ " - type: boolean - postRenderers: - description: "PostRenderers holds an array of Helm PostRenderers, - which will be applied in order\nof their definition. " - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: "Images is a list of (image name, new name, - new tag or digest)\nfor changing image names, tags or - digests. This can also be achieved with a\npatch, but - this operator is simpler to specify. " - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: "Digest is the value used to replace - the original image tag.\nIf digest is present NewTag - value is ignored. " - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: "Strategic merge and JSON patches, defined - as inline YAML objects,\ncapable of targeting objects - based on kind, label and annotation selectors. " - items: - description: "Patch contains an inline StrategicMerge - or JSON6902 patch, and the target the patch should\nbe - applied to. " - properties: - patch: - description: "Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with\nan array - of operation objects. " - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: "AnnotationSelector is a string that - follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource annotations. " - type: string - group: - description: "Group is the API group to select - resources from.\nTogether with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - kind: - description: "Kind of the API Group to select - resources from.\nTogether with Group and Version - it is capable of unambiguously\nidentifying - and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - labelSelector: - description: "LabelSelector is a string that follows - the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource labels. " - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: "Version of the API Group to select - resources from.\nTogether with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - type: object - required: - - patch - type: object - type: array - type: object - type: object - type: array - releaseName: - description: "ReleaseName used for the Helm release. Defaults to a - composition of\n'[TargetNamespace-]Name'. " - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: "CleanupOnFail allows deletion of new resources created - during the Helm\nrollback action when it fails. " - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: "DisableWait disables the waiting for resources to - be ready after a Helm\nrollback has been performed. " - type: boolean - disableWaitForJobs: - description: "DisableWaitForJobs disables waiting for jobs to - complete after a Helm\nrollback has been performed. " - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: "Recreate performs pod restarts for any managed workloads.\n\nDeprecated: - This behavior was deprecated in Helm 3:\n - Deprecation: https://github.com/helm/helm/pull/6463\n - \ - Removal: https://github.com/helm/helm/pull/31023\nAfter - helm-controller was upgraded to the Helm 4 SDK,\nthis field - is no longer functional and will print a\nwarning if set to - true. It will also be removed in a\nfuture release. " - type: boolean - serverSideApply: - description: "ServerSideApply enables server-side apply for resources - during rollback.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen - \"auto\", server-side apply usage will be based on the release's - previous usage.\nDefaults to \"auto\". " - enum: - - enabled - - disabled - - auto - type: string - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation (like\nJobs for hooks) during the performance of a - Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'. - \ " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: "The name of the Kubernetes service account to impersonate\nwhen - reconciling this HelmRelease. " - maxLength: 253 - minLength: 1 - type: string - storageNamespace: - description: "StorageNamespace used for the Helm storage.\nDefaults - to the namespace of the HelmRelease. " - maxLength: 63 - minLength: 1 - type: string - suspend: - description: "Suspend tells the controller to suspend reconciliation - for this HelmRelease,\nit does not apply to already started reconciliations. - Defaults to false. " - type: boolean - targetNamespace: - description: "TargetNamespace to target when performing operations - for the HelmRelease.\nDefaults to the namespace of the HelmRelease. - \ " - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: "Enable enables Helm test actions for this HelmRelease - after an Helm install\nor upgrade action has been performed. - \ " - type: boolean - filters: - description: Filters is a list of tests to run or exclude from - running. - items: - description: Filter holds the configuration for individual Helm - test filters. - properties: - exclude: - description: Exclude specifies whether the named test should - be excluded. - type: boolean - name: - description: Name is the name of the test. - maxLength: 253 - minLength: 1 - type: string - required: - - name - type: object - type: array - ignoreFailures: - description: "IgnoreFailures tells the controller to skip remediation - when the Helm tests\nare run but fail. Can be overwritten for - tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. " - type: boolean - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation during\nthe performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation (like Jobs\nfor hooks) during the performance of a Helm - action. Defaults to '5m0s'. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - deletionPropagation: - default: background - description: "DeletionPropagation specifies the deletion propagation - policy when\na Helm uninstall is performed. " - enum: - - background - - foreground - - orphan - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: "DisableWait disables waiting for all the resources - to be deleted after\na Helm uninstall is performed. " - type: boolean - keepHistory: - description: "KeepHistory tells Helm to remove all associated - resources and mark the\nrelease as deleted, but retain the release - history. " - type: boolean - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation (like\nJobs for hooks) during the performance of a - Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'. - \ " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: "CleanupOnFail allows deletion of new resources created - during the Helm\nupgrade action when it fails. " - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according\nto the CRD upgrade policy provided here. Valid values - are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip` - and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip: - do neither install nor replace (update) any CRDs.\n\nCreate: - new CRDs are created, existing CRDs are neither updated nor - deleted.\n\nCreateReplace: new CRDs are created, existing CRDs - are updated (replaced)\nbut not deleted.