diff --git a/base/flux/gotk-components.yaml b/base/flux/gotk-components.yaml
index 6ec0d38a0ef7ba5b34c6646852fc9c4e3f79b829..e720d3ebb2e6cb3cc5a838eace6c3757dcd9f88e 100644
--- a/base/flux/gotk-components.yaml
+++ b/base/flux/gotk-components.yaml
@@ -1,6 +1,6 @@
---
# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.41.2
+# Flux Version: v2.0.1
# Components: source-controller,kustomize-controller,helm-controller,notification-controller
apiVersion: v1
kind: Namespace
@@ -8,46 +8,320 @@ metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
+ app.kubernetes.io/version: v2.0.1
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest
name: flux-system
---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: allow-egress
+ namespace: flux-system
+spec:
+ egress:
+ - {}
+ ingress:
+ - from:
+ - podSelector: {}
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: allow-scraping
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ ports:
+ - port: 8080
+ protocol: TCP
+ podSelector: {}
+ policyTypes:
+ - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: allow-webhooks
+ namespace: flux-system
+spec:
+ ingress:
+ - from:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ app: notification-controller
+ policyTypes:
+ - Ingress
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: critical-pods-flux-system
+ namespace: flux-system
+spec:
+ hard:
+ pods: "1000"
+ scopeSelector:
+ matchExpressions:
+ - operator: In
+ scopeName: PriorityClass
+ values:
+ - system-node-critical
+ - system-cluster-critical
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: crd-controller-flux-system
+rules:
+- apiGroups:
+ - source.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - helm.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - image.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - secrets
+ - configmaps
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: flux-edit-flux-system
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: flux-view-flux-system
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: cluster-reconciler-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: crd-controller-flux-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: crd-controller-flux-system
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
+---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
- app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: alerts.notification.toolkit.fluxcd.io
+ app.kubernetes.io/version: v2.0.1
+ name: buckets.source.toolkit.fluxcd.io
spec:
- group: notification.toolkit.fluxcd.io
+ group: source.toolkit.fluxcd.io
names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
+ kind: Bucket
+ listKind: BucketList
+ plural: buckets
+ singular: bucket
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
+ - jsonPath: .spec.endpoint
+ name: Endpoint
+ type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
name: v1beta1
schema:
openAPIV3Schema:
- description: Alert is the Schema for the alerts API
+ description: Bucket is the Schema for the buckets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -62,71 +336,68 @@ spec:
metadata:
type: object
spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
+ description: BucketSpec defines the desired state of an S3 compatible
+ bucket
properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
+ accessFrom:
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ bucketName:
+ description: The bucket name.
+ type: string
+ endpoint:
+ description: The bucket endpoint address.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+ type: boolean
+ interval:
+ description: The interval at which to check for bucket updates.
+ type: string
+ provider:
+ default: generic
+ description: The S3 compatible storage provider name, default ('generic').
enum:
- - info
- - error
+ - generic
+ - aws
+ - gcp
type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- - OCIRepository
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
+ region:
+ description: The bucket region.
+ type: string
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Bucket.
properties:
name:
description: Name of the referent.
@@ -134,23 +405,53 @@ spec:
required:
- name
type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
type: boolean
+ timeout:
+ default: 60s
+ description: The timeout for download operations, defaults to 60s.
+ type: string
required:
- - eventSources
- - providerRef
+ - bucketName
+ - endpoint
+ - interval
type: object
status:
default:
observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
+ description: BucketStatus defines the observed state of a bucket
properties:
+ artifact:
+ description: Artifact represents the output of the last successful
+ Bucket sync.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
conditions:
+ description: Conditions holds the conditions for the Bucket.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -218,10 +519,19 @@ spec:
- type
type: object
type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
+ url:
+ description: URL is the download link for the artifact output of the
+ last Bucket sync.
+ type: string
type: object
type: object
served: true
@@ -229,6 +539,9 @@ spec:
subresources:
status: {}
- additionalPrinterColumns:
+ - jsonPath: .spec.endpoint
+ name: Endpoint
+ type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
@@ -241,7 +554,7 @@ spec:
name: v1beta2
schema:
openAPIV3Schema:
- description: Alert is the Schema for the alerts API
+ description: Bucket is the Schema for the buckets API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -256,73 +569,74 @@ spec:
metadata:
type: object
spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects.
+ description: BucketSpec specifies the required configuration to produce
+ an Artifact for an object storage bucket.
properties:
- eventSeverity:
- default: info
- description: EventSeverity specifies how to filter events based on
- severity. If set to 'info' no events will be filtered.
- enum:
- - info
- - error
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
+ required:
+ - namespaceSelectors
+ type: object
+ bucketName:
+ description: BucketName is the name of the object storage bucket.
type: string
- eventSources:
- description: EventSources specifies how to filter events based on
- the involved object kind, name and namespace.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- - OCIRepository
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent.
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: ExclusionList specifies a list of Golang regular expressions
- to be used for excluding messages.
- items:
- type: string
- type: array
- providerRef:
- description: ProviderRef specifies which Provider this Alert should
- use.
+ endpoint:
+ description: Endpoint is the object storage address the BucketName
+ is located at.
+ type: string
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
+ type: string
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP Endpoint.
+ type: boolean
+ interval:
+ description: Interval at which to check the Endpoint for updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ provider:
+ default: generic
+ description: Provider of the object storage bucket. Defaults to 'generic',
+ which expects an S3 (API) compatible object storage.
+ enum:
+ - generic
+ - aws
+ - gcp
+ - azure
+ type: string
+ region:
+ description: Region of the Endpoint where the BucketName is located
+ in.
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the Bucket.
properties:
name:
description: Name of the referent.
@@ -330,26 +644,70 @@ spec:
required:
- name
type: object
- summary:
- description: Summary holds a short description of the impact and affected
- cluster.
- maxLength: 255
- type: string
suspend:
- description: Suspend tells the controller to suspend subsequent events
- handling for this Alert.
+ description: Suspend tells the controller to suspend the reconciliation
+ of this Bucket.
type: boolean
+ timeout:
+ default: 60s
+ description: Timeout for fetch operations, defaults to 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
required:
- - eventSources
- - providerRef
+ - bucketName
+ - endpoint
+ - interval
type: object
status:
default:
observedGeneration: -1
- description: AlertStatus defines the observed state of the Alert.
+ description: BucketStatus records the observed state of a Bucket.
properties:
+ artifact:
+ description: Artifact represents the last successful Bucket reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
conditions:
- description: Conditions holds the conditions for the Alert.
+ description: Conditions holds the conditions for the Bucket.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -423,9 +781,19 @@ spec:
be detected.
type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation.
+ description: ObservedGeneration is the last observed generation of
+ the Bucket object.
format: int64
type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+ data is recommended.
+ type: string
type: object
type: object
served: true
@@ -437,40 +805,41 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: buckets.source.toolkit.fluxcd.io
+ app.kubernetes.io/version: v2.0.1
+ name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
+ kind: GitRepository
+ listKind: GitRepositoryList
+ plural: gitrepositories
+ shortNames:
+ - gitrepo
+ singular: gitrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
+ - jsonPath: .spec.url
+ name: URL
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
+ name: v1
schema:
openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
+ description: GitRepository is the Schema for the gitrepositories API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -485,68 +854,88 @@ spec:
metadata:
type: object
spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
+ description: GitRepositorySpec specifies the required configuration to
+ produce an Artifact for a Git repository.
properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
ignore:
description: Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
+ include:
+ description: Include specifies a list of GitRepository resources which
+ Artifacts should be included in the Artifact produced for this GitRepository.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
+ description: Interval at which to check the GitRepository for updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
+ recurseSubmodules:
+ description: RecurseSubmodules enables the initialization of all submodules
+ within the GitRepository as cloned from the URL, using their default
+ settings.
+ type: boolean
+ ref:
+ description: Reference specifies the Git reference to resolve and
+ monitor for changes, defaults to the 'master' branch.
+ properties:
+ branch:
+ description: Branch to check out, defaults to 'master' if no other
+ field is defined.
+ type: string
+ commit:
+ description: "Commit SHA to check out, takes precedence over all
+ reference fields. \n This can be combined with Branch to shallow
+ clone the branch, in which the commit is expected to exist."
+ type: string
+ name:
+ description: "Name of the reference to check out; takes precedence
+ over Branch, Tag and SemVer. \n It must be a valid Git reference:
+ https://git-scm.com/docs/git-check-ref-format#_description Examples:
+ \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
+ \"refs/merge-requests/1/head\""
+ type: string
+ semver:
+ description: SemVer tag expression to check out, takes precedence
+ over Tag.
+ type: string
+ tag:
+ description: Tag to check out, takes precedence over Branch.
+ type: string
+ type: object
secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the GitRepository. For HTTPS repositories the Secret
+ must contain 'username' and 'password' fields for basic auth or
+ 'bearerToken' field for token auth. For SSH repositories the Secret
+ must contain 'identity' and 'known_hosts' fields.
properties:
name:
description: Name of the referent.
@@ -555,52 +944,99 @@ spec:
- name
type: object
suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
+ description: Suspend tells the controller to suspend the reconciliation
+ of this GitRepository.
type: boolean
timeout:
default: 60s
- description: The timeout for download operations, defaults to 60s.
+ description: Timeout for Git operations like cloning, defaults to
+ 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ url:
+ description: URL specifies the Git repository URL, it can be an HTTP/S
+ or SSH address.
+ pattern: ^(http|https|ssh)://.*$
type: string
+ verify:
+ description: Verification specifies the configuration to verify the
+ Git commit signature(s).
+ properties:
+ mode:
+ description: Mode specifies what Git object should be verified,
+ currently ('head').
+ enum:
+ - head
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing the public
+ keys of trusted Git authors.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mode
+ - secretRef
+ type: object
required:
- - bucketName
- - endpoint
- interval
+ - url
type: object
status:
default:
observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
+ description: GitRepositoryStatus records the observed state of a Git repository.
properties:
artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
+ description: Artifact represents the last successful GitRepository
+ reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
+ the last update of the Artifact.
format: date-time
type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
path:
- description: Path is the relative file path of this artifact.
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
type: string
revision:
- description: Revision is a human readable identifier traceable
+ description: Revision is a human-readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
+ tag, a Helm chart version, etc.
type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
url:
- description: URL is the HTTP address of this artifact.
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
- description: Conditions holds the conditions for the Bucket.
+ description: Conditions holds the conditions for the GitRepository.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -668,42 +1104,129 @@ spec:
- type
type: object
type: array
+ includedArtifacts:
+ description: IncludedArtifacts contains a list of the last successfully
+ included Artifacts as instructed by GitRepositorySpec.Include.
+ items:
+ description: Artifact represents the output of a Source reconciliation.
+ properties:
+ digest:
+ description: Digest is the digest of the file in the form of
+ '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI
+ annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact.
+ It can be used to locate the file in the root of the Artifact
+ storage on the local file system of the controller managing
+ the Source.
+ type: string
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
+ type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
+ type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
+ type: object
+ type: array
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation.
+ description: ObservedGeneration is the last observed generation of
+ the GitRepository object.
format: int64
type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
type: string
+ observedInclude:
+ description: ObservedInclude is the observed list of GitRepository
+ resources used to produce the current Artifact.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ observedRecurseSubmodules:
+ description: ObservedRecurseSubmodules is the observed resource submodules
+ configuration used to produce the current Artifact.
+ type: boolean
type: object
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
- additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
+ - jsonPath: .spec.url
+ name: URL
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta2
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
+ name: v1beta1
schema:
openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
+ description: GitRepository is the Schema for the gitrepositories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -718,13 +1241,11 @@ spec:
metadata:
type: object
spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
+ description: GitRepositorySpec defines the desired state of a Git repository.
properties:
accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
properties:
namespaceSelectors:
description: NamespaceSelectors is the list of namespace selectors
@@ -749,12 +1270,13 @@ spec:
required:
- namespaceSelectors
type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
+ gitImplementation:
+ default: go-git
+ description: Determines which git client library to use. Defaults
+ to go-git, valid values are ('go-git', 'libgit2').
+ enum:
+ - go-git
+ - libgit2
type: string
ignore:
description: Ignore overrides the set of excluded patterns in the
@@ -762,30 +1284,65 @@ spec:
a default will be used, consult the documentation for your version
to find out what those are.
type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
+ include:
+ description: Extra git repositories to map into the repository
+ items:
+ description: GitRepositoryInclude defines a source with a from and
+ to path.
+ properties:
+ fromPath:
+ description: The path to copy contents from, defaults to the
+ root directory.
+ type: string
+ repository:
+ description: Reference to a GitRepository to include.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: The path to copy contents to, defaults to the name
+ of the source ref.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ interval:
+ description: The interval at which to check for repository updates.
type: string
+ recurseSubmodules:
+ description: When enabled, after the clone is created, initializes
+ all submodules within, using their default settings. This option
+ is available only when using the 'go-git' GitImplementation.
+ type: boolean
+ ref:
+ description: The Git reference to checkout and monitor for changes,
+ defaults to master branch.
+ properties:
+ branch:
+ description: The Git branch to checkout, defaults to master.
+ type: string
+ commit:
+ description: The Git commit SHA to checkout, if specified Tag
+ filters will be ignored.
+ type: string
+ semver:
+ description: The Git tag semver expression, takes precedence over
+ Tag.
+ type: string
+ tag:
+ description: The Git tag to checkout, takes precedence over Branch.
+ type: string
+ type: object
secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
+ description: The secret name containing the Git credentials. For HTTPS
+ repositories the secret must contain username and password fields.
+ For SSH repositories the secret must contain identity and known_hosts
+ fields.
properties:
name:
description: Name of the referent.
@@ -794,71 +1351,79 @@ spec:
- name
type: object
suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
type: boolean
timeout:
default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ description: The timeout for remote Git operations like cloning, defaults
+ to 60s.
+ type: string
+ url:
+ description: The repository URL, can be a HTTP/S or SSH address.
+ pattern: ^(http|https|ssh)://.*$
type: string
+ verify:
+ description: Verify OpenPGP signature for the Git commit HEAD points
+ to.
+ properties:
+ mode:
+ description: Mode describes what git object should be verified,
+ currently ('head').
+ enum:
+ - head
+ type: string
+ secretRef:
+ description: The secret name containing the public keys of all
+ trusted Git authors.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mode
+ type: object
required:
- - bucketName
- - endpoint
- interval
+ - url
type: object
status:
default:
observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
+ description: GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
- description: Artifact represents the last successful Bucket reconciliation.
+ description: Artifact represents the output of the last successful
+ repository sync.
properties:
checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
+ the last update of this artifact.
format: date-time
type: string
- metadata:
- additionalProperties:
- type: string
- description: Metadata holds upstream information such as OCI annotations.
- type: object
path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
+ description: Path is the relative file path of this artifact.
type: string
revision:
- description: Revision is a human-readable identifier traceable
+ description: Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
+ tag, a Helm index timestamp, a Helm chart version, etc.
type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
+ description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
- description: Conditions holds the conditions for the Bucket.
+ description: Conditions holds the conditions for the GitRepository.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -926,72 +1491,74 @@ spec:
- type
type: object
type: array
+ includedArtifacts:
+ description: IncludedArtifacts represents the included artifacts from
+ the last successful repository sync.
+ items:
+ description: Artifact represents the output of a source synchronisation.
+ properties:
+ checksum:
+ description: Checksum is the SHA256 checksum of the artifact.
+ type: string
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of this artifact.
+ format: date-time
+ type: string
+ path:
+ description: Path is the relative file path of this artifact.
+ type: string
+ revision:
+ description: Revision is a human readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm index timestamp, a Helm chart version, etc.
+ type: string
+ url:
+ description: URL is the HTTP address of this artifact.
+ type: string
+ required:
+ - path
+ - url
+ type: object
+ type: array
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
+ description: ObservedGeneration is the last observed generation.
format: int64
type: integer
- observedIgnore:
- description: ObservedIgnore is the observed exclusion patterns used
- for constructing the source artifact.
