sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
835d59ee88
iac/1.yaml
ivan 5e0f8f103e ++
2026-06-02 14:45:52 +05:00

6418 lines
286 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest
name: flux-system
---
apiVersion: v1
kind: Namespace
metadata:
name: mapper
---
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: v1
kind: Namespace
metadata:
labels:
istio-injection: enabled
name: vault
---
apiVersion: v1
kind: ResourceQuota
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: critical-pods-flux-system
namespace: flux-system
spec:
hard:
pods: "1000"
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-node-critical
- system-cluster-critical
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: alerts.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
names:
kind: Alert
listKind: AlertList
plural: alerts
singular: alert
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3
name: v1beta2
schema:
openAPIV3Schema:
description: Alert is the Schema for the alerts API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: AlertSpec defines an alerting rule for events involving a
list of objects.
properties:
eventMetadata:
additionalProperties:
type: string
description: "EventMetadata is an optional field for adding metadata
to events dispatched by the\ncontroller. This can be used for enhancing
the context of the event. If a field\nwould override one already
present on the original event as generated by the emitter,\nthen
the override doesn't happen, i.e. the original value is preserved,
and an info\nlog is printed. "
type: object
eventSeverity:
default: info
description: "EventSeverity specifies how to filter events based on
severity.\nIf set to 'info' no events will be filtered. "
enum:
- info
- error
type: string
eventSources:
description: "EventSources specifies how to filter events based\non
the involved object kind, name and namespace. "
items:
description: "CrossNamespaceObjectReference contains enough information
to let you locate the\ntyped referenced object at cluster level
\ "
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
- ArtifactGenerator
- ExternalArtifact
type: string
matchLabels:
additionalProperties:
type: string
description: "MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels\nmap is equivalent to an element
of matchExpressions, whose key field is \"key\", the\noperator
is \"In\", and the values array contains only \"value\". The
requirements are ANDed.\nMatchLabels requires the name to
be set to `*`. "
type: object
name:
description: "Name of the referent\nIf multiple resources are
targeted `*` may be set. "
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 253
minLength: 1
type: string
required:
- kind
- name
type: object
type: array
exclusionList:
description: "ExclusionList specifies a list of Golang regular expressions\nto
be used for excluding messages. "
items:
type: string
type: array
inclusionList:
description: "InclusionList specifies a list of Golang regular expressions\nto
be used for including messages. "
items:
type: string
type: array
providerRef:
description: ProviderRef specifies which Provider this Alert should
use.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
summary:
description: Summary holds a short description of the impact and affected
cluster.
maxLength: 255
type: string
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this Alert. "
type: boolean
required:
- eventSources
- providerRef
type: object
status:
default:
observedGeneration: -1
description: AlertStatus defines the observed state of the Alert.
properties:
conditions:
description: Conditions holds the conditions for the Alert.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta3
schema:
openAPIV3Schema:
description: Alert is the Schema for the alerts API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: AlertSpec defines an alerting rule for events involving a
list of objects.
properties:
eventMetadata:
additionalProperties:
type: string
description: "EventMetadata is an optional field for adding metadata
to events dispatched by the\ncontroller. This can be used for enhancing
the context of the event. If a field\nwould override one already
present on the original event as generated by the emitter,\nthen
the override doesn't happen, i.e. the original value is preserved,
and an info\nlog is printed. "
type: object
eventSeverity:
default: info
description: "EventSeverity specifies how to filter events based on
severity.\nIf set to 'info' no events will be filtered. "
enum:
- info
- error
type: string
eventSources:
description: "EventSources specifies how to filter events based\non
the involved object kind, name and namespace. "
items:
description: "CrossNamespaceObjectReference contains enough information
to let you locate the\ntyped referenced object at cluster level
\ "
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
- ArtifactGenerator
- ExternalArtifact
type: string
matchLabels:
additionalProperties:
type: string
description: "MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels\nmap is equivalent to an element
of matchExpressions, whose key field is \"key\", the\noperator
is \"In\", and the values array contains only \"value\". The
requirements are ANDed.\nMatchLabels requires the name to
be set to `*`. "
type: object
name:
description: "Name of the referent\nIf multiple resources are
targeted `*` may be set. "
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 253
minLength: 1
type: string
required:
- kind
- name
type: object
type: array
exclusionList:
description: "ExclusionList specifies a list of Golang regular expressions\nto
be used for excluding messages. "
items:
type: string
type: array
inclusionList:
description: "InclusionList specifies a list of Golang regular expressions\nto
be used for including messages. "
items:
type: string
type: array
providerRef:
description: ProviderRef specifies which Provider this Alert should
use.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
summary:
description: "Summary holds a short description of the impact and
affected cluster.\nDeprecated: Use EventMetadata instead. "
maxLength: 255
type: string
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this Alert. "
type: boolean
required:
- eventSources
- providerRef
type: object
type: object
served: true
storage: true
subresources: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: Bucket
listKind: BucketList
plural: buckets
singular: bucket
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.endpoint
name: Endpoint
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: Bucket is the Schema for the buckets API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: "BucketSpec specifies the required configuration to produce
an Artifact for\nan object storage bucket. "
properties:
bucketName:
description: BucketName is the name of the object storage bucket.
type: string
certSecretRef:
description: "CertSecretRef can be given the name of a Secret containing\neither
or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and
private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand
whichever are supplied, will be used for connecting to the\nbucket.
The client cert and key are useful if you are\nauthenticating with
a certificate; the CA cert is useful if\nyou are using a self-signed
server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis
field is only supported for the `generic` provider. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
endpoint:
description: Endpoint is the object storage address the BucketName
is located at.
type: string
ignore:
description: "Ignore overrides the set of excluded patterns in the
.sourceignore format\n(which is the same as .gitignore). If not
provided, a default will be used,\nconsult the documentation for
your version to find out what those are. "
type: string
insecure:
description: Insecure allows connecting to a non-TLS HTTP Endpoint.
type: boolean
interval:
description: "Interval at which the Bucket Endpoint is checked for
updates.\nThis interval is approximate and may be subject to jitter
to ensure\nefficient use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
prefix:
description: Prefix to use for server-side filtering of files in the
Bucket.
type: string
provider:
default: generic
description: "Provider of the object storage bucket.\nDefaults to
'generic', which expects an S3 (API) compatible object\nstorage.
\ "
enum:
- generic
- aws
- gcp
- azure
type: string
proxySecretRef:
description: "ProxySecretRef specifies the Secret containing the proxy
configuration\nto use while communicating with the Bucket server.
\ "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
region:
description: Region of the Endpoint where the BucketName is located
in.
type: string
secretRef:
description: "SecretRef specifies the Secret containing authentication
credentials\nfor the Bucket. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: "ServiceAccountName is the name of the Kubernetes ServiceAccount
used to authenticate\nthe bucket. This field is only supported for
the 'gcp' and 'aws' providers.\nFor more information about workload
identity:\nhttps://fluxcd.io/flux/components/source/buckets/#workload-identity
\ "
type: string
sts:
description: "STS specifies the required configuration to use a Security
Token\nService for fetching temporary credentials to authenticate
in a\nBucket provider.\n\nThis field is only supported for the `aws`
and `generic` providers. "
properties:
certSecretRef:
description: "CertSecretRef can be given the name of a Secret
containing\neither or both of\n\n- a PEM-encoded client certificate
(`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA
certificate (`ca.crt`)\n\nand whichever are supplied, will be
used for connecting to the\nSTS endpoint. The client cert and
key are useful if you are\nauthenticating with a certificate;
the CA cert is useful if\nyou are using a self-signed server
certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis
field is only supported for the `ldap` provider. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
endpoint:
description: "Endpoint is the HTTP/S endpoint of the Security
Token Service from\nwhere temporary credentials will be fetched.
\ "
pattern: ^(http|https)://.*$
type: string
provider:
description: Provider of the Security Token Service.
enum:
- aws
- ldap
type: string
secretRef:
description: "SecretRef specifies the Secret containing authentication
credentials\nfor the STS endpoint. This Secret must contain
the fields `username`\nand `password` and is supported only
for the `ldap` provider. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- endpoint
- provider
type: object
suspend:
description: "Suspend tells the controller to suspend the reconciliation
of this\nBucket. "
type: boolean
timeout:
default: 60s
description: Timeout for fetch operations, defaults to 60s.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
required:
- bucketName
- endpoint
- interval
type: object
x-kubernetes-validations:
- message: STS configuration is only supported for the 'aws' and 'generic'
Bucket providers
rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
- message: '''aws'' is the only supported STS provider for the ''aws''
Bucket provider'
rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
== 'aws'
- message: '''ldap'' is the only supported STS provider for the ''generic''
Bucket provider'
rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
== 'ldap'
- message: spec.sts.secretRef is not required for the 'aws' STS provider
rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
- message: spec.sts.certSecretRef is not required for the 'aws' STS provider
rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
- message: ServiceAccountName is not supported for the 'generic' Bucket
provider
rule: self.provider != 'generic' || !has(self.serviceAccountName)
- message: cannot set both .spec.secretRef and .spec.serviceAccountName
rule: '!has(self.secretRef) || !has(self.serviceAccountName)'
status:
default:
observedGeneration: -1
description: BucketStatus records the observed state of a Bucket.
properties:
artifact:
description: Artifact represents the last successful Bucket reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the Bucket.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation of
the Bucket object.
format: int64
type: integer
observedIgnore:
description: "ObservedIgnore is the observed exclusion patterns used
for constructing\nthe source artifact. "
type: string
url:
description: "URL is the dynamic fetch link for the latest Artifact.\nIt
is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact
data is recommended. "
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: externalartifacts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: ExternalArtifact
listKind: ExternalArtifactList
plural: externalartifacts
singular: externalartifact
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .spec.sourceRef.name
name: Source
type: string
name: v1
schema:
openAPIV3Schema:
description: ExternalArtifact is the Schema for the external artifacts API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: ExternalArtifactSpec defines the desired state of ExternalArtifact
properties:
sourceRef:
description: "SourceRef points to the Kubernetes custom resource for\nwhich
the artifact is generated. "
properties:
apiVersion:
description: API version of the referent, if not specified the
Kubernetes preferred version will be used.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- kind
- name
type: object
type: object
status:
description: ExternalArtifactStatus defines the observed state of ExternalArtifact
properties:
artifact:
description: Artifact represents the output of an ExternalArtifact
reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the ExternalArtifact.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: GitRepository
listKind: GitRepositoryList
plural: gitrepositories
shortNames:
- gitrepo
singular: gitrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: GitRepository is the Schema for the gitrepositories API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: "GitRepositorySpec specifies the required configuration to
produce an\nArtifact for a Git repository. "
properties:
ignore:
description: "Ignore overrides the set of excluded patterns in the
.sourceignore format\n(which is the same as .gitignore). If not
provided, a default will be used,\nconsult the documentation for
your version to find out what those are. "
type: string
include:
description: "Include specifies a list of GitRepository resources
which Artifacts\nshould be included in the Artifact produced for
this GitRepository. "
items:
description: "GitRepositoryInclude specifies a local reference to
a GitRepository which\nArtifact (sub-)contents must be included,
and where they should be placed. "
properties:
fromPath:
description: "FromPath specifies the path to copy contents from,
defaults to the root\nof the Artifact. "
type: string
repository:
description: "GitRepositoryRef specifies the GitRepository which
Artifact contents\nmust be included. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
toPath:
description: "ToPath specifies the path to copy contents to,
defaults to the name of\nthe GitRepositoryRef. "
type: string
required:
- repository
type: object
type: array
interval:
description: "Interval at which the GitRepository URL is checked for
updates.\nThis interval is approximate and may be subject to jitter
to ensure\nefficient use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
provider:
description: "Provider used for authentication, can be 'azure', 'github',
'generic'.\nWhen not specified, defaults to 'generic'. "
enum:
- generic
- azure
- github
type: string
proxySecretRef:
description: "ProxySecretRef specifies the Secret containing the proxy
configuration\nto use while communicating with the Git server. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
recurseSubmodules:
description: "RecurseSubmodules enables the initialization of all
submodules within\nthe GitRepository as cloned from the URL, using
their default settings. "
type: boolean
ref:
description: "Reference specifies the Git reference to resolve and
monitor for\nchanges, defaults to the 'master' branch. "
properties:
branch:
description: Branch to check out, defaults to 'master' if no other
field is defined.
type: string
commit:
description: "Commit SHA to check out, takes precedence over all
reference fields.\n\nThis can be combined with Branch to shallow
clone the branch, in which\nthe commit is expected to exist.