\n\nBy default, CRDs - are not applied during Helm upgrade action. With this\noption - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions. - \ " - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: "DisableOpenAPIValidation prevents the Helm upgrade - action from validating\nrendered templates against the Kubernetes - OpenAPI Schema. " - type: boolean - disableSchemaValidation: - description: "DisableSchemaValidation prevents the Helm upgrade - action from validating\nthe values against the JSON Schema. - \ " - type: boolean - disableTakeOwnership: - description: "DisableTakeOwnership disables taking ownership of - existing resources\nduring the Helm upgrade action. Defaults - to false. " - type: boolean - disableWait: - description: "DisableWait disables the waiting for resources to - be ready after a Helm\nupgrade has been performed. " - type: boolean - disableWaitForJobs: - description: "DisableWaitForJobs disables waiting for jobs to - complete after a Helm\nupgrade has been performed. " - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: "PreserveValues will make Helm reuse the last release's - values and merge in\noverrides from 'Values'. Setting this flag - makes the HelmRelease\nnon-declarative. " - type: boolean - remediation: - description: "Remediation holds the remediation configuration - for when the Helm upgrade\naction for the HelmRelease fails. - The default is to not perform any action. " - properties: - ignoreTestFailures: - description: "IgnoreTestFailures tells the controller to skip - remediation when the Helm\ntests are run after an upgrade - action but fail.\nDefaults to 'Test.IgnoreFailures'. " - type: boolean - remediateLastFailure: - description: "RemediateLastFailure tells the controller to - remediate the last failure, when\nno retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. " - type: boolean - retries: - description: "Retries is the number of retries that should - be attempted on failures before\nbailing. Remediation, using - 'Strategy', is performed between each attempt.\nDefaults - to '0', a negative integer equals to unlimited retries. - \ " - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - serverSideApply: - description: "ServerSideApply enables server-side apply for resources - during upgrade.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen - \"auto\", server-side apply usage will be based on the release's - previous usage.\nDefaults to \"auto\". " - enum: - - enabled - - disabled - - auto - type: string - strategy: - description: "Strategy defines the upgrade strategy to use for - this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure' - when the\nDefaultToRetryOnFailure feature gate is enabled. " - properties: - name: - description: Name of the upgrade strategy. - enum: - - RemediateOnFailure - - RetryOnFailure - type: string - retryInterval: - description: "RetryInterval is the interval at which to retry - a failed upgrade.\nCan be used only when Name is set to - RetryOnFailure.\nDefaults to '5m'. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - required: - - name - type: object - x-kubernetes-validations: - - message: .retryInterval can only be set when .name is 'RetryOnFailure' - rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure''' - timeout: - description: "Timeout is the time to wait for any individual Kubernetes - operation (like\nJobs for hooks) during the performance of a - Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'. - \ " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: "ValuesFrom holds references to resources containing - Helm values for this HelmRelease,\nand information about how they - should be merged. " - items: - description: "ValuesReference contains a reference to a resource - containing Helm values,\nand optionally the key they can be found - at. " - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: "Name of the values referent. Should reside in - the same namespace as the\nreferring resource. " - maxLength: 253 - minLength: 1 - type: string - optional: - description: "Optional marks this ValuesReference as optional. - When set, a not found error\nfor the values reference is ignored, - but any ValuesKey, TargetPath or\ntransient error will still - result in a reconciliation failure. " - type: boolean - targetPath: - description: "TargetPath is the YAML dot notation path the value - should be merged at. When\nset, the ValuesKey is expected - to be a single flat value. Defaults to 'None',\nwhich results - in the values getting merged at the root. " - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: "ValuesKey is the data key where the values.yaml - or a specific value can be\nfound at. Defaults to 'values.yaml'. - \ " - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - waitStrategy: - description: "WaitStrategy defines Helm's wait strategy for waiting - for applied\nresources to become ready. " - properties: - name: - description: "Name is Helm's wait strategy for waiting for applied - resources to\nbecome ready. One of 'poller' or 'legacy'. The - 'poller' strategy uses\nkstatus to poll resource statuses, while - the 'legacy' strategy uses\nHelm v3's waiting logic.\nDefaults - to 'poller', or to 'legacy' when UseHelm3Defaults feature\ngate - is enabled. " - enum: - - poller - - legacy - type: string - required: - - name - type: object - required: - - interval - type: object - x-kubernetes-validations: - - message: either chart or chartRef must be set - rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) - && has(self.chartRef)) - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: "Failures is the reconciliation failure count against - the latest desired\nstate. It is reset after a successful reconciliation. - \ " - format: int64 - type: integer - helmChart: - description: "HelmChart is the namespaced name of the HelmChart resource - created by\nthe controller for the HelmRelease. " - type: string - history: - description: "History holds the history of Helm releases performed - for this HelmRelease\nup to the last successfully completed release. - \ " - items: - description: "Snapshot captures a point-in-time copy of the status - information for a Helm release,\nas managed by the controller. - \ " - properties: - action: - description: Action is the action that resulted in this snapshot - being created. - type: string - apiVersion: - description: "APIVersion is the API version of the Snapshot.\nWhen - the calculation method of the Digest field is changed, this\nfield - will be used to distinguish between the old and new methods. - \ " - type: string - appVersion: - description: AppVersion is the chart app version of the release - object in storage. - type: string - chartName: - description: ChartName is the chart name of the release object - in storage. - type: string - chartVersion: - description: "ChartVersion is the chart version of the release - object in\nstorage. " - type: string - configDigest: - description: "ConfigDigest is the checksum of the config (better - known as\n\"values\") of the release object in storage.\nIt - has the format of `:`. " - type: string - deleted: - description: Deleted is when the release was deleted. - format: date-time - type: string - digest: - description: "Digest is the checksum of the release object in - storage.