1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 controller-gen.kubebuilder.io/version: v0.5.0
6 creationTimestamp: null
7 name: imagepolicies.image.toolkit.fluxcd.io
8spec:
9 group: image.toolkit.fluxcd.io
10 names:
11 kind: ImagePolicy
12 listKind: ImagePolicyList
13 plural: imagepolicies
14 singular: imagepolicy
15 scope: Namespaced
16 versions:
17 - additionalPrinterColumns:
18 - jsonPath: .status.latestImage
19 name: LatestImage
20 type: string
21 name: v1alpha1
22 schema:
23 openAPIV3Schema:
24 description: ImagePolicy is the Schema for the imagepolicies API
25 properties:
26 apiVersion:
27 description: 'APIVersion defines the versioned schema of this representation
28 of an object. Servers should convert recognized schemas to the latest
29 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
30 type: string
31 kind:
32 description: 'Kind is a string value representing the REST resource this
33 object represents. Servers may infer this from the endpoint the client
34 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
35 type: string
36 metadata:
37 type: object
38 spec:
39 description: ImagePolicySpec defines the parameters for calculating the
40 ImagePolicy
41 properties:
42 filterTags:
43 description: FilterTags enables filtering for only a subset of tags
44 based on a set of rules. If no rules are provided, all the tags
45 from the repository will be ordered and compared.
46 properties:
47 extract:
48 description: Extract allows a capture group to be extracted from
49 the specified regular expression pattern, useful before tag
50 evaluation.
51 type: string
52 pattern:
53 description: Pattern specifies a regular expression pattern used
54 to filter for image tags.
55 type: string
56 type: object
57 imageRepositoryRef:
58 description: ImageRepositoryRef points at the object specifying the
59 image being scanned
60 properties:
61 name:
62 description: Name of the referent
63 type: string
64 required:
65 - name
66 type: object
67 policy:
68 description: Policy gives the particulars of the policy to be followed
69 in selecting the most recent image
70 properties:
71 alphabetical:
72 description: Alphabetical set of rules to use for alphabetical
73 ordering of the tags.
74 properties:
75 order:
76 default: asc
77 description: Order specifies the sorting order of the tags.
78 Given the letters of the alphabet as tags, ascending order
79 would select Z, and descending order would select A.
80 enum:
81 - asc
82 - desc
83 type: string
84 type: object
85 numerical:
86 description: Numerical set of rules to use for numerical ordering
87 of the tags.
88 properties:
89 order:
90 default: asc
91 description: Order specifies the sorting order of the tags.
92 Given the integer values from 0 to 9 as tags, ascending
93 order would select 9, and descending order would select
94 0.
95 enum:
96 - asc
97 - desc
98 type: string
99 type: object
100 semver:
101 description: SemVer gives a semantic version range to check against
102 the tags available.
103 properties:
104 range:
105 description: Range gives a semver range for the image tag;
106 the highest version within the range that's a tag yields
107 the latest image.
108 type: string
109 required:
110 - range
111 type: object
112 type: object
113 required:
114 - imageRepositoryRef
115 - policy
116 type: object
117 status:
118 description: ImagePolicyStatus defines the observed state of ImagePolicy
119 properties:
120 conditions:
121 items:
122 description: "Condition contains details for one aspect of the current
123 state of this API Resource. --- This struct is intended for direct
124 use as an array at the field path .status.conditions. For example,
125 type FooStatus struct{ // Represents the observations of a
126 foo's current state. // Known .status.conditions.type are:
127 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
128 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
129 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
130 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
131 \n // other fields }"
132 properties:
133 lastTransitionTime:
134 description: lastTransitionTime is the last time the condition
135 transitioned from one status to another. This should be when
136 the underlying condition changed. If that is not known, then
137 using the time when the API field changed is acceptable.
138 format: date-time
139 type: string
140 message:
141 description: message is a human readable message indicating
142 details about the transition. This may be an empty string.
143 maxLength: 32768
144 type: string
145 observedGeneration:
146 description: observedGeneration represents the .metadata.generation
147 that the condition was set based upon. For instance, if .metadata.generation
148 is currently 12, but the .status.conditions[x].observedGeneration
149 is 9, the condition is out of date with respect to the current
150 state of the instance.