\ "
type: string
name:
description: "Name of the reference to check out; takes precedence
over Branch, Tag and SemVer.\n\nIt must be a valid Git reference:
https://git-scm.com/docs/git-check-ref-format#_description\nExamples:
\"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
\"refs/merge-requests/1/head\" "
type: string
semver:
description: SemVer tag expression to check out, takes precedence
over Tag.
type: string
tag:
description: Tag to check out, takes precedence over Branch.
type: string
type: object
secretRef:
description: "SecretRef specifies the Secret containing authentication
credentials for\nthe GitRepository.\nFor HTTPS repositories the
Secret must contain 'username' and 'password'\nfields for basic
auth or 'bearerToken' field for token auth.\nFor SSH repositories
the Secret must contain 'identity'\nand 'known_hosts' fields. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: "ServiceAccountName is the name of the Kubernetes ServiceAccount
used to\nauthenticate to the GitRepository. This field is only supported
for 'azure' provider. "
type: string
sparseCheckout:
description: "SparseCheckout specifies a list of directories to checkout
when cloning\nthe repository. If specified, only these directories
are included in the\nArtifact produced for this GitRepository. "
items:
type: string
type: array
suspend:
description: "Suspend tells the controller to suspend the reconciliation
of this\nGitRepository. "
type: boolean
timeout:
default: 60s
description: Timeout for Git operations like cloning, defaults to
60s.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
url:
description: URL specifies the Git repository URL, it can be an HTTP/S
or SSH address.
pattern: ^(http|https|ssh)://.*$
type: string
verify:
description: "Verification specifies the configuration to verify the
Git commit\nsignature(s). "
properties:
mode:
default: HEAD
description: "Mode specifies which Git object(s) should be verified.\n\nThe
variants \"head\" and \"HEAD\" both imply the same thing, i.e.
verify\nthe commit that the HEAD of the Git repository points
to. The variant\n\"head\" solely exists to ensure backwards
compatibility. "
enum:
- head
- HEAD
- Tag
- TagAndHEAD
type: string
secretRef:
description: "SecretRef specifies the Secret containing the public
keys of trusted Git\nauthors. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- secretRef
type: object
required:
- interval
- url
type: object
x-kubernetes-validations:
- message: serviceAccountName can only be set when provider is 'azure'
rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider
== ''azure'')'
status:
default:
observedGeneration: -1
description: GitRepositoryStatus records the observed state of a Git repository.
properties:
artifact:
description: Artifact represents the last successful GitRepository
reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the GitRepository.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
includedArtifacts:
description: "IncludedArtifacts contains a list of the last successfully
included\nArtifacts as instructed by GitRepositorySpec.Include.
\ "
items:
description: Artifact represents the output of a Source reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of
'<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding
to the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI
annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA,
Git tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to
retrieve the Artifact for\nconsumption, e.g. by another controller
applying the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: "ObservedGeneration is the last observed generation of
the GitRepository\nobject. "
format: int64
type: integer
observedIgnore:
description: "ObservedIgnore is the observed exclusion patterns used
for constructing\nthe source artifact. "
type: string
observedInclude:
description: "ObservedInclude is the observed list of GitRepository
resources used to\nproduce the current Artifact. "
items:
description: "GitRepositoryInclude specifies a local reference to
a GitRepository which\nArtifact (sub-)contents must be included,
and where they should be placed. "
properties:
fromPath:
description: "FromPath specifies the path to copy contents from,
defaults to the root\nof the Artifact. "
type: string
repository:
description: "GitRepositoryRef specifies the GitRepository which
Artifact contents\nmust be included. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
toPath:
description: "ToPath specifies the path to copy contents to,
defaults to the name of\nthe GitRepositoryRef. "
type: string
required:
- repository
type: object
type: array
observedRecurseSubmodules:
description: "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration
used to produce the current Artifact. "
type: boolean
observedSparseCheckout:
description: "ObservedSparseCheckout is the observed list of directories
used to\nproduce the current Artifact. "
items:
type: string
type: array
sourceVerificationMode:
description: "SourceVerificationMode is the last used verification
mode indicating\nwhich Git object(s) have been verified. "
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: HelmChart
listKind: HelmChartList
plural: helmcharts
shortNames:
- hc
singular: helmchart
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.chart
name: Chart
type: string
- jsonPath: .spec.version
name: Version
type: string
- jsonPath: .spec.sourceRef.kind
name: Source Kind
type: string
- jsonPath: .spec.sourceRef.name
name: Source Name
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: HelmChart is the Schema for the helmcharts API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: HelmChartSpec specifies the desired state of a Helm chart.
properties:
chart:
description: "Chart is the name or path the Helm chart is available
at in the\nSourceRef. "
type: string
ignoreMissingValuesFiles:
description: "IgnoreMissingValuesFiles controls whether to silently
ignore missing values\nfiles rather than failing. "
type: boolean
interval:
description: "Interval at which the HelmChart SourceRef is checked
for updates.\nThis interval is approximate and may be subject to
jitter to ensure\nefficient use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
reconcileStrategy:
default: ChartVersion
description: "ReconcileStrategy determines what enables the creation
of a new artifact.\nValid values are ('ChartVersion', 'Revision').\nSee
the documentation of the values for an explanation on their behavior.\nDefaults
to ChartVersion when omitted. "
enum:
- ChartVersion
- Revision
type: string
sourceRef:
description: SourceRef is the reference to the Source the chart is
available at.
properties:
apiVersion:
description: APIVersion of the referent.
type: string
kind:
description: "Kind of the referent, valid values are ('HelmRepository',
'GitRepository',\n'Bucket'). "
enum:
- HelmRepository
- GitRepository
- Bucket
type: string
name:
description: Name of the referent.
type: string
required:
- kind
- name
type: object
suspend:
description: "Suspend tells the controller to suspend the reconciliation
of this\nsource. "
type: boolean
valuesFiles:
description: "ValuesFiles is an alternative list of values files to
use as the chart\nvalues (values.yaml is not included by default),
expected to be a\nrelative path in the SourceRef.\nValues files
are merged in the order of this list with the last file\noverriding
the first. Ignored when omitted. "
items:
type: string
type: array
verify:
description: "Verify contains the secret name containing the trusted
public keys\nused to verify the signature and specifies which provider
to use to check\nwhether OCI image is authentic.\nThis field is
only supported when using HelmRepository source with spec.type 'oci'.\nChart
dependencies, which are not bundled in the umbrella chart artifact,
are not verified. "
properties:
matchOIDCIdentity:
description: "MatchOIDCIdentity specifies the identity matching
criteria to use\nwhile verifying an OCI artifact which was signed
using Cosign keyless\nsigning. The artifact's identity is deemed
to be verified if any of the\nspecified matchers match against
the identity. "
items:
description: "OIDCIdentityMatch specifies options for verifying
the certificate identity,\ni.e. the issuer and the subject
of the certificate. "
properties:
issuer:
description: "Issuer specifies the regex pattern to match
against to verify\nthe OIDC issuer in the Fulcio certificate.
The pattern must be a\nvalid Go regular expression. "
type: string
subject:
description: "Subject specifies the regex pattern to match
against to verify\nthe identity subject in the Fulcio
certificate. The pattern must\nbe a valid Go regular expression.
\ "
type: string
required:
- issuer
- subject
type: object
type: array
provider:
default: cosign
description: Provider specifies the technology used to sign the
OCI Artifact.
enum:
- cosign
- notation
type: string
secretRef:
description: "SecretRef specifies the Kubernetes Secret containing
the\ntrusted public keys. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- provider
type: object
version:
default: '*'
description: "Version is the chart version semver expression, ignored
for charts from\nGitRepository and Bucket sources. Defaults to latest
when omitted. "
type: string
required:
- chart
- interval
- sourceRef
type: object
x-kubernetes-validations:
- message: spec.verify is only supported when spec.sourceRef.kind is 'HelmRepository'
rule: '!has(self.verify) || self.sourceRef.kind == ''HelmRepository'''
status:
default:
observedGeneration: -1
description: HelmChartStatus records the observed state of the HelmChart.
properties:
artifact:
description: Artifact represents the output of the last successful
reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the HelmChart.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedChartName:
description: "ObservedChartName is the last observed chart name as
specified by the\nresolved chart reference. "
type: string
observedGeneration:
description: "ObservedGeneration is the last observed generation of
the HelmChart\nobject. "
format: int64
type: integer
observedSourceArtifactRevision:
description: "ObservedSourceArtifactRevision is the last observed
Artifact.Revision\nof the HelmChartSpec.SourceRef. "
type: string
observedValuesFiles:
description: "ObservedValuesFiles are the observed value files of
the last successful\nreconciliation.\nIt matches the chart in the
last successfully reconciled artifact. "
items:
type: string
type: array
url:
description: "URL is the dynamic fetch link for the latest Artifact.\nIt
is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact
data is recommended. "
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
names:
kind: HelmRelease
listKind: HelmReleaseList
plural: helmreleases
shortNames:
- hr
singular: helmrelease
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v2
schema:
openAPIV3Schema:
description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: HelmReleaseSpec defines the desired state of a Helm release.
properties:
chart:
description: "Chart defines the template of the v1.HelmChart that
should be created\nfor this HelmRelease. "
properties:
metadata:
description: ObjectMeta holds the template for metadata like labels
and annotations.
properties:
annotations:
additionalProperties:
type: string
description: "Annotations is an unstructured key value map
stored with a resource that may be\nset by external tools
to store and retrieve arbitrary metadata. They are not\nqueryable
and should be preserved when modifying objects.\nMore info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
\ "
type: object
labels:
additionalProperties:
type: string
description: "Map of string keys and values that can be used
to organize and categorize\n(scope and select) objects.\nMore
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
\ "
type: object
type: object
spec:
description: Spec holds the template for the v1.HelmChartSpec
for this HelmRelease.
properties:
chart:
description: The name or path the Helm chart is available
at in the SourceRef.
maxLength: 2048
minLength: 1
type: string
ignoreMissingValuesFiles:
description: IgnoreMissingValuesFiles controls whether to
silently ignore missing values files rather than failing.
type: boolean
interval:
description: "Interval at which to check the v1.Source for
updates. Defaults to\n'HelmReleaseSpec.Interval'. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
reconcileStrategy:
default: ChartVersion
description: "Determines what enables the creation of a new
artifact. Valid values are\n('ChartVersion', 'Revision').\nSee
the documentation of the values for an explanation on their
behavior.\nDefaults to ChartVersion when omitted. "
enum:
- ChartVersion
- Revision
type: string
sourceRef:
description: The name and namespace of the v1.Source the chart
is available at.
properties:
apiVersion:
description: APIVersion of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- HelmRepository
- GitRepository
- Bucket
type: string
name:
description: Name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent.
maxLength: 63
minLength: 1
type: string
required:
- kind
- name
type: object
valuesFiles:
description: "Alternative list of values files to use as the
chart values (values.yaml\nis not included by default),
expected to be a relative path in the SourceRef.\nValues
files are merged in the order of this list with the last
file overriding\nthe first. Ignored when omitted. "
items:
type: string
type: array
verify:
description: "Verify contains the secret name containing the
trusted public keys\nused to verify the signature and specifies
which provider to use to check\nwhether OCI image is authentic.\nThis
field is only supported for OCI sources.\nChart dependencies,
which are not bundled in the umbrella chart artifact,\nare
not verified. "
properties:
provider:
default: cosign
description: Provider specifies the technology used to
sign the OCI Helm chart.
enum:
- cosign
- notation
type: string
secretRef:
description: "SecretRef specifies the Kubernetes Secret
containing the\ntrusted public keys. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- provider
type: object
version:
default: '*'
description: "Version semver expression, ignored for charts
from v1.GitRepository and\nv1beta2.Bucket sources. Defaults
to latest when omitted. "
type: string
required:
- chart
- sourceRef
type: object
required:
- spec
type: object
chartRef:
description: "ChartRef holds a reference to a source controller resource
containing the\nHelm chart artifact. "
properties:
apiVersion:
description: APIVersion of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- OCIRepository
- HelmChart
- ExternalArtifact
type: string
name:
description: Name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace of the referent, defaults to the namespace
of the Kubernetes\nresource object that contains the reference.