- type: string
url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
+ description: URL is the download link for the artifact output of the
+ last repository sync.
type: string
type: object
type: object
served: true
- storage: true
+ storage: false
subresources:
status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
+ deprecated: true
+ deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
+ name: v1beta2
schema:
openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
+ description: GitRepository is the Schema for the gitrepositories API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1006,11 +1573,13 @@ spec:
metadata:
type: object
spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
+ description: GitRepositorySpec specifies the required configuration to
+ produce an Artifact for a Git repository.
properties:
accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description: NamespaceSelectors is the list of namespace selectors
@@ -1037,8 +1606,10 @@ spec:
type: object
gitImplementation:
default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
+ description: 'GitImplementation specifies which Git client library
+ implementation to use. Defaults to ''go-git'', valid values are
+ (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
+ now that ''go-git'' is the only supported implementation.'
enum:
- go-git
- libgit2
@@ -1050,17 +1621,20 @@ spec:
to find out what those are.
type: string
include:
- description: Extra git repositories to map into the repository
+ description: Include specifies a list of GitRepository resources which
+ Artifacts should be included in the Artifact produced for this GitRepository.
items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
properties:
fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
type: string
repository:
- description: Reference to a GitRepository to include.
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
properties:
name:
description: Name of the referent.
@@ -1069,45 +1643,56 @@ spec:
- name
type: object
toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
type: string
required:
- repository
type: object
type: array
interval:
- description: The interval at which to check for repository updates.
+ description: Interval at which to check the GitRepository for updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
+ description: RecurseSubmodules enables the initialization of all submodules
+ within the GitRepository as cloned from the URL, using their default
+ settings.
type: boolean
ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
+ description: Reference specifies the Git reference to resolve and
+ monitor for changes, defaults to the 'master' branch.
properties:
branch:
- description: The Git branch to checkout, defaults to master.
+ description: Branch to check out, defaults to 'master' if no other
+ field is defined.
type: string
commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
+ description: "Commit SHA to check out, takes precedence over all
+ reference fields. \n This can be combined with Branch to shallow
+ clone the branch, in which the commit is expected to exist."
+ type: string
+ name:
+ description: "Name of the reference to check out; takes precedence
+ over Branch, Tag and SemVer. \n It must be a valid Git reference:
+ https://git-scm.com/docs/git-check-ref-format#_description Examples:
+ \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
+ \"refs/merge-requests/1/head\""
type: string
semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
+ description: SemVer tag expression to check out, takes precedence
+ over Tag.
type: string
tag:
- description: The Git tag to checkout, takes precedence over Branch.
+ description: Tag to check out, takes precedence over Branch.
type: string
type: object
secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the GitRepository. For HTTPS repositories the Secret
+ must contain 'username' and 'password' fields for basic auth or
+ 'bearerToken' field for token auth. For SSH repositories the Secret
+ must contain 'identity' and 'known_hosts' fields.
properties:
name:
description: Name of the referent.
@@ -1116,31 +1701,33 @@ spec:
- name
type: object
suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
+ description: Suspend tells the controller to suspend the reconciliation
+ of this GitRepository.
type: boolean
timeout:
default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
+ description: Timeout for Git operations like cloning, defaults to
+ 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
url:
- description: The repository URL, can be a HTTP/S or SSH address.
+ description: URL specifies the Git repository URL, it can be an HTTP/S
+ or SSH address.
pattern: ^(http|https|ssh)://.*$
type: string
verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
+ description: Verification specifies the configuration to verify the
+ Git commit signature(s).
properties:
mode:
- description: Mode describes what git object should be verified,
+ description: Mode specifies what Git object should be verified,
currently ('head').
enum:
- head
type: string
secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
+ description: SecretRef specifies the Secret containing the public
+ keys of trusted Git authors.
properties:
name:
description: Name of the referent.
@@ -1150,6 +1737,7 @@ spec:
type: object
required:
- mode
+ - secretRef
type: object
required:
- interval
@@ -1158,33 +1746,50 @@ spec:
status:
default:
observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
+ description: GitRepositoryStatus records the observed state of a Git repository.
properties:
artifact:
- description: Artifact represents the output of the last successful
- repository sync.
+ description: Artifact represents the last successful GitRepository
+ reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
+ the last update of the Artifact.
format: date-time
type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
path:
- description: Path is the relative file path of this artifact.
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
type: string
revision:
- description: Revision is a human readable identifier traceable
+ description: Revision is a human-readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
+ tag, a Helm chart version, etc.
type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
url:
- description: URL is the HTTP address of this artifact.
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
@@ -1256,33 +1861,63 @@ spec:
- type
type: object
type: array
+ contentConfigChecksum:
+ description: "ContentConfigChecksum is a checksum of all the configurations
+ related to the content of the source artifact: - .spec.ignore -
+ .spec.recurseSubmodules - .spec.included and the checksum of the
+ included artifacts observed in .status.observedGeneration version
+ of the object. This can be used to determine if the content of the
+ included repository has changed. It has the format of `<algo>:<checksum>`,
+ for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
+ fields for observed artifact content config in the status."
+ type: string
includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
+ description: IncludedArtifacts contains a list of the last successfully
+ included Artifacts as instructed by GitRepositorySpec.Include.
items:
- description: Artifact represents the output of a source synchronisation.
+ description: Artifact represents the output of a Source reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
+ digest:
+ description: Digest is the digest of the file in the form of
+ '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
+ the last update of the Artifact.
format: date-time
type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI
+ annotations.
+ type: object
path:
- description: Path is the relative file path of this artifact.
+ description: Path is the relative file path of the Artifact.
+ It can be used to locate the file in the root of the Artifact
+ storage on the local file system of the controller managing
+ the Source.
type: string
revision:
- description: Revision is a human readable identifier traceable
+ description: Revision is a human-readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
+ tag, a Helm chart version, etc.
type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
url:
- description: URL is the HTTP address of this artifact.
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
type: array
@@ -1292,12 +1927,52 @@ spec:
be detected.
type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation.
+ description: ObservedGeneration is the last observed generation of
+ the GitRepository object.
format: int64
type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ observedInclude:
+ description: ObservedInclude is the observed list of GitRepository
+ resources used to to produce the current Artifact.
+ items:
+ description: GitRepositoryInclude specifies a local reference to
+ a GitRepository which Artifact (sub-)contents must be included,
+ and where they should be placed.
+ properties:
+ fromPath:
+ description: FromPath specifies the path to copy contents from,
+ defaults to the root of the Artifact.
+ type: string
+ repository:
+ description: GitRepositoryRef specifies the GitRepository which
+ Artifact contents must be included.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ toPath:
+ description: ToPath specifies the path to copy contents to,
+ defaults to the name of the GitRepositoryRef.
+ type: string
+ required:
+ - repository
+ type: object
+ type: array
+ observedRecurseSubmodules:
+ description: ObservedRecurseSubmodules is the observed resource submodules
+ configuration used to produce the current Artifact.
+ type: boolean
url:
- description: URL is the download link for the artifact output of the
- last repository sync.
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
+ data is recommended.
type: string
type: object
type: object
@@ -1305,23 +1980,55 @@ spec:
storage: false
subresources:
status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: helmcharts.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmChart
+ listKind: HelmChartList
+ plural: helmcharts
+ shortNames:
+ - hc
+ singular: helmchart
+ scope: Namespaced
+ versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
+ - jsonPath: .spec.chart
+ name: Chart
+ type: string
+ - jsonPath: .spec.version
+ name: Version
+ type: string
+ - jsonPath: .spec.sourceRef.kind
+ name: Source Kind
+ type: string
+ - jsonPath: .spec.sourceRef.name
+ name: Source Name
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta2
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
schema:
openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
+ description: HelmChart is the Schema for the helmcharts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1336,13 +2043,11 @@ spec:
metadata:
type: object
spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
+ description: HelmChartSpec defines the desired state of a Helm chart.
properties:
accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
properties:
namespaceSelectors:
description: NamespaceSelectors is the list of namespace selectors
@@ -1367,197 +2072,107 @@ spec:
required:
- namespaceSelectors
type: object
- gitImplementation:
- default: go-git
- description: 'GitImplementation specifies which Git client library
- implementation to use. Defaults to ''go-git'', valid values are
- (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
- now that ''go-git'' is the only supported implementation.'
- enum:
- - go-git
- - libgit2
+ chart:
+ description: The name or path the Helm chart is available at in the
+ SourceRef.
type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
interval:
- description: Interval at which to check the GitRepository for updates.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ description: The interval at which to check the Source for updates.
type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
+ reconcileStrategy:
+ default: ChartVersion
+ description: Determines what enables the creation of a new artifact.
+ Valid values are ('ChartVersion', 'Revision'). See the documentation
+ of the values for an explanation on their behavior. Defaults to
+ ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: The reference to the Source the chart is available at.
properties:
- branch:
- description: Branch to check out, defaults to 'master' if no other
- field is defined.
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n This can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- name:
- description: "Name of the reference to check out; takes precedence
- over Branch, Tag and SemVer. \n It must be a valid Git reference:
- https://git-scm.com/docs/git-check-ref-format#_description Examples:
- \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
- \"refs/merge-requests/1/head\""
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
+ apiVersion:
+ description: APIVersion of the referent.
type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
+ kind:
+ description: Kind of the referent, valid values are ('HelmRepository',
+ 'GitRepository', 'Bucket').
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields for basic auth or
- 'bearerToken' field for token auth. For SSH repositories the Secret
- must contain 'identity' and 'known_hosts' fields.
- properties:
name:
description: Name of the referent.
type: string
required:
+ - kind
- name
type: object
suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
+ description: This flag tells the controller to suspend the reconciliation
+ of this source.
type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ valuesFile:
+ description: Alternative values file to use as the default chart values,
+ expected to be a relative path in the SourceRef. Deprecated in favor
+ of ValuesFiles, for backwards compatibility the file defined here
+ is merged before the ValuesFiles items. Ignored when omitted.
type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://.*$
+ valuesFiles:
+ description: Alternative list of values files to use as the chart
+ values (values.yaml is not included by default), expected to be
+ a relative path in the SourceRef. Values files are merged in the
+ order of this list with the last file overriding the first. Ignored
+ when omitted.
+ items:
+ type: string
+ type: array
+ version:
+ default: '*'
+ description: The chart version semver expression, ignored for charts
+ from GitRepository and Bucket sources. Defaults to latest when omitted.
type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
required:
+ - chart
- interval
- - url
+ - sourceRef
type: object
status:
default:
observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
+ description: HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
+ description: Artifact represents the output of the last successful
+ chart sync.
properties:
checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
+ the last update of this artifact.
format: date-time
type: string
- metadata:
- additionalProperties:
- type: string
- description: Metadata holds upstream information such as OCI annotations.
- type: object
path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
+ description: Path is the relative file path of this artifact.
type: string
revision:
- description: Revision is a human-readable identifier traceable
+ description: Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
+ tag, a Helm index timestamp, a Helm chart version, etc.
type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
+ description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
- description: Conditions holds the conditions for the GitRepository.
+ description: Conditions holds the conditions for the HelmChart.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -1625,151 +2240,24 @@ spec:
- type
type: object
type: array
- contentConfigChecksum:
- description: "ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
- fields for observed artifact content config in the status."
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of
- '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- metadata:
- additionalProperties:
- type: string
- description: Metadata holds upstream information such as OCI
- annotations.
- type: object
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
+ description: ObservedGeneration is the last observed generation.
format: int64
type: integer
- observedIgnore:
- description: ObservedIgnore is the observed exclusion patterns used
- for constructing the source artifact.
- type: string
- observedInclude:
- description: ObservedInclude is the observed list of GitRepository
- resources used to to produce the current Artifact.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- observedRecurseSubmodules:
- description: ObservedRecurseSubmodules is the observed resource submodules
- configuration used to produce the current Artifact.
- type: boolean
url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
+ description: URL is the download link for the last chart pulled.
type: string
type: object
type: object
served: true
- storage: true
+ storage: false
subresources:
status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- additionalPrinterColumns:
- jsonPath: .spec.chart
name: Chart
@@ -1783,19 +2271,19 @@ spec:
- jsonPath: .spec.sourceRef.name
name: Source Name
type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
+ name: v1beta2
schema:
openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
+ description: HelmChart is the Schema for the helmcharts API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1810,11 +2298,12 @@ spec:
metadata:
type: object
spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
+ description: HelmChartSpec specifies the desired state of a Helm chart.
properties:
accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description: NamespaceSelectors is the list of namespace selectors
@@ -1840,24 +2329,27 @@ spec:
- namespaceSelectors
type: object
chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
+ description: Chart is the name or path the Helm chart is available
+ at in the SourceRef.
type: string
interval:
- description: The interval at which to check the Source for updates.
+ description: Interval is the interval at which to check the Source
+ for updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
reconcileStrategy:
default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
+ description: ReconcileStrategy determines what enables the creation
+ of a new artifact. Valid values are ('ChartVersion', 'Revision').
+ See the documentation of the values for an explanation on their
+ behavior. Defaults to ChartVersion when omitted.
enum:
- ChartVersion
- Revision
type: string
sourceRef:
- description: The reference to the Source the chart is available at.
+ description: SourceRef is the reference to the Source the chart is
+ available at.
properties:
apiVersion:
description: APIVersion of the referent.
@@ -1878,28 +2370,58 @@ spec:
- name
type: object
suspend:
- description: This flag tells the controller to suspend the reconciliation
+ description: Suspend tells the controller to suspend the reconciliation
of this source.
type: boolean
valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
+ description: ValuesFile is an alternative values file to use as the
+ default chart values, expected to be a relative path in the SourceRef.
+ Deprecated in favor of ValuesFiles, for backwards compatibility
+ the file specified here is merged before the ValuesFiles items.
+ Ignored when omitted.
type: string
valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
+ description: ValuesFiles is an alternative list of values files to
+ use as the chart values (values.yaml is not included by default),
+ expected to be a relative path in the SourceRef. Values files are
+ merged in the order of this list with the last file overriding the
+ first. Ignored when omitted.
items:
type: string
type: array
+ verify:
+ description: Verify contains the secret name containing the trusted
+ public keys used to verify the signature and specifies which provider
+ to use to check whether OCI image is authentic. This field is only
+ supported when using HelmRepository source with spec.type 'oci'.
+ Chart dependencies, which are not bundled in the umbrella chart
+ artifact, are not verified.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to sign the
+ OCI Artifact.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret containing
+ the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
version:
default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
+ description: Version is the chart version semver expression, ignored
+ for charts from GitRepository and Bucket sources. Defaults to latest
+ when omitted.
type: string
required:
- chart
@@ -1909,33 +2431,50 @@ spec:
status:
default:
observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
+ description: HelmChartStatus records the observed state of the HelmChart.
properties:
artifact:
description: Artifact represents the output of the last successful
- chart sync.
+ reconciliation.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
+ the last update of the Artifact.
format: date-time
type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
path:
- description: Path is the relative file path of this artifact.
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
type: string
revision:
- description: Revision is a human readable identifier traceable
+ description: Revision is a human-readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
+ tag, a Helm chart version, etc.
type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
url:
- description: URL is the HTTP address of this artifact.
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
@@ -2012,45 +2551,70 @@ spec:
reconcile request value, so a change of the annotation value can
be detected.
type: string
+ observedChartName:
+ description: ObservedChartName is the last observed chart name as
+ specified by the resolved chart reference.
+ type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation.
+ description: ObservedGeneration is the last observed generation of
+ the HelmChart object.
format: int64
type: integer
+ observedSourceArtifactRevision:
+ description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
+ of the HelmChartSpec.SourceRef.
+ type: string
url:
- description: URL is the download link for the last chart pulled.