151 format: int64
152 minimum: 0
153 type: integer
154 reason:
155 description: reason contains a programmatic identifier indicating
156 the reason for the condition's last transition. Producers
157 of specific condition types may define expected values and
158 meanings for this field, and whether the values are considered
159 a guaranteed API. The value should be a CamelCase string.
160 This field may not be empty.
161 maxLength: 1024
162 minLength: 1
163 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
164 type: string
165 status:
166 description: status of the condition, one of True, False, Unknown.
167 enum:
168 - "True"
169 - "False"
170 - Unknown
171 type: string
172 type:
173 description: type of condition in CamelCase or in foo.example.com/CamelCase.
174 --- Many .condition.type values are consistent across resources
175 like Available, but because arbitrary conditions can be useful
176 (see .node.status.conditions), the ability to deconflict is
177 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
178 maxLength: 316
179 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
180 type: string
181 required:
182 - lastTransitionTime
183 - message
184 - reason
185 - status
186 - type
187 type: object
188 type: array
189 latestImage:
190 description: LatestImage gives the first in the list of images scanned
191 by the image repository, when filtered and ordered according to
192 the policy.
193 type: string
194 observedGeneration:
195 format: int64
196 type: integer
197 type: object
198 type: object
199 served: true
200 storage: false
201 subresources:
202 status: {}
203 - additionalPrinterColumns:
204 - jsonPath: .status.latestImage
205 name: LatestImage
206 type: string
207 name: v1alpha2
208 schema:
209 openAPIV3Schema:
210 description: ImagePolicy is the Schema for the imagepolicies API
211 properties:
212 apiVersion:
213 description: 'APIVersion defines the versioned schema of this representation
214 of an object. Servers should convert recognized schemas to the latest
215 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
216 type: string
217 kind:
218 description: 'Kind is a string value representing the REST resource this
219 object represents. Servers may infer this from the endpoint the client
220 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
221 type: string
222 metadata:
223 type: object
224 spec:
225 description: ImagePolicySpec defines the parameters for calculating the
226 ImagePolicy
227 properties:
228 filterTags:
229 description: FilterTags enables filtering for only a subset of tags
230 based on a set of rules. If no rules are provided, all the tags
231 from the repository will be ordered and compared.
232 properties:
233 extract:
234 description: Extract allows a capture group to be extracted from
235 the specified regular expression pattern, useful before tag
236 evaluation.
237 type: string
238 pattern:
239 description: Pattern specifies a regular expression pattern used
240 to filter for image tags.
241 type: string
242 type: object
243 imageRepositoryRef:
244 description: ImageRepositoryRef points at the object specifying the
245 image being scanned
246 properties:
247 name:
248 description: Name of the referent
249 type: string
250 required:
251 - name
252 type: object
253 policy:
254 description: Policy gives the particulars of the policy to be followed
255 in selecting the most recent image
256 properties:
257 alphabetical:
258 description: Alphabetical set of rules to use for alphabetical
259 ordering of the tags.
260 properties:
261 order:
262 default: asc
263 description: Order specifies the sorting order of the tags.
264 Given the letters of the alphabet as tags, ascending order
265 would select Z, and descending order would select A.
266 enum:
267 - asc
268 - desc
269 type: string
270 type: object
271 numerical:
272 description: Numerical set of rules to use for numerical ordering
273 of the tags.
274 properties:
275 order:
276 default: asc
277 description: Order specifies the sorting order of the tags.
278 Given the integer values from 0 to 9 as tags, ascending
279 order would select 9, and descending order would select
280 0.
281 enum:
282 - asc
283 - desc
284 type: string
285 type: object
286 semver:
287 description: SemVer gives a semantic version range to check against
288 the tags available.
289 properties:
290 range:
291 description: Range gives a semver range for the image tag;
292 the highest version within the range that's a tag yields
293 the latest image.
294 type: string
295 required:
296 - range
297 type: object
298 type: object
299 required:
300 - imageRepositoryRef
301 - policy
302 type: object
303 status:
304 description: ImagePolicyStatus defines the observed state of ImagePolicy
305 properties:
306 conditions:
307 items:
308 description: "Condition contains details for one aspect of the current
309 state of this API Resource. --- This struct is intended for direct
310 use as an array at the field path .status.conditions. For example,
311 type FooStatus struct{ // Represents the observations of a
312 foo's current state. // Known .status.conditions.type are:
313 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
314 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
315 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
316 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
317 \n // other fields }"
318 properties:
319 lastTransitionTime:
320 description: lastTransitionTime is the last time the condition
321 transitioned from one status to another. This should be when
322 the underlying condition changed. If that is not known, then
323 using the time when the API field changed is acceptable.