\ "
maxLength: 63
minLength: 1
type: string
required:
- kind
- name
type: object
commonMetadata:
description: "CommonMetadata specifies the common labels and annotations
that are\napplied to all resources. Any existing label or annotation
will be\noverridden if its key matches a common one. "
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to the object's metadata.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to the object's metadata.
type: object
type: object
dependsOn:
description: "DependsOn may contain a DependencyReference slice with\nreferences
to HelmRelease resources that must be ready before this HelmRelease\ncan
be reconciled. "
items:
description: DependencyReference defines a HelmRelease dependency
on another HelmRelease resource.
properties:
name:
description: Name of the referent.
type: string
namespace:
description: "Namespace of the referent, defaults to the namespace
of the HelmRelease\nresource object that contains the reference.
\ "
type: string
readyExpr:
description: "ReadyExpr is a CEL expression that can be used
to assess the readiness\nof a dependency. When specified,
the built-in readiness check\nis replaced by the logic defined
in the CEL expression.\nTo make the CEL expression additive
to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck`
must be set to `true`. "
type: string
required:
- name
type: object
type: array
driftDetection:
description: "DriftDetection holds the configuration for detecting
and handling\ndifferences between the manifest in the Helm storage
and the resources\ncurrently existing in the cluster. "
properties:
ignore:
description: "Ignore contains a list of rules for specifying which
changes to ignore\nduring diffing. "
items:
description: "IgnoreRule defines a rule to selectively disregard
specific changes during\nthe drift detection process. "
properties:
paths:
description: "Paths is a list of JSON Pointer (RFC 6901)
paths to be excluded from\nconsideration in a Kubernetes
object. "
items:
type: string
type: array
target:
description: "Target is a selector for specifying Kubernetes
objects to which this\nrule applies.\nIf Target is not
set, the Paths will be ignored for all Kubernetes\nobjects
within the manifest of the Helm release. "
properties:
annotationSelector:
description: "AnnotationSelector is a string that follows
the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource annotations. "
type: string
group:
description: "Group is the API group to select resources
from.\nTogether with Version and Kind it is capable
of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
kind:
description: "Kind of the API Group to select resources
from.\nTogether with Group and Version it is capable
of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
labelSelector:
description: "LabelSelector is a string that follows
the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource labels. "
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: "Version of the API Group to select resources
from.\nTogether with Group and Kind it is capable
of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
type: object
required:
- paths
type: object
type: array
mode:
description: "Mode defines how differences should be handled between
the Helm manifest\nand the manifest currently applied to the
cluster.\nIf not explicitly set, it defaults to DiffModeDisabled.
\ "
enum:
- enabled
- warn
- disabled
type: string
type: object
healthCheckExprs:
description: "HealthCheckExprs is a list of healthcheck expressions
for evaluating the\nhealth of custom resources using Common Expression
Language (CEL).\nThe expressions are evaluated only when the specific
Helm action\ntaking place has wait enabled, i.e. DisableWait is
false, and the\n'poller' WaitStrategy is used. "
items:
description: CustomHealthCheck defines the health check for custom
resources.
properties:
apiVersion:
description: APIVersion of the custom resource under evaluation.
type: string
current:
description: "Current is the CEL expression that determines
if the status\nof the custom resource has reached the desired
state. "
type: string
failed:
description: "Failed is the CEL expression that determines if
the status\nof the custom resource has failed to reach the
desired state. "
type: string
inProgress:
description: "InProgress is the CEL expression that determines
if the status\nof the custom resource has not yet reached
the desired state. "
type: string
kind:
description: Kind of the custom resource under evaluation.
type: string
required:
- apiVersion
- current
- kind
type: object
type: array
install:
description: Install holds the configuration for Helm install actions
for this HelmRelease.
properties:
crds:
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
according\nto the CRD upgrade policy provided here. Valid values
are `Skip`,\n`Create` or `CreateReplace`. Default is `Create`
and if omitted\nCRDs are installed but not updated.\n\nSkip:
do neither install nor replace (update) any CRDs.\n\nCreate:
new CRDs are created, existing CRDs are neither updated nor
deleted.\n\nCreateReplace: new CRDs are created, existing CRDs
are updated (replaced)\nbut not deleted.\n\nBy default, CRDs
are applied (installed) during Helm install action.\nWith this
option users can opt in to CRD replace existing CRDs on Helm\ninstall
actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.
\ "
enum:
- Skip
- Create
- CreateReplace
type: string
createNamespace:
description: "CreateNamespace tells the Helm install action to
create the\nHelmReleaseSpec.TargetNamespace if it does not exist
yet.\nOn uninstall, the namespace will not be garbage collected.
\ "
type: boolean
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm install action.
type: boolean
disableOpenAPIValidation:
description: "DisableOpenAPIValidation prevents the Helm install
action from validating\nrendered templates against the Kubernetes
OpenAPI Schema. "
type: boolean
disableSchemaValidation:
description: "DisableSchemaValidation prevents the Helm install
action from validating\nthe values against the JSON Schema.
\ "
type: boolean
disableTakeOwnership:
description: "DisableTakeOwnership disables taking ownership of
existing resources\nduring the Helm install action. Defaults
to false. "
type: boolean
disableWait:
description: "DisableWait disables the waiting for resources to
be ready after a Helm\ninstall has been performed. "
type: boolean
disableWaitForJobs:
description: "DisableWaitForJobs disables waiting for jobs to
complete after a Helm\ninstall has been performed. "
type: boolean
remediation:
description: "Remediation holds the remediation configuration
for when the Helm install\naction for the HelmRelease fails.
The default is to not perform any action. "
properties:
ignoreTestFailures:
description: "IgnoreTestFailures tells the controller to skip
remediation when the Helm\ntests are run after an install
action but fail. Defaults to\n'Test.IgnoreFailures'. "
type: boolean
remediateLastFailure:
description: "RemediateLastFailure tells the controller to
remediate the last failure, when\nno retries remain. Defaults
to 'false'. "
type: boolean
retries:
description: "Retries is the number of retries that should
be attempted on failures before\nbailing. Remediation, using
an uninstall, is performed between each attempt.\nDefaults
to '0', a negative integer equals to unlimited retries.
\ "
type: integer
type: object
replace:
description: "Replace tells the Helm install action to re-use
the 'ReleaseName', but only\nif that name is a deleted release
which remains in the history. "
type: boolean
serverSideApply:
description: "ServerSideApply enables server-side apply for resources
during install.\nDefaults to true (or false when UseHelm3Defaults
feature gate is enabled). "
type: boolean
skipCRDs:
description: "SkipCRDs tells the Helm install action to not install
any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated
use CRD policy (`crds`) attribute with value `Skip` instead.
\ "
type: boolean
strategy:
description: "Strategy defines the install strategy to use for
this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure'
when the\nDefaultToRetryOnFailure feature gate is enabled. "
properties:
name:
description: Name of the install strategy.
enum:
- RemediateOnFailure
- RetryOnFailure
type: string
retryInterval:
description: "RetryInterval is the interval at which to retry
a failed install.\nCan be used only when Name is set to
RetryOnFailure.\nDefaults to '5m'. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
required:
- name
type: object
x-kubernetes-validations:
- message: .retryInterval cannot be set when .name is 'RemediateOnFailure'
rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure'''
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation (like\nJobs for hooks) during the performance of a
Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'.
\ "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
type: object
interval:
description: Interval at which to reconcile the Helm release.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: "KubeConfig for reconciling the HelmRelease on a remote
cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces
the controller to act on behalf of that Service Account at the\ntarget
cluster.\nIf the --default-service-account flag is set, its value
will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis
empty. "
properties:
configMapRef:
description: "ConfigMapRef holds an optional name of a ConfigMap
that contains\nthe following keys:\n\n- `provider`: the provider
to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n-
`cluster`: the fully qualified resource name of the Kubernetes\n
\ cluster in the cloud provider API. Not used by the `generic`\n
\ provider. Required when one of `address` or `ca.crt` is not
set.\n- `address`: the address of the Kubernetes API server.
Required\n for `generic`. For the other providers, if not
specified, the\n first address in the cluster resource will
be used, and if\n specified, it must match one of the addresses
in the cluster\n resource.\n If audiences is not set, will
be used as the audience for the\n `generic` provider.\n- `ca.crt`:
the optional PEM-encoded CA certificate for the\n Kubernetes
API server. If not set, the controller will use the\n CA certificate
from the cluster resource.\n- `audiences`: the optional audiences
as a list of\n line-break-separated strings for the Kubernetes
ServiceAccount\n token. Defaults to the `address` for the
`generic` provider, or\n to specific values for the other
providers depending on the\n provider.\n- `serviceAccountName`:
the optional name of the Kubernetes\n ServiceAccount in the
same namespace that should be used\n for authentication. If
not specified, the controller\n ServiceAccount will be used.\n\nMutually
exclusive with SecretRef. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: "SecretRef holds an optional name of a secret that
contains a key with\nthe kubeconfig file as the value. If no
key is set, the key will default\nto 'value'. Mutually exclusive
with ConfigMapRef.\nIt is recommended that the kubeconfig is
self-contained, and the secret\nis regularly updated if credentials
such as a cloud-access-token expire.\nCloud specific `cmd-path`
auth helpers will not function without adding\nbinaries and
credentials to the Pod that is responsible for reconciling\nKubernetes
resources. Supported only for the generic provider. "
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
default key is used.
type: string
name:
description: Name of the Secret.
type: string
required:
- name
type: object
type: object
x-kubernetes-validations:
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: has(self.configMapRef) || has(self.secretRef)
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: '!has(self.configMapRef) || !has(self.secretRef)'
maxHistory:
description: "MaxHistory is the number of revisions saved by Helm
for this HelmRelease.\nUse '0' for an unlimited number of revisions;
defaults to '5'. "
type: integer
persistentClient:
description: "PersistentClient tells the controller to use a persistent
Kubernetes\nclient for this release. When enabled, the client will
be reused for the\nduration of the reconciliation, instead of being
created and destroyed\nfor each (step of a) Helm action.\n\nThis
can improve performance, but may cause issues with some Helm charts\nthat
for example do create Custom Resource Definitions during installation\noutside
Helm's CRD lifecycle hooks, which are then not observed to be\navailable
by e.g. post-install hooks.\n\nIf not set, it defaults to true.
