...

Text file src/edge-infra.dev/test/fixtures/crds/fluxcd/source.toolkit.fluxcd.io_buckets.yaml

Documentation: edge-infra.dev/test/fixtures/crds/fluxcd

     1---
     2apiVersion: apiextensions.k8s.io/v1
     3kind: CustomResourceDefinition
     4metadata:
     5  annotations:
     6    controller-gen.kubebuilder.io/version: (unknown)
     7  name: buckets.source.toolkit.fluxcd.io
     8spec:
     9  group: source.toolkit.fluxcd.io
    10  names:
    11    kind: Bucket
    12    listKind: BucketList
    13    plural: buckets
    14    singular: bucket
    15  scope: Namespaced
    16  versions:
    17  - additionalPrinterColumns:
    18    - jsonPath: .spec.endpoint
    19      name: Endpoint
    20      type: string
    21    - jsonPath: .metadata.creationTimestamp
    22      name: Age
    23      type: date
    24    - jsonPath: .status.conditions[?(@.type=="Ready")].status
    25      name: Ready
    26      type: string
    27    - jsonPath: .status.conditions[?(@.type=="Ready")].message
    28      name: Status
    29      type: string
    30    name: v1
    31    schema:
    32      openAPIV3Schema:
    33        description: Bucket is the Schema for the buckets API.
    34        properties:
    35          apiVersion:
    36            description: |-
    37              APIVersion defines the versioned schema of this representation of an object.
    38              Servers should convert recognized schemas to the latest internal value, and
    39              may reject unrecognized values.
    40              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
    41            type: string
    42          kind:
    43            description: |-
    44              Kind is a string value representing the REST resource this object represents.
    45              Servers may infer this from the endpoint the client submits requests to.
    46              Cannot be updated.
    47              In CamelCase.
    48              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    49            type: string
    50          metadata:
    51            type: object
    52          spec:
    53            description: |-
    54              BucketSpec specifies the required configuration to produce an Artifact for
    55              an object storage bucket.
    56            properties:
    57              bucketName:
    58                description: BucketName is the name of the object storage bucket.
    59                type: string
    60              certSecretRef:
    61                description: |-
    62                  CertSecretRef can be given the name of a Secret containing
    63                  either or both of
    64
    65
    66                  - a PEM-encoded client certificate (`tls.crt`) and private
    67                  key (`tls.key`);
    68                  - a PEM-encoded CA certificate (`ca.crt`)
    69
    70
    71                  and whichever are supplied, will be used for connecting to the
    72                  bucket. The client cert and key are useful if you are
    73                  authenticating with a certificate; the CA cert is useful if
    74                  you are using a self-signed server certificate. The Secret must
    75                  be of type `Opaque` or `kubernetes.io/tls`.
    76
    77
    78                  This field is only supported for the `generic` provider.
    79                properties:
    80                  name:
    81                    description: Name of the referent.
    82                    type: string
    83                required:
    84                - name
    85                type: object
    86              endpoint:
    87                description: Endpoint is the object storage address the BucketName
    88                  is located at.
    89                type: string
    90              ignore:
    91                description: |-
    92                  Ignore overrides the set of excluded patterns in the .sourceignore format
    93                  (which is the same as .gitignore). If not provided, a default will be used,
    94                  consult the documentation for your version to find out what those are.
    95                type: string
    96              insecure:
    97                description: Insecure allows connecting to a non-TLS HTTP Endpoint.
    98                type: boolean
    99              interval:
   100                description: |-
   101                  Interval at which the Bucket Endpoint is checked for updates.
   102                  This interval is approximate and may be subject to jitter to ensure
   103                  efficient use of resources.
   104                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
   105                type: string
   106              prefix:
   107                description: Prefix to use for server-side filtering of files in the
   108                  Bucket.
   109                type: string
   110              provider:
   111                default: generic
   112                description: |-
   113                  Provider of the object storage bucket.
   114                  Defaults to 'generic', which expects an S3 (API) compatible object
   115                  storage.