\nIt has the format of `:`. " - type: string - firstDeployed: - description: FirstDeployed is when the release was first deployed. - format: date-time - type: string - lastDeployed: - description: LastDeployed is when the release was last deployed. - format: date-time - type: string - name: - description: Name is the name of the release. - type: string - namespace: - description: Namespace is the namespace the release is deployed - to. - type: string - ociDigest: - description: OCIDigest is the digest of the OCI artifact associated - with the release. - type: string - status: - description: Status is the current state of the release. - type: string - testHooks: - additionalProperties: - description: "TestHookStatus holds the status information - for a test hook as observed\nto be run by the controller. - \ " - properties: - lastCompleted: - description: LastCompleted is the time the test hook last - completed. - format: date-time - type: string - lastStarted: - description: LastStarted is the time the test hook was - last started. - format: date-time - type: string - phase: - description: Phase the test hook was observed to be in. - type: string - type: object - description: "TestHooks is the list of test hooks for the release - as observed to be\nrun by the controller. " - type: object - version: - description: Version is the version of the release object in - storage. - type: integer - required: - - chartName - - chartVersion - - configDigest - - digest - - firstDeployed - - lastDeployed - - name - - namespace - - status - - version - type: object - type: array - installFailures: - description: "InstallFailures is the install failure count against - the latest desired\nstate. It is reset after a successful reconciliation. - \ " - format: int64 - type: integer - inventory: - description: "Inventory contains the list of Kubernetes resource object - references\nthat have been applied for this release. " - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: "ID is the string representation of the Kubernetes - resource object's metadata,\nin the format '___'. - \ " - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAttemptedConfigDigest: - description: "LastAttemptedConfigDigest is the digest for the config - (better known as\n\"values\") of the last reconciliation attempt. - \ " - type: string - lastAttemptedGeneration: - description: "LastAttemptedGeneration is the last generation the controller - attempted\nto reconcile. " - format: int64 - type: integer - lastAttemptedReleaseAction: - description: "LastAttemptedReleaseAction is the last release action - performed for this\nHelmRelease. It is used to determine the active - retry or remediation\nstrategy. " - enum: - - install - - upgrade - type: string - lastAttemptedReleaseActionDuration: - description: "LastAttemptedReleaseActionDuration is the duration of - the last\nrelease action performed for this HelmRelease. " - type: string - lastAttemptedRevision: - description: "LastAttemptedRevision is the Source revision of the - last reconciliation\nattempt. For OCIRepository sources, the 12 - first characters of the digest are\nappended to the chart version - e.g. \"1.2.3+1234567890ab\". " - type: string - lastAttemptedRevisionDigest: - description: "LastAttemptedRevisionDigest is the digest of the last - reconciliation attempt.\nThis is only set for OCIRepository sources. - \ " - type: string - lastAttemptedValuesChecksum: - description: "LastAttemptedValuesChecksum is the SHA1 checksum for - the values of the last\nreconciliation attempt.\n\nDeprecated: Use - LastAttemptedConfigDigest instead. " - type: string - lastHandledForceAt: - description: "LastHandledForceAt holds the value of the most recent\nforce - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - lastHandledResetAt: - description: "LastHandledResetAt holds the value of the most recent - reset request\nvalue, so a change of the annotation value can be - detected. " - type: string - lastReleaseRevision: - description: "LastReleaseRevision is the revision of the last successful - Helm release.\n\nDeprecated: Use History instead. " - type: integer - observedCommonMetadataDigest: - description: "ObservedCommonMetadataDigest is the digest for the common - metadata of\nthe last successful reconciliation attempt. " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedPostRenderersDigest: - description: "ObservedPostRenderersDigest is the digest for the post-renderers - of\nthe last successful reconciliation attempt. " - type: string - storageNamespace: - description: "StorageNamespace is the namespace of the Helm release - storage for the\ncurrent release. " - maxLength: 63 - minLength: 1 - type: string - upgradeFailures: - description: "UpgradeFailures is the upgrade failure count against - the latest desired\nstate. It is reset after a successful reconciliation. - \ " - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: "HelmRepositorySpec specifies the required configuration - to produce an\nArtifact for a Helm repository index YAML. " - properties: - accessFrom: - description: "AccessFrom specifies an Access Control List for allowing - cross-namespace\nreferences to this object.\nNOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092 " - properties: - namespaceSelectors: - description: "NamespaceSelectors is the list of namespace selectors - to which this ACL applies.\nItems in this list are evaluated - using a logical OR operation. " - items: - description: "NamespaceSelector selects the namespaces to which - this ACL applies.\nAn empty map of MatchLabels matches all - namespaces in a cluster. " - properties: - matchLabels: - additionalProperties: - type: string - description: "MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels\nmap is equivalent - to an element of matchExpressions, whose key field is - \"key\", the\noperator is \"In\", and the values array - contains only \"value\". The requirements are ANDed. " - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither - or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and - private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand - whichever are supplied, will be used for connecting to the\nregistry. - The client cert and key are useful if you are\nauthenticating with - a certificate; the CA cert is useful if\nyou are using a self-signed - server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt - takes precedence over the values specified in the Secret referred\nto - by `.spec.secretRef`. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - insecure: - description: "Insecure allows connecting to a non-TLS HTTP container - registry.\nThis field is only taken into account if the .spec.type - field is set to 'oci'. " - type: boolean - interval: - description: "Interval at which the HelmRepository URL is checked - for updates.\nThis interval is approximate and may be subject to - jitter to ensure\nefficient use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: "PassCredentials allows the credentials from the SecretRef - to be passed\non to a host that does not match the host as defined - in URL.\nThis may be required if the host of the advertised chart - URLs in the\nindex differ from the defined URL.\nEnabling this should - be done with caution, as it can potentially result\nin credentials - getting stolen in a MITM-attack. " - type: boolean - provider: - default: generic - description: "Provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'.\nThis field is optional, and only taken into - account if the .spec.type field is set to 'oci'.\nWhen not specified, - defaults to 'generic'. " - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: "SecretRef specifies the Secret containing authentication - credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the - secret must contain 'username' and 'password'\nfields.\nSupport - for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys - is deprecated. Please use `.spec.certSecretRef` instead. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: "Suspend tells the controller to suspend the reconciliation - of this\nHelmRepository. " - type: boolean - timeout: - description: "Timeout is used for the index fetch operation for an - HTTPS helm repository,\nand for remote OCI Repository operations - like pulling for an OCI helm\nchart by the associated HelmChart.\nIts - default value is 60s. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: "Type of the HelmRepository.\nWhen this field is set - to \"oci\", the URL field value must be prefixed with \"oci://\". - \ " - enum: - - default - - oci - type: string - url: - description: "URL of the Helm repository, a valid URL contains at - least a protocol and\nhost. " - pattern: ^(http|https|oci)://.