\ "
type: boolean
postRenderers:
description: "PostRenderers holds an array of Helm PostRenderers,
which will be applied in order\nof their definition. "
items:
description: PostRenderer contains a Helm PostRenderer specification.
properties:
kustomize:
description: Kustomization to apply as PostRenderer.
properties:
images:
description: "Images is a list of (image name, new name,
new tag or digest)\nfor changing image names, tags or
digests. This can also be achieved with a\npatch, but
this operator is simpler to specify. "
items:
description: Image contains an image name, a new name,
a new tag or digest, which will replace the original
name and tag.
properties:
digest:
description: "Digest is the value used to replace
the original image tag.\nIf digest is present NewTag
value is ignored. "
type: string
name:
description: Name is a tag-less image name.
type: string
newName:
description: NewName is the value used to replace
the original name.
type: string
newTag:
description: NewTag is the value used to replace the
original tag.
type: string
required:
- name
type: object
type: array
patches:
description: "Strategic merge and JSON patches, defined
as inline YAML objects,\ncapable of targeting objects
based on kind, label and annotation selectors. "
items:
description: "Patch contains an inline StrategicMerge
or JSON6902 patch, and the target the patch should\nbe
applied to. "
properties:
patch:
description: "Patch contains an inline StrategicMerge
patch or an inline JSON6902 patch with\nan array
of operation objects. "
type: string
target:
description: Target points to the resources that the
patch document should be applied to.
properties:
annotationSelector:
description: "AnnotationSelector is a string that
follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource annotations. "
type: string
group:
description: "Group is the API group to select
resources from.\nTogether with Version and Kind
it is capable of unambiguously identifying and/or
selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
kind:
description: "Kind of the API Group to select
resources from.\nTogether with Group and Version
it is capable of unambiguously\nidentifying
and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
labelSelector:
description: "LabelSelector is a string that follows
the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource labels. "
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: "Version of the API Group to select
resources from.\nTogether with Group and Kind
it is capable of unambiguously identifying and/or
selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
type: object
required:
- patch
type: object
type: array
type: object
type: object
type: array
releaseName:
description: "ReleaseName used for the Helm release. Defaults to a
composition of\n'[TargetNamespace-]Name'. "
maxLength: 53
minLength: 1
type: string
rollback:
description: Rollback holds the configuration for Helm rollback actions
for this HelmRelease.
properties:
cleanupOnFail:
description: "CleanupOnFail allows deletion of new resources created
during the Helm\nrollback action when it fails. "
type: boolean
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm rollback action.
type: boolean
disableWait:
description: "DisableWait disables the waiting for resources to
be ready after a Helm\nrollback has been performed. "
type: boolean
disableWaitForJobs:
description: "DisableWaitForJobs disables waiting for jobs to
complete after a Helm\nrollback has been performed. "
type: boolean
force:
description: Force forces resource updates through a replacement
strategy.
type: boolean
recreate:
description: "Recreate performs pod restarts for any managed workloads.\n\nDeprecated:
This behavior was deprecated in Helm 3:\n - Deprecation: https://github.com/helm/helm/pull/6463\n
\ - Removal: https://github.com/helm/helm/pull/31023\nAfter
helm-controller was upgraded to the Helm 4 SDK,\nthis field
is no longer functional and will print a\nwarning if set to
true. It will also be removed in a\nfuture release. "
type: boolean
serverSideApply:
description: "ServerSideApply enables server-side apply for resources
during rollback.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen
\"auto\", server-side apply usage will be based on the release's
previous usage.\nDefaults to \"auto\". "
enum:
- enabled
- disabled
- auto
type: string
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation (like\nJobs for hooks) during the performance of a
Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'.
\ "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
type: object
serviceAccountName:
description: "The name of the Kubernetes service account to impersonate\nwhen
reconciling this HelmRelease. "
maxLength: 253
minLength: 1
type: string
storageNamespace:
description: "StorageNamespace used for the Helm storage.\nDefaults
to the namespace of the HelmRelease. "
maxLength: 63
minLength: 1
type: string
suspend:
description: "Suspend tells the controller to suspend reconciliation
for this HelmRelease,\nit does not apply to already started reconciliations.
Defaults to false. "
type: boolean
targetNamespace:
description: "TargetNamespace to target when performing operations
for the HelmRelease.\nDefaults to the namespace of the HelmRelease.
\ "
maxLength: 63
minLength: 1
type: string
test:
description: Test holds the configuration for Helm test actions for
this HelmRelease.
properties:
enable:
description: "Enable enables Helm test actions for this HelmRelease
after an Helm install\nor upgrade action has been performed.
\ "
type: boolean
filters:
description: Filters is a list of tests to run or exclude from
running.
items:
description: Filter holds the configuration for individual Helm
test filters.
properties:
exclude:
description: Exclude specifies whether the named test should
be excluded.
type: boolean
name:
description: Name is the name of the test.
maxLength: 253
minLength: 1
type: string
required:
- name
type: object
type: array
ignoreFailures:
description: "IgnoreFailures tells the controller to skip remediation
when the Helm tests\nare run but fail. Can be overwritten for
tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures'
and 'Upgrade.IgnoreTestFailures'. "
type: boolean
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation during\nthe performance of a Helm test action. Defaults
to 'HelmReleaseSpec.Timeout'. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
type: object
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation (like Jobs\nfor hooks) during the performance of a Helm
action. Defaults to '5m0s'. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
uninstall:
description: Uninstall holds the configuration for Helm uninstall
actions for this HelmRelease.
properties:
deletionPropagation:
default: background
description: "DeletionPropagation specifies the deletion propagation
policy when\na Helm uninstall is performed. "
enum:
- background
- foreground
- orphan
type: string
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm rollback action.
type: boolean
disableWait:
description: "DisableWait disables waiting for all the resources
to be deleted after\na Helm uninstall is performed. "
type: boolean
keepHistory:
description: "KeepHistory tells Helm to remove all associated
resources and mark the\nrelease as deleted, but retain the release
history. "
type: boolean
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation (like\nJobs for hooks) during the performance of a
Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'.
\ "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
type: object
upgrade:
description: Upgrade holds the configuration for Helm upgrade actions
for this HelmRelease.
properties:
cleanupOnFail:
description: "CleanupOnFail allows deletion of new resources created
during the Helm\nupgrade action when it fails. "
type: boolean
crds:
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
according\nto the CRD upgrade policy provided here. Valid values
are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip`
and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip:
do neither install nor replace (update) any CRDs.\n\nCreate:
new CRDs are created, existing CRDs are neither updated nor
deleted.\n\nCreateReplace: new CRDs are created, existing CRDs
are updated (replaced)\nbut not deleted.\n\nBy default, CRDs
are not applied during Helm upgrade action. With this\noption
users can opt-in to CRD upgrade, which is not (yet) natively
supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.
\ "
enum:
- Skip
- Create
- CreateReplace
type: string
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm upgrade action.
type: boolean
disableOpenAPIValidation:
description: "DisableOpenAPIValidation prevents the Helm upgrade
action from validating\nrendered templates against the Kubernetes
OpenAPI Schema. "
type: boolean
disableSchemaValidation:
description: "DisableSchemaValidation prevents the Helm upgrade
action from validating\nthe values against the JSON Schema.
\ "
type: boolean
disableTakeOwnership:
description: "DisableTakeOwnership disables taking ownership of
existing resources\nduring the Helm upgrade action. Defaults
to false. "
type: boolean
disableWait:
description: "DisableWait disables the waiting for resources to
be ready after a Helm\nupgrade has been performed. "
type: boolean
disableWaitForJobs:
description: "DisableWaitForJobs disables waiting for jobs to
complete after a Helm\nupgrade has been performed. "
type: boolean
force:
description: Force forces resource updates through a replacement
strategy.
type: boolean
preserveValues:
description: "PreserveValues will make Helm reuse the last release's
values and merge in\noverrides from 'Values'. Setting this flag
makes the HelmRelease\nnon-declarative. "
type: boolean
remediation:
description: "Remediation holds the remediation configuration
for when the Helm upgrade\naction for the HelmRelease fails.
The default is to not perform any action. "
properties:
ignoreTestFailures:
description: "IgnoreTestFailures tells the controller to skip
remediation when the Helm\ntests are run after an upgrade
action but fail.\nDefaults to 'Test.IgnoreFailures'. "
type: boolean
remediateLastFailure:
description: "RemediateLastFailure tells the controller to
remediate the last failure, when\nno retries remain. Defaults
to 'false' unless 'Retries' is greater than 0. "
type: boolean
retries:
description: "Retries is the number of retries that should
be attempted on failures before\nbailing. Remediation, using
'Strategy', is performed between each attempt.\nDefaults
to '0', a negative integer equals to unlimited retries.
\ "
type: integer
strategy:
description: Strategy to use for failure remediation. Defaults
to 'rollback'.
enum:
- rollback
- uninstall
type: string
type: object
serverSideApply:
description: "ServerSideApply enables server-side apply for resources
during upgrade.\nCan be \"enabled\", \"disabled\", or \"auto\".\nWhen
\"auto\", server-side apply usage will be based on the release's
previous usage.\nDefaults to \"auto\". "
enum:
- enabled
- disabled
- auto
type: string
strategy:
description: "Strategy defines the upgrade strategy to use for
this HelmRelease.\nDefaults to 'RemediateOnFailure', or 'RetryOnFailure'
when the\nDefaultToRetryOnFailure feature gate is enabled. "
properties:
name:
description: Name of the upgrade strategy.
enum:
- RemediateOnFailure
- RetryOnFailure
type: string
retryInterval:
description: "RetryInterval is the interval at which to retry
a failed upgrade.\nCan be used only when Name is set to
RetryOnFailure.\nDefaults to '5m'. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
required:
- name
type: object
x-kubernetes-validations:
- message: .retryInterval can only be set when .name is 'RetryOnFailure'
rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure'''
timeout:
description: "Timeout is the time to wait for any individual Kubernetes
operation (like\nJobs for hooks) during the performance of a
Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'.
\ "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
type: object
values:
description: Values holds the values for this Helm release.
x-kubernetes-preserve-unknown-fields: true
valuesFrom:
description: "ValuesFrom holds references to resources containing
Helm values for this HelmRelease,\nand information about how they
should be merged. "
items:
description: "ValuesReference contains a reference to a resource
containing Helm values,\nand optionally the key they can be found
at. "
properties:
kind:
description: Kind of the values referent, valid values are ('Secret',
'ConfigMap').
enum:
- Secret
- ConfigMap
type: string
name:
description: "Name of the values referent. Should reside in
the same namespace as the\nreferring resource. "
maxLength: 253
minLength: 1
type: string
optional:
description: "Optional marks this ValuesReference as optional.
When set, a not found error\nfor the values reference is ignored,
but any ValuesKey, TargetPath or\ntransient error will still
result in a reconciliation failure. "
type: boolean
targetPath:
description: "TargetPath is the YAML dot notation path the value
should be merged at. When\nset, the ValuesKey is expected
to be a single flat value. Defaults to 'None',\nwhich results
in the values getting merged at the root. "
maxLength: 250
pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
type: string
valuesKey:
description: "ValuesKey is the data key where the values.yaml
or a specific value can be\nfound at. Defaults to 'values.yaml'.
