1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: buckets.source.toolkit.fluxcd.io
8spec:
9 group: source.toolkit.fluxcd.io
10 names:
11 kind: Bucket
12 listKind: BucketList
13 plural: buckets
14 singular: bucket
15 scope: Namespaced
16 versions:
17 - additionalPrinterColumns:
18 - jsonPath: .spec.endpoint
19 name: Endpoint
20 type: string
21 - jsonPath: .metadata.creationTimestamp
22 name: Age
23 type: date
24 - jsonPath: .status.conditions[?(@.type=="Ready")].status
25 name: Ready
26 type: string
27 - jsonPath: .status.conditions[?(@.type=="Ready")].message
28 name: Status
29 type: string
30 name: v1
31 schema:
32 openAPIV3Schema:
33 description: Bucket is the Schema for the buckets API.
34 properties:
35 apiVersion:
36 description: |-
37 APIVersion defines the versioned schema of this representation of an object.
38 Servers should convert recognized schemas to the latest internal value, and
39 may reject unrecognized values.
40 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
41 type: string
42 kind:
43 description: |-
44 Kind is a string value representing the REST resource this object represents.
45 Servers may infer this from the endpoint the client submits requests to.
46 Cannot be updated.
47 In CamelCase.
48 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
49 type: string
50 metadata:
51 type: object
52 spec:
53 description: |-
54 BucketSpec specifies the required configuration to produce an Artifact for
55 an object storage bucket.
56 properties:
57 bucketName:
58 description: BucketName is the name of the object storage bucket.
59 type: string
60 certSecretRef:
61 description: |-
62 CertSecretRef can be given the name of a Secret containing
63 either or both of
64
65
66 - a PEM-encoded client certificate (`tls.crt`) and private
67 key (`tls.key`);
68 - a PEM-encoded CA certificate (`ca.crt`)
69
70
71 and whichever are supplied, will be used for connecting to the
72 bucket. The client cert and key are useful if you are
73 authenticating with a certificate; the CA cert is useful if
74 you are using a self-signed server certificate. The Secret must
75 be of type `Opaque` or `kubernetes.io/tls`.
76
77
78 This field is only supported for the `generic` provider.
79 properties:
80 name:
81 description: Name of the referent.
82 type: string
83 required:
84 - name
85 type: object
86 endpoint:
87 description: Endpoint is the object storage address the BucketName
88 is located at.
89 type: string
90 ignore:
91 description: |-
92 Ignore overrides the set of excluded patterns in the .sourceignore format
93 (which is the same as .gitignore). If not provided, a default will be used,
94 consult the documentation for your version to find out what those are.
95 type: string
96 insecure:
97 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
98 type: boolean
99 interval:
100 description: |-
101 Interval at which the Bucket Endpoint is checked for updates.
102 This interval is approximate and may be subject to jitter to ensure
103 efficient use of resources.
104 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
105 type: string
106 prefix:
107 description: Prefix to use for server-side filtering of files in the
108 Bucket.
109 type: string
110 provider:
111 default: generic
112 description: |-
113 Provider of the object storage bucket.
114 Defaults to 'generic', which expects an S3 (API) compatible object
115 storage.
116 enum:
117 - generic
118 - aws
119 - gcp
120 - azure
121 type: string
122 proxySecretRef:
123 description: |-
124 ProxySecretRef specifies the Secret containing the proxy configuration
125 to use while communicating with the Bucket server.
126 properties:
127 name:
128 description: Name of the referent.
129 type: string
130 required:
131 - name
132 type: object
133 region:
134 description: Region of the Endpoint where the BucketName is located
135 in.
136 type: string
137 secretRef:
138 description: |-
139 SecretRef specifies the Secret containing authentication credentials
140 for the Bucket.
141 properties:
142 name:
143 description: Name of the referent.