324 format: date-time
325 type: string
326 message:
327 description: message is a human readable message indicating
328 details about the transition. This may be an empty string.
329 maxLength: 32768
330 type: string
331 observedGeneration:
332 description: observedGeneration represents the .metadata.generation
333 that the condition was set based upon. For instance, if .metadata.generation
334 is currently 12, but the .status.conditions[x].observedGeneration
335 is 9, the condition is out of date with respect to the current
336 state of the instance.
337 format: int64
338 minimum: 0
339 type: integer
340 reason:
341 description: reason contains a programmatic identifier indicating
342 the reason for the condition's last transition. Producers
343 of specific condition types may define expected values and
344 meanings for this field, and whether the values are considered
345 a guaranteed API. The value should be a CamelCase string.
346 This field may not be empty.
347 maxLength: 1024
348 minLength: 1
349 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
350 type: string
351 status:
352 description: status of the condition, one of True, False, Unknown.
353 enum:
354 - "True"
355 - "False"
356 - Unknown
357 type: string
358 type:
359 description: type of condition in CamelCase or in foo.example.com/CamelCase.
360 --- Many .condition.type values are consistent across resources
361 like Available, but because arbitrary conditions can be useful
362 (see .node.status.conditions), the ability to deconflict is
363 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
364 maxLength: 316
365 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
366 type: string
367 required:
368 - lastTransitionTime
369 - message
370 - reason
371 - status
372 - type
373 type: object
374 type: array
375 latestImage:
376 description: LatestImage gives the first in the list of images scanned
377 by the image repository, when filtered and ordered according to
378 the policy.
379 type: string
380 observedGeneration:
381 format: int64
382 type: integer
383 type: object
384 type: object
385 served: true
386 storage: false
387 subresources:
388 status: {}
389 - additionalPrinterColumns:
390 - jsonPath: .status.latestImage
391 name: LatestImage
392 type: string
393 name: v1beta1
394 schema:
395 openAPIV3Schema:
396 description: ImagePolicy is the Schema for the imagepolicies API
397 properties:
398 apiVersion:
399 description: 'APIVersion defines the versioned schema of this representation
400 of an object. Servers should convert recognized schemas to the latest
401 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
402 type: string
403 kind:
404 description: 'Kind is a string value representing the REST resource this
405 object represents. Servers may infer this from the endpoint the client
406 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
407 type: string
408 metadata:
409 type: object
410 spec:
411 description: ImagePolicySpec defines the parameters for calculating the
412 ImagePolicy
413 properties:
414 filterTags:
415 description: FilterTags enables filtering for only a subset of tags
416 based on a set of rules. If no rules are provided, all the tags
417 from the repository will be ordered and compared.
418 properties:
419 extract:
420 description: Extract allows a capture group to be extracted from
421 the specified regular expression pattern, useful before tag
422 evaluation.
423 type: string
424 pattern:
425 description: Pattern specifies a regular expression pattern used
426 to filter for image tags.
427 type: string
428 type: object
429 imageRepositoryRef:
430 description: ImageRepositoryRef points at the object specifying the
431 image being scanned
432 properties:
433 name:
434 description: Name of the referent
435 type: string
436 namespace:
437 description: Namespace of the referent, when not specified it
438 acts as LocalObjectReference
439 type: string
440 required:
441 - name
442 type: object
443 policy:
444 description: Policy gives the particulars of the policy to be followed
445 in selecting the most recent image
446 properties:
447 alphabetical:
448 description: Alphabetical set of rules to use for alphabetical
449 ordering of the tags.
450 properties:
451 order:
452 default: asc
453 description: Order specifies the sorting order of the tags.
454 Given the letters of the alphabet as tags, ascending order
455 would select Z, and descending order would select A.
456 enum:
457 - asc
458 - desc
459 type: string
460 type: object
461 numerical:
462 description: Numerical set of rules to use for numerical ordering
463 of the tags.
464 properties:
465 order:
466 default: asc
467 description: Order specifies the sorting order of the tags.
468 Given the integer values from 0 to 9 as tags, ascending
469 order would select 9, and descending order would select
470 0.