*$ - type: string - required: - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: "ObservedGeneration is the last observed generation of - the HelmRepository\nobject. " - format: int64 - type: integer - url: - description: "URL is the dynamic fetch link for the latest Artifact.\nIt - is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact - data is recommended. " - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: "KustomizationSpec defines the configuration to calculate - the desired state\nfrom a Source using Kustomize. " - properties: - commonMetadata: - description: "CommonMetadata specifies the common labels and annotations - that are\napplied to all resources. Any existing label or annotation - will be\noverridden if its key matches a common one. " - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to kustomize Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: "The secret name containing the private OpenPGP keys - used for decryption.\nA static credential for a cloud provider - defined inside the Secret\ntakes priority to secret-less authentication - with the ServiceAccountName\nfield. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: "ServiceAccountName is the name of the service account - used to\nauthenticate with KMS services from cloud providers. - If a\nstatic credential for a given cloud provider is defined\ninside - the Secret referenced by SecretRef, that static\ncredential - takes priority. " - type: string - required: - - provider - type: object - deletionPolicy: - description: "DeletionPolicy can be used to control garbage collection - when this\nKustomization is deleted. Valid values are ('MirrorPrune', - 'Delete',\n'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors - the Prune field\n(orphan if false, delete if true). Defaults to - 'MirrorPrune'. " - enum: - - MirrorPrune - - Delete - - WaitForTermination - - Orphan - type: string - dependsOn: - description: "DependsOn may contain a DependencyReference slice\nwith - references to Kustomization resources that must be ready before - this\nKustomization can be reconciled. " - items: - description: DependencyReference defines a Kustomization dependency - on another Kustomization resource. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: "Namespace of the referent, defaults to the namespace - of the Kustomization\nresource object that contains the reference. - \ " - type: string - readyExpr: - description: "ReadyExpr is a CEL expression that can be used - to assess the readiness\nof a dependency. When specified, - the built-in readiness check\nis replaced by the logic defined - in the CEL expression.\nTo make the CEL expression additive - to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck` - must be set to `true`. " - type: string - required: - - name - type: object - type: array - force: - default: false - description: "Force instructs the controller to recreate resources\nwhen - patching fails due to an immutable field change. " - type: boolean - healthCheckExprs: - description: "HealthCheckExprs is a list of healthcheck expressions - for evaluating the\nhealth of custom resources using Common Expression - Language (CEL).\nThe expressions are evaluated only when Wait or - HealthChecks are specified. " - items: - description: CustomHealthCheck defines the health check for custom - resources. - properties: - apiVersion: - description: APIVersion of the custom resource under evaluation. - type: string - current: - description: "Current is the CEL expression that determines - if the status\nof the custom resource has reached the desired - state. " - type: string - failed: - description: "Failed is the CEL expression that determines if - the status\nof the custom resource has failed to reach the - desired state. " - type: string - inProgress: - description: "InProgress is the CEL expression that determines - if the status\nof the custom resource has not yet reached - the desired state. " - type: string - kind: - description: Kind of the custom resource under evaluation. - type: string - required: - - apiVersion - - current - - kind - type: object - type: array - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: "NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object\nin - any namespace. " - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - ignoreMissingComponents: - description: "IgnoreMissingComponents instructs the controller to - ignore Components paths\nnot found in source by removing them from - the generated kustomization.yaml\nbefore running kustomize build. - \ " - type: boolean - images: - description: "Images is a list of (image name, new name, new tag or - digest)\nfor changing image names, tags or digests. This can also - be achieved with a\npatch, but this operator is simpler to specify. - \ " - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: "Digest is the value used to replace the original - image tag.\nIf digest is present NewTag value is ignored. - \ " - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: "The interval at which to reconcile the Kustomization.\nThis - interval is approximate and may be subject to jitter to ensure\nefficient - use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: "The KubeConfig for reconciling the Kustomization on - a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces - the controller to act on behalf of that Service Account at the\ntarget - cluster.\nIf the --default-service-account flag is set, its value - will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis - empty. " - properties: - configMapRef: - description: "ConfigMapRef holds an optional name of a ConfigMap - that contains\nthe following keys:\n\n- `provider`: the provider - to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- - `cluster`: the fully qualified resource name of the Kubernetes\n - \ cluster in the cloud provider API. Not used by the `generic`\n - \ provider. Required when one of `address` or `ca.crt` is not - set.\n- `address`: the address of the Kubernetes API server. - Required\n for `generic`. For the other providers, if not - specified, the\n first address in the cluster resource will - be used, and if\n specified, it must match one of the addresses - in the cluster\n resource.\n If audiences is not set, will - be used as the audience for the\n `generic` provider.\n- `ca.crt`: - the optional PEM-encoded CA certificate for the\n Kubernetes - API server. If not set, the controller will use the\n CA certificate - from the cluster resource.\n- `audiences`: the optional audiences - as a list of\n line-break-separated strings for the Kubernetes - ServiceAccount\n token. Defaults to the `address` for the - `generic` provider, or\n to specific values for the other - providers depending on the\n provider.\n- `serviceAccountName`: - the optional name of the Kubernetes\n ServiceAccount in the - same namespace that should be used\n for authentication. If - not specified, the controller\n ServiceAccount will be used.\n\nMutually - exclusive with SecretRef. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - secretRef: - description: "SecretRef holds an optional name of a secret that - contains a key with\nthe kubeconfig file as the value. If no - key is set, the key will default\nto 'value'. Mutually exclusive - with ConfigMapRef.\nIt is recommended that the kubeconfig is - self-contained, and the secret\nis regularly updated if credentials - such as a cloud-access-token expire.