144 type: string
145 required:
146 - name
147 type: object
148 sts:
149 description: |-
150 STS specifies the required configuration to use a Security Token
151 Service for fetching temporary credentials to authenticate in a
152 Bucket provider.
153
154
155 This field is only supported for the `aws` and `generic` providers.
156 properties:
157 certSecretRef:
158 description: |-
159 CertSecretRef can be given the name of a Secret containing
160 either or both of
161
162
163 - a PEM-encoded client certificate (`tls.crt`) and private
164 key (`tls.key`);
165 - a PEM-encoded CA certificate (`ca.crt`)
166
167
168 and whichever are supplied, will be used for connecting to the
169 STS endpoint. The client cert and key are useful if you are
170 authenticating with a certificate; the CA cert is useful if
171 you are using a self-signed server certificate. The Secret must
172 be of type `Opaque` or `kubernetes.io/tls`.
173
174
175 This field is only supported for the `ldap` provider.
176 properties:
177 name:
178 description: Name of the referent.
179 type: string
180 required:
181 - name
182 type: object
183 endpoint:
184 description: |-
185 Endpoint is the HTTP/S endpoint of the Security Token Service from
186 where temporary credentials will be fetched.
187 pattern: ^(http|https)://.*$
188 type: string
189 provider:
190 description: Provider of the Security Token Service.
191 enum:
192 - aws
193 - ldap
194 type: string
195 secretRef:
196 description: |-
197 SecretRef specifies the Secret containing authentication credentials
198 for the STS endpoint. This Secret must contain the fields `username`
199 and `password` and is supported only for the `ldap` provider.
200 properties:
201 name:
202 description: Name of the referent.
203 type: string
204 required:
205 - name
206 type: object
207 required:
208 - endpoint
209 - provider
210 type: object
211 suspend:
212 description: |-
213 Suspend tells the controller to suspend the reconciliation of this
214 Bucket.
215 type: boolean
216 timeout:
217 default: 60s
218 description: Timeout for fetch operations, defaults to 60s.
219 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
220 type: string
221 required:
222 - bucketName
223 - endpoint
224 - interval
225 type: object
226 x-kubernetes-validations:
227 - message: STS configuration is only supported for the 'aws' and 'generic'
228 Bucket providers
229 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
230 - message: '''aws'' is the only supported STS provider for the ''aws''
231 Bucket provider'
232 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
233 == 'aws'
234 - message: '''ldap'' is the only supported STS provider for the ''generic''
235 Bucket provider'
236 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
237 == 'ldap'
238 - message: spec.sts.secretRef is not required for the 'aws' STS provider
239 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
240 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
241 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
242 status:
243 default:
244 observedGeneration: -1
245 description: BucketStatus records the observed state of a Bucket.
246 properties:
247 artifact:
248 description: Artifact represents the last successful Bucket reconciliation.
249 properties:
250 digest:
251 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
252 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
253 type: string
254 lastUpdateTime:
255 description: |-
256 LastUpdateTime is the timestamp corresponding to the last update of the
257 Artifact.
258 format: date-time
259 type: string
260 metadata:
261 additionalProperties:
262 type: string
263 description: Metadata holds upstream information such as OCI annotations.
264 type: object
265 path:
266 description: |-
267 Path is the relative file path of the Artifact. It can be used to locate
268 the file in the root of the Artifact storage on the local file system of
269 the controller managing the Source.
270 type: string
271 revision:
272 description: |-
273 Revision is a human-readable identifier traceable in the origin source
274 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
275 type: string
276 size:
277 description: Size is the number of bytes in the file.
278 format: int64
279 type: integer
280 url:
281 description: |-
282 URL is the HTTP address of the Artifact as exposed by the controller
283 managing the Source. It can be used to retrieve the Artifact for
284 consumption, e.g. by another controller applying the Artifact contents.
285 type: string
286 required:
287 - lastUpdateTime
288 - path
289 - revision
290 - url
291 type: object
292 conditions:
293 description: Conditions holds the conditions for the Bucket.