   116                enum:
   117                - generic
   118                - aws
   119                - gcp
   120                - azure
   121                type: string
   122              proxySecretRef:
   123                description: |-
   124                  ProxySecretRef specifies the Secret containing the proxy configuration
   125                  to use while communicating with the Bucket server.
   126                properties:
   127                  name:
   128                    description: Name of the referent.
   129                    type: string
   130                required:
   131                - name
   132                type: object
   133              region:
   134                description: Region of the Endpoint where the BucketName is located
   135                  in.
   136                type: string
   137              secretRef:
   138                description: |-
   139                  SecretRef specifies the Secret containing authentication credentials
   140                  for the Bucket.
   141                properties:
   142                  name:
   143                    description: Name of the referent.
   144                    type: string
   145                required:
   146                - name
   147                type: object
   148              sts:
   149                description: |-
   150                  STS specifies the required configuration to use a Security Token
   151                  Service for fetching temporary credentials to authenticate in a
   152                  Bucket provider.
   153
   154
   155                  This field is only supported for the `aws` and `generic` providers.
   156                properties:
   157                  certSecretRef:
   158                    description: |-
   159                      CertSecretRef can be given the name of a Secret containing
   160                      either or both of
   161
   162
   163                      - a PEM-encoded client certificate (`tls.crt`) and private
   164                      key (`tls.key`);
   165                      - a PEM-encoded CA certificate (`ca.crt`)
   166
   167
   168                      and whichever are supplied, will be used for connecting to the
   169                      STS endpoint. The client cert and key are useful if you are
   170                      authenticating with a certificate; the CA cert is useful if
   171                      you are using a self-signed server certificate. The Secret must
   172                      be of type `Opaque` or `kubernetes.io/tls`.
   173
   174
   175                      This field is only supported for the `ldap` provider.
   176                    properties:
   177                      name:
   178                        description: Name of the referent.
   179                        type: string
   180                    required:
   181                    - name
   182                    type: object
   183                  endpoint:
   184                    description: |-
   185                      Endpoint is the HTTP/S endpoint of the Security Token Service from
   186                      where temporary credentials will be fetched.
   187                    pattern: ^(http|https)://.*$
   188                    type: string
   189                  provider:
   190                    description: Provider of the Security Token Service.
   191                    enum:
   192                    - aws
   193                    - ldap
   194                    type: string
   195                  secretRef:
   196                    description: |-
   197                      SecretRef specifies the Secret containing authentication credentials
   198                      for the STS endpoint. This Secret must contain the fields `username`
   199                      and `password` and is supported only for the `ldap` provider.
   200                    properties:
   201                      name:
   202                        description: Name of the referent.
   203                        type: string
   204                    required:
   205                    - name
   206                    type: object
   207                required:
   208                - endpoint
   209                - provider
   210                type: object
   211              suspend:
   212                description: |-
   213                  Suspend tells the controller to suspend the reconciliation of this
   214                  Bucket.
   215                type: boolean
   216              timeout:
   217                default: 60s
   218                description: Timeout for fetch operations, defaults to 60s.
   219                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
   220                type: string
   221            required:
   222            - bucketName
   223            - endpoint
   224            - interval
   225            type: object
   226            x-kubernetes-validations:
   227            - message: STS configuration is only supported for the 'aws' and 'generic'
   228                Bucket providers
   229              rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
   230            - message: '''aws'' is the only supported STS provider for the ''aws''
   231                Bucket provider'
   232              rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
   233                == 'aws'
   234            - message: '''ldap'' is the only supported STS provider for the ''generic''
   235                Bucket provider'
   236              rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
   237                == 'ldap'
   238            - message: spec.sts.secretRef is not required for the 'aws' STS provider
   239              rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
   240            - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
   241              rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
   242          status:
   243            default:
   244              observedGeneration: -1
   245            description: BucketStatus records the observed state of a Bucket.