471 enum:
472 - asc
473 - desc
474 type: string
475 type: object
476 semver:
477 description: SemVer gives a semantic version range to check against
478 the tags available.
479 properties:
480 range:
481 description: Range gives a semver range for the image tag;
482 the highest version within the range that's a tag yields
483 the latest image.
484 type: string
485 required:
486 - range
487 type: object
488 type: object
489 required:
490 - imageRepositoryRef
491 - policy
492 type: object
493 status:
494 description: ImagePolicyStatus defines the observed state of ImagePolicy
495 properties:
496 conditions:
497 items:
498 description: "Condition contains details for one aspect of the current
499 state of this API Resource. --- This struct is intended for direct
500 use as an array at the field path .status.conditions. For example,
501 type FooStatus struct{ // Represents the observations of a
502 foo's current state. // Known .status.conditions.type are:
503 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
504 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
505 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
506 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
507 \n // other fields }"
508 properties:
509 lastTransitionTime:
510 description: lastTransitionTime is the last time the condition
511 transitioned from one status to another. This should be when
512 the underlying condition changed. If that is not known, then
513 using the time when the API field changed is acceptable.
514 format: date-time
515 type: string
516 message:
517 description: message is a human readable message indicating
518 details about the transition. This may be an empty string.
519 maxLength: 32768
520 type: string
521 observedGeneration:
522 description: observedGeneration represents the .metadata.generation
523 that the condition was set based upon. For instance, if .metadata.generation
524 is currently 12, but the .status.conditions[x].observedGeneration
525 is 9, the condition is out of date with respect to the current
526 state of the instance.
527 format: int64
528 minimum: 0
529 type: integer
530 reason:
531 description: reason contains a programmatic identifier indicating
532 the reason for the condition's last transition. Producers
533 of specific condition types may define expected values and
534 meanings for this field, and whether the values are considered
535 a guaranteed API. The value should be a CamelCase string.
536 This field may not be empty.
537 maxLength: 1024
538 minLength: 1
539 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
540 type: string
541 status:
542 description: status of the condition, one of True, False, Unknown.
543 enum:
544 - "True"
545 - "False"
546 - Unknown
547 type: string
548 type:
549 description: type of condition in CamelCase or in foo.example.com/CamelCase.
550 --- Many .condition.type values are consistent across resources
551 like Available, but because arbitrary conditions can be useful
552 (see .node.status.conditions), the ability to deconflict is
553 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
554 maxLength: 316
555 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
556 type: string
557 required:
558 - lastTransitionTime
559 - message
560 - reason
561 - status
562 - type
563 type: object
564 type: array
565 latestImage:
566 description: LatestImage gives the first in the list of images scanned
567 by the image repository, when filtered and ordered according to
568 the policy.
569 type: string
570 observedGeneration:
571 format: int64
572 type: integer
573 type: object
574 type: object
575 served: true
576 storage: true
577 subresources:
578 status: {}
579status:
580 acceptedNames:
581 kind: ""
582 plural: ""
583 conditions: []
584 storedVersions: []
585---
586apiVersion: apiextensions.k8s.io/v1
587kind: CustomResourceDefinition
588metadata:
589 annotations:
590 controller-gen.kubebuilder.io/version: v0.5.0
591 creationTimestamp: null
592 name: imagerepositories.image.toolkit.fluxcd.io
593spec:
594 group: image.toolkit.fluxcd.io
595 names:
596 kind: ImageRepository
597 listKind: ImageRepositoryList
598 plural: imagerepositories
599 singular: imagerepository
600 scope: Namespaced
601 versions:
602 - additionalPrinterColumns:
603 - jsonPath: .status.lastScanResult.scanTime
604 name: Last scan
605 type: string
606 - jsonPath: .status.lastScanResult.tagCount
607 name: Tags
608 type: string
609 name: v1alpha1
610 schema:
611 openAPIV3Schema:
612 description: ImageRepository is the Schema for the imagerepositories API
613 properties:
614 apiVersion:
615 description: 'APIVersion defines the versioned schema of this representation
616 of an object. Servers should convert recognized schemas to the latest
617 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
618 type: string
619 kind:
620 description: 'Kind is a string value representing the REST resource this
621 object represents. Servers may infer this from the endpoint the client
622 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
623 type: string
624 metadata:
625 type: object
626 spec:
627 description: ImageRepositorySpec defines the parameters for scanning an
628 image repository, e.g., `fluxcd/flux`.