294 items:
295 description: "Condition contains details for one aspect of the current
296 state of this API Resource.\n---\nThis struct is intended for
297 direct use as an array at the field path .status.conditions. For
298 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
299 observations of a foo's current state.\n\t // Known .status.conditions.type
300 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
301 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
302 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
303 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
304 \ // other fields\n\t}"
305 properties:
306 lastTransitionTime:
307 description: |-
308 lastTransitionTime is the last time the condition transitioned from one status to another.
309 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
310 format: date-time
311 type: string
312 message:
313 description: |-
314 message is a human readable message indicating details about the transition.
315 This may be an empty string.
316 maxLength: 32768
317 type: string
318 observedGeneration:
319 description: |-
320 observedGeneration represents the .metadata.generation that the condition was set based upon.
321 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
322 with respect to the current state of the instance.
323 format: int64
324 minimum: 0
325 type: integer
326 reason:
327 description: |-
328 reason contains a programmatic identifier indicating the reason for the condition's last transition.
329 Producers of specific condition types may define expected values and meanings for this field,
330 and whether the values are considered a guaranteed API.
331 The value should be a CamelCase string.
332 This field may not be empty.
333 maxLength: 1024
334 minLength: 1
335 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
336 type: string
337 status:
338 description: status of the condition, one of True, False, Unknown.
339 enum:
340 - "True"
341 - "False"
342 - Unknown
343 type: string
344 type:
345 description: |-
346 type of condition in CamelCase or in foo.example.com/CamelCase.
347 ---
348 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
349 useful (see .node.status.conditions), the ability to deconflict is important.
350 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
351 maxLength: 316
352 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
353 type: string
354 required:
355 - lastTransitionTime
356 - message
357 - reason
358 - status
359 - type
360 type: object
361 type: array
362 lastHandledReconcileAt:
363 description: |-
364 LastHandledReconcileAt holds the value of the most recent
365 reconcile request value, so a change of the annotation value
366 can be detected.
367 type: string
368 observedGeneration:
369 description: ObservedGeneration is the last observed generation of
370 the Bucket object.
371 format: int64
372 type: integer
373 observedIgnore:
374 description: |-
375 ObservedIgnore is the observed exclusion patterns used for constructing
376 the source artifact.
377 type: string
378 url:
379 description: |-
380 URL is the dynamic fetch link for the latest Artifact.
381 It is provided on a "best effort" basis, and using the precise
382 BucketStatus.Artifact data is recommended.
383 type: string
384 type: object
385 type: object
386 served: true
387 storage: true
388 subresources:
389 status: {}
390 - additionalPrinterColumns:
391 - jsonPath: .spec.endpoint
392 name: Endpoint
393 type: string
394 - jsonPath: .status.conditions[?(@.type=="Ready")].status
395 name: Ready
396 type: string
397 - jsonPath: .status.conditions[?(@.type=="Ready")].message
398 name: Status
399 type: string
400 - jsonPath: .metadata.creationTimestamp
401 name: Age
402 type: date
403 deprecated: true
404 deprecationWarning: v1beta1 Bucket is deprecated, upgrade to v1
405 name: v1beta1
406 schema:
407 openAPIV3Schema:
408 description: Bucket is the Schema for the buckets API
409 properties:
410 apiVersion:
411 description: |-
412 APIVersion defines the versioned schema of this representation of an object.
413 Servers should convert recognized schemas to the latest internal value, and
414 may reject unrecognized values.
415 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
416 type: string
417 kind:
418 description: |-
419 Kind is a string value representing the REST resource this object represents.
420 Servers may infer this from the endpoint the client submits requests to.
421 Cannot be updated.
422 In CamelCase.
423 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
424 type: string
425 metadata:
426 type: object
427 spec:
428 description: BucketSpec defines the desired state of an S3 compatible
429 bucket
430 properties:
431 accessFrom:
432 description: AccessFrom defines an Access Control List for allowing
433 cross-namespace references to this object.