\nCloud specific `cmd-path` - auth helpers will not function without adding\nbinaries and - credentials to the Pod that is responsible for reconciling\nKubernetes - resources. Supported only for the generic provider. " - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - x-kubernetes-validations: - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: has(self.configMapRef) || has(self.secretRef) - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: '!has(self.configMapRef) || !has(self.secretRef)' - namePrefix: - description: NamePrefix will prefix the names of all managed resources. - maxLength: 200 - minLength: 1 - type: string - nameSuffix: - description: NameSuffix will suffix the names of all managed resources. - maxLength: 200 - minLength: 1 - type: string - patches: - description: "Strategic merge and JSON patches, defined as inline - YAML objects,\ncapable of targeting objects based on kind, label - and annotation selectors. " - items: - description: "Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should\nbe applied to. " - properties: - patch: - description: "Patch contains an inline StrategicMerge patch - or an inline JSON6902 patch with\nan array of operation objects. - \ " - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: "AnnotationSelector is a string that follows - the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource annotations. " - type: string - group: - description: "Group is the API group to select resources - from.\nTogether with Version and Kind it is capable of - unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - kind: - description: "Kind of the API Group to select resources - from.\nTogether with Group and Version it is capable of - unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - labelSelector: - description: "LabelSelector is a string that follows the - label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt - matches with the resource labels. " - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: "Version of the API Group to select resources - from.\nTogether with Group and Kind it is capable of unambiguously - identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - \ " - type: string - type: object - required: - - patch - type: object - type: array - path: - description: "Path to the directory containing the kustomization.yaml - file, or the\nset of plain YAMLs a kustomization.yaml should be - generated for.\nDefaults to 'None', which translates to the root - path of the SourceRef. " - type: string - postBuild: - description: "PostBuild describes which actions to perform on the - YAML manifest\ngenerated by building the kustomize overlay. " - properties: - substitute: - additionalProperties: - type: string - description: "Substitute holds a map of key/value pairs.\nThe - variables defined in your YAML manifests that match any of the - keys\ndefined in the map will be substituted with the set value.\nIncludes - support for bash string replacement functions\ne.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. " - type: object - substituteFrom: - description: "SubstituteFrom holds references to ConfigMaps and - Secrets containing\nthe variables and their values to be substituted - in the YAML manifests.\nThe ConfigMap and the Secret data keys - represent the var names, and they\nmust match the vars declared - in the manifests for the substitution to\nhappen. " - items: - description: "SubstituteReference contains a reference to a - resource containing\nthe variables name and value. " - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: "Name of the values referent. Should reside - in the same namespace as the\nreferring resource. " - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: "Optional indicates whether the referenced - resource must exist, or whether to\ntolerate its absence. - If true and the referenced resource is absent, proceed\nas - if the resource was present but empty, without any variables - defined. " - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: "The interval at which to retry a previously failed reconciliation.\nWhen - not specified, the controller uses the KustomizationSpec.Interval\nvalue - to retry failures. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: "The name of the Kubernetes service account to impersonate\nwhen - reconciling this Kustomization. " - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - - ExternalArtifact - type: string - name: - description: Name of the referent. - type: string - namespace: - description: "Namespace of the referent, defaults to the namespace - of the Kubernetes\nresource object that contains the reference. - \ " - type: string - required: - - kind - - name - type: object - suspend: - description: "This flag tells the controller to suspend subsequent - kustomize executions,\nit does not apply to already started executions. - Defaults to false. " - type: boolean - targetNamespace: - description: "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml - file. " - maxLength: 63 - minLength: 1 - type: string - timeout: - description: "Timeout for validation, apply and health checking operations.\nDefaults - to 'Interval' duration. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - wait: - description: "Wait instructs the controller to check the health of - all the reconciled\nresources. When enabled, the HealthChecks are - ignored. Defaults to false. " - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - history: - description: "History contains a set of snapshots of the last reconciliation - attempts\ntracking the revision, the state and the duration of each - attempt. " - items: - description: "Snapshot represents a point-in-time record of a group - of resources reconciliation,\nincluding timing information, status, - and a unique digest identifier. " - properties: - digest: - description: Digest is the checksum in the format `:` - of the resources in this snapshot. - type: string - firstReconciled: - description: FirstReconciled is the time when this revision - was first reconciled to the cluster. - format: date-time - type: string - lastReconciled: - description: LastReconciled is the time when this revision was - last reconciled to the cluster. - format: date-time - type: string - lastReconciledDuration: - description: LastReconciledDuration is time it took to reconcile - the resources in this revision. - type: string - lastReconciledStatus: - description: LastReconciledStatus is the status of the last - reconciliation. - type: string - metadata: - additionalProperties: - type: string - description: Metadata contains additional information about - the snapshot. - type: object - totalReconciliations: - description: TotalReconciliations is the total number of reconciliations - that have occurred for this snapshot. - format: int64 - type: integer - required: - - digest - - firstReconciled - - lastReconciled - - lastReconciledDuration - - lastReconciledStatus - - totalReconciliations - type: object - type: array - inventory: - description: "Inventory contains the list of Kubernetes resource object - references that\nhave been successfully applied. " - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: "ID is the string representation of the Kubernetes - resource object's metadata,\nin the format '___'. - \ " - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedOriginRevision: - description: "The last successfully applied origin revision.\nEquals - the origin revision of the applied Artifact from the referenced - Source.