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+ data is recommended.
type: string
type: object
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: helmrepositories.source.toolkit.fluxcd.io
+spec:
+ group: source.toolkit.fluxcd.io
+ names:
+ kind: HelmRepository
+ listKind: HelmRepositoryList
+ plural: helmrepositories
+ shortNames:
+ - helmrepo
+ singular: helmrepository
+ scope: Namespaced
+ versions:
- additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
+ - jsonPath: .spec.url
+ name: URL
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta2
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
schema:
openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
+ description: HelmRepository is the Schema for the helmrepositories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -2065,12 +2629,11 @@ spec:
metadata:
type: object
spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
+ description: HelmRepositorySpec defines the reference to a Helm repository.
properties:
accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ description: AccessFrom defines an Access Control List for allowing
+ cross-namespace references to this object.
properties:
namespaceSelectors:
description: NamespaceSelectors is the list of namespace selectors
@@ -2095,159 +2658,79 @@ spec:
required:
- namespaceSelectors
type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
interval:
- description: Interval is the interval at which to check the Source
- for updates.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
+ description: The interval at which to check the upstream for updates.
type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
+ passCredentials:
+ description: PassCredentials allows the credentials from the SecretRef
+ to be passed on to a host that does not match the host as defined
+ in URL. This may be required if the host of the advertised chart
+ URLs in the index differ from the defined URL. Enabling this should
+ be done with caution, as it can potentially result in credentials
+ getting stolen in a MITM-attack.
+ type: boolean
+ secretRef:
+ description: The name of the secret containing authentication credentials
+ for the Helm repository. For HTTP/S basic auth the secret must contain
+ username and password fields. For TLS the secret must contain a
+ certFile and keyFile, and/or caFile fields.
properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
name:
description: Name of the referent.
type: string
required:
- - kind
- name
type: object
suspend:
- description: Suspend tells the controller to suspend the reconciliation
+ description: This flag tells the controller to suspend the reconciliation
of this source.
type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
+ timeout:
+ default: 60s
+ description: The timeout of index downloading, defaults to 60s.
type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- verify:
- description: Verify contains the secret name containing the trusted
- public keys used to verify the signature and specifies which provider
- to use to check whether OCI image is authentic. This field is only
- supported when using HelmRepository source with spec.type 'oci'.
- Chart dependencies, which are not bundled in the umbrella chart
- artifact, are not verified.
- properties:
- provider:
- default: cosign
- description: Provider specifies the technology used to sign the
- OCI Artifact.
- enum:
- - cosign
- type: string
- secretRef:
- description: SecretRef specifies the Kubernetes Secret containing
- the trusted public keys.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
+ url:
+ description: The Helm repository URL, a valid URL contains at least
+ a protocol and host.
type: string
required:
- - chart
- interval
- - sourceRef
+ - url
type: object
status:
default:
observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
+ description: HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
description: Artifact represents the output of the last successful
- reconciliation.
+ repository sync.
properties:
checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
+ description: Checksum is the SHA256 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
+ the last update of this artifact.
format: date-time
type: string
- metadata:
- additionalProperties:
- type: string
- description: Metadata holds upstream information such as OCI annotations.
- type: object
path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
+ description: Path is the relative file path of this artifact.
type: string
revision:
- description: Revision is a human-readable identifier traceable
+ description: Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
+ tag, a Helm index timestamp, a Helm chart version, etc.
type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
+ description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
- description: Conditions holds the conditions for the HelmChart.
+ description: Conditions holds the conditions for the HelmRepository.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -2320,50 +2803,23 @@ spec:
reconcile request value, so a change of the annotation value can
be detected.
type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
+ description: ObservedGeneration is the last observed generation.
format: int64
type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
+ description: URL is the download link for the last index fetched.
type: string
type: object
type: object
served: true
- storage: true
+ storage: false
subresources:
status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- additionalPrinterColumns:
+ - jsonPath: .spec.url
+ name: URL
+ type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
@@ -2373,10 +2829,10 @@ spec:
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v2beta1
+ name: v1beta2
schema:
openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
+ description: HelmRepository is the Schema for the helmrepositories API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -2391,778 +2847,172 @@ spec:
metadata:
type: object
spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
+ description: HelmRepositorySpec specifies the required configuration to
+ produce an Artifact for a Helm repository index YAML.
properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
+ accessFrom:
+ description: 'AccessFrom specifies an Access Control List for allowing
+ cross-namespace references to this object. NOTE: Not implemented,
+ provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
- metadata:
- description: ObjectMeta holds the template for metadata like labels
- and annotations.
- properties:
- annotations:
- additionalProperties:
- type: string
- description: 'Annotations is an unstructured key value map
- stored with a resource that may be set by external tools
- to store and retrieve arbitrary metadata. They are not queryable
- and should be preserved when modifying objects. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'
- type: object
- labels:
- additionalProperties:
- type: string
- description: 'Map of string keys and values that can be used
- to organize and categorize (scope and select) objects. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'
- type: object
- type: object
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
+ namespaceSelectors:
+ description: NamespaceSelectors is the list of namespace selectors
+ to which this ACL applies. Items in this list are evaluated
+ using a logical OR operation.
+ items:
+ description: NamespaceSelector selects the namespaces to which
+ this ACL applies. An empty map of MatchLabels matches all
+ namespaces in a cluster.
+ properties:
+ matchLabels:
+ additionalProperties:
type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- verify:
- description: Verify contains the secret name containing the
- trusted public keys used to verify the signature and specifies
- which provider to use to check whether OCI image is authentic.
- This field is only supported for OCI sources. Chart dependencies,
- which are not bundled in the umbrella chart artifact, are
- not verified.
- properties:
- provider:
- default: cosign
- description: Provider specifies the technology used to
- sign the OCI Helm chart.
- enum:
- - cosign
- type: string
- secretRef:
- description: SecretRef specifies the Kubernetes Secret
- containing the trusted public keys.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
+ description: MatchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: array
required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
+ - namespaceSelectors
type: object
interval:
- description: Interval at which to reconcile the Helm release.
+ description: Interval at which to check the URL for updates.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
+ passCredentials:
+ description: PassCredentials allows the credentials from the SecretRef
+ to be passed on to a host that does not match the host as defined
+ in URL. This may be required if the host of the advertised chart
+ URLs in the index differ from the defined URL. Enabling this should
+ be done with caution, as it can potentially result in credentials
+ getting stolen in a MITM-attack.
+ type: boolean
+ provider:
+ default: generic
+ description: Provider used for authentication, can be 'aws', 'azure',
+ 'gcp' or 'generic'. This field is optional, and only taken into
+ account if the .spec.type field is set to 'oci'. When not specified,
+ defaults to 'generic'.
+ enum:
+ - generic
+ - aws
+ - azure
+ - gcp
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing authentication
+ credentials for the HelmRepository. For HTTP/S basic auth the secret
+ must contain 'username' and 'password' fields. For TLS the secret
+ must contain a 'certFile' and 'keyFile', and/or 'caFile' fields.
properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. It is recommended that the
- kubeconfig is self-contained, and the secret is regularly updated
- if credentials such as a cloud-access-token expire. Cloud specific
- `cmd-path` auth helpers will not function without adding binaries
- and credentials to the Pod that is responsible for reconciling
- Kubernetes resources.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
+ name:
+ description: Name of the referent.
+ type: string
required:
- - secretRef
+ - name
type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- persistentClient:
- description: "PersistentClient tells the controller to use a persistent
- Kubernetes client for this release. When enabled, the client will
- be reused for the duration of the reconciliation, instead of being
- created and destroyed for each (step of a) Helm action. \n This
- can improve performance, but may cause issues with some Helm charts
- that for example do create Custom Resource Definitions during installation
- outside Helm's CRD lifecycle hooks, which are then not observed
- to be available by e.g. post-install hooks. \n If not set, it defaults
- to true."
+ suspend:
+ description: Suspend tells the controller to suspend the reconciliation
+ of this HelmRepository.
type: boolean
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
+ timeout:
+ default: 60s
+ description: Timeout is used for the index fetch operation for an
+ HTTPS helm repository, and for remote OCI Repository operations
+ like pulling for an OCI helm repository. Its default value is 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
+ type:
+ description: Type of the HelmRepository. When this field is set to "oci",
+ the URL field value must be prefixed with "oci://".
+ enum:
+ - default
+ - oci
+ type: string
+ url:
+ description: URL of the Helm repository, a valid URL contains at least
+ a protocol and host.
+ type: string
+ required:
+ - interval
+ - url
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmRepositoryStatus records the observed state of the HelmRepository.
+ properties:
+ artifact:
+ description: Artifact represents the last successful HelmRepository
+ reconciliation.
properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ lastUpdateTime:
+ description: LastUpdateTime is the timestamp corresponding to
+ the last update of the Artifact.
+ format: date-time
type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
+ path:
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
+ revision:
+ description: Revision is a human-readable identifier traceable
+ in the origin source system. It can be a Git commit SHA, Git
+ tag, a Helm chart version, etc.
type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
+ url:
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
+ required:
+ - lastUpdateTime
+ - path
+ - revision
+ - url
type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
+ conditions:
+ description: Conditions holds the conditions for the HelmRepository.
items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- maxLength: 250
- pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- When set, must be a valid Data Key, consisting of alphanumeric
- characters, '-', '_' or '.'.
- maxLength: 253
- pattern: ^[\-._a-zA-Z0-9]+$
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
@@ -3208,50 +3058,21 @@ spec:
- type
type: object
type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
+ description: ObservedGeneration is the last observed generation of
+ the HelmRepository object.
format: int64
type: integer
+ url:
+ description: URL is the dynamic fetch link for the latest Artifact.
+ It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
+ data is recommended.
+ type: string
type: object
type: object
served: true
@@ -3263,23 +3084,22 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: helmrepositories.source.toolkit.fluxcd.io
+ app.kubernetes.io/version: v2.0.1
+ name: ocirepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
+ kind: OCIRepository
+ listKind: OCIRepositoryList
+ plural: ocirepositories
shortNames:
- - helmrepo
- singular: helmrepository
+ - ocirepo
+ singular: ocirepository
scope: Namespaced
versions:
- additionalPrinterColumns:
@@ -3295,10 +3115,10 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- name: v1beta1
+ name: v1beta2
schema:
openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
+ description: OCIRepository is the Schema for the ocirepositories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -3313,51 +3133,87 @@ spec:
metadata:
type: object
spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
+ description: OCIRepositorySpec defines the desired state of OCIRepository
properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
+ certSecretRef:
+ description: "CertSecretRef can be given the name of a secret containing
+ either or both of \n - a PEM-encoded client certificate (`certFile`)
+ and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
+ \n and whichever are supplied, will be used for connecting to the
+ registry. The client cert and key are useful if you are authenticating
+ with a certificate; the CA cert is useful if you are using a self-signed
+ server certificate."
properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
+ name:
+ description: Name of the referent.
+ type: string
required:
- - namespaceSelectors
+ - name
type: object
- interval:
- description: The interval at which to check the upstream for updates.
+ ignore:
+ description: Ignore overrides the set of excluded patterns in the
+ .sourceignore format (which is the same as .gitignore). If not provided,
+ a default will be used, consult the documentation for your version
+ to find out what those are.
type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
+ insecure:
+ description: Insecure allows connecting to a non-TLS HTTP container
+ registry.
type: boolean
+ interval:
+ description: The interval at which to check for image updates.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ layerSelector:
+ description: LayerSelector specifies which layer should be extracted
+ from the OCI artifact. When not specified, the first layer found
+ in the artifact is selected.
+ properties:
+ mediaType:
+ description: MediaType specifies the OCI media type of the layer
+ which should be extracted from the OCI Artifact. The first layer
+ matching this type is selected.
+ type: string
+ operation:
+ description: Operation specifies how the selected layer should
+ be processed. By default, the layer compressed content is extracted
+ to storage. When the operation is set to 'copy', the layer compressed
+ content is persisted to storage as it is.
+ enum:
+ - extract
+ - copy
+ type: string
+ type: object
+ provider:
+ default: generic
+ description: The provider used for authentication, can be 'aws', 'azure',
+ 'gcp' or 'generic'. When not specified, defaults to 'generic'.
+ enum:
+ - generic
+ - aws
+ - azure
+ - gcp
+ type: string
+ ref:
+ description: The OCI reference to pull and monitor for changes, defaults
+ to the latest tag.
+ properties:
+ digest:
+ description: Digest is the image digest to pull, takes precedence
+ over SemVer. The value should be in the format 'sha256:<HASH>'.
+ type: string
+ semver:
+ description: SemVer is the range of tags to pull selecting the
+ latest within the range, takes precedence over Tag.
+ type: string
+ tag:
+ description: Tag is the image tag to pull, defaults to latest.
+ type: string
+ type: object
secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caFile fields.
+ description: SecretRef contains the secret name containing the registry
+ login credentials to resolve image metadata. The secret must be
+ of type kubernetes.io/dockerconfigjson.
properties:
name:
description: Name of the referent.
@@ -3365,18 +3221,51 @@ spec:
required:
- name
type: object
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
+ used to authenticate the image pull if the service account has attached
+ pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
+ type: string
suspend:
description: This flag tells the controller to suspend the reconciliation
of this source.
type: boolean
timeout:
default: 60s
- description: The timeout of index downloading, defaults to 60s.
+ description: The timeout for remote OCI Repository operations like
+ pulling, defaults to 60s.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type: string
url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
+ description: URL is a reference to an OCI artifact repository hosted
+ on a remote container registry.
+ pattern: ^oci://.*$
type: string
+ verify:
+ description: Verify contains the secret name containing the trusted
+ public keys used to verify the signature and specifies which provider
+ to use to check whether OCI image is authentic.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to sign the
+ OCI Artifact.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret containing
+ the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
required:
- interval
- url
@@ -3384,37 +3273,54 @@ spec:
status:
default:
observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+ description: OCIRepositoryStatus defines the observed state of OCIRepository
properties:
artifact:
description: Artifact represents the output of the last successful
- repository sync.
+ OCI Repository sync.
properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
+ digest:
+ description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
+ pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
+ the last update of the Artifact.
format: date-time
type: string
+ metadata:
+ additionalProperties:
+ type: string
+ description: Metadata holds upstream information such as OCI annotations.
+ type: object
path:
- description: Path is the relative file path of this artifact.
+ description: Path is the relative file path of the Artifact. It
+ can be used to locate the file in the root of the Artifact storage
+ on the local file system of the controller managing the Source.
type: string
revision:
- description: Revision is a human readable identifier traceable
+ description: Revision is a human-readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
+ tag, a Helm chart version, etc.
type: string
+ size:
+ description: Size is the number of bytes in the file.
+ format: int64
+ type: integer
url:
- description: URL is the HTTP address of this artifact.
+ description: URL is the HTTP address of the Artifact as exposed
+ by the controller managing the Source. It can be used to retrieve
+ the Artifact for consumption, e.g. by another controller applying
+ the Artifact contents.
type: string
required:
+ - lastUpdateTime
- path
+ - revision
- url
type: object
conditions:
- description: Conditions holds the conditions for the HelmRepository.
+ description: Conditions holds the conditions for the OCIRepository.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@@ -3482,6 +3388,16 @@ spec:
- type
type: object
type: array
+ contentConfigChecksum:
+ description: "ContentConfigChecksum is a checksum of all the configurations
+ related to the content of the source artifact: - .spec.ignore -
+ .spec.layerSelector observed in .status.observedGeneration version
+ of the object. This can be used to determine if the content configuration
+ has changed and the artifact needs to be rebuilt. It has the format
+ of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
+ Replaced with explicit fields for observed artifact content config
+ in the status."
+ type: string
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
@@ -3491,19 +3407,192 @@ spec:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
+ observedIgnore:
+ description: ObservedIgnore is the observed exclusion patterns used
+ for constructing the source artifact.
+ type: string
+ observedLayerSelector:
+ description: ObservedLayerSelector is the observed layer selector
+ used for constructing the source artifact.
+ properties:
+ mediaType:
+ description: MediaType specifies the OCI media type of the layer
+ which should be extracted from the OCI Artifact. The first layer
+ matching this type is selected.
+ type: string
+ operation:
+ description: Operation specifies how the selected layer should
+ be processed. By default, the layer compressed content is extracted
+ to storage. When the operation is set to 'copy', the layer compressed
+ content is persisted to storage as it is.