434 properties:
435 namespaceSelectors:
436 description: |-
437 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
438 Items in this list are evaluated using a logical OR operation.
439 items:
440 description: |-
441 NamespaceSelector selects the namespaces to which this ACL applies.
442 An empty map of MatchLabels matches all namespaces in a cluster.
443 properties:
444 matchLabels:
445 additionalProperties:
446 type: string
447 description: |-
448 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
449 map is equivalent to an element of matchExpressions, whose key field is "key", the
450 operator is "In", and the values array contains only "value". The requirements are ANDed.
451 type: object
452 type: object
453 type: array
454 required:
455 - namespaceSelectors
456 type: object
457 bucketName:
458 description: The bucket name.
459 type: string
460 endpoint:
461 description: The bucket endpoint address.
462 type: string
463 ignore:
464 description: |-
465 Ignore overrides the set of excluded patterns in the .sourceignore format
466 (which is the same as .gitignore). If not provided, a default will be used,
467 consult the documentation for your version to find out what those are.
468 type: string
469 insecure:
470 description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
471 type: boolean
472 interval:
473 description: The interval at which to check for bucket updates.
474 type: string
475 provider:
476 default: generic
477 description: The S3 compatible storage provider name, default ('generic').
478 enum:
479 - generic
480 - aws
481 - gcp
482 type: string
483 region:
484 description: The bucket region.
485 type: string
486 secretRef:
487 description: |-
488 The name of the secret containing authentication credentials
489 for the Bucket.
490 properties:
491 name:
492 description: Name of the referent.
493 type: string
494 required:
495 - name
496 type: object
497 suspend:
498 description: This flag tells the controller to suspend the reconciliation
499 of this source.
500 type: boolean
501 timeout:
502 default: 60s
503 description: The timeout for download operations, defaults to 60s.
504 type: string
505 required:
506 - bucketName
507 - endpoint
508 - interval
509 type: object
510 status:
511 default:
512 observedGeneration: -1
513 description: BucketStatus defines the observed state of a bucket
514 properties:
515 artifact:
516 description: Artifact represents the output of the last successful
517 Bucket sync.
518 properties:
519 checksum:
520 description: Checksum is the SHA256 checksum of the artifact.
521 type: string
522 lastUpdateTime:
523 description: |-
524 LastUpdateTime is the timestamp corresponding to the last update of this
525 artifact.
526 format: date-time
527 type: string
528 path:
529 description: Path is the relative file path of this artifact.
530 type: string
531 revision:
532 description: |-
533 Revision is a human readable identifier traceable in the origin source
534 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
535 chart version, etc.
536 type: string
537 url:
538 description: URL is the HTTP address of this artifact.
539 type: string
540 required:
541 - path
542 - url
543 type: object
544 conditions:
545 description: Conditions holds the conditions for the Bucket.
546 items:
547 description: "Condition contains details for one aspect of the current
548 state of this API Resource.\n---\nThis struct is intended for
549 direct use as an array at the field path .status.conditions. For
550 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
551 observations of a foo's current state.\n\t // Known .status.conditions.type
552 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
553 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
554 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
555 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
556 \ // other fields\n\t}"
557 properties:
558 lastTransitionTime:
559 description: |-
560 lastTransitionTime is the last time the condition transitioned from one status to another.
561 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
562 format: date-time
563 type: string
564 message:
565 description: |-
566 message is a human readable message indicating details about the transition.
567 This may be an empty string.
568 maxLength: 32768
569 type: string
570 observedGeneration:
571 description: |-
572 observedGeneration represents the .metadata.generation that the condition was set based upon.
573 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
574 with respect to the current state of the instance.
575 format: int64
576 minimum: 0
577 type: integer
578 reason:
579 description: |-
580 reason contains a programmatic identifier indicating the reason for the condition's last transition.
581 Producers of specific condition types may define expected values and meanings for this field,
582 and whether the values are considered a guaranteed API.
583 The value should be a CamelCase string.
584 This field may not be empty.
585 maxLength: 1024
586 minLength: 1
587 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
588 type: string
589 status:
590 description: status of the condition, one of True, False, Unknown.