   246            properties:
   247              artifact:
   248                description: Artifact represents the last successful Bucket reconciliation.
   249                properties:
   250                  digest:
   251                    description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
   252                    pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
   253                    type: string
   254                  lastUpdateTime:
   255                    description: |-
   256                      LastUpdateTime is the timestamp corresponding to the last update of the
   257                      Artifact.
   258                    format: date-time
   259                    type: string
   260                  metadata:
   261                    additionalProperties:
   262                      type: string
   263                    description: Metadata holds upstream information such as OCI annotations.
   264                    type: object
   265                  path:
   266                    description: |-
   267                      Path is the relative file path of the Artifact. It can be used to locate
   268                      the file in the root of the Artifact storage on the local file system of
   269                      the controller managing the Source.
   270                    type: string
   271                  revision:
   272                    description: |-
   273                      Revision is a human-readable identifier traceable in the origin source
   274                      system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
   275                    type: string
   276                  size:
   277                    description: Size is the number of bytes in the file.
   278                    format: int64
   279                    type: integer
   280                  url:
   281                    description: |-
   282                      URL is the HTTP address of the Artifact as exposed by the controller
   283                      managing the Source. It can be used to retrieve the Artifact for
   284                      consumption, e.g. by another controller applying the Artifact contents.
   285                    type: string
   286                required:
   287                - lastUpdateTime
   288                - path
   289                - revision
   290                - url
   291                type: object
   292              conditions:
   293                description: Conditions holds the conditions for the Bucket.
   294                items:
   295                  description: "Condition contains details for one aspect of the current
   296                    state of this API Resource.\n---\nThis struct is intended for
   297                    direct use as an array at the field path .status.conditions.  For
   298                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
   299                    observations of a foo's current state.\n\t    // Known .status.conditions.type
   300                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
   301                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
   302                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
   303                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
   304                    \   // other fields\n\t}"
   305                  properties:
   306                    lastTransitionTime:
   307                      description: |-
   308                        lastTransitionTime is the last time the condition transitioned from one status to another.
   309                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
   310                      format: date-time
   311                      type: string
   312                    message:
   313                      description: |-
   314                        message is a human readable message indicating details about the transition.
   315                        This may be an empty string.
   316                      maxLength: 32768
   317                      type: string
   318                    observedGeneration:
   319                      description: |-
   320                        observedGeneration represents the .metadata.generation that the condition was set based upon.
   321                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
   322                        with respect to the current state of the instance.
   323                      format: int64
   324                      minimum: 0
   325                      type: integer
   326                    reason:
   327                      description: |-
   328                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
   329                        Producers of specific condition types may define expected values and meanings for this field,
   330                        and whether the values are considered a guaranteed API.
   331                        The value should be a CamelCase string.
   332                        This field may not be empty.
   333                      maxLength: 1024
   334                      minLength: 1
   335                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
   336                      type: string
   337                    status:
   338                      description: status of the condition, one of True, False, Unknown.
   339                      enum:
   340                      - "True"
   341                      - "False"
   342                      - Unknown
   343                      type: string
   344                    type:
   345                      description: |-
   346                        type of condition in CamelCase or in foo.example.com/CamelCase.
   347                        ---
   348                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
   349                        useful (see .node.status.conditions), the ability to deconflict is important.
   350                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
   351                      maxLength: 316
   352                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
   353                      type: string
   354                  required:
   355                  - lastTransitionTime
   356                  - message
   357                  - reason
   358                  - status
   359                  - type
   360                  type: object
   361                type: array
   362              lastHandledReconcileAt:
   363                description: |-
   364                  LastHandledReconcileAt holds the value of the most recent
   365                  reconcile request value, so a change of the annotation value
   366                  can be detected.
   367                type: string
   368              observedGeneration:
   369                description: ObservedGeneration is the last observed generation of
   370                  the Bucket object.
   371                format: int64
   372                type: integer
   373              observedIgnore:
   374                description: |-
   375                  ObservedIgnore is the observed exclusion patterns used for constructing
   376                  the source artifact.