\ "
maxLength: 253
pattern: ^[\-._a-zA-Z0-9]+$
type: string
required:
- kind
- name
type: object
type: array
waitStrategy:
description: "WaitStrategy defines Helm's wait strategy for waiting
for applied\nresources to become ready. "
properties:
name:
description: "Name is Helm's wait strategy for waiting for applied
resources to\nbecome ready. One of 'poller' or 'legacy'. The
'poller' strategy uses\nkstatus to poll resource statuses, while
the 'legacy' strategy uses\nHelm v3's waiting logic.\nDefaults
to 'poller', or to 'legacy' when UseHelm3Defaults feature\ngate
is enabled. "
enum:
- poller
- legacy
type: string
required:
- name
type: object
required:
- interval
type: object
x-kubernetes-validations:
- message: either chart or chartRef must be set
rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart)
&& has(self.chartRef))
status:
default:
observedGeneration: -1
description: HelmReleaseStatus defines the observed state of a HelmRelease.
properties:
conditions:
description: Conditions holds the conditions for the HelmRelease.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
failures:
description: "Failures is the reconciliation failure count against
the latest desired\nstate. It is reset after a successful reconciliation.
\ "
format: int64
type: integer
helmChart:
description: "HelmChart is the namespaced name of the HelmChart resource
created by\nthe controller for the HelmRelease. "
type: string
history:
description: "History holds the history of Helm releases performed
for this HelmRelease\nup to the last successfully completed release.
\ "
items:
description: "Snapshot captures a point-in-time copy of the status
information for a Helm release,\nas managed by the controller.
\ "
properties:
action:
description: Action is the action that resulted in this snapshot
being created.
type: string
apiVersion:
description: "APIVersion is the API version of the Snapshot.\nWhen
the calculation method of the Digest field is changed, this\nfield
will be used to distinguish between the old and new methods.
\ "
type: string
appVersion:
description: AppVersion is the chart app version of the release
object in storage.
type: string
chartName:
description: ChartName is the chart name of the release object
in storage.
type: string
chartVersion:
description: "ChartVersion is the chart version of the release
object in\nstorage. "
type: string
configDigest:
description: "ConfigDigest is the checksum of the config (better
known as\n\"values\") of the release object in storage.\nIt
has the format of `<algo>:<checksum>`. "
type: string
deleted:
description: Deleted is when the release was deleted.
format: date-time
type: string
digest:
description: "Digest is the checksum of the release object in
storage.\nIt has the format of `<algo>:<checksum>`. "
type: string
firstDeployed:
description: FirstDeployed is when the release was first deployed.
format: date-time
type: string
lastDeployed:
description: LastDeployed is when the release was last deployed.
format: date-time
type: string
name:
description: Name is the name of the release.
type: string
namespace:
description: Namespace is the namespace the release is deployed
to.
type: string
ociDigest:
description: OCIDigest is the digest of the OCI artifact associated
with the release.
type: string
status:
description: Status is the current state of the release.
type: string
testHooks:
additionalProperties:
description: "TestHookStatus holds the status information
for a test hook as observed\nto be run by the controller.
\ "
properties:
lastCompleted:
description: LastCompleted is the time the test hook last
completed.
format: date-time
type: string
lastStarted:
description: LastStarted is the time the test hook was
last started.
format: date-time
type: string
phase:
description: Phase the test hook was observed to be in.
type: string
type: object
description: "TestHooks is the list of test hooks for the release
as observed to be\nrun by the controller. "
type: object
version:
description: Version is the version of the release object in
storage.
type: integer
required:
- chartName
- chartVersion
- configDigest
- digest
- firstDeployed
- lastDeployed
- name
- namespace
- status
- version
type: object
type: array
installFailures:
description: "InstallFailures is the install failure count against
the latest desired\nstate. It is reset after a successful reconciliation.
\ "
format: int64
type: integer
inventory:
description: "Inventory contains the list of Kubernetes resource object
references\nthat have been applied for this release. "
properties:
entries:
description: Entries of Kubernetes resource object references.
items:
description: ResourceRef contains the information necessary
to locate a resource within a cluster.
properties:
id:
description: "ID is the string representation of the Kubernetes
resource object's metadata,\nin the format '<namespace>_<name>_<group>_<kind>'.
\ "
type: string
v:
description: Version is the API version of the Kubernetes
resource object's kind.
type: string
required:
- id
- v
type: object
type: array
required:
- entries
type: object
lastAttemptedConfigDigest:
description: "LastAttemptedConfigDigest is the digest for the config
(better known as\n\"values\") of the last reconciliation attempt.
\ "
type: string
lastAttemptedGeneration:
description: "LastAttemptedGeneration is the last generation the controller
attempted\nto reconcile. "
format: int64
type: integer
lastAttemptedReleaseAction:
description: "LastAttemptedReleaseAction is the last release action
performed for this\nHelmRelease. It is used to determine the active
retry or remediation\nstrategy. "
enum:
- install
- upgrade
type: string
lastAttemptedReleaseActionDuration:
description: "LastAttemptedReleaseActionDuration is the duration of
the last\nrelease action performed for this HelmRelease. "
type: string
lastAttemptedRevision:
description: "LastAttemptedRevision is the Source revision of the
last reconciliation\nattempt. For OCIRepository sources, the 12
first characters of the digest are\nappended to the chart version
e.g. \"1.2.3+1234567890ab\". "
type: string
lastAttemptedRevisionDigest:
description: "LastAttemptedRevisionDigest is the digest of the last
reconciliation attempt.\nThis is only set for OCIRepository sources.
\ "
type: string
lastAttemptedValuesChecksum:
description: "LastAttemptedValuesChecksum is the SHA1 checksum for
the values of the last\nreconciliation attempt.\n\nDeprecated: Use
LastAttemptedConfigDigest instead. "
type: string
lastHandledForceAt:
description: "LastHandledForceAt holds the value of the most recent\nforce
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
lastHandledResetAt:
description: "LastHandledResetAt holds the value of the most recent
reset request\nvalue, so a change of the annotation value can be
detected. "
type: string
lastReleaseRevision:
description: "LastReleaseRevision is the revision of the last successful
Helm release.\n\nDeprecated: Use History instead. "
type: integer
observedCommonMetadataDigest:
description: "ObservedCommonMetadataDigest is the digest for the common
metadata of\nthe last successful reconciliation attempt. "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
observedPostRenderersDigest:
description: "ObservedPostRenderersDigest is the digest for the post-renderers
of\nthe last successful reconciliation attempt. "
type: string
storageNamespace:
description: "StorageNamespace is the namespace of the Helm release
storage for the\ncurrent release. "
maxLength: 63
minLength: 1
type: string
upgradeFailures:
description: "UpgradeFailures is the upgrade failure count against
the latest desired\nstate. It is reset after a successful reconciliation.
\ "
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: HelmRepository
listKind: HelmRepositoryList
plural: helmrepositories
shortNames:
- helmrepo
singular: helmrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: HelmRepository is the Schema for the helmrepositories API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: "HelmRepositorySpec specifies the required configuration
to produce an\nArtifact for a Helm repository index YAML. "
properties:
accessFrom:
description: "AccessFrom specifies an Access Control List for allowing
cross-namespace\nreferences to this object.\nNOTE: Not implemented,
provisional as of https://github.com/fluxcd/flux2/pull/2092 "
properties:
namespaceSelectors:
description: "NamespaceSelectors is the list of namespace selectors
to which this ACL applies.\nItems in this list are evaluated
using a logical OR operation. "
items:
description: "NamespaceSelector selects the namespaces to which
this ACL applies.\nAn empty map of MatchLabels matches all
namespaces in a cluster. "
properties:
matchLabels:
additionalProperties:
type: string
description: "MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels\nmap is equivalent
to an element of matchExpressions, whose key field is
\"key\", the\noperator is \"In\", and the values array
contains only \"value\". The requirements are ANDed. "
type: object
type: object
type: array
required:
- namespaceSelectors
type: object
certSecretRef:
description: "CertSecretRef can be given the name of a Secret containing\neither
or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and
private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand
whichever are supplied, will be used for connecting to the\nregistry.
The client cert and key are useful if you are\nauthenticating with
a certificate; the CA cert is useful if\nyou are using a self-signed
server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt
takes precedence over the values specified in the Secret referred\nto
by `.spec.secretRef`. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
insecure:
description: "Insecure allows connecting to a non-TLS HTTP container
registry.\nThis field is only taken into account if the .spec.type
field is set to 'oci'. "
type: boolean
interval:
description: "Interval at which the HelmRepository URL is checked
for updates.\nThis interval is approximate and may be subject to
jitter to ensure\nefficient use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
passCredentials:
description: "PassCredentials allows the credentials from the SecretRef
to be passed\non to a host that does not match the host as defined
in URL.\nThis may be required if the host of the advertised chart
URLs in the\nindex differ from the defined URL.\nEnabling this should
be done with caution, as it can potentially result\nin credentials
getting stolen in a MITM-attack. "
type: boolean
provider:
default: generic
description: "Provider used for authentication, can be 'aws', 'azure',
'gcp' or 'generic'.\nThis field is optional, and only taken into
account if the .spec.type field is set to 'oci'.\nWhen not specified,
defaults to 'generic'. "
enum:
- generic
- aws
- azure
- gcp
type: string
secretRef:
description: "SecretRef specifies the Secret containing authentication
credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the
secret must contain 'username' and 'password'\nfields.\nSupport
for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys
is deprecated. Please use `.spec.certSecretRef` instead. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: "Suspend tells the controller to suspend the reconciliation
of this\nHelmRepository. "
type: boolean
timeout:
description: "Timeout is used for the index fetch operation for an
HTTPS helm repository,\nand for remote OCI Repository operations
like pulling for an OCI helm\nchart by the associated HelmChart.\nIts
default value is 60s. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
description: "Type of the HelmRepository.\nWhen this field is set
to \"oci\", the URL field value must be prefixed with \"oci://\".
\ "
enum:
- default
- oci
type: string
url:
description: "URL of the Helm repository, a valid URL contains at
least a protocol and\nhost. "
pattern: ^(http|https|oci)://.*$
type: string
required:
- url
type: object
status:
default:
observedGeneration: -1
description: HelmRepositoryStatus records the observed state of the HelmRepository.
properties:
artifact:
description: Artifact represents the last successful HelmRepository
reconciliation.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the HelmRepository.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: "ObservedGeneration is the last observed generation of
the HelmRepository\nobject. "
format: int64
type: integer
url:
description: "URL is the dynamic fetch link for the latest Artifact.\nIt
is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact
data is recommended. "
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
group: kustomize.toolkit.fluxcd.io
names:
kind: Kustomization
listKind: KustomizationList
plural: kustomizations
shortNames:
- ks
singular: kustomization
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: "KustomizationSpec defines the configuration to calculate
the desired state\nfrom a Source using Kustomize. "
properties:
commonMetadata:
description: "CommonMetadata specifies the common labels and annotations
that are\napplied to all resources. Any existing label or annotation
will be\noverridden if its key matches a common one. "
properties:
annotations:
additionalProperties:
type: string
description: Annotations to be added to the object's metadata.
type: object
labels:
additionalProperties:
type: string
description: Labels to be added to the object's metadata.
type: object
type: object
components:
description: Components specifies relative paths to kustomize Components.
items:
type: string
type: array
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description: Provider is the name of the decryption engine.
enum:
- sops
type: string
secretRef:
description: "The secret name containing the private OpenPGP keys
used for decryption.\nA static credential for a cloud provider
defined inside the Secret\ntakes priority to secret-less authentication
with the ServiceAccountName\nfield. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: "ServiceAccountName is the name of the service account
used to\nauthenticate with KMS services from cloud providers.