+ enum:
+ - extract
+ - copy
+ type: string
+ type: object
url:
- description: URL is the download link for the last index fetched.
+ description: URL is the download link for the artifact output of the
+ last OCI Repository sync.
type: string
type: object
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: source-controller
+ namespace: flux-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: source-controller
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ control-plane: controller
+ name: source-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: source-controller
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: source-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: TUF_ROOT
+ value: /tmp/.sigstore
+ image: ghcr.io/fluxcd/source-controller:v1.0.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /tmp
+ name: tmp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: source-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: data
+ - emptyDir: {}
+ name: tmp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: kustomizations.kustomize.toolkit.fluxcd.io
+spec:
+ group: kustomize.toolkit.fluxcd.io
+ names:
+ kind: Kustomization
+ listKind: KustomizationList
+ plural: kustomizations
+ shortNames:
+ - ks
+ singular: kustomization
+ scope: Namespaced
+ versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
@@ -3513,10 +3602,10 @@ spec:
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta2
+ name: v1
schema:
openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
+ description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -3531,294 +3620,31 @@ spec:
metadata:
type: object
spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
+ description: KustomizationSpec defines the configuration to calculate
+ the desired state from a Source using Kustomize.
properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
+ commonMetadata:
+ description: CommonMetadata specifies the common labels and annotations
+ that are applied to all resources. Any existing label or annotation
+ will be overridden if its key matches a common one.
properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- provider:
- default: generic
- description: Provider used for authentication, can be 'aws', 'azure',
- 'gcp' or 'generic'. This field is optional, and only taken into
- account if the .spec.type field is set to 'oci'. When not specified,
- defaults to 'generic'.
- enum:
- - generic
- - aws
- - azure
- - gcp
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caFile' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout is used for the index fetch operation for an
- HTTPS helm repository, and for remote OCI Repository operations
- like pulling for an OCI helm repository. Its default value is 60s.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- metadata:
+ annotations:
additionalProperties:
type: string
- description: Metadata holds upstream information such as OCI annotations.
+ description: Annotations to be added to the object's metadata.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the object's metadata.
type: object
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
+ components:
+ description: Components specifies relative paths to specifications
+ of other Components.
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
+ type: string
type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
@@ -3920,28 +3746,38 @@ spec:
type: array
interval:
description: The interval at which to reconcile the Kustomization.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
+ remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
+ is empty.
+ properties:
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
name:
- description: Name of the referent.
+ description: Name of the Secret.
type: string
required:
- name
type: object
+ required:
+ - secretRef
type: object
patches:
description: Strategic merge and JSON patches, defined as inline YAML
@@ -3992,101 +3828,10 @@ spec:
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
required:
- patch
- - target
type: object
type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
path:
description: Path to the directory containing the kustomization.yaml
file, or the set of plain YAMLs a kustomization.yaml should be generated
@@ -4110,7 +3855,7 @@ spec:
description: SubstituteFrom holds references to ConfigMaps and
Secrets containing the variables and their values to be substituted
in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
+ represent the var names, and they must match the vars declared
in the manifests for the substitution to happen.
items:
description: SubstituteReference contains a reference to a resource
@@ -4129,6 +3874,14 @@ spec:
maxLength: 253
minLength: 1
type: string
+ optional:
+ default: false
+ description: Optional indicates whether the referenced resource
+ must exist, or whether to tolerate its absence. If true
+ and the referenced resource is absent, proceed as if the
+ resource was present but empty, without any variables
+ defined.
+ type: boolean
required:
- kind
- name
@@ -4142,6 +3895,7 @@ spec:
description: The interval at which to retry a previously failed reconciliation.
When not specified, the controller uses the KustomizationSpec.Interval
value to retry failures.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
serviceAccountName:
description: The name of the Kubernetes service account to impersonate
@@ -4152,20 +3906,21 @@ spec:
is.
properties:
apiVersion:
- description: API version of the referent
+ description: API version of the referent.
type: string
kind:
- description: Kind of the referent
+ description: Kind of the referent.
enum:
+ - OCIRepository
- GitRepository
- Bucket
type: string
name:
- description: Name of the referent
+ description: Name of the referent.
type: string
namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
+ description: Namespace of the referent, defaults to the namespace
+ of the Kubernetes resource object that contains the reference.
type: string
required:
- kind
@@ -4185,18 +3940,13 @@ spec:
timeout:
description: Timeout for validation, apply and health checking operations.
Defaults to 'Interval' duration.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
+ wait:
+ description: Wait instructs the controller to check the health of
+ all the reconciled resources. When enabled, the HealthChecks are
+ ignored. Defaults to false.
+ type: boolean
required:
- interval
- prune
@@ -4275,9 +4025,35 @@ spec:
- type
type: object
type: array
+ inventory:
+ description: Inventory contains the list of Kubernetes resource object
+ references that have been successfully applied.
+ properties:
+ entries:
+ description: Entries of Kubernetes resource object references.
+ items:
+ description: ResourceRef contains the information necessary
+ to locate a resource within a cluster.
+ properties:
+ id:
+ description: ID is the string representation of the Kubernetes
+ resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
+ type: string
+ v:
+ description: Version is the API version of the Kubernetes
+ resource object's kind.
+ type: string
+ required:
+ - id
+ - v
+ type: object
+ type: array
+ required:
+ - entries
+ type: object
lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
+ description: The last successfully applied revision. Equals the Revision
+ of the applied Artifact from the referenced Source.
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
@@ -4292,51 +4068,25 @@ spec:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
type: object
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
- additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta2
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1
+ name: v1beta1
schema:
openAPIV3Schema:
description: Kustomization is the Schema for the kustomizations API.
@@ -4354,15 +4104,8 @@ spec:
metadata:
type: object
spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
+ description: KustomizationSpec defines the desired state of a kustomization.
properties:
- components:
- description: Components specifies relative paths to specifications
- of other Components
- items:
- type: string
- type: array
decryption:
description: Decrypt Kubernetes secrets before applying them on the
cluster.
@@ -4464,38 +4207,28 @@ spec:
type: array
interval:
description: The interval at which to reconcile the Kustomization.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
kubeConfig:
description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
+ remote cluster. When specified, KubeConfig takes precedence over
+ ServiceAccountName.
properties:
secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. It is recommended that the
- kubeconfig is self-contained, and the secret is regularly updated
- if credentials such as a cloud-access-token expire. Cloud specific
- `cmd-path` auth helpers will not function without adding binaries
- and credentials to the Pod that is responsible for reconciling
- Kubernetes resources.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
+ description: SecretRef holds the name to a secret that contains
+ a 'value' key with the kubeconfig file as the value. It must
+ be in the same namespace as the Kustomization. It is recommended
+ that the kubeconfig is self-contained, and the secret is regularly
+ updated if credentials such as a cloud-access-token expire.
+ Cloud specific `cmd-path` auth helpers will not function without
+ adding binaries and credentials to the Pod that is responsible
+ for reconciling the Kustomization.
+ properties:
name:
- description: Name of the Secret.
+ description: Name of the referent.
type: string
required:
- name
type: object
- required:
- - secretRef
type: object
patches:
description: Strategic merge and JSON patches, defined as inline YAML
@@ -4546,11 +4279,12 @@ spec:
identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
+ required:
+ - patch
type: object
type: array
patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
+ description: JSON 6902 patches, defined as inline YAML objects.
items:
description: JSON6902Patch contains a JSON6902 patch and the target
the patch should be applied to.
@@ -4638,8 +4372,7 @@ spec:
type: object
type: array
patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
+ description: Strategic merge patches, defined as inline YAML objects.
items:
x-kubernetes-preserve-unknown-fields: true
type: array
@@ -4685,14 +4418,6 @@ spec:
maxLength: 253
minLength: 1
type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
required:
- kind
- name
@@ -4706,7 +4431,6 @@ spec:
description: The interval at which to retry a previously failed reconciliation.
When not specified, the controller uses the KustomizationSpec.Interval
value to retry failures.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
serviceAccountName:
description: The name of the Kubernetes service account to impersonate
@@ -4717,21 +4441,20 @@ spec:
is.
properties:
apiVersion:
- description: API version of the referent.
+ description: API version of the referent
type: string
kind:
- description: Kind of the referent.
+ description: Kind of the referent
enum:
- - OCIRepository
- GitRepository
- Bucket
type: string
name:
- description: Name of the referent.
+ description: Name of the referent
type: string
namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
+ description: Namespace of the referent, defaults to the Kustomization
+ namespace
type: string
required:
- kind
@@ -4751,20 +4474,18 @@ spec:
timeout:
description: Timeout for validation, apply and health checking operations.
Defaults to 'Interval' duration.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
validation:
- description: 'Deprecated: Not used in v1beta2.'
+ description: Validate the Kubernetes objects before applying them
+ on the cluster. The validation strategy can be 'client' (local dry-run),
+ 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
+ validation will fallback to 'client' if set to 'server' because
+ server-side validation is not supported in this scenario.
enum:
- none
- client
- server
type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
required:
- interval
- prune
@@ -4843,35 +4564,9 @@ spec:
- type
type: object
type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
lastAppliedRevision:
- description: The last successfully applied revision. Equals the Revision
- of the applied Artifact from the referenced Source.
+ description: The last successfully applied revision. The revision
+ format for Git sources is <branch|tag>/<commit-sha>.
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation
@@ -4886,53 +4581,56 @@ spec:
description: ObservedGeneration is the last reconciled generation.
format: int64
type: integer
+ snapshot:
+ description: The last successfully applied revision metadata.
+ properties:
+ checksum:
+ description: The manifests sha1 checksum.
+ type: string
+ entries:
+ description: A list of Kubernetes kinds grouped by namespace.
+ items:
+ description: Snapshot holds the metadata of namespaced Kubernetes
+ objects
+ properties:
+ kinds:
+ additionalProperties:
+ type: string
+ description: The list of Kubernetes kinds.
+ type: object
+ namespace:
+ description: The namespace of this entry.
+ type: string
+ required:
+ - kinds
+ type: object
+ type: array
+ required:
+ - checksum
+ - entries
+ type: object
type: object
type: object
served: true
- storage: true
+ storage: false
subresources:
status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: ocirepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: OCIRepository
- listKind: OCIRepositoryList
- plural: ocirepositories
- shortNames:
- - ocirepo
- singular: ocirepository
- scope: Namespaced
- versions:
- additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
+ deprecated: true
+ deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1
name: v1beta2
schema:
openAPIV3Schema:
- description: OCIRepository is the Schema for the ocirepositories API
+ description: Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -4947,441 +4645,444 @@ spec:
metadata:
type: object
spec:
- description: OCIRepositorySpec defines the desired state of OCIRepository
+ description: KustomizationSpec defines the configuration to calculate
+ the desired state from a Source using Kustomize.
properties:
- certSecretRef:
- description: "CertSecretRef can be given the name of a secret containing
- either or both of \n - a PEM-encoded client certificate (`certFile`)
- and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
- \n and whichever are supplied, will be used for connecting to the
- registry. The client cert and key are useful if you are authenticating
- with a certificate; the CA cert is useful if you are using a self-signed
- server certificate."
+ commonMetadata:
+ description: CommonMetadata specifies the common labels and annotations
+ that are applied to all resources. Any existing label or annotation
+ will be overridden if its key matches a common one.
properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations to be added to the object's metadata.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels to be added to the object's metadata.
+ type: object
type: object
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP container
- registry.
- type: boolean
- interval:
- description: The interval at which to check for image updates.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- layerSelector:
- description: LayerSelector specifies which layer should be extracted
- from the OCI artifact. When not specified, the first layer found
- in the artifact is selected.
+ components:
+ description: Components specifies relative paths to specifications
+ of other Components.
+ items:
+ type: string
+ type: array
+ decryption:
+ description: Decrypt Kubernetes secrets before applying them on the
+ cluster.
properties:
- mediaType:
- description: MediaType specifies the OCI media type of the layer
- which should be extracted from the OCI Artifact. The first layer
- matching this type is selected.
- type: string
- operation:
- description: Operation specifies how the selected layer should
- be processed. By default, the layer compressed content is extracted
- to storage. When the operation is set to 'copy', the layer compressed
- content is persisted to storage as it is.
+ provider:
+ description: Provider is the name of the decryption engine.
enum:
- - extract
- - copy
- type: string
- type: object
- provider:
- default: generic
- description: The provider used for authentication, can be 'aws', 'azure',
- 'gcp' or 'generic'. When not specified, defaults to 'generic'.
- enum:
- - generic
- - aws
- - azure
- - gcp
- type: string
- ref:
- description: The OCI reference to pull and monitor for changes, defaults
- to the latest tag.
- properties:
- digest:
- description: Digest is the image digest to pull, takes precedence
- over SemVer. The value should be in the format 'sha256:<HASH>'.
- type: string
- semver:
- description: SemVer is the range of tags to pull selecting the
- latest within the range, takes precedence over Tag.
- type: string
- tag:
- description: Tag is the image tag to pull, defaults to latest.
- type: string
- type: object
- secretRef:
- description: SecretRef contains the secret name containing the registry
- login credentials to resolve image metadata. The secret must be
- of type kubernetes.io/dockerconfigjson.
- properties:
- name:
- description: Name of the referent.
+ - sops
type: string
+ secretRef:
+ description: The secret name containing the private OpenPGP keys
+ used for decryption.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
required:
- - name
+ - provider
type: object
- serviceAccountName:
- description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
- used to authenticate the image pull if the service account has attached
- pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
- type: string
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to Kustomization resources that must be ready
+ before this Kustomization can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ force:
+ default: false
+ description: Force instructs the controller to recreate resources
+ when patching fails due to an immutable field change.
type: boolean
- timeout:
- default: 60s
- description: The timeout for remote OCI Repository operations like
- pulling, defaults to 60s.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
- type: string
- url:
- description: URL is a reference to an OCI artifact repository hosted
- on a remote container registry.
- pattern: ^oci://.*$
+ healthChecks:
+ description: A list of resources to be included in the health assessment.
+ items:
+ description: NamespacedObjectKindReference contains enough information
+ to locate the typed referenced Kubernetes resource object in any
+ namespace.
+ properties:
+ apiVersion:
+ description: API version of the referent, if not specified the
+ Kubernetes preferred version will be used.
+ type: string
+ kind:
+ description: Kind of the referent.
+ type: string
+ name:
+ description: Name of the referent.
+ type: string
+ namespace:
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ images:
+ description: Images is a list of (image name, new name, new tag or
+ digest) for changing image names, tags or digests. This can also
+ be achieved with a patch, but this operator is simpler to specify.
+ items:
+ description: Image contains an image name, a new name, a new tag
+ or digest, which will replace the original name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the original
+ image tag. If digest is present NewTag value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace the original
+ name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the original
+ tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ interval:
+ description: The interval at which to reconcile the Kustomization.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- verify:
- description: Verify contains the secret name containing the trusted
- public keys used to verify the signature and specifies which provider
- to use to check whether OCI image is authentic.
+ kubeConfig:
+ description: The KubeConfig for reconciling the Kustomization on a
+ remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
+ is empty.
properties:
- provider:
- default: cosign
- description: Provider specifies the technology used to sign the
- OCI Artifact.
- enum:
- - cosign
- type: string
secretRef:
- description: SecretRef specifies the Kubernetes Secret containing
- the trusted public keys.
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
name:
- description: Name of the referent.
+ description: Name of the Secret.
type: string
required:
- name
type: object
required:
- - provider
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: OCIRepositoryStatus defines the observed state of OCIRepository
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- OCI Repository sync.
- properties:
- checksum:
- description: 'Checksum is the SHA256 checksum of the Artifact
- file. Deprecated: use Artifact.Digest instead.'
- type: string
- digest:
- description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
- pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- metadata:
- additionalProperties:
- type: string
- description: Metadata holds upstream information such as OCI annotations.
- type: object
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
+ - secretRef
type: object
- conditions:
- description: Conditions holds the conditions for the OCIRepository.