   377                type: string
   378              url:
   379                description: |-
   380                  URL is the dynamic fetch link for the latest Artifact.
   381                  It is provided on a "best effort" basis, and using the precise
   382                  BucketStatus.Artifact data is recommended.
   383                type: string
   384            type: object
   385        type: object
   386    served: true
   387    storage: true
   388    subresources:
   389      status: {}
   390  - additionalPrinterColumns:
   391    - jsonPath: .spec.endpoint
   392      name: Endpoint
   393      type: string
   394    - jsonPath: .status.conditions[?(@.type=="Ready")].status
   395      name: Ready
   396      type: string
   397    - jsonPath: .status.conditions[?(@.type=="Ready")].message
   398      name: Status
   399      type: string
   400    - jsonPath: .metadata.creationTimestamp
   401      name: Age
   402      type: date
   403    deprecated: true
   404    deprecationWarning: v1beta1 Bucket is deprecated, upgrade to v1
   405    name: v1beta1
   406    schema:
   407      openAPIV3Schema:
   408        description: Bucket is the Schema for the buckets API
   409        properties:
   410          apiVersion:
   411            description: |-
   412              APIVersion defines the versioned schema of this representation of an object.
   413              Servers should convert recognized schemas to the latest internal value, and
   414              may reject unrecognized values.
   415              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
   416            type: string
   417          kind:
   418            description: |-
   419              Kind is a string value representing the REST resource this object represents.
   420              Servers may infer this from the endpoint the client submits requests to.
   421              Cannot be updated.
   422              In CamelCase.
   423              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
   424            type: string
   425          metadata:
   426            type: object
   427          spec:
   428            description: BucketSpec defines the desired state of an S3 compatible
   429              bucket
   430            properties:
   431              accessFrom:
   432                description: AccessFrom defines an Access Control List for allowing
   433                  cross-namespace references to this object.
   434                properties:
   435                  namespaceSelectors:
   436                    description: |-
   437                      NamespaceSelectors is the list of namespace selectors to which this ACL applies.
   438                      Items in this list are evaluated using a logical OR operation.
   439                    items:
   440                      description: |-
   441                        NamespaceSelector selects the namespaces to which this ACL applies.
   442                        An empty map of MatchLabels matches all namespaces in a cluster.
   443                      properties:
   444                        matchLabels:
   445                          additionalProperties:
   446                            type: string
   447                          description: |-
   448                            MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
   449                            map is equivalent to an element of matchExpressions, whose key field is "key", the
   450                            operator is "In", and the values array contains only "value". The requirements are ANDed.
   451                          type: object
   452                      type: object
   453                    type: array
   454                required:
   455                - namespaceSelectors
   456                type: object
   457              bucketName:
   458                description: The bucket name.
   459                type: string
   460              endpoint:
   461                description: The bucket endpoint address.
   462                type: string
   463              ignore:
   464                description: |-
   465                  Ignore overrides the set of excluded patterns in the .sourceignore format
   466                  (which is the same as .gitignore). If not provided, a default will be used,
   467                  consult the documentation for your version to find out what those are.
   468                type: string
   469              insecure:
   470                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
   471                type: boolean
   472              interval:
   473                description: The interval at which to check for bucket updates.
   474                type: string
   475              provider:
   476                default: generic
   477                description: The S3 compatible storage provider name, default ('generic').
   478                enum:
   479                - generic
   480                - aws
   481                - gcp
   482                type: string
   483              region:
   484                description: The bucket region.
   485                type: string
   486              secretRef:
   487                description: |-
   488                  The name of the secret containing authentication credentials
   489                  for the Bucket.
   490                properties:
   491                  name:
   492                    description: Name of the referent.
   493                    type: string
   494                required:
   495                - name
   496                type: object
   497              suspend:
   498                description: This flag tells the controller to suspend the reconciliation
   499                  of this source.