\nUsually present on the Metadata of the applied Artifact - and depends on the\nSource type, e.g. for OCI it's the value associated - with the key\n\"org.opencontainers.image.revision\". " - type: string - lastAppliedRevision: - description: "The last successfully applied revision.\nEquals the - Revision of the applied Artifact from the referenced Source. " - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: ocirepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: OCIRepository - listKind: OCIRepositoryList - plural: ocirepositories - shortNames: - - ocirepo - singular: ocirepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a Secret containing\neither - or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and - private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand - whichever are supplied, will be used for connecting to the\nregistry. - The client cert and key are useful if you are\nauthenticating with - a certificate; the CA cert is useful if\nyou are using a self-signed - server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`. - \ " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: "Ignore overrides the set of excluded patterns in the - .sourceignore format\n(which is the same as .gitignore). If not - provided, a default will be used,\nconsult the documentation for - your version to find out what those are. " - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: "Interval at which the OCIRepository URL is checked for - updates.\nThis interval is approximate and may be subject to jitter - to ensure\nefficient use of resources. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: "LayerSelector specifies which layer should be extracted - from the OCI artifact.\nWhen not specified, the first layer found - in the artifact is selected. " - properties: - mediaType: - description: "MediaType specifies the OCI media type of the layer\nwhich - should be extracted from the OCI Artifact. The\nfirst layer - matching this type is selected. " - type: string - operation: - description: "Operation specifies how the selected layer should - be processed.\nBy default, the layer compressed content is extracted - to storage.\nWhen the operation is set to 'copy', the layer - compressed content\nis persisted to storage as it is. " - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: "The provider used for authentication, can be 'aws', - 'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'. - \ " - enum: - - generic - - aws - - azure - - gcp - type: string - proxySecretRef: - description: "ProxySecretRef specifies the Secret containing the proxy - configuration\nto use while communicating with the container registry. - \ " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ref: - description: "The OCI reference to pull and monitor for changes,\ndefaults - to the latest tag. " - properties: - digest: - description: "Digest is the image digest to pull, takes precedence - over SemVer.\nThe value should be in the format 'sha256:'. - \ " - type: string - semver: - description: "SemVer is the range of tags to pull selecting the - latest within\nthe range, takes precedence over Tag. " - type: string - semverFilter: - description: SemverFilter is a regex pattern to filter the tags - within the SemVer range. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: "SecretRef contains the secret name containing the registry - login\ncredentials to resolve image metadata.\nThe secret must be - of type kubernetes.io/dockerconfigjson. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: "ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate\nthe image pull if the service account has - attached pull secrets. For more information:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account - \ " - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: "URL is a reference to an OCI artifact repository hosted\non - a remote container registry. " - pattern: ^oci://.*$ - type: string - verify: - description: "Verify contains the secret name containing the trusted - public keys\nused to verify the signature and specifies which provider - to use to check\nwhether OCI image is authentic. " - properties: - matchOIDCIdentity: - description: "MatchOIDCIdentity specifies the identity matching - criteria to use\nwhile verifying an OCI artifact which was signed - using Cosign keyless\nsigning. The artifact's identity is deemed - to be verified if any of the\nspecified matchers match against - the identity. " - items: - description: "OIDCIdentityMatch specifies options for verifying - the certificate identity,\ni.e. the issuer and the subject - of the certificate. " - properties: - issuer: - description: "Issuer specifies the regex pattern to match - against to verify\nthe OIDC issuer in the Fulcio certificate. - The pattern must be a\nvalid Go regular expression. " - type: string - subject: - description: "Subject specifies the regex pattern to match - against to verify\nthe identity subject in the Fulcio - certificate. The pattern must\nbe a valid Go regular expression. - \ " - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: "SecretRef specifies the Kubernetes Secret containing - the\ntrusted public keys. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: "LastUpdateTime is the timestamp corresponding to - the last update of the\nArtifact. " - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: "Path is the relative file path of the Artifact. - It can be used to locate\nthe file in the root of the Artifact - storage on the local file system of\nthe controller managing - the Source. " - type: string - revision: - description: "Revision is a human-readable identifier traceable - in the origin source\nsystem. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. " - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: "URL is the HTTP address of the Artifact as exposed - by the controller\nmanaging the Source. It can be used to retrieve - the Artifact for\nconsumption, e.g. by another controller applying - the Artifact contents. " - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: "ObservedIgnore is the observed exclusion patterns used - for constructing\nthe source artifact. " - type: string - observedLayerSelector: - description: "ObservedLayerSelector is the observed layer selector - used for constructing\nthe source artifact. " - properties: - mediaType: - description: "MediaType specifies the OCI media type of the layer\nwhich - should be extracted from the OCI Artifact. The\nfirst layer - matching this type is selected. " - type: string - operation: - description: "Operation specifies how the selected layer should - be processed.\nBy default, the layer compressed content is extracted - to storage.\nWhen the operation is set to 'copy', the layer - compressed content\nis persisted to storage as it is. " - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: "Address specifies the endpoint, in a generic sense, - to where alerts are sent.\nWhat kind of endpoint depends on the - specific Provider type being used.\nFor the generic Provider, for - example, this is an HTTP/S address.\nFor other Provider types this - could be a project ID or a namespace. " - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing\na PEM-encoded - CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` - key has\nbeen deprecated. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: "SecretRef specifies the Secret containing the authentication\ncredentials - for this Provider. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this Provider. " - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - pagerduty - - datadog - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta3 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: "Address specifies the endpoint, in a generic sense, - to where alerts are sent.