If a\nstatic credential for a given cloud provider is defined\ninside
the Secret referenced by SecretRef, that static\ncredential
takes priority. "
type: string
required:
- provider
type: object
deletionPolicy:
description: "DeletionPolicy can be used to control garbage collection
when this\nKustomization is deleted. Valid values are ('MirrorPrune',
'Delete',\n'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors
the Prune field\n(orphan if false, delete if true). Defaults to
'MirrorPrune'. "
enum:
- MirrorPrune
- Delete
- WaitForTermination
- Orphan
type: string
dependsOn:
description: "DependsOn may contain a DependencyReference slice\nwith
references to Kustomization resources that must be ready before
this\nKustomization can be reconciled. "
items:
description: DependencyReference defines a Kustomization dependency
on another Kustomization resource.
properties:
name:
description: Name of the referent.
type: string
namespace:
description: "Namespace of the referent, defaults to the namespace
of the Kustomization\nresource object that contains the reference.
\ "
type: string
readyExpr:
description: "ReadyExpr is a CEL expression that can be used
to assess the readiness\nof a dependency. When specified,
the built-in readiness check\nis replaced by the logic defined
in the CEL expression.\nTo make the CEL expression additive
to the built-in readiness check,\nthe feature gate `AdditiveCELDependencyCheck`
must be set to `true`. "
type: string
required:
- name
type: object
type: array
force:
default: false
description: "Force instructs the controller to recreate resources\nwhen
patching fails due to an immutable field change. "
type: boolean
healthCheckExprs:
description: "HealthCheckExprs is a list of healthcheck expressions
for evaluating the\nhealth of custom resources using Common Expression
Language (CEL).\nThe expressions are evaluated only when Wait or
HealthChecks are specified. "
items:
description: CustomHealthCheck defines the health check for custom
resources.
properties:
apiVersion:
description: APIVersion of the custom resource under evaluation.
type: string
current:
description: "Current is the CEL expression that determines
if the status\nof the custom resource has reached the desired
state. "
type: string
failed:
description: "Failed is the CEL expression that determines if
the status\nof the custom resource has failed to reach the
desired state. "
type: string
inProgress:
description: "InProgress is the CEL expression that determines
if the status\nof the custom resource has not yet reached
the desired state. "
type: string
kind:
description: Kind of the custom resource under evaluation.
type: string
required:
- apiVersion
- current
- kind
type: object
type: array
healthChecks:
description: A list of resources to be included in the health assessment.
items:
description: "NamespacedObjectKindReference contains enough information
to locate the typed referenced Kubernetes resource object\nin
any namespace. "
properties:
apiVersion:
description: API version of the referent, if not specified the
Kubernetes preferred version will be used.
type: string
kind:
description: Kind of the referent.
type: string
name:
description: Name of the referent.
type: string
namespace:
description: Namespace of the referent, when not specified it
acts as LocalObjectReference.
type: string
required:
- kind
- name
type: object
type: array
ignoreMissingComponents:
description: "IgnoreMissingComponents instructs the controller to
ignore Components paths\nnot found in source by removing them from
the generated kustomization.yaml\nbefore running kustomize build.
\ "
type: boolean
images:
description: "Images is a list of (image name, new name, new tag or
digest)\nfor changing image names, tags or digests. This can also
be achieved with a\npatch, but this operator is simpler to specify.
\ "
items:
description: Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description: "Digest is the value used to replace the original
image tag.\nIf digest is present NewTag value is ignored.
\ "
type: string
name:
description: Name is a tag-less image name.
type: string
newName:
description: NewName is the value used to replace the original
name.
type: string
newTag:
description: NewTag is the value used to replace the original
tag.
type: string
required:
- name
type: object
type: array
interval:
description: "The interval at which to reconcile the Kustomization.\nThis
interval is approximate and may be subject to jitter to ensure\nefficient
use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: "The KubeConfig for reconciling the Kustomization on
a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces
the controller to act on behalf of that Service Account at the\ntarget
cluster.\nIf the --default-service-account flag is set, its value
will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis
empty. "
properties:
configMapRef:
description: "ConfigMapRef holds an optional name of a ConfigMap
that contains\nthe following keys:\n\n- `provider`: the provider
to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n-
`cluster`: the fully qualified resource name of the Kubernetes\n
\ cluster in the cloud provider API. Not used by the `generic`\n
\ provider. Required when one of `address` or `ca.crt` is not
set.\n- `address`: the address of the Kubernetes API server.
Required\n for `generic`. For the other providers, if not
specified, the\n first address in the cluster resource will
be used, and if\n specified, it must match one of the addresses
in the cluster\n resource.\n If audiences is not set, will
be used as the audience for the\n `generic` provider.\n- `ca.crt`:
the optional PEM-encoded CA certificate for the\n Kubernetes
API server. If not set, the controller will use the\n CA certificate
from the cluster resource.\n- `audiences`: the optional audiences
as a list of\n line-break-separated strings for the Kubernetes
ServiceAccount\n token. Defaults to the `address` for the
`generic` provider, or\n to specific values for the other
providers depending on the\n provider.\n- `serviceAccountName`:
the optional name of the Kubernetes\n ServiceAccount in the
same namespace that should be used\n for authentication. If
not specified, the controller\n ServiceAccount will be used.\n\nMutually
exclusive with SecretRef. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: "SecretRef holds an optional name of a secret that
contains a key with\nthe kubeconfig file as the value. If no
key is set, the key will default\nto 'value'. Mutually exclusive
with ConfigMapRef.\nIt is recommended that the kubeconfig is
self-contained, and the secret\nis regularly updated if credentials
such as a cloud-access-token expire.\nCloud specific `cmd-path`
auth helpers will not function without adding\nbinaries and
credentials to the Pod that is responsible for reconciling\nKubernetes
resources. Supported only for the generic provider. "
properties:
key:
description: Key in the Secret, when not specified an implementation-specific
default key is used.
type: string
name:
description: Name of the Secret.
type: string
required:
- name
type: object
type: object
x-kubernetes-validations:
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: has(self.configMapRef) || has(self.secretRef)
- message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef
must be specified
rule: '!has(self.configMapRef) || !has(self.secretRef)'
namePrefix:
description: NamePrefix will prefix the names of all managed resources.
maxLength: 200
minLength: 1
type: string
nameSuffix:
description: NameSuffix will suffix the names of all managed resources.
maxLength: 200
minLength: 1
type: string
patches:
description: "Strategic merge and JSON patches, defined as inline
YAML objects,\ncapable of targeting objects based on kind, label
and annotation selectors. "
items:
description: "Patch contains an inline StrategicMerge or JSON6902
patch, and the target the patch should\nbe applied to. "
properties:
patch:
description: "Patch contains an inline StrategicMerge patch
or an inline JSON6902 patch with\nan array of operation objects.
\ "
type: string
target:
description: Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description: "AnnotationSelector is a string that follows
the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource annotations. "
type: string
group:
description: "Group is the API group to select resources
from.\nTogether with Version and Kind it is capable of
unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
kind:
description: "Kind of the API Group to select resources
from.\nTogether with Group and Version it is capable of
unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
labelSelector:
description: "LabelSelector is a string that follows the
label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt
matches with the resource labels. "
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: "Version of the API Group to select resources
from.\nTogether with Group and Kind it is capable of unambiguously
identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
\ "
type: string
type: object
required:
- patch
type: object
type: array
path:
description: "Path to the directory containing the kustomization.yaml
file, or the\nset of plain YAMLs a kustomization.yaml should be
generated for.\nDefaults to 'None', which translates to the root
path of the SourceRef. "
type: string
postBuild:
description: "PostBuild describes which actions to perform on the
YAML manifest\ngenerated by building the kustomize overlay. "
properties:
substitute:
additionalProperties:
type: string
description: "Substitute holds a map of key/value pairs.\nThe
variables defined in your YAML manifests that match any of the
keys\ndefined in the map will be substituted with the set value.\nIncludes
support for bash string replacement functions\ne.g. ${var:=default},
${var:position} and ${var/substring/replacement}. "
type: object
substituteFrom:
description: "SubstituteFrom holds references to ConfigMaps and
Secrets containing\nthe variables and their values to be substituted
in the YAML manifests.\nThe ConfigMap and the Secret data keys
represent the var names, and they\nmust match the vars declared
in the manifests for the substitution to\nhappen. "
items:
description: "SubstituteReference contains a reference to a
resource containing\nthe variables name and value. "
properties:
kind:
description: Kind of the values referent, valid values are
('Secret', 'ConfigMap').
enum:
- Secret
- ConfigMap
type: string
name:
description: "Name of the values referent. Should reside
in the same namespace as the\nreferring resource. "
maxLength: 253
minLength: 1
type: string
optional:
default: false
description: "Optional indicates whether the referenced
resource must exist, or whether to\ntolerate its absence.
If true and the referenced resource is absent, proceed\nas
if the resource was present but empty, without any variables
defined. "
type: boolean
required:
- kind
- name
type: object
type: array
type: object
prune:
description: Prune enables garbage collection.
type: boolean
retryInterval:
description: "The interval at which to retry a previously failed reconciliation.\nWhen
not specified, the controller uses the KustomizationSpec.Interval\nvalue
to retry failures. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
serviceAccountName:
description: "The name of the Kubernetes service account to impersonate\nwhen
reconciling this Kustomization. "
type: string
sourceRef:
description: Reference of the source where the kustomization file
is.
properties:
apiVersion:
description: API version of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- OCIRepository
- GitRepository
- Bucket
- ExternalArtifact
type: string
name:
description: Name of the referent.
type: string
namespace:
description: "Namespace of the referent, defaults to the namespace
of the Kubernetes\nresource object that contains the reference.
\ "
type: string
required:
- kind
- name
type: object
suspend:
description: "This flag tells the controller to suspend subsequent
kustomize executions,\nit does not apply to already started executions.
Defaults to false. "
type: boolean
targetNamespace:
description: "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml
file. "
maxLength: 63
minLength: 1
type: string
timeout:
description: "Timeout for validation, apply and health checking operations.\nDefaults
to 'Interval' duration. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
wait:
description: "Wait instructs the controller to check the health of
all the reconciled\nresources. When enabled, the HealthChecks are
ignored. Defaults to false. "
type: boolean
required:
- interval
- prune
- sourceRef
type: object
status:
default:
observedGeneration: -1
description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
history:
description: "History contains a set of snapshots of the last reconciliation
attempts\ntracking the revision, the state and the duration of each
attempt. "
items:
description: "Snapshot represents a point-in-time record of a group
of resources reconciliation,\nincluding timing information, status,
and a unique digest identifier. "
properties:
digest:
description: Digest is the checksum in the format `<algo>:<hex>`
of the resources in this snapshot.
type: string
firstReconciled:
description: FirstReconciled is the time when this revision
was first reconciled to the cluster.
format: date-time
type: string
lastReconciled:
description: LastReconciled is the time when this revision was
last reconciled to the cluster.
format: date-time
type: string
lastReconciledDuration:
description: LastReconciledDuration is time it took to reconcile
the resources in this revision.
type: string
lastReconciledStatus:
description: LastReconciledStatus is the status of the last
reconciliation.
type: string
metadata:
additionalProperties:
type: string
description: Metadata contains additional information about
the snapshot.
type: object
totalReconciliations:
description: TotalReconciliations is the total number of reconciliations
that have occurred for this snapshot.
format: int64
type: integer
required:
- digest
- firstReconciled
- lastReconciled
- lastReconciledDuration
- lastReconciledStatus
- totalReconciliations
type: object
type: array
inventory:
description: "Inventory contains the list of Kubernetes resource object
references that\nhave been successfully applied. "
properties:
entries:
description: Entries of Kubernetes resource object references.
items:
description: ResourceRef contains the information necessary
to locate a resource within a cluster.
properties:
id:
description: "ID is the string representation of the Kubernetes
resource object's metadata,\nin the format '<namespace>_<name>_<group>_<kind>'.