+ patches:
+ description: Strategic merge and JSON patches, defined as inline YAML
+ objects, capable of targeting objects based on kind, label and annotation
+ selectors.
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ description: Patch contains an inline StrategicMerge or JSON6902
+ patch, and the target the patch should be applied to.
properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ patch:
+ description: Patch contains an inline StrategicMerge patch or
+ an inline JSON6902 patch with an array of operation objects.
type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
type: object
type: array
- contentConfigChecksum:
- description: "ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.layerSelector observed in .status.observedGeneration version
- of the object. This can be used to determine if the content configuration
- has changed and the artifact needs to be rebuilt. It has the format
- of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
- Replaced with explicit fields for observed artifact content config
- in the status."
+ patchesJson6902:
+ description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
+ Use Patches instead.'
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and the target
+ the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document with
+ an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value that references
+ a location within the target document where the operation
+ is performed. The meaning of the value depends on the
+ value of Op, and is NOT taken into account by all operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform. Its
+ value MUST be one of "add", "remove", "replace", "move",
+ "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer value that
+ references a location within the target document where
+ the operation is performed. The meaning of the value
+ depends on the value of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure. The
+ meaning of the value depends on the value of Op, and
+ is NOT taken into account by all operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the patch document
+ should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select resources
+ from. Together with Version and Kind it is capable of
+ unambiguously identifying and/or selecting resources.
+ https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources from.
+ Together with Group and Version it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows the
+ label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select resources
+ from. Together with Group and Kind it is capable of unambiguously
+ identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: 'Strategic merge patches, defined as inline YAML objects.
+ Deprecated: Use Patches instead.'
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ path:
+ description: Path to the directory containing the kustomization.yaml
+ file, or the set of plain YAMLs a kustomization.yaml should be generated
+ for. Defaults to 'None', which translates to the root path of the
+ SourceRef.
type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
+ postBuild:
+ description: PostBuild describes which actions to perform on the YAML
+ manifest generated by building the kustomize overlay.
+ properties:
+ substitute:
+ additionalProperties:
+ type: string
+ description: Substitute holds a map of key/value pairs. The variables
+ defined in your YAML manifests that match any of the keys defined
+ in the map will be substituted with the set value. Includes
+ support for bash string replacement functions e.g. ${var:=default},
+ ${var:position} and ${var/substring/replacement}.
+ type: object
+ substituteFrom:
+ description: SubstituteFrom holds references to ConfigMaps and
+ Secrets containing the variables and their values to be substituted
+ in the YAML manifests. The ConfigMap and the Secret data keys
+ represent the var names and they must match the vars declared
+ in the manifests for the substitution to happen.
+ items:
+ description: SubstituteReference contains a reference to a resource
+ containing the variables name and value.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are
+ ('Secret', 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside
+ in the same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ default: false
+ description: Optional indicates whether the referenced resource
+ must exist, or whether to tolerate its absence. If true
+ and the referenced resource is absent, proceed as if the
+ resource was present but empty, without any variables
+ defined.
+ type: boolean
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ type: object
+ prune:
+ description: Prune enables garbage collection.
+ type: boolean
+ retryInterval:
+ description: The interval at which to retry a previously failed reconciliation.
+ When not specified, the controller uses the KustomizationSpec.Interval
+ value to retry failures.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- observedIgnore:
- description: ObservedIgnore is the observed exclusion patterns used
- for constructing the source artifact.
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this Kustomization.
type: string
- observedLayerSelector:
- description: ObservedLayerSelector is the observed layer selector
- used for constructing the source artifact.
+ sourceRef:
+ description: Reference of the source where the kustomization file
+ is.
properties:
- mediaType:
- description: MediaType specifies the OCI media type of the layer
- which should be extracted from the OCI Artifact. The first layer
- matching this type is selected.
+ apiVersion:
+ description: API version of the referent.
type: string
- operation:
- description: Operation specifies how the selected layer should
- be processed. By default, the layer compressed content is extracted
- to storage. When the operation is set to 'copy', the layer compressed
- content is persisted to storage as it is.
+ kind:
+ description: Kind of the referent.
enum:
- - extract
- - copy
+ - OCIRepository
+ - GitRepository
+ - Bucket
type: string
- type: object
- url:
- description: URL is the download link for the artifact output of the
- last OCI Repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
name:
description: Name of the referent.
type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
+ namespace:
+ description: Namespace of the referent, defaults to the namespace
+ of the Kubernetes resource object that contains the reference.
type: string
required:
+ - kind
- name
type: object
suspend:
description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
+ kustomize executions, it does not apply to already started executions.
+ Defaults to false.
type: boolean
+ targetNamespace:
+ description: TargetNamespace sets or overrides the namespace in the
+ kustomization.yaml file.
+ maxLength: 63
+ minLength: 1
+ type: string
timeout:
- description: Timeout for sending alerts to the provider.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ description: Timeout for validation, apply and health checking operations.
+ Defaults to 'Interval' duration.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- type:
- description: Type of provider
+ validation:
+ description: 'Deprecated: Not used in v1beta2.'
enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
+ - none
+ - client
+ - server
type: string
+ wait:
+ description: Wait instructs the controller to check the health of
+ all the reconciled resources. When enabled, the HealthChecks are
+ ignored. Defaults to false.
+ type: boolean
required:
- - type
+ - interval
+ - prune
+ - sourceRef
type: object
status:
default:
observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
+ description: KustomizationStatus defines the observed state of a kustomization.
properties:
conditions:
items:
@@ -5451,6 +5152,45 @@ spec:
- type
type: object
type: array
+ inventory:
+ description: Inventory contains the list of Kubernetes resource object
+ references that have been successfully applied.
+ properties:
+ entries:
+ description: Entries of Kubernetes resource object references.
+ items:
+ description: ResourceRef contains the information necessary
+ to locate a resource within a cluster.
+ properties:
+ id:
+ description: ID is the string representation of the Kubernetes
+ resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
+ type: string
+ v:
+ description: Version is the API version of the Kubernetes
+ resource object's kind.
+ type: string
+ required:
+ - id
+ - v
+ type: object
+ type: array
+ required:
+ - entries
+ type: object
+ lastAppliedRevision:
+ description: The last successfully applied revision. Equals the Revision
+ of the applied Artifact from the referenced Source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
observedGeneration:
description: ObservedGeneration is the last reconciled generation.
format: int64
@@ -5461,227 +5201,122 @@ spec:
storage: false
subresources:
status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of the Provider.
- properties:
- address:
- description: Address specifies the HTTP/S incoming webhook address
- of this Provider.
- maxLength: 2048
- pattern: ^(http|https)://.*$
- type: string
- certSecretRef:
- description: CertSecretRef specifies the Secret containing a PEM-encoded
- CA certificate (`caFile`).
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Channel specifies the destination channel where events
- should be posted.
- maxLength: 2048
- type: string
- interval:
- description: Interval at which to reconcile the Provider with its
- Secret references.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
- type: string
- proxy:
- description: Proxy the HTTP/S address of the proxy server.
- maxLength: 2048
- pattern: ^(http|https)://.*$
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the authentication
- credentials for this Provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend subsequent events
- handling for this Provider.
- type: boolean
- timeout:
- description: Timeout for sending alerts to the Provider.
- pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
- type: string
- type:
- description: Type specifies which Provider implementation to use.
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - generic-hmac
- - github
- - gitlab
- - gitea
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Username specifies the name under which events are posted.
- maxLength: 2048
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of the Provider.
- properties:
- conditions:
- description: Conditions holds the conditions for the Provider.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: kustomize-controller
+ namespace: flux-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ control-plane: controller
+ name: kustomize-controller
+ namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kustomize-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: kustomize-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/kustomize-controller:v1.0.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: kustomize-controller
+ terminationGracePeriodSeconds: 60
+ volumes:
+ - emptyDir: {}
+ name: temp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
- app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: receivers.notification.toolkit.fluxcd.io
+ app.kubernetes.io/version: v2.0.1
+ name: helmreleases.helm.toolkit.fluxcd.io
spec:
- group: notification.toolkit.fluxcd.io
+ group: helm.toolkit.fluxcd.io
names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
+ kind: HelmRelease
+ listKind: HelmReleaseList
+ plural: helmreleases
+ shortNames:
+ - hr
+ singular: helmrelease
scope: Namespaced
versions:
- additionalPrinterColumns:
@@ -5694,10 +5329,10 @@ spec:
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- name: v1beta1
+ name: v2beta1
schema:
openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
+ description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -5712,866 +5347,2544 @@ spec:
metadata:
type: object
spec:
- description: ReceiverSpec defines the desired state of Receiver
+ description: HelmReleaseSpec defines the desired state of a Helm release.
properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- - OCIRepository
- type: string
- matchLabels:
- additionalProperties:
+ chart:
+ description: Chart defines the template of the v1beta2.HelmChart that
+ should be created for this HelmRelease.
+ properties:
+ metadata:
+ description: ObjectMeta holds the template for metadata like labels
+ and annotations.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/'
+ type: object
+ type: object
+ spec:
+ description: Spec holds the template for the v1beta2.HelmChartSpec
+ for this HelmRelease.
+ properties:
+ chart:
+ description: The name or path the Helm chart is available
+ at in the SourceRef.
type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
+ interval:
+ description: Interval at which to check the v1beta2.Source
+ for updates. Defaults to 'HelmReleaseSpec.Interval'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ reconcileStrategy:
+ default: ChartVersion
+ description: Determines what enables the creation of a new
+ artifact. Valid values are ('ChartVersion', 'Revision').
+ See the documentation of the values for an explanation on
+ their behavior. Defaults to ChartVersion when omitted.
+ enum:
+ - ChartVersion
+ - Revision
+ type: string
+ sourceRef:
+ description: The name and namespace of the v1beta2.Source
+ the chart is available at.
+ properties:
+ apiVersion:
+ description: APIVersion of the referent.
+ type: string
+ kind:
+ description: Kind of the referent.
+ enum:
+ - HelmRepository
+ - GitRepository
+ - Bucket
+ type: string
+ name:
+ description: Name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent.
+ maxLength: 63
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ valuesFile:
+ description: Alternative values file to use as the default
+ chart values, expected to be a relative path in the SourceRef.
+ Deprecated in favor of ValuesFiles, for backwards compatibility
+ the file defined here is merged before the ValuesFiles items.
+ Ignored when omitted.
+ type: string
+ valuesFiles:
+ description: Alternative list of values files to use as the
+ chart values (values.yaml is not included by default), expected
+ to be a relative path in the SourceRef. Values files are
+ merged in the order of this list with the last file overriding
+ the first. Ignored when omitted.
+ items:
+ type: string
+ type: array
+ verify:
+ description: Verify contains the secret name containing the
+ trusted public keys used to verify the signature and specifies
+ which provider to use to check whether OCI image is authentic.
+ This field is only supported for OCI sources. Chart dependencies,
+ which are not bundled in the umbrella chart artifact, are
+ not verified.
+ properties:
+ provider:
+ default: cosign
+ description: Provider specifies the technology used to
+ sign the OCI Helm chart.
+ enum:
+ - cosign
+ type: string
+ secretRef:
+ description: SecretRef specifies the Kubernetes Secret
+ containing the trusted public keys.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - provider
+ type: object
+ version:
+ default: '*'
+ description: Version semver expression, ignored for charts
+ from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
+ to latest when omitted.
+ type: string
+ required:
+ - chart
+ - sourceRef
+ type: object
+ required:
+ - spec
+ type: object
+ dependsOn:
+ description: DependsOn may contain a meta.NamespacedObjectReference
+ slice with references to HelmRelease resources that must be ready
+ before this HelmRelease can be reconciled.
+ items:
+ description: NamespacedObjectReference contains enough information
+ to locate the referenced Kubernetes resource object in any namespace.
+ properties:
name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
+ description: Name of the referent.
type: string
namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
+ description: Namespace of the referent, when not specified it
+ acts as LocalObjectReference.
type: string
required:
- name
type: object
type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
+ install:
+ description: Install holds the configuration for Helm install actions
+ for this HelmRelease.
properties:
- name:
- description: Name of the referent.
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Create`
+ and if omitted CRDs are installed but not updated. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are applied (installed) during Helm install action. With this
+ option users can opt-in to CRD replace existing CRDs on Helm
+ install actions, which is not (yet) natively supported by Helm.
+ https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ createNamespace:
+ description: CreateNamespace tells the Helm install action to
+ create the HelmReleaseSpec.TargetNamespace if it does not exist
+ yet. On uninstall, the namespace will not be garbage collected.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm install action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm install
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm install has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm install has been performed.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm install action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an install
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false'.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ an uninstall, is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ type: object
+ replace:
+ description: Replace tells the Helm install action to re-use the
+ 'ReleaseName', but only if that name is a deleted release which
+ remains in the history.
+ type: boolean
+ skipCRDs:
+ description: "SkipCRDs tells the Helm install action to not install
+ any CRDs. By default, CRDs are installed if not already present.
+ \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
+ instead."
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- required:
- - name
type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of the Receiver.
- properties:
- events:
- description: Events specifies the list of event types to handle, e.g.
- 'push' for GitHub or 'Push Hook' for GitLab.
- items:
- type: string
- type: array
interval:
- description: Interval at which to reconcile the Receiver with its
- Secret references.
+ description: Interval at which to reconcile the Helm release.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type: string
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- - OCIRepository
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent.
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: SecretRef specifies the Secret containing the token used
- to validate the payload authenticity.
+ kubeConfig:
+ description: KubeConfig for reconciling the HelmRelease on a remote
+ cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
+ forces the controller to act on behalf of that Service Account at
+ the target cluster. If the --default-service-account flag is set,
+ its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
+ is empty.
properties:
- name:
- description: Name of the referent.
- type: string
+ secretRef:
+ description: SecretRef holds the name of a secret that contains
+ a key with the kubeconfig file as the value. If no key is set,
+ the key will default to 'value'. It is recommended that the
+ kubeconfig is self-contained, and the secret is regularly updated
+ if credentials such as a cloud-access-token expire. Cloud specific
+ `cmd-path` auth helpers will not function without adding binaries
+ and credentials to the Pod that is responsible for reconciling
+ Kubernetes resources.
+ properties:
+ key:
+ description: Key in the Secret, when not specified an implementation-specific
+ default key is used.
+ type: string
+ name:
+ description: Name of the Secret.
+ type: string
+ required:
+ - name
+ type: object
required:
- - name
+ - secretRef
type: object
- suspend:
- description: Suspend tells the controller to suspend subsequent events
- handling for this receiver.
+ maxHistory:
+ description: MaxHistory is the number of revisions saved by Helm for
+ this HelmRelease. Use '0' for an unlimited number of revisions;
+ defaults to '10'.
+ type: integer
+ persistentClient:
+ description: "PersistentClient tells the controller to use a persistent
+ Kubernetes client for this release. When enabled, the client will
+ be reused for the duration of the reconciliation, instead of being
+ created and destroyed for each (step of a) Helm action. \n This
+ can improve performance, but may cause issues with some Helm charts
+ that for example do create Custom Resource Definitions during installation
+ outside Helm's CRD lifecycle hooks, which are then not observed
+ to be available by e.g. post-install hooks. \n If not set, it defaults
+ to true."
type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of the Receiver.
- properties:
- conditions:
- description: Conditions holds the conditions for the Receiver.
+ postRenderers:
+ description: PostRenderers holds an array of Helm PostRenderers, which
+ will be applied in order of their definition.
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ description: PostRenderer contains a Helm PostRenderer specification.
properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Receiver object.
- format: int64
- type: integer
- url:
- description: 'URL is the generated incoming webhook address in the
- format of ''/hook/sha256sum(token+name+namespace)''. Deprecated:
- Replaced by WebhookPath.'
- type: string
- webhookPath:
- description: WebhookPath is the generated incoming webhook address
- in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- rbac.authorization.k8s.io/aggregate-to-admin: "true"
- rbac.authorization.k8s.io/aggregate-to-edit: "true"
- name: flux-edit-flux-system
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - create
- - delete
- - deletecollection
- - patch
- - update
+ kustomize:
+ description: Kustomization to apply as PostRenderer.
