diff --git a/scripts/deploy/02_wait_for_helmreleases.sh b/scripts/deploy/02_wait_for_helmreleases.sh
index 63abe7c0b14fac505c19ce3918a2809ed3dc0723..c95c6684661f018130082d2901542b0b17b43534 100755
--- a/scripts/deploy/02_wait_for_helmreleases.sh
+++ b/scripts/deploy/02_wait_for_helmreleases.sh
@@ -54,4 +54,4 @@ do
done
echo "Waiting on Secrets Kustomization"
-kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
+kubectl wait --for=condition=Ready --timeout 120s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
diff --git a/scripts/deploy/flux.yaml b/scripts/deploy/flux.yaml
index ba81d20aab8a0b218d5301bfb471e2f05ff5c9b0..bf68e212774405170284244a8e35459f507ce54f 100644
--- a/scripts/deploy/flux.yaml
+++ b/scripts/deploy/flux.yaml
@@ -1,148 +1,14 @@
---
-# GitOps Toolkit revision v0.4.0
+# GitOps Toolkit revision latest
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
name: flux-system
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: deny-ingress
- namespace: flux-system
-spec:
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: crd-controller-flux-system
- namespace: flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - configmaps
- - configmaps/status
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: crd-controller-flux-system
- namespace: flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: default
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: default
- namespace: flux-system
----
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@@ -151,21 +17,18 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: buckets.source.toolkit.fluxcd.io
+ app.kubernetes.io/version: latest
+ name: alerts.notification.toolkit.fluxcd.io
spec:
- group: source.toolkit.fluxcd.io
+ group: notification.toolkit.fluxcd.io
names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
+ kind: Alert
+ listKind: AlertList
+ plural: alerts
+ singular: alert
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
@@ -178,7 +41,7 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
+ description: Alert is the Schema for the alerts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
@@ -189,80 +52,78 @@ spec:
metadata:
type: object
spec:
- description: BucketSpec defines the desired state of an S3 compatible bucket
+ description: AlertSpec defines an alerting rule for events involving a list of objects
properties:
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
+ eventSeverity:
+ default: info
+ description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered.
enum:
- - generic
- - aws
- type: string
- region:
- description: The bucket region.
+ - info
+ - error
type: string
- secretRef:
- description: The name of the secret containing authentication credentials for the Bucket.
+ eventSources:
+ description: Filter events based on the involved objects.
+ items:
+ description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ type: string
+ name:
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exclusionList:
+ description: A list of Golang regular expressions to be used for excluding messages.
+ items:
+ type: string
+ type: array
+ providerRef:
+ description: Send events using this provider.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
+ summary:
+ description: Short description of the impact and affected cluster.
+ type: string
suspend:
- description: This flag tells the controller to suspend the reconciliation of this source.
+ description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false.
type: boolean
- timeout:
- default: 20s
- description: The timeout for download operations, defaults to 20s.
- type: string
required:
- - bucketName
- - endpoint
- - interval
+ - eventSources
+ - providerRef
type: object
status:
- description: BucketStatus defines the observed state of a bucket
+ description: AlertStatus defines the observed state of Alert
properties:
- artifact:
- description: Artifact represents the output of the last successful Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
conditions:
- description: Conditions holds the conditions for the Bucket.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
@@ -305,14 +166,191 @@ spec:
- type
type: object
type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: buckets.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: Bucket
+ listKind: BucketList
+ plural: buckets
+ singular: bucket
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Bucket is the Schema for the buckets API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BucketSpec defines the desired state of an S3 compatible bucket
+ properties:
+ bucketName:
+ description: The bucket name.
+ type: string
+ endpoint:
+ description: The bucket endpoint address.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+ type: boolean
+ interval:
+ description: The interval at which to check for bucket updates.
+ type: string
+ provider:
+ default: generic
+ description: The S3 compatible storage provider name, default ('generic').