629 properties:
630 certSecretRef:
631 description: "CertSecretRef can be given the name of a secret containing
632 either or both of \n - a PEM-encoded client certificate (`certFile`)
633 and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
634 \n and whichever are supplied, will be used for connecting to the
635 \ registry. The client cert and key are useful if you are authenticating
636 with a certificate; the CA cert is useful if you are using a self-signed
637 server certificate."
638 properties:
639 name:
640 description: Name of the referent
641 type: string
642 required:
643 - name
644 type: object
645 image:
646 description: Image is the name of the image repository
647 type: string
648 interval:
649 description: Interval is the length of time to wait between scans
650 of the image repository.
651 type: string
652 secretRef:
653 description: SecretRef can be given the name of a secret containing
654 credentials to use for the image registry. The secret should be
655 created with `kubectl create secret docker-registry`, or the equivalent.
656 properties:
657 name:
658 description: Name of the referent
659 type: string
660 required:
661 - name
662 type: object
663 suspend:
664 description: This flag tells the controller to suspend subsequent
665 image scans. It does not apply to already started scans. Defaults
666 to false.
667 type: boolean
668 timeout:
669 description: Timeout for image scanning. Defaults to 'Interval' duration.
670 type: string
671 type: object
672 status:
673 description: ImageRepositoryStatus defines the observed state of ImageRepository
674 properties:
675 canonicalImageName:
676 description: CanonicalName is the name of the image repository with
677 all the implied bits made explicit; e.g., `docker.io/library/alpine`
678 rather than `alpine`.
679 type: string
680 conditions:
681 items:
682 description: "Condition contains details for one aspect of the current
683 state of this API Resource. --- This struct is intended for direct
684 use as an array at the field path .status.conditions. For example,
685 type FooStatus struct{ // Represents the observations of a
686 foo's current state. // Known .status.conditions.type are:
687 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
688 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
689 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
690 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
691 \n // other fields }"
692 properties:
693 lastTransitionTime:
694 description: lastTransitionTime is the last time the condition
695 transitioned from one status to another. This should be when
696 the underlying condition changed. If that is not known, then
697 using the time when the API field changed is acceptable.
698 format: date-time
699 type: string
700 message:
701 description: message is a human readable message indicating
702 details about the transition. This may be an empty string.
703 maxLength: 32768
704 type: string
705 observedGeneration:
706 description: observedGeneration represents the .metadata.generation
707 that the condition was set based upon. For instance, if .metadata.generation
708 is currently 12, but the .status.conditions[x].observedGeneration
709 is 9, the condition is out of date with respect to the current
710 state of the instance.
711 format: int64
712 minimum: 0
713 type: integer
714 reason:
715 description: reason contains a programmatic identifier indicating
716 the reason for the condition's last transition. Producers
717 of specific condition types may define expected values and
718 meanings for this field, and whether the values are considered
719 a guaranteed API. The value should be a CamelCase string.
720 This field may not be empty.
721 maxLength: 1024
722 minLength: 1
723 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
724 type: string
725 status:
726 description: status of the condition, one of True, False, Unknown.
727 enum:
728 - "True"
729 - "False"
730 - Unknown
731 type: string
732 type:
733 description: type of condition in CamelCase or in foo.example.com/CamelCase.
734 --- Many .condition.type values are consistent across resources
735 like Available, but because arbitrary conditions can be useful
736 (see .node.status.conditions), the ability to deconflict is
737 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
738 maxLength: 316
739 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
740 type: string
741 required:
742 - lastTransitionTime
743 - message
744 - reason
745 - status
746 - type
747 type: object
748 type: array
749 lastHandledReconcileAt:
750 description: LastHandledReconcileAt holds the value of the most recent
751 reconcile request value, so a change can be detected.
752 type: string
753 lastScanResult:
754 description: LastScanResult contains the number of fetched tags.
755 properties:
756 scanTime:
757 format: date-time
758 type: string
759 tagCount:
760 type: integer
761 required:
762 - tagCount
763 type: object
764 observedGeneration:
765 description: ObservedGeneration is the last reconciled generation.