+ properties:
+ images:
+ description: Images is a list of (image name, new name,
+ new tag or digest) for changing image names, tags or digests.
+ This can also be achieved with a patch, but this operator
+ is simpler to specify.
+ items:
+ description: Image contains an image name, a new name,
+ a new tag or digest, which will replace the original
+ name and tag.
+ properties:
+ digest:
+ description: Digest is the value used to replace the
+ original image tag. If digest is present NewTag
+ value is ignored.
+ type: string
+ name:
+ description: Name is a tag-less image name.
+ type: string
+ newName:
+ description: NewName is the value used to replace
+ the original name.
+ type: string
+ newTag:
+ description: NewTag is the value used to replace the
+ original tag.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ patches:
+ description: Strategic merge and JSON patches, defined as
+ inline YAML objects, capable of targeting objects based
+ on kind, label and annotation selectors.
+ items:
+ description: Patch contains an inline StrategicMerge or
+ JSON6902 patch, and the target the patch should be applied
+ to.
+ properties:
+ patch:
+ description: Patch contains an inline StrategicMerge
+ patch or an inline JSON6902 patch with an array
+ of operation objects.
+ type: string
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ type: object
+ type: array
+ patchesJson6902:
+ description: JSON 6902 patches, defined as inline YAML objects.
+ items:
+ description: JSON6902Patch contains a JSON6902 patch and
+ the target the patch should be applied to.
+ properties:
+ patch:
+ description: Patch contains the JSON6902 patch document
+ with an array of operation objects.
+ items:
+ description: JSON6902 is a JSON6902 operation object.
+ https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ properties:
+ from:
+ description: From contains a JSON-pointer value
+ that references a location within the target
+ document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ type: string
+ op:
+ description: Op indicates the operation to perform.
+ Its value MUST be one of "add", "remove",
+ "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ enum:
+ - test
+ - remove
+ - add
+ - replace
+ - move
+ - copy
+ type: string
+ path:
+ description: Path contains the JSON-pointer
+ value that references a location within the
+ target document where the operation is performed.
+ The meaning of the value depends on the value
+ of Op.
+ type: string
+ value:
+ description: Value contains a valid JSON structure.
+ The meaning of the value depends on the value
+ of Op, and is NOT taken into account by all
+ operations.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ target:
+ description: Target points to the resources that the
+ patch document should be applied to.
+ properties:
+ annotationSelector:
+ description: AnnotationSelector is a string that
+ follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource annotations.
+ type: string
+ group:
+ description: Group is the API group to select
+ resources from. Together with Version and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ kind:
+ description: Kind of the API Group to select resources
+ from. Together with Group and Version it is
+ capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ labelSelector:
+ description: LabelSelector is a string that follows
+ the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+ It matches with the resource labels.
+ type: string
+ name:
+ description: Name to match resources with.
+ type: string
+ namespace:
+ description: Namespace to select resources from.
+ type: string
+ version:
+ description: Version of the API Group to select
+ resources from. Together with Group and Kind
+ it is capable of unambiguously identifying and/or
+ selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ type: array
+ patchesStrategicMerge:
+ description: Strategic merge patches, defined as inline
+ YAML objects.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ type: object
+ type: object
+ type: array
+ releaseName:
+ description: ReleaseName used for the Helm release. Defaults to a
+ composition of '[TargetNamespace-]Name'.
+ maxLength: 53
+ minLength: 1
+ type: string
+ rollback:
+ description: Rollback holds the configuration for Helm rollback actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm rollback action when it fails.
+ type: boolean
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm rollback has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm rollback has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ recreate:
+ description: Recreate performs pod restarts for the resource if
+ applicable.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ serviceAccountName:
+ description: The name of the Kubernetes service account to impersonate
+ when reconciling this HelmRelease.
+ type: string
+ storageNamespace:
+ description: StorageNamespace used for the Helm storage. Defaults
+ to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend reconciliation
+ for this HelmRelease, it does not apply to already started reconciliations.
+ Defaults to false.
+ type: boolean
+ targetNamespace:
+ description: TargetNamespace to target when performing operations
+ for the HelmRelease. Defaults to the namespace of the HelmRelease.
+ maxLength: 63
+ minLength: 1
+ type: string
+ test:
+ description: Test holds the configuration for Helm test actions for
+ this HelmRelease.
+ properties:
+ enable:
+ description: Enable enables Helm test actions for this HelmRelease
+ after an Helm install or upgrade action has been performed.
+ type: boolean
+ ignoreFailures:
+ description: IgnoreFailures tells the controller to skip remediation
+ when the Helm tests are run but fail. Can be overwritten for
+ tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
+ and 'Upgrade.IgnoreTestFailures'.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation during the performance of a Helm test action. Defaults
+ to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a Helm
+ action. Defaults to '5m0s'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ uninstall:
+ description: Uninstall holds the configuration for Helm uninstall
+ actions for this HelmRelease.
+ properties:
+ deletionPropagation:
+ default: background
+ description: DeletionPropagation specifies the deletion propagation
+ policy when a Helm uninstall is performed.
+ enum:
+ - background
+ - foreground
+ - orphan
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm rollback action.
+ type: boolean
+ disableWait:
+ description: DisableWait disables waiting for all the resources
+ to be deleted after a Helm uninstall is performed.
+ type: boolean
+ keepHistory:
+ description: KeepHistory tells Helm to remove all associated resources
+ and mark the release as deleted, but retain the release history.
+ type: boolean
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ upgrade:
+ description: Upgrade holds the configuration for Helm upgrade actions
+ for this HelmRelease.
+ properties:
+ cleanupOnFail:
+ description: CleanupOnFail allows deletion of new resources created
+ during the Helm upgrade action when it fails.
+ type: boolean
+ crds:
+ description: "CRDs upgrade CRDs from the Helm Chart's crds directory
+ according to the CRD upgrade policy provided here. Valid values
+ are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
+ if omitted CRDs are neither installed nor upgraded. \n Skip:
+ do neither install nor replace (update) any CRDs. \n Create:
+ new CRDs are created, existing CRDs are neither updated nor
+ deleted. \n CreateReplace: new CRDs are created, existing CRDs
+ are updated (replaced) but not deleted. \n By default, CRDs
+ are not applied during Helm upgrade action. With this option
+ users can opt-in to CRD upgrade, which is not (yet) natively
+ supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
+ enum:
+ - Skip
+ - Create
+ - CreateReplace
+ type: string
+ disableHooks:
+ description: DisableHooks prevents hooks from running during the
+ Helm upgrade action.
+ type: boolean
+ disableOpenAPIValidation:
+ description: DisableOpenAPIValidation prevents the Helm upgrade
+ action from validating rendered templates against the Kubernetes
+ OpenAPI Schema.
+ type: boolean
+ disableWait:
+ description: DisableWait disables the waiting for resources to
+ be ready after a Helm upgrade has been performed.
+ type: boolean
+ disableWaitForJobs:
+ description: DisableWaitForJobs disables waiting for jobs to complete
+ after a Helm upgrade has been performed.
+ type: boolean
+ force:
+ description: Force forces resource updates through a replacement
+ strategy.
+ type: boolean
+ preserveValues:
+ description: PreserveValues will make Helm reuse the last release's
+ values and merge in overrides from 'Values'. Setting this flag
+ makes the HelmRelease non-declarative.
+ type: boolean
+ remediation:
+ description: Remediation holds the remediation configuration for
+ when the Helm upgrade action for the HelmRelease fails. The
+ default is to not perform any action.
+ properties:
+ ignoreTestFailures:
+ description: IgnoreTestFailures tells the controller to skip
+ remediation when the Helm tests are run after an upgrade
+ action but fail. Defaults to 'Test.IgnoreFailures'.
+ type: boolean
+ remediateLastFailure:
+ description: RemediateLastFailure tells the controller to
+ remediate the last failure, when no retries remain. Defaults
+ to 'false' unless 'Retries' is greater than 0.
+ type: boolean
+ retries:
+ description: Retries is the number of retries that should
+ be attempted on failures before bailing. Remediation, using
+ 'Strategy', is performed between each attempt. Defaults
+ to '0', a negative integer equals to unlimited retries.
+ type: integer
+ strategy:
+ description: Strategy to use for failure remediation. Defaults
+ to 'rollback'.
+ enum:
+ - rollback
+ - uninstall
+ type: string
+ type: object
+ timeout:
+ description: Timeout is the time to wait for any individual Kubernetes
+ operation (like Jobs for hooks) during the performance of a
+ Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ type: object
+ values:
+ description: Values holds the values for this Helm release.
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFrom:
+ description: ValuesFrom holds references to resources containing Helm
+ values for this HelmRelease, and information about how they should
+ be merged.
+ items:
+ description: ValuesReference contains a reference to a resource
+ containing Helm values, and optionally the key they can be found
+ at.
+ properties:
+ kind:
+ description: Kind of the values referent, valid values are ('Secret',
+ 'ConfigMap').
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the values referent. Should reside in the
+ same namespace as the referring resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ optional:
+ description: Optional marks this ValuesReference as optional.
+ When set, a not found error for the values reference is ignored,
+ but any ValuesKey, TargetPath or transient error will still
+ result in a reconciliation failure.
+ type: boolean
+ targetPath:
+ description: TargetPath is the YAML dot notation path the value
+ should be merged at. When set, the ValuesKey is expected to
+ be a single flat value. Defaults to 'None', which results
+ in the values getting merged at the root.
+ maxLength: 250
+ pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
+ type: string
+ valuesKey:
+ description: ValuesKey is the data key where the values.yaml
+ or a specific value can be found at. Defaults to 'values.yaml'.
+ When set, must be a valid Data Key, consisting of alphanumeric
+ characters, '-', '_' or '.'.
+ maxLength: 253
+ pattern: ^[\-._a-zA-Z0-9]+$
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - chart
+ - interval
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: HelmReleaseStatus defines the observed state of a HelmRelease.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the HelmRelease.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ failures:
+ description: Failures is the reconciliation failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ helmChart:
+ description: HelmChart is the namespaced name of the HelmChart resource
+ created by the controller for the HelmRelease.
+ type: string
+ installFailures:
+ description: InstallFailures is the install failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ lastAppliedRevision:
+ description: LastAppliedRevision is the revision of the last successfully
+ applied source.
+ type: string
+ lastAttemptedRevision:
+ description: LastAttemptedRevision is the revision of the last reconciliation
+ attempt.
+ type: string
+ lastAttemptedValuesChecksum:
+ description: LastAttemptedValuesChecksum is the SHA1 checksum of the
+ values of the last reconciliation attempt.
+ type: string
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ lastReleaseRevision:
+ description: LastReleaseRevision is the revision of the last successful
+ Helm release.
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ upgradeFailures:
+ description: UpgradeFailures is the upgrade failure count against
+ the latest desired state. It is reset after a successful reconciliation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+apiVersion: v1
+kind: ServiceAccount
metadata:
labels:
+ app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- rbac.authorization.k8s.io/aggregate-to-admin: "true"
- rbac.authorization.k8s.io/aggregate-to-edit: "true"
- rbac.authorization.k8s.io/aggregate-to-view: "true"
- name: flux-view-flux-system
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - get
- - list
- - watch
+ app.kubernetes.io/version: v2.0.1
+ name: helm-controller
+ namespace: flux-system
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+apiVersion: apps/v1
+kind: Deployment
metadata:
labels:
+ app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
+ app.kubernetes.io/version: v2.0.1
+ control-plane: controller
name: helm-controller
namespace: flux-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "8080"
+ prometheus.io/scrape: "true"
+ labels:
+ app: helm-controller
+ spec:
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/helm-controller:v0.35.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: helm-controller
+ terminationGracePeriodSeconds: 600
+ volumes:
+ - emptyDir: {}
+ name: temp
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
+ app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
+ app.kubernetes.io/version: v2.0.1
+ name: alerts.notification.toolkit.fluxcd.io
+spec:
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Alert
+ listKind: AlertList
+ plural: alerts
+ singular: alert
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Alert is the Schema for the alerts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AlertSpec defines an alerting rule for events involving a
+ list of objects
+ properties:
+ eventSeverity:
+ default: info
+ description: Filter events based on severity, defaults to ('info').
+ If set to 'info' no events will be filtered.
+ enum:
+ - info
+ - error
+ type: string
+ eventSources:
+ description: Filter events based on the involved objects.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ name:
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exclusionList:
+ description: A list of Golang regular expressions to be used for excluding
+ messages.
+ items:
+ type: string
+ type: array
+ providerRef:
+ description: Send events using this provider.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ summary:
+ description: Short description of the impact and affected cluster.
+ type: string
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events dispatching. Defaults to false.
+ type: boolean
+ required:
+ - eventSources
+ - providerRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: AlertStatus defines the observed state of Alert
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Alert is the Schema for the alerts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AlertSpec defines an alerting rule for events involving a
+ list of objects.
+ properties:
+ eventMetadata:
+ additionalProperties:
+ type: string
+ description: EventMetadata is an optional field for adding metadata
+ to events dispatched by the controller. This can be used for enhancing
+ the context of the event. If a field would override one already
+ present on the original event as generated by the emitter, then
+ the override doesn't happen, i.e. the original value is preserved,
+ and an info log is printed.
+ type: object
+ eventSeverity:
+ default: info
+ description: EventSeverity specifies how to filter events based on
+ severity. If set to 'info' no events will be filtered.
+ enum:
+ - info
+ - error
+ type: string
+ eventSources:
+ description: EventSources specifies how to filter events based on
+ the involved object kind, name and namespace.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ exclusionList:
+ description: ExclusionList specifies a list of Golang regular expressions
+ to be used for excluding messages.
+ items:
+ type: string
+ type: array
+ inclusionList:
+ description: InclusionList specifies a list of Golang regular expressions
+ to be used for including messages.
+ items:
+ type: string
+ type: array
+ providerRef:
+ description: ProviderRef specifies which Provider this Alert should
+ use.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ summary:
+ description: Summary holds a short description of the impact and affected
+ cluster.
+ maxLength: 255
+ type: string
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this Alert.
+ type: boolean
+ required:
+ - eventSources
+ - providerRef
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: AlertStatus defines the observed state of the Alert.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Alert.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
---
-apiVersion: v1
-kind: Service
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- control-plane: controller
- name: notification-controller
- namespace: flux-system
+ app.kubernetes.io/version: v2.0.1
+ name: providers.notification.toolkit.fluxcd.io
spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Provider
+ listKind: ProviderList
+ plural: providers
+ singular: provider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Provider is the Schema for the providers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderSpec defines the desired state of Provider
+ properties:
+ address:
+ description: HTTP/S webhook address of this provider
+ pattern: ^(http|https)://
+ type: string
+ certSecretRef:
+ description: CertSecretRef can be given the name of a secret containing
+ a PEM-encoded CA certificate (`caFile`)
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ channel:
+ description: Alert channel for this provider
+ type: string
+ proxy:
+ description: HTTP/S address of the proxy
+ pattern: ^(http|https)://
+ type: string
+ secretRef:
+ description: Secret reference containing the provider webhook URL
+ using "address" as data key
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
+ timeout:
+ description: Timeout for sending alerts to the provider.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ type:
+ description: Type of provider
+ enum:
+ - slack
+ - discord
+ - msteams
+ - rocket
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - azuredevops
+ - googlechat
+ - webex
+ - sentry
+ - azureeventhub
+ - telegram
+ - lark
+ - matrix
+ - opsgenie
+ - alertmanager
+ - grafana
+ - githubdispatch
+ type: string
+ username:
+ description: Bot username for this provider
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ProviderStatus defines the observed state of Provider
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Provider is the Schema for the providers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProviderSpec defines the desired state of the Provider.
+ properties:
+ address:
+ description: Address specifies the endpoint, in a generic sense, to
+ where alerts are sent. What kind of endpoint depends on the specific
+ Provider type being used. For the generic Provider, for example,
+ this is an HTTP/S address. For other Provider types this could be
+ a project ID or a namespace.