+ enum:
+ - generic
+ - aws
+ type: string
+ region:
+ description: The bucket region.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials for the Bucket.
+ properties:
+ name:
+ description: Name of the referent
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation of this source.
+ type: boolean
+ timeout:
+ default: 20s
+ description: The timeout for download operations, defaults to 20s.
+ type: string
+ required:
+ - bucketName
+ - endpoint
+ - interval
+ type: object
+ status:
+ description: BucketStatus defines the observed state of a bucket
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful Bucket sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the Bucket.
+ items:
+ description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
description: URL is the download link for the artifact output of the last Bucket sync.
type: string
type: object
@@ -336,7 +374,7 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -376,6 +414,13 @@ spec:
spec:
description: GitRepositorySpec defines the desired state of a Git repository.
properties:
+ gitImplementation:
+ default: go-git
+ description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2').
+ enum:
+ - go-git
+ - libgit2
+ type: string
ignore:
description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
type: string
@@ -403,8 +448,10 @@ spec:
description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
suspend:
description: This flag tells the controller to suspend the reconciliation of this source.
@@ -429,8 +476,10 @@ spec:
description: The secret name containing the public keys of all trusted Git authors.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
required:
- mode
@@ -540,7 +589,7 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@@ -731,21 +780,20 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: helmrepositories.source.toolkit.fluxcd.io
+ app.kubernetes.io/version: latest
+ name: helmreleases.helm.toolkit.fluxcd.io
spec:
- group: source.toolkit.fluxcd.io
+ group: helm.toolkit.fluxcd.io
names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- singular: helmrepository
+ kind: HelmRelease
+ listKind: HelmReleaseList
+ plural: helmreleases
+ shortNames:
+ - hr
+ singular: helmrelease
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
@@ -755,10 +803,10 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1beta1
+ name: v2beta1
schema:
openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
+ description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
@@ -769,618 +817,10 @@ spec:
metadata:
type: object
spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+ description: HelmReleaseSpec defines the desired state of a Helm release.
properties:
- artifact:
- description: Artifact represents the output of the last successful repository sync.
- properties:
- checksum:
- description: Checksum is the SHA1 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller/
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-json
- - --enable-leader-election
- - --storage-path=/data
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry1.dso.mil/ironbank/fluxcd/source-controller:v0.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /
- port: http
- name: manager
- ports:
- - containerPort: 9090
- name: http
- - containerPort: 8080
- name: http-prom
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- imagePullSecrets:
- - name: private-registry
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys used for decryption.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.
- items:
- description: CrossNamespaceDependencyReference holds the reference to a dependency.
- properties:
- name:
- description: Name holds the name reference of a dependency.
- type: string
- namespace:
- description: Namespace holds the namespace reference of a dependency.
- type: string
- required:
- - name
- type: object
- type: array
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent, defaults to 'apps/v1'
- type: string
- kind:
- description: Kind of the referent
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
- type: string
- type: object
- type: object
- path:
- description: Path to the directory containing the kustomization file.
- pattern: ^\./
- type: string
- prune:
- description: Prune enables garbage collection.
- type: boolean
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - path
- - prune
- - sourceRef
- type: object
- status:
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller/
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v0.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: temp
- imagePullSecrets:
- - name: private-registry
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.3.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
+ chart:
+ description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
properties:
spec:
description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease.
@@ -1449,6 +889,9 @@ spec:
install:
description: Install holds the configuration for Helm install actions for this HelmRelease.
properties:
+ createNamespace:
+ description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected.
+ type: boolean
disableHooks:
description: DisableHooks prevents hooks from running during the Helm install action.
type: boolean
@@ -1491,13 +934,112 @@ spec:
description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease.
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
type: object
maxHistory:
description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.
type: integer
+ postRenderers:
+ description: PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition.
+ items:
+ description: PostRenderer contains a Helm PostRenderer specification.
+ properties:
+ kustomize:
+ description: Kustomization to apply as PostRenderer.