591 enum:
592 - "True"
593 - "False"
594 - Unknown
595 type: string
596 type:
597 description: |-
598 type of condition in CamelCase or in foo.example.com/CamelCase.
599 ---
600 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
601 useful (see .node.status.conditions), the ability to deconflict is important.
602 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
603 maxLength: 316
604 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
605 type: string
606 required:
607 - lastTransitionTime
608 - message
609 - reason
610 - status
611 - type
612 type: object
613 type: array
614 lastHandledReconcileAt:
615 description: |-
616 LastHandledReconcileAt holds the value of the most recent
617 reconcile request value, so a change of the annotation value
618 can be detected.
619 type: string
620 observedGeneration:
621 description: ObservedGeneration is the last observed generation.
622 format: int64
623 type: integer
624 url:
625 description: URL is the download link for the artifact output of the
626 last Bucket sync.
627 type: string
628 type: object
629 type: object
630 served: true
631 storage: false
632 subresources:
633 status: {}
634 - additionalPrinterColumns:
635 - jsonPath: .spec.endpoint
636 name: Endpoint
637 type: string
638 - jsonPath: .metadata.creationTimestamp
639 name: Age
640 type: date
641 - jsonPath: .status.conditions[?(@.type=="Ready")].status
642 name: Ready
643 type: string
644 - jsonPath: .status.conditions[?(@.type=="Ready")].message
645 name: Status
646 type: string
647 deprecated: true
648 deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
649 name: v1beta2
650 schema:
651 openAPIV3Schema:
652 description: Bucket is the Schema for the buckets API.
653 properties:
654 apiVersion:
655 description: |-
656 APIVersion defines the versioned schema of this representation of an object.
657 Servers should convert recognized schemas to the latest internal value, and
658 may reject unrecognized values.
659 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
660 type: string
661 kind:
662 description: |-
663 Kind is a string value representing the REST resource this object represents.
664 Servers may infer this from the endpoint the client submits requests to.
665 Cannot be updated.
666 In CamelCase.
667 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
668 type: string
669 metadata:
670 type: object
671 spec:
672 description: |-
673 BucketSpec specifies the required configuration to produce an Artifact for
674 an object storage bucket.
675 properties:
676 accessFrom:
677 description: |-
678 AccessFrom specifies an Access Control List for allowing cross-namespace
679 references to this object.
680 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
681 properties:
682 namespaceSelectors:
683 description: |-
684 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
685 Items in this list are evaluated using a logical OR operation.
686 items:
687 description: |-
688 NamespaceSelector selects the namespaces to which this ACL applies.
689 An empty map of MatchLabels matches all namespaces in a cluster.
690 properties:
691 matchLabels:
692 additionalProperties:
693 type: string
694 description: |-
695 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
696 map is equivalent to an element of matchExpressions, whose key field is "key", the
697 operator is "In", and the values array contains only "value". The requirements are ANDed.
698 type: object
699 type: object
700 type: array
701 required:
702 - namespaceSelectors
703 type: object
704 bucketName:
705 description: BucketName is the name of the object storage bucket.
706 type: string
707 certSecretRef:
708 description: |-
709 CertSecretRef can be given the name of a Secret containing
710 either or both of
711
712
713 - a PEM-encoded client certificate (`tls.crt`) and private
714 key (`tls.key`);
715 - a PEM-encoded CA certificate (`ca.crt`)
716
717
718 and whichever are supplied, will be used for connecting to the
719 bucket. The client cert and key are useful if you are
720 authenticating with a certificate; the CA cert is useful if
721 you are using a self-signed server certificate. The Secret must
722 be of type `Opaque` or `kubernetes.io/tls`.
723
724
725 This field is only supported for the `generic` provider.
726 properties:
727 name:
728 description: Name of the referent.
729 type: string
730 required:
731 - name
732 type: object
733 endpoint:
734 description: Endpoint is the object storage address the BucketName
735 is located at.
736 type: string
737 ignore:
738 description: |-
739 Ignore overrides the set of excluded patterns in the .sourceignore format
740 (which is the same as .gitignore). If not provided, a default will be used,
741 consult the documentation for your version to find out what those are.