+ maxLength: 2048
+ type: string
+ certSecretRef:
+ description: CertSecretRef specifies the Secret containing a PEM-encoded
+ CA certificate (`caFile`).
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ channel:
+ description: Channel specifies the destination channel where events
+ should be posted.
+ maxLength: 2048
+ type: string
+ interval:
+ description: Interval at which to reconcile the Provider with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ proxy:
+ description: Proxy the HTTP/S address of the proxy server.
+ maxLength: 2048
+ pattern: ^(http|https)://.*$
+ type: string
+ secretRef:
+ description: SecretRef specifies the Secret containing the authentication
+ credentials for this Provider.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this Provider.
+ type: boolean
+ timeout:
+ description: Timeout for sending alerts to the Provider.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+ type: string
+ type:
+ description: Type specifies which Provider implementation to use.
+ enum:
+ - slack
+ - discord
+ - msteams
+ - rocket
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - gitea
+ - bitbucket
+ - azuredevops
+ - googlechat
+ - googlepubsub
+ - webex
+ - sentry
+ - azureeventhub
+ - telegram
+ - lark
+ - matrix
+ - opsgenie
+ - alertmanager
+ - grafana
+ - githubdispatch
+ - pagerduty
+ type: string
+ username:
+ description: Username specifies the name under which events are posted.
+ maxLength: 2048
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ProviderStatus defines the observed state of the Provider.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Provider.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last reconciled generation.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
---
-apiVersion: v1
-kind: Service
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
labels:
- app.kubernetes.io/component: source-controller
+ app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- control-plane: controller
- name: source-controller
- namespace: flux-system
+ app.kubernetes.io/version: v2.0.1
+ name: receivers.notification.toolkit.fluxcd.io
spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
+ group: notification.toolkit.fluxcd.io
+ names:
+ kind: Receiver
+ listKind: ReceiverList
+ plural: receivers
+ singular: receiver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of the Receiver.
+ properties:
+ events:
+ description: Events specifies the list of event types to handle, e.g.
+ 'push' for GitHub or 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ interval:
+ default: 10m
+ description: Interval at which to reconcile the Receiver with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: SecretRef specifies the Secret containing the token used
+ to validate the payload authenticity.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this receiver.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - secretRef
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of the Receiver.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Receiver.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the Receiver object.
+ format: int64
+ type: integer
+ webhookPath:
+ description: WebhookPath is the generated incoming webhook address
+ in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of Receiver
+ properties:
+ events:
+ description: A list of events to handle, e.g. 'push' for GitHub or
+ 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ name:
+ description: Name of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: Secret reference containing the token used to validate
+ the payload authenticity
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: This flag tells the controller to suspend subsequent
+ events handling. Defaults to false.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of Receiver
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation.
+ format: int64
+ type: integer
+ url:
+ description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ deprecated: true
+ deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Receiver is the Schema for the receivers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReceiverSpec defines the desired state of the Receiver.
+ properties:
+ events:
+ description: Events specifies the list of event types to handle, e.g.
+ 'push' for GitHub or 'Push Hook' for GitLab.
+ items:
+ type: string
+ type: array
+ interval:
+ description: Interval at which to reconcile the Receiver with its
+ Secret references.
+ pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+ type: string
+ resources:
+ description: A list of resources to be notified about changes.
+ items:
+ description: CrossNamespaceObjectReference contains enough information
+ to let you locate the typed referenced object at cluster level
+ properties:
+ apiVersion:
+ description: API version of the referent
+ type: string
+ kind:
+ description: Kind of the referent
+ enum:
+ - Bucket
+ - GitRepository
+ - Kustomization
+ - HelmRelease
+ - HelmChart
+ - HelmRepository
+ - ImageRepository
+ - ImagePolicy
+ - ImageUpdateAutomation
+ - OCIRepository
+ type: string
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: MatchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed. MatchLabels requires the name to be set to `*`.
+ type: object
+ name:
+ description: Name of the referent If multiple resources are
+ targeted `*` may be set.
+ maxLength: 53
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace of the referent
+ maxLength: 53
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ secretRef:
+ description: SecretRef specifies the Secret containing the token used
+ to validate the payload authenticity.
+ properties:
+ name:
+ description: Name of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ suspend:
+ description: Suspend tells the controller to suspend subsequent events
+ handling for this receiver.
+ type: boolean
+ type:
+ description: Type of webhook sender, used to determine the validation
+ procedure and payload deserialization.
+ enum:
+ - generic
+ - generic-hmac
+ - github
+ - gitlab
+ - bitbucket
+ - harbor
+ - dockerhub
+ - quay
+ - gcr
+ - nexus
+ - acr
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ status:
+ default:
+ observedGeneration: -1
+ description: ReceiverStatus defines the observed state of the Receiver.
+ properties:
+ conditions:
+ description: Conditions holds the conditions for the Receiver.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastHandledReconcileAt:
+ description: LastHandledReconcileAt holds the value of the most recent
+ reconcile request value, so a change of the annotation value can
+ be detected.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation of
+ the Receiver object.
+ format: int64
+ type: integer
+ url:
+ description: 'URL is the generated incoming webhook address in the
+ format of ''/hook/sha256sum(token+name+namespace)''. Deprecated:
+ Replaced by WebhookPath.'
+ type: string
+ webhookPath:
+ description: WebhookPath is the generated incoming webhook address
+ in the format of '/hook/sha256sum(token+name+namespace)'.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
---
apiVersion: v1
-kind: Service
+kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.32.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ name: notification-controller
+ namespace: flux-system
---
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: v1
+kind: Service
metadata:
labels:
- app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
+ app.kubernetes.io/version: v2.0.1
control-plane: controller
- name: kustomize-controller
+ name: notification-controller
namespace: flux-system
spec:
- replicas: 1
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.35.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
+ app: notification-controller
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/part-of: flux
+ app.kubernetes.io/version: v2.0.1
+ control-plane: controller
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http-webhook
+ selector:
+ app: notification-controller
+ type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
@@ -6580,7 +7893,7 @@ metadata:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
+ app.kubernetes.io/version: v2.0.1
control-plane: controller
name: notification-controller
namespace: flux-system
@@ -6608,7 +7921,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.33.0
+ image: ghcr.io/fluxcd/notification-controller:v1.0.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -6660,158 +7973,3 @@ spec:
volumes:
- emptyDir: {}
name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: TUF_ROOT
- value: /tmp/.sigstore
- image: ghcr.io/fluxcd/source-controller:v0.36.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.41.2
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/base/flux/kustomization.yaml b/base/flux/kustomization.yaml
index 510c646ad4e30e60951b0074b41cda4b5f1b895d..9f2e1ac2bb821203355bbbf39b26db6fc4ee6845 100644
--- a/base/flux/kustomization.yaml
+++ b/base/flux/kustomization.yaml
@@ -6,16 +6,16 @@ resources:
images:
- name: ghcr.io/fluxcd/helm-controller
newName: registry1.dso.mil/ironbank/fluxcd/helm-controller
- newTag: v0.32.1
+ newTag: v0.35.0
- name: ghcr.io/fluxcd/kustomize-controller
newName: registry1.dso.mil/ironbank/fluxcd/kustomize-controller
- newTag: v0.35.1
+ newTag: v1.0.1
- name: ghcr.io/fluxcd/notification-controller
newName: registry1.dso.mil/ironbank/fluxcd/notification-controller
- newTag: v0.33.0
+ newTag: v1.0.0
- name: ghcr.io/fluxcd/source-controller
newName: registry1.dso.mil/ironbank/fluxcd/source-controller
- newTag: v0.36.1
+ newTag: v1.0.1
patches:
- target:
diff --git a/base/gitrepository.yaml b/base/gitrepository.yaml
index adacc752f56de666e56bc97975aa728dca58f251..78a6d88d4401f6caac3b721a7bd845526094a76a 100644
--- a/base/gitrepository.yaml
+++ b/base/gitrepository.yaml
@@ -1,4 +1,4 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: bigbang
diff --git a/chart/templates/anchore/gitrepository.yaml b/chart/templates/anchore/gitrepository.yaml
index ae02933536d0035ca27741fab185aeef4e26023a..9a37f9922ecdcc5d87cc0c53d9f1f2e9468109a0 100644
--- a/chart/templates/anchore/gitrepository.yaml
+++ b/chart/templates/anchore/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.anchore.sourceType "git") .Values.addons.anchore.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: anchore
diff --git a/chart/templates/argocd/gitrepository.yaml b/chart/templates/argocd/gitrepository.yaml
index 7336f25738fa9b8fb032e273d8a94876c559f489..6437814b26545deb8f32c5ad0d832a86874a51a0 100644
--- a/chart/templates/argocd/gitrepository.yaml
+++ b/chart/templates/argocd/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.argocd.sourceType "git") .Values.addons.argocd.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: argocd
diff --git a/chart/templates/authservice/gitrepository.yaml b/chart/templates/authservice/gitrepository.yaml
index f2355b8eca11fc117d3b9d14016e78e5a6c5740e..902a3c75912dbaa52fb156614b8c0286d6df3524 100644
--- a/chart/templates/authservice/gitrepository.yaml
+++ b/chart/templates/authservice/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and .Values.istio.enabled (eq .Values.addons.authservice.sourceType "git") (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled)) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: authservice
diff --git a/chart/templates/cluster-auditor/gitrepository.yaml b/chart/templates/cluster-auditor/gitrepository.yaml
index 8170bab8fe2b7b4bd230410952283948c7b28073..733773a12a6693a68d42b78c6f803d096ba2616f 100644
--- a/chart/templates/cluster-auditor/gitrepository.yaml
+++ b/chart/templates/cluster-auditor/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.clusterAuditor.sourceType "git") (not .Values.offline) .Values.clusterAuditor.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: cluster-auditor
diff --git a/chart/templates/eck-operator/gitrepository.yaml b/chart/templates/eck-operator/gitrepository.yaml
index 61421a31466bd0edaa1676a8b1b189a7ee2c27d3..d0cf83811250500ac41660242542d986f0b7b050 100644
--- a/chart/templates/eck-operator/gitrepository.yaml
+++ b/chart/templates/eck-operator/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.eckOperator.sourceType "git") (not .Values.offline) (or .Values.eckOperator.enabled .Values.elasticsearchKibana.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: eck-operator
diff --git a/chart/templates/elasticsearch-kibana/gitrepository.yaml b/chart/templates/elasticsearch-kibana/gitrepository.yaml
index 4cc269e4a63b377e885ae76ddcf10aa4d06be234..774f9734e26d78c1987c02554e592cedb77a1e42 100644
--- a/chart/templates/elasticsearch-kibana/gitrepository.yaml
+++ b/chart/templates/elasticsearch-kibana/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.elasticsearchKibana.sourceType "git") (not .Values.offline) ( .Values.elasticsearchKibana.enabled ) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: elasticsearch-kibana
diff --git a/chart/templates/fluentbit/gitrepository.yaml b/chart/templates/fluentbit/gitrepository.yaml
index e9e8d140f54f3f7fbd4c9f594e85f08e15c31650..2c18f3079c177d303ff91ddeb6889c6d690eeed6 100644
--- a/chart/templates/fluentbit/gitrepository.yaml
+++ b/chart/templates/fluentbit/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.fluentbit.sourceType "git") (not .Values.offline) (.Values.fluentbit.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: fluentbit
diff --git a/chart/templates/gatekeeper/gitrepository.yaml b/chart/templates/gatekeeper/gitrepository.yaml
index e9560df2d97b2a5bab7db4f4fd75b4fb1ba8a1cc..1ad3493ad24f1ad0b27ad0e346f2df6dc3efacc0 100644
--- a/chart/templates/gatekeeper/gitrepository.yaml
+++ b/chart/templates/gatekeeper/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.gatekeeper.sourceType "git") (not .Values.offline) (or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: gatekeeper
diff --git a/chart/templates/gitlab-runner/gitrepository.yaml b/chart/templates/gitlab-runner/gitrepository.yaml
index 2c134996f90db18714323e0dea49ee75d8c46772..8827f7fb7d627c4d97dd6769e1aa5ff0cfebdb23 100644
--- a/chart/templates/gitlab-runner/gitrepository.yaml
+++ b/chart/templates/gitlab-runner/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.gitlabRunner.sourceType "git") (not .Values.offline) .Values.addons.gitlabRunner.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: gitlab-runner
diff --git a/chart/templates/gitlab/gitrepository.yaml b/chart/templates/gitlab/gitrepository.yaml
index ee044ffb27fdad700624b3096dc3a19a9f0d6fbe..e87b60ecbd456a05b9c7bcc49c97f9e4702df6ad 100644
--- a/chart/templates/gitlab/gitrepository.yaml
+++ b/chart/templates/gitlab/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.gitlab.sourceType "git") (not .Values.offline) .Values.addons.gitlab.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: gitlab
diff --git a/chart/templates/grafana/flux/alert.yaml b/chart/templates/grafana/flux/alert.yaml
index 453fdec111c09a6440d03e7a08f607b7fd0ee8fb..2483407449435a4b48a27a655fc68d7f5ced6fc2 100644
--- a/chart/templates/grafana/flux/alert.yaml
+++ b/chart/templates/grafana/flux/alert.yaml
@@ -1,5 +1,5 @@
{{- if and .Values.monitoring.enabled (dig "grafana" "enabled" true .Values.monitoring.values) }}
-apiVersion: notification.toolkit.fluxcd.io/v1beta2
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: grafana
@@ -16,4 +16,4 @@ spec:
- kind: GitRepository
name: '*'
namespace: bigbang
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/chart/templates/grafana/flux/provider.yaml b/chart/templates/grafana/flux/provider.yaml
index 7a7c32e74d1ba2a66342c7f0bcfe064d40c0a494..f0d2220541e5974476f6c967eb0ce7cdda14b668 100644
--- a/chart/templates/grafana/flux/provider.yaml
+++ b/chart/templates/grafana/flux/provider.yaml
@@ -1,5 +1,5 @@
{{- if and .Values.monitoring.enabled (dig "grafana" "enabled" true .Values.monitoring.values) }}
-apiVersion: notification.toolkit.fluxcd.io/v1beta2
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: grafana
@@ -13,4 +13,4 @@ spec:
address: "http://monitoring-monitoring-grafana.monitoring/api/annotations"
secretRef:
name: grafana-flux-auth
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/chart/templates/grafana/gitrepository.yaml b/chart/templates/grafana/gitrepository.yaml
index c55bd899cba63d22a936e27a23636d1103863e83..64480ebe2497aef1aa963025dc9ba38f8dd98a83 100644
--- a/chart/templates/grafana/gitrepository.yaml