+ properties:
+ images:
+ description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ properties:
+ from:
+ type: string
+ op:
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ type: string
+ value:
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ type: object
+ type: object
+ type: array
releaseName:
description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.
maxLength: 53
@@ -1528,6 +1070,11 @@ spec:
serviceAccountName:
description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease.
type: string
+ storageNamespace:
+ description: StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
suspend:
description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.
type: boolean
@@ -1650,7 +1197,198 @@ spec:
description: HelmReleaseStatus defines the observed state of a HelmRelease.
properties:
conditions:
- description: Conditions holds the conditions for the HelmRelease.
+ description: Conditions holds the conditions for the HelmRelease.
+ items:
+ description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ failures:
+ description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ helmChart:
+ description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
+ type: string
+ installFailures:
+ description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ lastAppliedRevision:
+ description: LastAppliedRevision is the revision of the last successfully applied source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation attempt.
+ type: string
+ lastAttemptedValuesChecksum:
+ description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
+ type: string
+ lastReleaseRevision:
+ description: LastReleaseRevision is the revision of the last successful Helm release.
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ upgradeFailures:
+ description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: helmrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmRepository
+ listKind: HelmRepositoryList
+ plural: helmrepositories
+ singular: helmrepository
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: HelmRepository is the Schema for the helmrepositories API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HelmRepositorySpec defines the reference to a Helm repository.
+ properties:
+ interval:
+ description: The interval at which to check the upstream for updates.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields.
+ properties:
+ name:
+ description: Name of the referent
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend the reconciliation of this source.
+ type: boolean
+ timeout:
+ default: 60s
+ description: The timeout of index downloading, defaults to 60s.
+ type: string
+ url:
+ description: The Helm repository URL, a valid URL contains at least a protocol and host.
+ type: string
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+ properties:
+ artifact:
+ description: Artifact represents the output of the last successful repository sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA1 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ conditions:
+ description: Conditions holds the conditions for the HelmRepository.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
@@ -1693,40 +1431,16 @@ spec:
- type
type: object
type: array
- failures:
- description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
- type: string
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful Helm release.
- type: integer
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
+ url:
+ description: URL is the download link for the last index fetched.
+ type: string
type: object
type: object
served: true
@@ -1740,80 +1454,6 @@ status:
conditions: []
storedVersions: []
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller/
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- volumeMounts:
- - mountPath: /tmp
- name: temp
- imagePullSecrets:
- - name: private-registry
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@@ -1822,15 +1462,17 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
- name: alerts.notification.toolkit.fluxcd.io
+ app.kubernetes.io/version: latest
+ name: kustomizations.kustomize.toolkit.fluxcd.io
spec:
- group: notification.toolkit.fluxcd.io
+ group: kustomize.toolkit.fluxcd.io
names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
+ kind: Kustomization
+ listKind: KustomizationList
+ plural: kustomizations
+ shortNames:
+ - ks
+ singular: kustomization
scope: Namespaced
versions:
- additionalPrinterColumns:
@@ -1846,7 +1488,7 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
- description: Alert is the Schema for the alerts API
+ description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
@@ -1857,63 +1499,235 @@ spec:
metadata:
type: object
spec:
- description: AlertSpec defines an alerting rule for events involving a list of objects
+ description: KustomizationSpec defines the desired state of a kustomization.
properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects
+ decryption:
+ description: Decrypt Kubernetes secrets before applying them on the cluster.
+ properties:
+ provider:
+ description: Provider is the name of the decryption engine.
+ enum:
+ - sops
+ type: string
+ secretRef:
+ description: The secret name containing the private OpenPGP keys used for decryption.
+ properties:
+ name:
+ description: Name of the referent
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ dependsOn:
+ description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.
items:
- description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
+ description: CrossNamespaceDependencyReference holds the reference to a dependency.
+ properties:
+ name:
+ description: Name holds the name reference of a dependency.