742 type: string
743 insecure:
744 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
745 type: boolean
746 interval:
747 description: |-
748 Interval at which the Bucket Endpoint is checked for updates.
749 This interval is approximate and may be subject to jitter to ensure
750 efficient use of resources.
751 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
752 type: string
753 prefix:
754 description: Prefix to use for server-side filtering of files in the
755 Bucket.
756 type: string
757 provider:
758 default: generic
759 description: |-
760 Provider of the object storage bucket.
761 Defaults to 'generic', which expects an S3 (API) compatible object
762 storage.
763 enum:
764 - generic
765 - aws
766 - gcp
767 - azure
768 type: string
769 proxySecretRef:
770 description: |-
771 ProxySecretRef specifies the Secret containing the proxy configuration
772 to use while communicating with the Bucket server.
773 properties:
774 name:
775 description: Name of the referent.
776 type: string
777 required:
778 - name
779 type: object
780 region:
781 description: Region of the Endpoint where the BucketName is located
782 in.
783 type: string
784 secretRef:
785 description: |-
786 SecretRef specifies the Secret containing authentication credentials
787 for the Bucket.
788 properties:
789 name:
790 description: Name of the referent.
791 type: string
792 required:
793 - name
794 type: object
795 sts:
796 description: |-
797 STS specifies the required configuration to use a Security Token
798 Service for fetching temporary credentials to authenticate in a
799 Bucket provider.
800
801
802 This field is only supported for the `aws` and `generic` providers.
803 properties:
804 certSecretRef:
805 description: |-
806 CertSecretRef can be given the name of a Secret containing
807 either or both of
808
809
810 - a PEM-encoded client certificate (`tls.crt`) and private
811 key (`tls.key`);
812 - a PEM-encoded CA certificate (`ca.crt`)
813
814
815 and whichever are supplied, will be used for connecting to the
816 STS endpoint. The client cert and key are useful if you are
817 authenticating with a certificate; the CA cert is useful if
818 you are using a self-signed server certificate. The Secret must
819 be of type `Opaque` or `kubernetes.io/tls`.
820
821
822 This field is only supported for the `ldap` provider.
823 properties:
824 name:
825 description: Name of the referent.
826 type: string
827 required:
828 - name
829 type: object
830 endpoint:
831 description: |-
832 Endpoint is the HTTP/S endpoint of the Security Token Service from
833 where temporary credentials will be fetched.
834 pattern: ^(http|https)://.*$
835 type: string
836 provider:
837 description: Provider of the Security Token Service.
838 enum:
839 - aws
840 - ldap
841 type: string
842 secretRef:
843 description: |-
844 SecretRef specifies the Secret containing authentication credentials
845 for the STS endpoint. This Secret must contain the fields `username`
846 and `password` and is supported only for the `ldap` provider.
847 properties:
848 name:
849 description: Name of the referent.
850 type: string
851 required:
852 - name
853 type: object
854 required:
855 - endpoint
856 - provider
857 type: object
858 suspend:
859 description: |-
860 Suspend tells the controller to suspend the reconciliation of this
861 Bucket.
862 type: boolean
863 timeout:
864 default: 60s
865 description: Timeout for fetch operations, defaults to 60s.
866 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
867 type: string
868 required:
869 - bucketName
870 - endpoint
871 - interval
872 type: object
873 x-kubernetes-validations:
874 - message: STS configuration is only supported for the 'aws' and 'generic'
875 Bucket providers
876 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
877 - message: '''aws'' is the only supported STS provider for the ''aws''
878 Bucket provider'
879 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
880 == 'aws'
881 - message: '''ldap'' is the only supported STS provider for the ''generic''
882 Bucket provider'
883 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
884 == 'ldap'
885 - message: spec.sts.secretRef is not required for the 'aws' STS provider
886 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
887 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
888 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
889 status:
890 default:
891 observedGeneration: -1
892 description: BucketStatus records the observed state of a Bucket.