766 format: int64
767 type: integer
768 type: object
769 type: object
770 served: true
771 storage: false
772 subresources:
773 status: {}
774 - additionalPrinterColumns:
775 - jsonPath: .status.lastScanResult.scanTime
776 name: Last scan
777 type: string
778 - jsonPath: .status.lastScanResult.tagCount
779 name: Tags
780 type: string
781 name: v1alpha2
782 schema:
783 openAPIV3Schema:
784 description: ImageRepository is the Schema for the imagerepositories API
785 properties:
786 apiVersion:
787 description: 'APIVersion defines the versioned schema of this representation
788 of an object. Servers should convert recognized schemas to the latest
789 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
790 type: string
791 kind:
792 description: 'Kind is a string value representing the REST resource this
793 object represents. Servers may infer this from the endpoint the client
794 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
795 type: string
796 metadata:
797 type: object
798 spec:
799 description: ImageRepositorySpec defines the parameters for scanning an
800 image repository, e.g., `fluxcd/flux`.
801 properties:
802 certSecretRef:
803 description: "CertSecretRef can be given the name of a secret containing
804 either or both of \n - a PEM-encoded client certificate (`certFile`)
805 and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
806 \n and whichever are supplied, will be used for connecting to the
807 \ registry. The client cert and key are useful if you are authenticating
808 with a certificate; the CA cert is useful if you are using a self-signed
809 server certificate."
810 properties:
811 name:
812 description: Name of the referent
813 type: string
814 required:
815 - name
816 type: object
817 image:
818 description: Image is the name of the image repository
819 type: string
820 interval:
821 description: Interval is the length of time to wait between scans
822 of the image repository.
823 type: string
824 secretRef:
825 description: SecretRef can be given the name of a secret containing
826 credentials to use for the image registry. The secret should be
827 created with `kubectl create secret docker-registry`, or the equivalent.
828 properties:
829 name:
830 description: Name of the referent
831 type: string
832 required:
833 - name
834 type: object
835 suspend:
836 description: This flag tells the controller to suspend subsequent
837 image scans. It does not apply to already started scans. Defaults
838 to false.
839 type: boolean
840 timeout:
841 description: Timeout for image scanning. Defaults to 'Interval' duration.
842 type: string
843 type: object
844 status:
845 description: ImageRepositoryStatus defines the observed state of ImageRepository
846 properties:
847 canonicalImageName:
848 description: CanonicalName is the name of the image repository with
849 all the implied bits made explicit; e.g., `docker.io/library/alpine`
850 rather than `alpine`.
851 type: string
852 conditions:
853 items:
854 description: "Condition contains details for one aspect of the current
855 state of this API Resource. --- This struct is intended for direct
856 use as an array at the field path .status.conditions. For example,
857 type FooStatus struct{ // Represents the observations of a
858 foo's current state. // Known .status.conditions.type are:
859 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
860 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
861 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
862 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
863 \n // other fields }"
864 properties:
865 lastTransitionTime:
866 description: lastTransitionTime is the last time the condition
867 transitioned from one status to another. This should be when
868 the underlying condition changed. If that is not known, then
869 using the time when the API field changed is acceptable.
870 format: date-time
871 type: string
872 message:
873 description: message is a human readable message indicating
874 details about the transition. This may be an empty string.
875 maxLength: 32768
876 type: string
877 observedGeneration:
878 description: observedGeneration represents the .metadata.generation
879 that the condition was set based upon. For instance, if .metadata.generation
880 is currently 12, but the .status.conditions[x].observedGeneration
881 is 9, the condition is out of date with respect to the current
882 state of the instance.
883 format: int64
884 minimum: 0
885 type: integer
886 reason:
887 description: reason contains a programmatic identifier indicating
888 the reason for the condition's last transition. Producers
889 of specific condition types may define expected values and
890 meanings for this field, and whether the values are considered
891 a guaranteed API. The value should be a CamelCase string.
892 This field may not be empty.
893 maxLength: 1024
894 minLength: 1
895 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
896 type: string
897 status:
898 description: status of the condition, one of True, False, Unknown.
899 enum:
900 - "True"
901 - "False"
902 - Unknown
903 type: string
904 type:
905 description: type of condition in CamelCase or in foo.example.com/CamelCase.
906 --- Many .condition.type values are consistent across resources
907 like Available, but because arbitrary conditions can be useful
908 (see .node.status.conditions), the ability to deconflict is
909 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
910 maxLength: 316
911 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
912 type: string
913 required:
914 - lastTransitionTime
915 - message
916 - reason
917 - status
918 - type
919 type: object
920 type: array
921 lastHandledReconcileAt:
922 description: LastHandledReconcileAt holds the value of the most recent
923 reconcile request value, so a change can be detected.