+ type: string
+ namespace:
+ description: Namespace holds the namespace reference of a dependency.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ healthChecks:
+ description: A list of resources to be included in the health assessment.
+ items:
+ description: NamespacedObjectKindReference contains enough information to let you locate the typed referenced object in any namespace
properties:
apiVersion:
- description: API version of the referent
+ description: API version of the referent, if not specified the Kubernetes preferred version will be used
type: string
kind:
description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
type: string
name:
description: Name of the referent
- maxLength: 53
- minLength: 1
type: string
namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
+ description: Namespace of the referent, when not specified it acts as LocalObjectReference
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ images:
+ description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original tag.
type: string
required:
- name
type: object
type: array
- providerRef:
- description: Send events using this provider
+ interval:
+ description: The interval at which to reconcile the Kustomization.
+ type: string
+ kubeConfig:
+ description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName.
properties:
+ secretRef:
+ description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization.
+ properties:
+ name:
+ description: Name of the referent
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4
+ properties:
+ from:
+ type: string
+ op:
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ type: string
+ value:
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ path:
+ description: Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef.
+ type: string
+ postBuild:
+ description: PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.
+ properties:
+ substitute:
+ additionalProperties:
+ type: string
+ description: Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
+ type: object
+ type: object
+ prune:
+ description: Prune enables garbage collection.
+ type: boolean
+ retryInterval:
+ description: The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures.
+ type: string
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization.
+ type: string
+ sourceRef:
+ description: Reference of the source where the kustomization file is.
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - GitRepository
+ - Bucket
+ type: string
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
+ type: string
+ namespace:
+ description: Namespace of the referent, defaults to the Kustomization namespace
type: string
+ required:
+ - kind
+ - name
type: object
suspend:
- description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false.
+ description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.
type: boolean
+ targetNamespace:
+ description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file.
+ maxLength: 63
+ minLength: 1
+ type: string
+ timeout:
+ description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.
+ type: string
+ validation:
+ description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'.
+ enum:
+ - none
+ - client
+ - server
+ type: string
required:
- - eventSources
- - providerRef
+ - interval
+ - prune
+ - sourceRef
type: object
status:
- description: AlertStatus defines the observed state of Alert
+ description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
items:
@@ -1958,6 +1772,46 @@ spec:
- type
type: object
type: array
+ lastAppliedRevision:
+ description: The last successfully applied revision. The revision format for Git sources is <branch|tag>/<commit-sha>.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ snapshot:
+ description: The last successfully applied revision metadata.
+ properties:
+ checksum:
+ description: The manifests sha1 checksum.
+ type: string
+ entries:
+ description: A list of Kubernetes kinds grouped by namespace.
+ items:
+ description: Snapshot holds the metadata of namespaced Kubernetes objects
+ properties:
+ kinds:
+ additionalProperties:
+ type: string
+ description: The list of Kubernetes kinds.
+ type: object
+ namespace:
+ description: The namespace of this entry.
+ type: string
+ required:
+ - kinds
+ type: object
+ type: array
+ required:
+ - checksum
+ - entries
+ type: object
type: object
type: object
served: true
@@ -1979,7 +1833,7 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
name: providers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -2028,11 +1882,13 @@ spec:
pattern: ^(http|https)://
type: string
secretRef:
- description: Secret reference containing the provider webhook URL
+ description: Secret reference containing the provider webhook URL using "address" as data key
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
type:
description: Type of provider
@@ -2120,7 +1976,7 @@ metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
name: receivers.notification.toolkit.fluxcd.io
spec:
group: notification.toolkit.fluxcd.io
@@ -2179,6 +2035,9 @@ spec:
- HelmRelease
- HelmChart
- HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
type: string
name:
description: Name of the referent
@@ -2198,8 +2057,10 @@ spec:
description: Secret reference containing the token used to validate the payload authenticity
properties:
name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ description: Name of the referent
type: string
+ required:
+ - name
type: object
suspend:
description: This flag tells the controller to suspend subsequent events handling. Defaults to false.