\ "
type: string
v:
description: Version is the API version of the Kubernetes
resource object's kind.
type: string
required:
- id
- v
type: object
type: array
required:
- entries
type: object
lastAppliedOriginRevision:
description: "The last successfully applied origin revision.\nEquals
the origin revision of the applied Artifact from the referenced
Source.\nUsually present on the Metadata of the applied Artifact
and depends on the\nSource type, e.g. for OCI it's the value associated
with the key\n\"org.opencontainers.image.revision\". "
type: string
lastAppliedRevision:
description: "The last successfully applied revision.\nEquals the
Revision of the applied Artifact from the referenced Source. "
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
attempt.
type: string
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: ocirepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: OCIRepository
listKind: OCIRepositoryList
plural: ocirepositories
shortNames:
- ocirepo
singular: ocirepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: OCIRepository is the Schema for the ocirepositories API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: OCIRepositorySpec defines the desired state of OCIRepository
properties:
certSecretRef:
description: "CertSecretRef can be given the name of a Secret containing\neither
or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and
private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand
whichever are supplied, will be used for connecting to the\nregistry.
The client cert and key are useful if you are\nauthenticating with
a certificate; the CA cert is useful if\nyou are using a self-signed
server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.
\ "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
ignore:
description: "Ignore overrides the set of excluded patterns in the
.sourceignore format\n(which is the same as .gitignore). If not
provided, a default will be used,\nconsult the documentation for
your version to find out what those are. "
type: string
insecure:
description: Insecure allows connecting to a non-TLS HTTP container
registry.
type: boolean
interval:
description: "Interval at which the OCIRepository URL is checked for
updates.\nThis interval is approximate and may be subject to jitter
to ensure\nefficient use of resources. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
layerSelector:
description: "LayerSelector specifies which layer should be extracted
from the OCI artifact.\nWhen not specified, the first layer found
in the artifact is selected. "
properties:
mediaType:
description: "MediaType specifies the OCI media type of the layer\nwhich
should be extracted from the OCI Artifact. The\nfirst layer
matching this type is selected. "
type: string
operation:
description: "Operation specifies how the selected layer should
be processed.\nBy default, the layer compressed content is extracted
to storage.\nWhen the operation is set to 'copy', the layer
compressed content\nis persisted to storage as it is. "
enum:
- extract
- copy
type: string
type: object
provider:
default: generic
description: "The provider used for authentication, can be 'aws',
'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'.
\ "
enum:
- generic
- aws
- azure
- gcp
type: string
proxySecretRef:
description: "ProxySecretRef specifies the Secret containing the proxy
configuration\nto use while communicating with the container registry.
\ "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
ref:
description: "The OCI reference to pull and monitor for changes,\ndefaults
to the latest tag. "
properties:
digest:
description: "Digest is the image digest to pull, takes precedence
over SemVer.\nThe value should be in the format 'sha256:<HASH>'.
\ "
type: string
semver:
description: "SemVer is the range of tags to pull selecting the
latest within\nthe range, takes precedence over Tag. "
type: string
semverFilter:
description: SemverFilter is a regex pattern to filter the tags
within the SemVer range.
type: string
tag:
description: Tag is the image tag to pull, defaults to latest.
type: string
type: object
secretRef:
description: "SecretRef contains the secret name containing the registry
login\ncredentials to resolve image metadata.\nThe secret must be
of type kubernetes.io/dockerconfigjson. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: "ServiceAccountName is the name of the Kubernetes ServiceAccount
used to authenticate\nthe image pull if the service account has
attached pull secrets. For more information:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
\ "
type: string
suspend:
description: This flag tells the controller to suspend the reconciliation
of this source.
type: boolean
timeout:
default: 60s
description: The timeout for remote OCI Repository operations like
pulling, defaults to 60s.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
url:
description: "URL is a reference to an OCI artifact repository hosted\non
a remote container registry. "
pattern: ^oci://.*$
type: string
verify:
description: "Verify contains the secret name containing the trusted
public keys\nused to verify the signature and specifies which provider
to use to check\nwhether OCI image is authentic. "
properties:
matchOIDCIdentity:
description: "MatchOIDCIdentity specifies the identity matching
criteria to use\nwhile verifying an OCI artifact which was signed
using Cosign keyless\nsigning. The artifact's identity is deemed
to be verified if any of the\nspecified matchers match against
the identity. "
items:
description: "OIDCIdentityMatch specifies options for verifying
the certificate identity,\ni.e. the issuer and the subject
of the certificate. "
properties:
issuer:
description: "Issuer specifies the regex pattern to match
against to verify\nthe OIDC issuer in the Fulcio certificate.
The pattern must be a\nvalid Go regular expression. "
type: string
subject:
description: "Subject specifies the regex pattern to match
against to verify\nthe identity subject in the Fulcio
certificate. The pattern must\nbe a valid Go regular expression.
\ "
type: string
required:
- issuer
- subject
type: object
type: array
provider:
default: cosign
description: Provider specifies the technology used to sign the
OCI Artifact.
enum:
- cosign
- notation
type: string
secretRef:
description: "SecretRef specifies the Kubernetes Secret containing
the\ntrusted public keys. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
required:
- provider
type: object
required:
- interval
- url
type: object
status:
default:
observedGeneration: -1
description: OCIRepositoryStatus defines the observed state of OCIRepository
properties:
artifact:
description: Artifact represents the output of the last successful
OCI Repository sync.
properties:
digest:
description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: "LastUpdateTime is the timestamp corresponding to
the last update of the\nArtifact. "
format: date-time
type: string
metadata:
additionalProperties:
type: string
description: Metadata holds upstream information such as OCI annotations.
type: object
path:
description: "Path is the relative file path of the Artifact.
It can be used to locate\nthe file in the root of the Artifact
storage on the local file system of\nthe controller managing
the Source. "
type: string
revision:
description: "Revision is a human-readable identifier traceable
in the origin source\nsystem. It can be a Git commit SHA, Git
tag, a Helm chart version, etc. "
type: string
size:
description: Size is the number of bytes in the file.
format: int64
type: integer
url:
description: "URL is the HTTP address of the Artifact as exposed
by the controller\nmanaging the Source. It can be used to retrieve
the Artifact for\nconsumption, e.g. by another controller applying
the Artifact contents. "
type: string
required:
- digest
- lastUpdateTime
- path
- revision
- url
type: object
conditions:
description: Conditions holds the conditions for the OCIRepository.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
observedIgnore:
description: "ObservedIgnore is the observed exclusion patterns used
for constructing\nthe source artifact. "
type: string
observedLayerSelector:
description: "ObservedLayerSelector is the observed layer selector
used for constructing\nthe source artifact. "
properties:
mediaType:
description: "MediaType specifies the OCI media type of the layer\nwhich
should be extracted from the OCI Artifact. The\nfirst layer
matching this type is selected. "
type: string
operation:
description: "Operation specifies how the selected layer should
be processed.\nBy default, the layer compressed content is extracted
to storage.\nWhen the operation is set to 'copy', the layer
compressed content\nis persisted to storage as it is. "
enum:
- extract
- copy
type: string
type: object
url:
description: URL is the download link for the artifact output of the
last OCI Repository sync.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
names:
kind: Provider
listKind: ProviderList
plural: providers
singular: provider
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3
name: v1beta2
schema:
openAPIV3Schema:
description: Provider is the Schema for the providers API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: ProviderSpec defines the desired state of the Provider.
properties:
address:
description: "Address specifies the endpoint, in a generic sense,
to where alerts are sent.\nWhat kind of endpoint depends on the
specific Provider type being used.\nFor the generic Provider, for
example, this is an HTTP/S address.\nFor other Provider types this
could be a project ID or a namespace. "
maxLength: 2048
type: string
certSecretRef:
description: "CertSecretRef specifies the Secret containing\na PEM-encoded
CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile`
key has\nbeen deprecated. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
channel:
description: Channel specifies the destination channel where events
should be posted.
maxLength: 2048
type: string
interval:
description: Interval at which to reconcile the Provider with its
Secret references.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
proxy:
description: Proxy the HTTP/S address of the proxy server.
maxLength: 2048
pattern: ^(http|https)://.*$
type: string
secretRef:
description: "SecretRef specifies the Secret containing the authentication\ncredentials
for this Provider. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this Provider. "
type: boolean
timeout:
description: Timeout for sending alerts to the Provider.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
description: Type specifies which Provider implementation to use.
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- gitea
- bitbucketserver
- bitbucket
- azuredevops
- googlechat
- googlepubsub
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
- pagerduty
- datadog
type: string
username:
description: Username specifies the name under which events are posted.
maxLength: 2048
type: string
required:
- type
type: object
status:
default:
observedGeneration: -1
description: ProviderStatus defines the observed state of the Provider.
properties:
conditions:
description: Conditions holds the conditions for the Provider.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta3
schema:
openAPIV3Schema:
description: Provider is the Schema for the providers API
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: ProviderSpec defines the desired state of the Provider.
properties:
address:
description: "Address specifies the endpoint, in a generic sense,
to where alerts are sent.\nWhat kind of endpoint depends on the
specific Provider type being used.\nFor the generic Provider, for
example, this is an HTTP/S address.\nFor other Provider types this
could be a project ID or a namespace. "
maxLength: 2048
type: string
certSecretRef:
description: "CertSecretRef specifies the Secret containing TLS certificates\nfor
secure communication.\n\nSupported configurations:\n- CA-only: Server
authentication (provide ca.crt only)\n- mTLS: Mutual authentication
(provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication
with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\",
\"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\",
\"tls.crt\", \"tls.key\" instead. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
channel:
description: Channel specifies the destination channel where events
should be posted.
maxLength: 2048
type: string
commitStatusExpr:
description: "CommitStatusExpr is a CEL expression that evaluates
to a string value\nthat can be used to generate a custom commit
status message for use\nwith eligible Provider types (github, gitlab,
gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables
are: event, provider,\nand alert. "
type: string
interval:
description: "Interval at which to reconcile the Provider with its
Secret references.\nDeprecated and not used in v1beta3. "
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
proxy:
description: "Proxy the HTTP/S address of the proxy server.\nDeprecated:
Use ProxySecretRef instead. Will be removed in v1. "
maxLength: 2048
pattern: ^(http|https)://.*$
type: string
proxySecretRef:
description: "ProxySecretRef specifies the Secret containing the proxy
configuration\nfor this Provider. The Secret should contain an 'address'
key with the\nHTTP/S address of the proxy server. Optional 'username'
and 'password'\nkeys can be provided for proxy authentication. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
secretRef:
description: "SecretRef specifies the Secret containing the authentication\ncredentials
for this Provider. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serviceAccountName:
description: "ServiceAccountName is the name of the Kubernetes ServiceAccount
used to\nauthenticate with cloud provider services through workload
identity.\nThis enables multi-tenant authentication without storing
static credentials.\n\nSupported provider types: azureeventhub,
azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1.
Create an OIDC token for the specified ServiceAccount\n2. Exchange
it for cloud provider credentials via STS\n3. Use the obtained credentials
for API authentication\n\nWhen unspecified, controller-level authentication
is used (single-tenant).\n\nAn error is thrown if static credentials
are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity
feature gate to be enabled. "
type: string
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this Provider. "
type: boolean
timeout:
description: Timeout for sending alerts to the Provider.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
type:
description: Type specifies which Provider implementation to use.
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- gitea
- giteapullrequestcomment
- bitbucketserver
- bitbucket
- azuredevops
- googlechat
- googlepubsub
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
- githubpullrequestcomment
- gitlabmergerequestcomment
- pagerduty
- datadog
- nats
- zulip
- otel
type: string
username:
description: Username specifies the name under which events are posted.
maxLength: 2048
type: string
required:
- type
type: object
x-kubernetes-validations:
- message: spec.commitStatusExpr is only supported for the 'github', 'gitlab',
'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types
rule: self.type == 'github' || self.type == 'gitlab' || self.type ==
'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket'
|| self.type == 'azuredevops' || !has(self.commitStatusExpr)
type: object
served: true
storage: true
subresources: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
names:
kind: Receiver
listKind: ReceiverList
plural: receivers
singular: receiver
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: Receiver is the Schema for the receivers API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: ReceiverSpec defines the desired state of the Receiver.
properties:
events:
description: "Events specifies the list of event types to handle,\ne.g.