924 type: string
925 lastScanResult:
926 description: LastScanResult contains the number of fetched tags.
927 properties:
928 scanTime:
929 format: date-time
930 type: string
931 tagCount:
932 type: integer
933 required:
934 - tagCount
935 type: object
936 observedGeneration:
937 description: ObservedGeneration is the last reconciled generation.
938 format: int64
939 type: integer
940 type: object
941 type: object
942 served: true
943 storage: false
944 subresources:
945 status: {}
946 - additionalPrinterColumns:
947 - jsonPath: .status.lastScanResult.scanTime
948 name: Last scan
949 type: string
950 - jsonPath: .status.lastScanResult.tagCount
951 name: Tags
952 type: string
953 name: v1beta1
954 schema:
955 openAPIV3Schema:
956 description: ImageRepository is the Schema for the imagerepositories API
957 properties:
958 apiVersion:
959 description: 'APIVersion defines the versioned schema of this representation
960 of an object. Servers should convert recognized schemas to the latest
961 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
962 type: string
963 kind:
964 description: 'Kind is a string value representing the REST resource this
965 object represents. Servers may infer this from the endpoint the client
966 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
967 type: string
968 metadata:
969 type: object
970 spec:
971 description: ImageRepositorySpec defines the parameters for scanning an
972 image repository, e.g., `fluxcd/flux`.
973 properties:
974 accessFrom:
975 description: AccessFrom defines an ACL for allowing cross-namespace
976 references to the ImageRepository object based on the caller's namespace
977 labels.
978 properties:
979 namespaceSelectors:
980 items:
981 properties:
982 matchLabels:
983 additionalProperties:
984 type: string
985 type: object
986 type: object
987 type: array
988 type: object
989 certSecretRef:
990 description: "CertSecretRef can be given the name of a secret containing
991 either or both of \n - a PEM-encoded client certificate (`certFile`)
992 and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`)
993 \n and whichever are supplied, will be used for connecting to the
994 \ registry. The client cert and key are useful if you are authenticating
995 with a certificate; the CA cert is useful if you are using a self-signed
996 server certificate."
997 properties:
998 name:
999 description: Name of the referent
1000 type: string
1001 required:
1002 - name
1003 type: object
1004 image:
1005 description: Image is the name of the image repository
1006 type: string
1007 interval:
1008 description: Interval is the length of time to wait between scans
1009 of the image repository.
1010 type: string
1011 secretRef:
1012 description: SecretRef can be given the name of a secret containing
1013 credentials to use for the image registry. The secret should be
1014 created with `kubectl create secret docker-registry`, or the equivalent.
1015 properties:
1016 name:
1017 description: Name of the referent
1018 type: string
1019 required:
1020 - name
1021 type: object
1022 suspend:
1023 description: This flag tells the controller to suspend subsequent
1024 image scans. It does not apply to already started scans. Defaults
1025 to false.
1026 type: boolean
1027 timeout:
1028 description: Timeout for image scanning. Defaults to 'Interval' duration.
1029 type: string
1030 type: object
1031 status:
1032 description: ImageRepositoryStatus defines the observed state of ImageRepository
1033 properties:
1034 canonicalImageName:
1035 description: CanonicalName is the name of the image repository with
1036 all the implied bits made explicit; e.g., `docker.io/library/alpine`
1037 rather than `alpine`.
1038 type: string
1039 conditions:
1040 items:
1041 description: "Condition contains details for one aspect of the current
1042 state of this API Resource. --- This struct is intended for direct
1043 use as an array at the field path .status.conditions. For example,
1044 type FooStatus struct{ // Represents the observations of a
1045 foo's current state. // Known .status.conditions.type are:
1046 \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
1047 \ // +patchStrategy=merge // +listType=map // +listMapKey=type
1048 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
1049 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
1050 \n // other fields }"
1051 properties:
1052 lastTransitionTime:
1053 description: lastTransitionTime is the last time the condition
1054 transitioned from one status to another. This should be when
1055 the underlying condition changed. If that is not known, then
1056 using the time when the API field changed is acceptable.
1057 format: date-time
1058 type: string
1059 message:
1060 description: message is a human readable message indicating
1061 details about the transition. This may be an empty string.