\nWhat kind of endpoint depends on the - specific Provider type being used.\nFor the generic Provider, for - example, this is an HTTP/S address.\nFor other Provider types this - could be a project ID or a namespace. " - maxLength: 2048 - type: string - certSecretRef: - description: "CertSecretRef specifies the Secret containing TLS certificates\nfor - secure communication.\n\nSupported configurations:\n- CA-only: Server - authentication (provide ca.crt only)\n- mTLS: Mutual authentication - (provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication - with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\", - \"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\", - \"tls.crt\", \"tls.key\" instead. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - commitStatusExpr: - description: "CommitStatusExpr is a CEL expression that evaluates - to a string value\nthat can be used to generate a custom commit - status message for use\nwith eligible Provider types (github, gitlab, - gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables - are: event, provider,\nand alert. " - type: string - interval: - description: "Interval at which to reconcile the Provider with its - Secret references.\nDeprecated and not used in v1beta3. " - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: "Proxy the HTTP/S address of the proxy server.\nDeprecated: - Use ProxySecretRef instead. Will be removed in v1. " - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - proxySecretRef: - description: "ProxySecretRef specifies the Secret containing the proxy - configuration\nfor this Provider. The Secret should contain an 'address' - key with the\nHTTP/S address of the proxy server. Optional 'username' - and 'password'\nkeys can be provided for proxy authentication. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - secretRef: - description: "SecretRef specifies the Secret containing the authentication\ncredentials - for this Provider. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: "ServiceAccountName is the name of the Kubernetes ServiceAccount - used to\nauthenticate with cloud provider services through workload - identity.\nThis enables multi-tenant authentication without storing - static credentials.\n\nSupported provider types: azureeventhub, - azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1. - Create an OIDC token for the specified ServiceAccount\n2. Exchange - it for cloud provider credentials via STS\n3. Use the obtained credentials - for API authentication\n\nWhen unspecified, controller-level authentication - is used (single-tenant).\n\nAn error is thrown if static credentials - are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity - feature gate to be enabled. " - type: string - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this Provider. " - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - giteapullrequestcomment - - bitbucketserver - - bitbucket - - azuredevops - - googlechat - - googlepubsub - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - - githubpullrequestcomment - - gitlabmergerequestcomment - - pagerduty - - datadog - - nats - - zulip - - otel - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', - 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types - rule: self.type == 'github' || self.type == 'gitlab' || self.type == - 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' - || self.type == 'azuredevops' || !has(self.commitStatusExpr) - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: "Events specifies the list of event types to handle,\ne.g. - 'push' for GitHub or 'Push Hook' for GitLab. " - items: - type: string - type: array - interval: - default: 10m - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resourceFilter: - description: "ResourceFilter is a CEL expression expected to return - a boolean that is\nevaluated for each resource referenced in the - Resources field when a\nwebhook is received. If the expression returns - false then the controller\nwill not request a reconciliation for - the resource.\nWhen the expression is specified the controller will - parse it and mark\nthe object as terminally failed if the expression - is invalid or does not\nreturn a boolean. " - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: "CrossNamespaceObjectReference contains enough information - to let you locate the\ntyped referenced object at cluster level - \ " - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: "MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels\nmap is equivalent to an element - of matchExpressions, whose key field is \"key\", the\noperator - is \"In\", and the values array contains only \"value\". The - requirements are ANDed.\nMatchLabels requires the name to - be set to `*`. " - type: object - name: - description: "Name of the referent\nIf multiple resources are - targeted `*` may be set. " - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: "SecretRef specifies the Secret containing the token - used\nto validate the payload authenticity. The Secret must contain - a 'token'\nkey. For GCR receivers, the Secret must also contain - an 'email' key\nwith the IAM service account email configured on - the Pub/Sub push\nsubscription, and may optionally contain an 'audience' - key with the\nexpected OIDC token audience. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this receiver. " - type: boolean - type: - description: "Type of webhook sender, used to determine\nthe validation - procedure and payload deserialization. " - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - - cdevents - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - webhookPath: - description: "WebhookPath is the generated incoming webhook address - in the format\nof '/hook/sha256sum(token+name+namespace)'. " - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation - of an object.\nServers should convert recognized schemas to the latest - internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - \ " - type: string - kind: - description: "Kind is a string value representing the REST resource this - object represents.\nServers may infer this from the endpoint the client - submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - \ " - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: "Events specifies the list of event types to handle,\ne.g. - 'push' for GitHub or 'Push Hook' for GitLab. " - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: "CrossNamespaceObjectReference contains enough information - to let you locate the\ntyped referenced object at cluster level - \ " - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - - ArtifactGenerator - - ExternalArtifact - type: string - matchLabels: - additionalProperties: - type: string - description: "MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels\nmap is equivalent to an element - of matchExpressions, whose key field is \"key\", the\noperator - is \"In\", and the values array contains only \"value\". The - requirements are ANDed.\nMatchLabels requires the name to - be set to `*`. " - type: object - name: - description: "Name of the referent\nIf multiple resources are - targeted `*` may be set. " - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: "SecretRef specifies the Secret containing the token - used\nto validate the payload authenticity. " - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: "Suspend tells the controller to suspend subsequent\nevents - handling for this receiver. " - type: boolean - type: - description: "Type of webhook sender, used to determine\nthe validation - procedure and payload deserialization. " - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: "lastTransitionTime is the last time the condition - transitioned from one status to another.