'push' for GitHub or 'Push Hook' for GitLab. "
items:
type: string
type: array
interval:
default: 10m
description: Interval at which to reconcile the Receiver with its
Secret references.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
resourceFilter:
description: "ResourceFilter is a CEL expression expected to return
a boolean that is\nevaluated for each resource referenced in the
Resources field when a\nwebhook is received. If the expression returns
false then the controller\nwill not request a reconciliation for
the resource.\nWhen the expression is specified the controller will
parse it and mark\nthe object as terminally failed if the expression
is invalid or does not\nreturn a boolean. "
type: string
resources:
description: A list of resources to be notified about changes.
items:
description: "CrossNamespaceObjectReference contains enough information
to let you locate the\ntyped referenced object at cluster level
\ "
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
- ArtifactGenerator
- ExternalArtifact
type: string
matchLabels:
additionalProperties:
type: string
description: "MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels\nmap is equivalent to an element
of matchExpressions, whose key field is \"key\", the\noperator
is \"In\", and the values array contains only \"value\". The
requirements are ANDed.\nMatchLabels requires the name to
be set to `*`. "
type: object
name:
description: "Name of the referent\nIf multiple resources are
targeted `*` may be set. "
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 253
minLength: 1
type: string
required:
- kind
- name
type: object
type: array
secretRef:
description: "SecretRef specifies the Secret containing the token
used\nto validate the payload authenticity. The Secret must contain
a 'token'\nkey. For GCR receivers, the Secret must also contain
an 'email' key\nwith the IAM service account email configured on
the Pub/Sub push\nsubscription, and may optionally contain an 'audience'
key with the\nexpected OIDC token audience. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this receiver. "
type: boolean
type:
description: "Type of webhook sender, used to determine\nthe validation
procedure and payload deserialization. "
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
- cdevents
type: string
required:
- resources
- secretRef
- type
type: object
status:
default:
observedGeneration: -1
description: ReceiverStatus defines the observed state of the Receiver.
properties:
conditions:
description: Conditions holds the conditions for the Receiver.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation of
the Receiver object.
format: int64
type: integer
webhookPath:
description: "WebhookPath is the generated incoming webhook address
in the format\nof '/hook/sha256sum(token+name+namespace)'. "
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
deprecated: true
deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
description: Receiver is the Schema for the receivers API.
properties:
apiVersion:
description: "APIVersion defines the versioned schema of this representation
of an object.\nServers should convert recognized schemas to the latest
internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
\ "
type: string
kind:
description: "Kind is a string value representing the REST resource this
object represents.\nServers may infer this from the endpoint the client
submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
\ "
type: string
metadata:
type: object
spec:
description: ReceiverSpec defines the desired state of the Receiver.
properties:
events:
description: "Events specifies the list of event types to handle,\ne.g.
'push' for GitHub or 'Push Hook' for GitLab. "
items:
type: string
type: array
interval:
description: Interval at which to reconcile the Receiver with its
Secret references.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
resources:
description: A list of resources to be notified about changes.
items:
description: "CrossNamespaceObjectReference contains enough information
to let you locate the\ntyped referenced object at cluster level
\ "
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
- ArtifactGenerator
- ExternalArtifact
type: string
matchLabels:
additionalProperties:
type: string
description: "MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels\nmap is equivalent to an element
of matchExpressions, whose key field is \"key\", the\noperator
is \"In\", and the values array contains only \"value\". The
requirements are ANDed.\nMatchLabels requires the name to
be set to `*`. "
type: object
name:
description: "Name of the referent\nIf multiple resources are
targeted `*` may be set. "
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent
maxLength: 253
minLength: 1
type: string
required:
- kind
- name
type: object
type: array
secretRef:
description: "SecretRef specifies the Secret containing the token
used\nto validate the payload authenticity. "
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
suspend:
description: "Suspend tells the controller to suspend subsequent\nevents
handling for this receiver. "
type: boolean
type:
description: "Type of webhook sender, used to determine\nthe validation
procedure and payload deserialization. "
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
type: string
required:
- resources
- secretRef
- type
type: object
status:
default:
observedGeneration: -1
description: ReceiverStatus defines the observed state of the Receiver.
properties:
conditions:
description: Conditions holds the conditions for the Receiver.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: "lastTransitionTime is the last time the condition
transitioned from one status to another.\nThis should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable. "
format: date-time
type: string
message:
description: "message is a human readable message indicating
details about the transition.\nThis may be an empty string.
\ "
maxLength: 32768
type: string
observedGeneration:
description: "observedGeneration represents the .metadata.generation
that the condition was set based upon.\nFor instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date\nwith respect to the current
state of the instance. "
format: int64
minimum: 0
type: integer
reason:
description: "reason contains a programmatic identifier indicating
the reason for the condition's last transition.\nProducers
of specific condition types may define expected values and
meanings for this field,\nand whether the values are considered
a guaranteed API.\nThe value should be a CamelCase string.\nThis
field may not be empty. "
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: "LastHandledReconcileAt holds the value of the most recent\nreconcile
request value, so a change of the annotation value\ncan be detected.
\ "
type: string
observedGeneration:
description: ObservedGeneration is the last observed generation of
the Receiver object.
format: int64
type: integer
url:
description: "URL is the generated incoming webhook address in the
format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated:
Replaced by WebhookPath. "
type: string
webhookPath:
description: "WebhookPath is the generated incoming webhook address
in the format\nof '/hook/sha256sum(token+name+namespace)'. "
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: helm-controller
namespace: flux-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: kustomize-controller
namespace: flux-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: notification-controller
namespace: flux-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: source-controller
namespace: flux-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: crd-controller-flux-system
rules:
- apiGroups:
- source.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- notification.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- image.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- source.extensions.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
- secrets
- configmaps
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- nonResourceURLs:
- /livez/ping
verbs:
- head
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: flux-edit-flux-system
rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- source.extensions.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- create
- delete
- deletecollection
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: flux-view-flux-system
rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- source.extensions.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: crd-controller-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: crd-controller-flux-system
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
- kind: ServiceAccount
name: source-controller
namespace: flux-system
- kind: ServiceAccount
name: notification-controller
namespace: flux-system
- kind: ServiceAccount
name: image-reflector-controller
namespace: flux-system
- kind: ServiceAccount
name: image-automation-controller
namespace: flux-system
- kind: ServiceAccount
name: source-watcher
namespace: flux-system
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: notification-controller
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: source-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: source-controller
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: webhook-receiver
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http-webhook
selector:
app: notification-controller
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: test-http
namespace: test
spec:
ports:
- name: http
port: 80
targetPort: 5678
selector:
app: test-http
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: helm-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: helm-controller
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
spec:
containers:
- args:
- --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/helm-controller:v1.5.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: helm-controller
terminationGracePeriodSeconds: 600
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: kustomize-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: kustomize-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: kustomize-controller
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
spec:
containers:
- args:
- --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/kustomize-controller:v1.8.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: kustomize-controller
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: notification-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: notification-controller
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
spec:
containers:
- args:
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/notification-controller:v1.8.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
protocol: TCP
- containerPort: 9292
name: http-webhook
protocol: TCP
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
nodeSelector:
kubernetes.io/os: linux
securityContext:
fsGroup: 1337
serviceAccountName: notification-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
control-plane: controller
name: source-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: source-controller
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: source-controller
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
spec:
containers:
- args:
- --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./
- --watch-all-namespaces=true
- --log-level=info
- --log-encoding=json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TUF_ROOT
value: /tmp/.sigstore
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
containerName: manager
resource: limits.memory
image: ghcr.io/fluxcd/source-controller:v1.8.2
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
protocol: TCP
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: source-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test-http
name: test-http
namespace: test
spec:
replicas: 1
selector:
matchLabels:
app: test-http
template:
metadata:
labels:
app: test-http
spec:
containers:
- args:
- -text=ok from flux
image: hashicorp/http-echo:1.0.0
name: http-echo
ports:
- containerPort: 5678
name: http
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: mapper
namespace: mapper
spec:
chart:
spec:
chart: universal-chart
interval: 10m
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
version: 0.1.7
install:
remediation:
retries: 3
interval: 10m
upgrade:
remediation:
retries: 3
values:
global:
env: _default
services:
backend:
commitSha: ""
deployment:
enabled: true
name:
_default: backend
preprod: backend
production: backend
stage: mapper-backend
port:
_default: 8000
probes:
liveness:
enabled: false
readiness:
enabled: false
replicaCount:
_default: 1
preprod: 3
production: 3
stage: 1
resources:
limits:
cpu:
_default: "2.0"
memory:
_default: 512Mi
requests:
cpu:
_default: "1.0"
memory:
_default: 128Mi
enabled: true
envs:
- name: DOCUMENTATION_HOST
value:
_default: https://stage-api.sarex.io/documentations/api/v1
- name: FLOW_HOST
value:
_default: https://stage-api.sarex.io/flows/api/v1
- name: DJANGO_HOST
value:
_default: https://stage.sarex.io/api
- name: NOTE_HOST
value:
_default: https://stage-api.sarex.io/notes/api/v1
- name: REDIS_USE
value:
_default: "0"
preprod: "0"
production: "0"
stage: "0"
- name: TIMEOUT
value:
_default: "120"
preprod: "120"
production: "120"
stage: "120"
gitlabJobUrl: ""
gitlabUri: ""
image:
name:
_default: cr.yandex/crp3ccidau046kdj8g9q/mapper:latest
pullPolicy:
_default: IfNotPresent
imagePullSecrets:
enabled:
_default: true
name:
_default: dockerhub
labels:
monitoring: prometheus
owner: ""
service:
enabled: true
name:
_default: backend-service
preprod: backend-service
production: backend-service
stage: mapper-backend-service
port:
_default: 8000
portName:
_default: http
targetPort:
_default: 8000
type:
_default: ClusterIP
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: vault
namespace: vault
spec:
chart:
spec:
chart: vault-contour
interval: 10m
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
version: 0.1.0
install:
remediation:
retries: 3
interval: 5m
timeout: 10m
upgrade:
remediation:
retries: 3
values:
imagePullSecrets:
- name: regcred
server:
dataStorage:
storageClass: local-path
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./clusters/brusnika-stage
prune: true
sourceRef:
kind: GitRepository
name: flux-system
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
name: vault
namespace: vault
spec:
ingressClassName: nginx
rules:
- host: vault.stage.brusnika.sarex.lonsdaleites.ru
http:
paths:
- backend:
service:
name: vault-vault-contour
port:
number: 8200
path: /
pathType: Prefix
tls:
- hosts:
- vault.stage.brusnika.sarex.lonsdaleites.ru
secretName: vault-stage-tls
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: allow-egress
namespace: flux-system
spec:
egress:
- {}
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress
- Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: allow-scraping
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 8080
protocol: TCP
podSelector: {}
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
app.kubernetes.io/version: v2.8.5
name: allow-webhooks
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
podSelector:
matchLabels:
app: notification-controller
policyTypes:
- Ingress
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: master
secretRef:
name: flux-system
url: https://gitea.stage.brusnika.sarex.lonsdaleites.ru/sarex/iac.git
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: yc-oci-charts
namespace: flux-system
spec:
interval: 10m0s
secretRef:
name: yc-cr-auth
type: oci
url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts
Reference in New Issue View Git Blame Copy Permalink