893 properties:
894 artifact:
895 description: Artifact represents the last successful Bucket reconciliation.
896 properties:
897 digest:
898 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
899 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
900 type: string
901 lastUpdateTime:
902 description: |-
903 LastUpdateTime is the timestamp corresponding to the last update of the
904 Artifact.
905 format: date-time
906 type: string
907 metadata:
908 additionalProperties:
909 type: string
910 description: Metadata holds upstream information such as OCI annotations.
911 type: object
912 path:
913 description: |-
914 Path is the relative file path of the Artifact. It can be used to locate
915 the file in the root of the Artifact storage on the local file system of
916 the controller managing the Source.
917 type: string
918 revision:
919 description: |-
920 Revision is a human-readable identifier traceable in the origin source
921 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
922 type: string
923 size:
924 description: Size is the number of bytes in the file.
925 format: int64
926 type: integer
927 url:
928 description: |-
929 URL is the HTTP address of the Artifact as exposed by the controller
930 managing the Source. It can be used to retrieve the Artifact for
931 consumption, e.g. by another controller applying the Artifact contents.
932 type: string
933 required:
934 - lastUpdateTime
935 - path
936 - revision
937 - url
938 type: object
939 conditions:
940 description: Conditions holds the conditions for the Bucket.
941 items:
942 description: "Condition contains details for one aspect of the current
943 state of this API Resource.\n---\nThis struct is intended for
944 direct use as an array at the field path .status.conditions. For
945 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
946 observations of a foo's current state.\n\t // Known .status.conditions.type
947 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
948 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
949 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
950 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
951 \ // other fields\n\t}"
952 properties:
953 lastTransitionTime:
954 description: |-
955 lastTransitionTime is the last time the condition transitioned from one status to another.
956 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
957 format: date-time
958 type: string
959 message:
960 description: |-
961 message is a human readable message indicating details about the transition.
962 This may be an empty string.
963 maxLength: 32768
964 type: string
965 observedGeneration:
966 description: |-
967 observedGeneration represents the .metadata.generation that the condition was set based upon.
968 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
969 with respect to the current state of the instance.
970 format: int64
971 minimum: 0
972 type: integer
973 reason:
974 description: |-
975 reason contains a programmatic identifier indicating the reason for the condition's last transition.
976 Producers of specific condition types may define expected values and meanings for this field,
977 and whether the values are considered a guaranteed API.
978 The value should be a CamelCase string.
979 This field may not be empty.
980 maxLength: 1024
981 minLength: 1
982 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
983 type: string
984 status:
985 description: status of the condition, one of True, False, Unknown.
986 enum:
987 - "True"
988 - "False"
989 - Unknown
990 type: string
991 type:
992 description: |-
993 type of condition in CamelCase or in foo.example.com/CamelCase.
994 ---
995 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
996 useful (see .node.status.conditions), the ability to deconflict is important.
997 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
998 maxLength: 316
999 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1000 type: string
1001 required:
1002 - lastTransitionTime
1003 - message
1004 - reason
1005 - status
1006 - type
1007 type: object
1008 type: array
1009 lastHandledReconcileAt:
1010 description: |-
1011 LastHandledReconcileAt holds the value of the most recent
1012 reconcile request value, so a change of the annotation value
1013 can be detected.
1014 type: string
1015 observedGeneration:
1016 description: ObservedGeneration is the last observed generation of
1017 the Bucket object.
1018 format: int64
1019 type: integer
1020 observedIgnore:
1021 description: |-
1022 ObservedIgnore is the observed exclusion patterns used for constructing
1023 the source artifact.
1024 type: string
1025 url:
1026 description: |-
1027 URL is the dynamic fetch link for the latest Artifact.
1028 It is provided on a "best effort" basis, and using the precise
1029 BucketStatus.Artifact data is recommended.
1030 type: string
1031 type: object
1032 type: object
1033 served: true
1034 storage: false
1035 subresources:
1036 status: {}
View as plain text