\nThis should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. " - format: date-time - type: string - message: - description: "message is a human readable message indicating - details about the transition.\nThis may be an empty string. - \ " - maxLength: 32768 - type: string - observedGeneration: - description: "observedGeneration represents the .metadata.generation - that the condition was set based upon.\nFor instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date\nwith respect to the current - state of the instance. " - format: int64 - minimum: 0 - type: integer - reason: - description: "reason contains a programmatic identifier indicating - the reason for the condition's last transition.\nProducers - of specific condition types may define expected values and - meanings for this field,\nand whether the values are considered - a guaranteed API.\nThe value should be a CamelCase string.\nThis - field may not be empty. " - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: "LastHandledReconcileAt holds the value of the most recent\nreconcile - request value, so a change of the annotation value\ncan be detected. - \ " - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: "URL is the generated incoming webhook address in the - format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated: - Replaced by WebhookPath. " - type: string - webhookPath: - description: "WebhookPath is the generated incoming webhook address - in the format\nof '/hook/sha256sum(token+name+namespace)'. " - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: helm-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: source-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - source.extensions.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -- nonResourceURLs: - - /livez/ping - verbs: - - head ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: flux-edit-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: flux-view-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system -- kind: ServiceAccount - name: source-watcher - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: test-http - namespace: test -spec: - ports: - - name: http - port: 80 - targetPort: 5678 - selector: - app: test-http ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - spec: - containers: - - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - containerName: manager - resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.5.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - spec: - containers: - - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - containerName: manager - resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.8.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - containerName: manager - resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.8.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - spec: - containers: - - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TUF_ROOT - value: /tmp/.sigstore - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - containerName: manager - resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.8.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: test-http - name: test-http - namespace: test -spec: - replicas: 1 - selector: - matchLabels: - app: test-http - template: - metadata: - labels: - app: test-http - spec: - containers: - - args: - - -text=ok from flux - image: hashicorp/http-echo:1.0.0 - name: http-echo - ports: - - containerPort: 5678 - name: http ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: mapper - namespace: mapper -spec: - chart: - spec: - chart: universal-chart - interval: 10m - sourceRef: - kind: HelmRepository - name: yc-oci-charts - namespace: flux-system - version: 0.1.7 - install: - remediation: - retries: 3 - interval: 10m - upgrade: - remediation: - retries: 3 - values: - global: - env: _default - services: - backend: - commitSha: "" - deployment: - enabled: true - name: - _default: backend - preprod: backend - production: backend - stage: mapper-backend - port: - _default: 8000 - probes: - liveness: - enabled: false - readiness: - enabled: false - replicaCount: - _default: 1 - preprod: 3 - production: 3 - stage: 1 - resources: - limits: - cpu: - _default: "2.0" - memory: - _default: 512Mi - requests: - cpu: - _default: "1.0" - memory: - _default: 128Mi - enabled: true - envs: - - name: DOCUMENTATION_HOST - value: - _default: https://stage-api.sarex.io/documentations/api/v1 - - name: FLOW_HOST - value: - _default: https://stage-api.sarex.io/flows/api/v1 - - name: DJANGO_HOST - value: - _default: https://stage.sarex.io/api - - name: NOTE_HOST - value: - _default: https://stage-api.sarex.io/notes/api/v1 - - name: REDIS_USE - value: - _default: "0" - preprod: "0" - production: "0" - stage: "0" - - name: TIMEOUT - value: - _default: "120" - preprod: "120" - production: "120" - stage: "120" - gitlabJobUrl: "" - gitlabUri: "" - image: - name: - _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:latest - pullPolicy: - _default: IfNotPresent - imagePullSecrets: - enabled: - _default: true - name: - _default: dockerhub - labels: - monitoring: prometheus - owner: "" - service: - enabled: true - name: - _default: backend-service - preprod: backend-service - production: backend-service - stage: mapper-backend-service - port: - _default: 8000 - portName: - _default: http - targetPort: - _default: 8000 - type: - _default: ClusterIP ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: vault - namespace: vault -spec: - chart: - spec: - chart: vault-contour - interval: 10m - sourceRef: - kind: HelmRepository - name: yc-oci-charts - namespace: flux-system - version: 0.1.0 - install: - remediation: - retries: 3 - interval: 5m - timeout: 10m - upgrade: - remediation: - retries: 3 - values: - imagePullSecrets: - - name: regcred - server: - dataStorage: - storageClass: local-path ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./clusters/brusnika-stage - prune: true - sourceRef: - kind: GitRepository - name: flux-system ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt - name: vault - namespace: vault -spec: - ingressClassName: nginx - rules: - - host: vault.stage.brusnika.sarex.lonsdaleites.ru - http: - paths: - - backend: - service: - name: vault-vault-contour - port: - number: 8200 - path: / - pathType: Prefix - tls: - - hosts: - - vault.stage.brusnika.sarex.lonsdaleites.ru - secretName: vault-stage-tls ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.8.5 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: master - secretRef: - name: flux-system - url: https://gitea.stage.brusnika.sarex.lonsdaleites.ru/sarex/iac.git ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: yc-oci-charts - namespace: flux-system -spec: - interval: 10m0s - secretRef: - name: yc-cr-auth - type: oci - url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts diff --git a/apps/mapper/brusnika-stage/helmrelease.yaml b/apps/mapper/brusnika-stage/helmrelease.yaml index b449254..1388609 100644 --- a/apps/mapper/brusnika-stage/helmrelease.yaml +++ b/apps/mapper/brusnika-stage/helmrelease.yaml @@ -59,11 +59,11 @@ spec: readiness: enabled: false - image: - name: - _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:prod_b0d05a34 - pullPolicy: - _default: IfNotPresent + image: + name: + _default: cr.yandex/crp3ccidau046kdj8g9q/mapper:prod_b0d05a34 + pullPolicy: + _default: IfNotPresent service: enabled: true