+++ b/chart/templates/grafana/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.grafana.sourceType "git") (not .Values.offline) .Values.grafana.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: grafana
diff --git a/chart/templates/haproxy/gitrepository.yaml b/chart/templates/haproxy/gitrepository.yaml
index 0c26b14acbd32bab3945ec114612ff6a8be05699..ff6f66d85fad259949bdc57a10f99b5f498748aa 100644
--- a/chart/templates/haproxy/gitrepository.yaml
+++ b/chart/templates/haproxy/gitrepository.yaml
@@ -1,6 +1,6 @@
{{- $monitoringInjection := dig "istio" "injection" "enabled" .Values.monitoring }}
{{- if and .Values.istio.enabled .Values.monitoring.enabled .Values.monitoring.sso.enabled (eq $monitoringInjection "disabled") }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: haproxy
diff --git a/chart/templates/helm-repository/helmrepo.yaml b/chart/templates/helm-repository/helmrepo.yaml
index fe6ddd8ad10eb9ca41c9f937efbad897ea634b38..57f076058dceb062d15be4bedf518d7c31821e79 100644
--- a/chart/templates/helm-repository/helmrepo.yaml
+++ b/chart/templates/helm-repository/helmrepo.yaml
@@ -1,5 +1,5 @@
{{- range .Values.helmRepositories }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: {{ .name }}
diff --git a/chart/templates/istio-operator/gitrepository.yaml b/chart/templates/istio-operator/gitrepository.yaml
index f5585651d9761d7fc025fabade4aa9f4bdbc4340..2fcd03283c9f22248dc86633884a8548aae2a183 100644
--- a/chart/templates/istio-operator/gitrepository.yaml
+++ b/chart/templates/istio-operator/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.istioOperator.sourceType "git") (not .Values.offline) .Values.istioOperator.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: istio-operator
diff --git a/chart/templates/istio/gitrepository.yaml b/chart/templates/istio/gitrepository.yaml
index a286de43a70602e072b8859ae30259e18ba407d3..2bddba43ac433a5aa6a61d5c5c03b87658fd5e2f 100644
--- a/chart/templates/istio/gitrepository.yaml
+++ b/chart/templates/istio/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.istio.sourceType "git") (not .Values.offline) .Values.istio.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: istio
diff --git a/chart/templates/jaeger/gitrepository.yaml b/chart/templates/jaeger/gitrepository.yaml
index 5aac54436d117c1ee3ad8e33ce0cd82f9b35c3c3..9e04d3e42c1b0873962c10290bbc2a23fac18efd 100644
--- a/chart/templates/jaeger/gitrepository.yaml
+++ b/chart/templates/jaeger/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.jaeger.sourceType "git") (not .Values.offline) .Values.jaeger.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: jaeger
diff --git a/chart/templates/keycloak/gitrepository.yaml b/chart/templates/keycloak/gitrepository.yaml
index 98097b91987de5e0d8e93d7d9030eb9491db32a1..822788afb7212bf02e40cec4f8911ae9f8778fb2 100644
--- a/chart/templates/keycloak/gitrepository.yaml
+++ b/chart/templates/keycloak/gitrepository.yaml
@@ -1,6 +1,6 @@
{{- if and (eq .Values.addons.keycloak.sourceType "git") (not .Values.offline) .Values.addons.keycloak.enabled }}
{{ $name := "keycloak" }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ $name }}
diff --git a/chart/templates/kiali/gitrepository.yaml b/chart/templates/kiali/gitrepository.yaml
index b2bb6167ee9afcc584bdc115f7e787fc7519c67c..03625c59cf942b3b49d0410f787b74598b52f20a 100644
--- a/chart/templates/kiali/gitrepository.yaml
+++ b/chart/templates/kiali/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.kiali.sourceType "git") (not .Values.offline) .Values.kiali.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: kiali
diff --git a/chart/templates/kyverno-policies/gitrepository.yaml b/chart/templates/kyverno-policies/gitrepository.yaml
index 4108615039a6e8fef24b5d7fde8092effb13dccf..7adfca9396e63fb922150091ac3c1afc6afa58b4 100644
--- a/chart/templates/kyverno-policies/gitrepository.yaml
+++ b/chart/templates/kyverno-policies/gitrepository.yaml
@@ -1,6 +1,6 @@
{{- $pkg := "kyvernoPolicies" }}
{{- if and (eq (get .Values $pkg).sourceType "git") (get .Values $pkg).enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ $pkg | kebabcase }}
diff --git a/chart/templates/kyverno-reporter/gitrepository.yaml b/chart/templates/kyverno-reporter/gitrepository.yaml
index 022ba4ce709577c4b5f5db7de8494235d1bbac22..8abd8cb64389512a95be21316a5a1694ce65c470 100644
--- a/chart/templates/kyverno-reporter/gitrepository.yaml
+++ b/chart/templates/kyverno-reporter/gitrepository.yaml
@@ -1,6 +1,6 @@
{{- $pkg := "kyvernoReporter" }}
{{- if and (eq (get .Values $pkg).sourceType "git") (get .Values $pkg).enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ $pkg | kebabcase }}
diff --git a/chart/templates/kyverno/gitrepository.yaml b/chart/templates/kyverno/gitrepository.yaml
index 5a2427bbab1d9db6e92ad7d1ff545e0cc36bbee2..d548390fb468ae954acfc2799c47031df15d7a6a 100644
--- a/chart/templates/kyverno/gitrepository.yaml
+++ b/chart/templates/kyverno/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.kyverno.sourceType "git") (not .Values.offline) (or .Values.kyverno.enabled .Values.kyvernoPolicies.enabled .Values.kyvernoReporter.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: kyverno
diff --git a/chart/templates/loki/gitrepository.yaml b/chart/templates/loki/gitrepository.yaml
index c3d88673e821045ca916a44233cf5d66b4a575ae..0ec6dca9c1c7acf1ddddff2473d97177f378ab21 100644
--- a/chart/templates/loki/gitrepository.yaml
+++ b/chart/templates/loki/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.loki.sourceType "git") (not .Values.offline) .Values.loki.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: loki
diff --git a/chart/templates/mattermost-operator/gitrepository.yaml b/chart/templates/mattermost-operator/gitrepository.yaml
index 474b114a3760c8d0d52337cdf691d30307112853..0452a376a404ba8a4316c5cfd4234cfb2cf0d6e4 100644
--- a/chart/templates/mattermost-operator/gitrepository.yaml
+++ b/chart/templates/mattermost-operator/gitrepository.yaml
@@ -1,7 +1,7 @@
{{- $mmOpOldValues := default dict .Values.addons.mattermostoperator -}}
{{- $mmOpValues := merge $mmOpOldValues .Values.addons.mattermostOperator -}}
{{- if and (eq $mmOpValues.sourceType "git") (not .Values.offline) (or $mmOpValues.enabled .Values.addons.mattermost.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: mattermost-operator
diff --git a/chart/templates/mattermost/gitrepository.yaml b/chart/templates/mattermost/gitrepository.yaml
index b5573529e197dddf88f2e5b9f35532a758e6990e..505891ced3c2364bf5bcbe6c9a5f9061a905c1c3 100644
--- a/chart/templates/mattermost/gitrepository.yaml
+++ b/chart/templates/mattermost/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.mattermost.sourceType "git") .Values.addons.mattermost.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: mattermost
diff --git a/chart/templates/metrics-server/gitrepository.yaml b/chart/templates/metrics-server/gitrepository.yaml
index 50650752d19ca15a3590a0a31c9dd3ddb3a43d70..b3248ba65339b3c302522d524ad9c30420b6161d 100644
--- a/chart/templates/metrics-server/gitrepository.yaml
+++ b/chart/templates/metrics-server/gitrepository.yaml
@@ -3,7 +3,7 @@
{{- $existingMetricsApi := (.Capabilities.APIVersions.Has "metrics.k8s.io/v1beta1") }}
{{- $existingMetricsHelmRelease := (lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "bigbang" "metrics-server") }}
{{- if or ( eq $enableFlag "true") (and (eq $enableFlag "auto") (or (not $existingMetricsApi) $existingMetricsHelmRelease)) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: metrics-server
diff --git a/chart/templates/minio-operator/gitrepository.yaml b/chart/templates/minio-operator/gitrepository.yaml
index fd9180208f2f772b23a8ae3f7dc4f97147d656bc..5a67bad435c0bfd7184f4e22dfc833ca79998353 100644
--- a/chart/templates/minio-operator/gitrepository.yaml
+++ b/chart/templates/minio-operator/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.minioOperator.sourceType "git") (not .Values.offline) (or .Values.addons.minioOperator.enabled .Values.addons.minio.enabled) }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: minio-operator
diff --git a/chart/templates/minio/gitrepository.yaml b/chart/templates/minio/gitrepository.yaml
index da819673a032ad5ce6c20d4132cf84d51de81e59..59487393ded3d6bbfdae874188ba6c80d246418f 100644
--- a/chart/templates/minio/gitrepository.yaml
+++ b/chart/templates/minio/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.minio.sourceType "git") (not .Values.offline) .Values.addons.minio.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: minio
diff --git a/chart/templates/monitoring/gitrepository.yaml b/chart/templates/monitoring/gitrepository.yaml
index 3d6812aabef1a167096058a1f73c70b1516b4ec5..f6b4ff33d964df37fd83d553bff2b3da501b7ac8 100644
--- a/chart/templates/monitoring/gitrepository.yaml
+++ b/chart/templates/monitoring/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.monitoring.sourceType "git") (not .Values.offline) .Values.monitoring.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: monitoring
diff --git a/chart/templates/neuvector/gitrepository.yaml b/chart/templates/neuvector/gitrepository.yaml
index 6c75fd46c6a59b3fcc28189b3a70ea2e31afe2b6..c11138f3d6c3e537af7b2bce31a1fd8674b3f752 100644
--- a/chart/templates/neuvector/gitrepository.yaml
+++ b/chart/templates/neuvector/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (not .Values.offline) (eq .Values.neuvector.sourceType "git") .Values.neuvector.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: neuvector
diff --git a/chart/templates/nexus-repository-manager/gitrepository.yaml b/chart/templates/nexus-repository-manager/gitrepository.yaml
index 29afb6856741445185efebd9d607f9bbbf1e57ae..d84bfae5dfddbf0fb73a3ecdea8b6af577617327 100644
--- a/chart/templates/nexus-repository-manager/gitrepository.yaml
+++ b/chart/templates/nexus-repository-manager/gitrepository.yaml
@@ -1,7 +1,7 @@
{{- $nexusOldValues := default dict .Values.addons.nexus -}}
{{- $nexusValues := merge $nexusOldValues .Values.addons.nexusRepositoryManager -}}
{{- if and (eq $nexusValues.sourceType "git") $nexusValues.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: nexus-repository-manager
diff --git a/chart/templates/package/gitrepository.yaml b/chart/templates/package/gitrepository.yaml
index a696c52984975b03a0d42801d2d6dc2cc38246e0..965452c1e9bb2a7b6a957281f47839e442d52abe 100644
--- a/chart/templates/package/gitrepository.yaml
+++ b/chart/templates/package/gitrepository.yaml
@@ -7,7 +7,7 @@
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ $pkg }}
diff --git a/chart/templates/package/kustomization.yaml b/chart/templates/package/kustomization.yaml
index 0e0bc1457240d57eb5fe6dfd5bcdce93163f5d49..a310ee2c11da0aa24e2f666ccf83a7db919c12a3 100644
--- a/chart/templates/package/kustomization.yaml
+++ b/chart/templates/package/kustomization.yaml
@@ -7,7 +7,7 @@
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: {{ $pkg }}
@@ -35,4 +35,4 @@ spec:
---
{{ end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/chart/templates/promtail/gitrepository.yaml b/chart/templates/promtail/gitrepository.yaml
index 5b8a5dad93ffdf91e13d5b9f7ec35491ac64e5cd..b8d129ffc71f5f4450fc8b22ebdd3529892ee518 100644
--- a/chart/templates/promtail/gitrepository.yaml
+++ b/chart/templates/promtail/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.promtail.sourceType "git") (not .Values.offline) .Values.promtail.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: promtail
diff --git a/chart/templates/sonarqube/gitrepository.yaml b/chart/templates/sonarqube/gitrepository.yaml
index 1b474ae1d1105db67b8cc3f2ce957f011ef1a377..b14af556bbe6d4221954ed60375f5aca2e64a936 100644
--- a/chart/templates/sonarqube/gitrepository.yaml
+++ b/chart/templates/sonarqube/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.sonarqube.sourceType "git") (not .Values.offline) .Values.addons.sonarqube.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: sonarqube
diff --git a/chart/templates/tempo/gitrepository.yaml b/chart/templates/tempo/gitrepository.yaml
index 62b38561023d2ce1149bf6c65a5dbe87bb386964..574d642e69379d94780b0606544dd87b40e4feee 100644
--- a/chart/templates/tempo/gitrepository.yaml
+++ b/chart/templates/tempo/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.tempo.sourceType "git") (not .Values.offline) .Values.tempo.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: tempo
diff --git a/chart/templates/twistlock/gitrepository.yaml b/chart/templates/twistlock/gitrepository.yaml
index 6826f05f0ea67d8d0935b0ad550aa9448450b78e..c04eeb744a578c277f79aaccc88b6476f9aa5b9b 100644
--- a/chart/templates/twistlock/gitrepository.yaml
+++ b/chart/templates/twistlock/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.twistlock.sourceType "git") (not .Values.offline) .Values.twistlock.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: twistlock
diff --git a/chart/templates/vault/gitrepository.yaml b/chart/templates/vault/gitrepository.yaml
index 5f128cb010f8a4fcfbf5feea2ebba3b692f99bef..8a1ad6b0d69a1258e08fd776af97adbc493f1dea 100644
--- a/chart/templates/vault/gitrepository.yaml
+++ b/chart/templates/vault/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.vault.sourceType "git") (not .Values.offline) .Values.addons.vault.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: vault
diff --git a/chart/templates/velero/gitrepository.yaml b/chart/templates/velero/gitrepository.yaml
index 2cda0d760d77715e3fad994125e52e95cdf3f88a..519a1f1baca81c6b183a523a9acbe29a30c4d457 100644
--- a/chart/templates/velero/gitrepository.yaml
+++ b/chart/templates/velero/gitrepository.yaml
@@ -1,5 +1,5 @@
{{- if and (eq .Values.addons.velero.sourceType "git") .Values.addons.velero.enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: velero
diff --git a/chart/templates/wrapper/gitrepository.yaml b/chart/templates/wrapper/gitrepository.yaml
index 85a841d22b3d5a485fc7a7c6186f722f2d1a992b..c79178d1a3fa193a9a4424bf37a4be1ca913f61b 100644
--- a/chart/templates/wrapper/gitrepository.yaml
+++ b/chart/templates/wrapper/gitrepository.yaml
@@ -1,6 +1,6 @@
{{- /* Used for GitOps of the BigBang package wrapper Helm chart. Shared by all packages */ -}}
{{- if and .Values.wrapper (eq .Values.wrapper.sourceType "git") (omit (default dict .Values.packages) "sample") -}}
-apiVersion: source.toolkit.fluxcd.io/v1beta1
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ .Release.Name }}-wrapper
diff --git a/docs/developer/package-integration/flux.md b/docs/developer/package-integration/flux.md
index c4d3922a60ecc3e9053246ee27f0f0f148ad1bd5..393216f820cd9030e26a5fed4d5ba646e504ba7d 100644
--- a/docs/developer/package-integration/flux.md
+++ b/docs/developer/package-integration/flux.md
@@ -91,7 +91,7 @@ Flux's source controller uses the [GitRepository](https://fluxcd.io/docs/compone
```yaml
{{- $pkg := "podinfo" }}
{{- if (get .Values $pkg).enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: {{ $pkg }}
diff --git a/docs/understanding-bigbang/concepts/encryption.md b/docs/understanding-bigbang/concepts/encryption.md
index 2afb77e55197bb972d29a5dd9bc64391986263fd..f597e695434b61877bc0d2bd2961ac9eeb84f0d7 100644
--- a/docs/understanding-bigbang/concepts/encryption.md
+++ b/docs/understanding-bigbang/concepts/encryption.md
@@ -104,7 +104,7 @@ Big Bang needs to know how to retrieve the private key so it can deploy the encr
By default, the `Kustomization` resource uses a Secret named `sops-gpg` for the private key as shown here:
```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: environment
@@ -120,7 +120,7 @@ spec:
Configure the `Kustomization` resource to use sops for decryption:
```yaml
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: environment
diff --git a/docs/understanding-bigbang/configuration/configuration.md b/docs/understanding-bigbang/configuration/configuration.md
index 625d1900b967dde6695fb4327a175dffeb10f373..e7ae443b765cb72db43ca06c3b211c41053b18a7 100644
--- a/docs/understanding-bigbang/configuration/configuration.md
+++ b/docs/understanding-bigbang/configuration/configuration.md
@@ -131,7 +131,7 @@ bases:
- https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base/?ref=v1.2.*
patchesStrategicMerge:
- |-
- apiVersion: source.toolkit.fluxcd.io/v1beta2
+ apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: bigbang
@@ -148,7 +148,7 @@ patchesStrategicMerge:
In your top-level `<env>.yaml` Kubernetes manifest, you would place configuration for the location of your environment. Here is an example:
```yaml
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: environment-repo
@@ -159,7 +159,7 @@ spec:
ref:
branch: main
---
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: environment