1062 maxLength: 32768
1063 type: string
1064 observedGeneration:
1065 description: observedGeneration represents the .metadata.generation
1066 that the condition was set based upon. For instance, if .metadata.generation
1067 is currently 12, but the .status.conditions[x].observedGeneration
1068 is 9, the condition is out of date with respect to the current
1069 state of the instance.
1070 format: int64
1071 minimum: 0
1072 type: integer
1073 reason:
1074 description: reason contains a programmatic identifier indicating
1075 the reason for the condition's last transition. Producers
1076 of specific condition types may define expected values and
1077 meanings for this field, and whether the values are considered
1078 a guaranteed API. The value should be a CamelCase string.
1079 This field may not be empty.
1080 maxLength: 1024
1081 minLength: 1
1082 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1083 type: string
1084 status:
1085 description: status of the condition, one of True, False, Unknown.
1086 enum:
1087 - "True"
1088 - "False"
1089 - Unknown
1090 type: string
1091 type:
1092 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1093 --- Many .condition.type values are consistent across resources
1094 like Available, but because arbitrary conditions can be useful
1095 (see .node.status.conditions), the ability to deconflict is
1096 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1097 maxLength: 316
1098 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1099 type: string
1100 required:
1101 - lastTransitionTime
1102 - message
1103 - reason
1104 - status
1105 - type
1106 type: object
1107 type: array
1108 lastHandledReconcileAt:
1109 description: LastHandledReconcileAt holds the value of the most recent
1110 reconcile request value, so a change can be detected.
1111 type: string
1112 lastScanResult:
1113 description: LastScanResult contains the number of fetched tags.
1114 properties:
1115 scanTime:
1116 format: date-time
1117 type: string
1118 tagCount:
1119 type: integer
1120 required:
1121 - tagCount
1122 type: object
1123 observedGeneration:
1124 description: ObservedGeneration is the last reconciled generation.
1125 format: int64
1126 type: integer
1127 type: object
1128 type: object
1129 served: true
1130 storage: true
1131 subresources:
1132 status: {}
1133status:
1134 acceptedNames:
1135 kind: ""
1136 plural: ""
1137 conditions: []
1138 storedVersions: []
1139---
1140apiVersion: v1
1141kind: ServiceAccount
1142metadata:
1143 name: image-reflector-controller
1144---
1145apiVersion: apps/v1
1146kind: Deployment
1147metadata:
1148 labels:
1149 control-plane: controller
1150 name: image-reflector-controller
1151spec:
1152 replicas: 1
1153 selector:
1154 matchLabels:
1155 app: image-reflector-controller
1156 template:
1157 metadata:
1158 annotations:
1159 prometheus.io/port: "8080"
1160 prometheus.io/scrape: "true"
1161 labels:
1162 app: image-reflector-controller
1163 spec:
1164 containers:
1165 - args:
1166 - --events-addr=http://notification-controller/
1167 - --watch-all-namespaces
1168 - --log-level=info
1169 - --log-encoding=json
1170 - --enable-leader-election
1171 env:
1172 - name: RUNTIME_NAMESPACE
1173 valueFrom:
1174 fieldRef:
1175 fieldPath: metadata.namespace
1176 image: fluxcd/image-reflector-controller:v0.13.0
1177 imagePullPolicy: IfNotPresent
1178 livenessProbe:
1179 httpGet:
1180 path: /healthz
1181 port: healthz
1182 name: manager
1183 ports:
1184 - containerPort: 8080
1185 name: http-prom
1186 - containerPort: 9440
1187 name: healthz
1188 protocol: TCP
1189 readinessProbe:
1190 httpGet:
1191 path: /readyz
1192 port: healthz
1193 resources:
1194 limits:
1195 cpu: 1000m
1196 memory: 1Gi
1197 requests:
1198 cpu: 100m
1199 memory: 64Mi
1200 securityContext:
1201 allowPrivilegeEscalation: false
1202 readOnlyRootFilesystem: true
1203 volumeMounts:
1204 - mountPath: /tmp
1205 name: temp
1206 - mountPath: /data
1207 name: data
1208 securityContext:
1209 fsGroup: 1337
1210 serviceAccountName: image-reflector-controller
1211 terminationGracePeriodSeconds: 10
1212 volumes:
1213 - emptyDir: {}
1214 name: temp
1215 - emptyDir: {}
1216 name: data
View as plain text