@@ -2208,10 +2069,15 @@ spec:
description: Type of webhook sender, used to determine the validation procedure and payload deserialization.
enum:
- generic
+ - generic-hmac
- github
- gitlab
- bitbucket
- harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
type: string
required:
- resources
@@ -2280,11 +2146,176 @@ status:
storedVersions: []
---
apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: helm-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: kustomize-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: notification-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: source-controller
+ namespace: flux-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: crd-controller-flux-system
+rules:
+- apiGroups:
+ - source.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - helm.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - image.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - configmaps/status
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: cluster-reconciler-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: crd-controller-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: crd-controller-flux-system
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
+---
+apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -2298,31 +2329,200 @@ spec:
app: notification-controller
type: ClusterIP
---
-apiVersion: v1
-kind: Service
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: source-controller
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ control-plane: controller
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http-webhook
+ selector:
+ app: notification-controller
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ control-plane: controller
+ name: helm-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: helm-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller/
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.7.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 1000m
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ imagePullSecrets:
+ - name: private-registry
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: helm-controller
+ terminationGracePeriodSeconds: 600
+ volumes:
+ - emptyDir: {}
+ name: temp
+---
+apiVersion: apps/v1
+kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
control-plane: controller
- name: webhook-receiver
+ name: kustomize-controller
namespace: flux-system
spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
+ replicas: 1
selector:
- app: notification-controller
- type: ClusterIP
+ matchLabels:
+ app: kustomize-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: kustomize-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller/
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v0.7.4
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 1000m
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ imagePullSecrets:
+ - name: private-registry
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: kustomize-controller
+ terminationGracePeriodSeconds: 60
+ volumes:
+ - emptyDir: {}
+ name: temp
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/version: v0.4.0
+ app.kubernetes.io/version: latest
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -2343,14 +2543,14 @@ spec:
- args:
- --watch-all-namespaces=true
- --log-level=info
- - --log-json
+ - --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: registry1.dso.mil/ironbank/fluxcd/notification-controller:v0.4.0
+ image: registry1.dso.mil/ironbank/fluxcd/notification-controller:v0.8.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2376,8 +2576,8 @@ spec:
cpu: 1000m
memory: 1Gi
requests:
- cpu: 100m
- memory: 64Mi
+ cpu: 1000m
+ memory: 1Gi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
@@ -2387,10 +2587,151 @@ spec:
imagePullSecrets:
- name: private-registry
nodeSelector:
- kubernetes.io/arch: amd64
kubernetes.io/os: linux
+ serviceAccountName: notification-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp
---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: source-controller
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: source-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller/
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: registry1.dso.mil/ironbank/fluxcd/source-controller:v0.8.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 1000m
+ memory: 1Gi
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /tmp
+ name: tmp
+ imagePullSecrets:
+ - name: private-registry
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: source-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: data
+ - emptyDir: {}
+ name: tmp
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: allow-scraping
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ ports:
+ - port: 8080
+ protocol: TCP
+ podSelector: {}
+ policyTypes:
+ - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: allow-webhooks
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ app: notification-controller
+ policyTypes:
+ - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/version: latest
+ name: deny-ingress
+ namespace: flux-system
+spec:
+ egress:
+ - {}
+ ingress:
+ - from:
+ - podSelector: {}
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
+---
diff --git a/tests/ci/shared-secrets.yaml b/tests/ci/shared-secrets.yaml
index 4f4a9dd3f93c1b64ef2a0ea4f488818c845f02b2..5151fd122af61e06259a836a4a1b78daccced649 100644
--- a/tests/ci/shared-secrets.yaml
+++ b/tests/ci/shared-secrets.yaml
@@ -30,7 +30,7 @@ metadata:
name: secrets
namespace: bigbang
spec:
- interval: 5m0s
+ interval: 1m0s
sourceRef:
kind: GitRepository
name: secrets