   500                type: boolean
   501              timeout:
   502                default: 60s
   503                description: The timeout for download operations, defaults to 60s.
   504                type: string
   505            required:
   506            - bucketName
   507            - endpoint
   508            - interval
   509            type: object
   510          status:
   511            default:
   512              observedGeneration: -1
   513            description: BucketStatus defines the observed state of a bucket
   514            properties:
   515              artifact:
   516                description: Artifact represents the output of the last successful
   517                  Bucket sync.
   518                properties:
   519                  checksum:
   520                    description: Checksum is the SHA256 checksum of the artifact.
   521                    type: string
   522                  lastUpdateTime:
   523                    description: |-
   524                      LastUpdateTime is the timestamp corresponding to the last update of this
   525                      artifact.
   526                    format: date-time
   527                    type: string
   528                  path:
   529                    description: Path is the relative file path of this artifact.
   530                    type: string
   531                  revision:
   532                    description: |-
   533                      Revision is a human readable identifier traceable in the origin source
   534                      system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
   535                      chart version, etc.
   536                    type: string
   537                  url:
   538                    description: URL is the HTTP address of this artifact.
   539                    type: string
   540                required:
   541                - path
   542                - url
   543                type: object
   544              conditions:
   545                description: Conditions holds the conditions for the Bucket.
   546                items:
   547                  description: "Condition contains details for one aspect of the current
   548                    state of this API Resource.\n---\nThis struct is intended for
   549                    direct use as an array at the field path .status.conditions.  For
   550                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
   551                    observations of a foo's current state.\n\t    // Known .status.conditions.type
   552                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
   553                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
   554                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
   555                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
   556                    \   // other fields\n\t}"
   557                  properties:
   558                    lastTransitionTime:
   559                      description: |-
   560                        lastTransitionTime is the last time the condition transitioned from one status to another.
   561                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
   562                      format: date-time
   563                      type: string
   564                    message:
   565                      description: |-
   566                        message is a human readable message indicating details about the transition.
   567                        This may be an empty string.
   568                      maxLength: 32768
   569                      type: string
   570                    observedGeneration:
   571                      description: |-
   572                        observedGeneration represents the .metadata.generation that the condition was set based upon.
   573                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
   574                        with respect to the current state of the instance.
   575                      format: int64
   576                      minimum: 0
   577                      type: integer
   578                    reason:
   579                      description: |-
   580                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
   581                        Producers of specific condition types may define expected values and meanings for this field,
   582                        and whether the values are considered a guaranteed API.
   583                        The value should be a CamelCase string.
   584                        This field may not be empty.
   585                      maxLength: 1024
   586                      minLength: 1
   587                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
   588                      type: string
   589                    status:
   590                      description: status of the condition, one of True, False, Unknown.
   591                      enum:
   592                      - "True"
   593                      - "False"
   594                      - Unknown
   595                      type: string
   596                    type:
   597                      description: |-
   598                        type of condition in CamelCase or in foo.example.com/CamelCase.
   599                        ---
   600                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
   601                        useful (see .node.status.conditions), the ability to deconflict is important.
   602                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
   603                      maxLength: 316
   604                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
   605                      type: string
   606                  required:
   607                  - lastTransitionTime
   608                  - message
   609                  - reason
   610                  - status
   611                  - type
   612                  type: object
   613                type: array
   614              lastHandledReconcileAt:
   615                description: |-
   616                  LastHandledReconcileAt holds the value of the most recent
   617                  reconcile request value, so a change of the annotation value
   618                  can be detected.
   619                type: string
   620              observedGeneration:
   621                description: ObservedGeneration is the last observed generation.
   622                format: int64
   623                type: integer
   624              url:
   625                description: URL is the download link for the artifact output of the
   626                  last Bucket sync.
   627                type: string
   628            type: object
   629        type: object
   630    served: true
   631    storage: false
   632    subresources:
   633      status: {}
   634  - additionalPrinterColumns:
   635    - jsonPath: .spec.endpoint
   636      name: Endpoint
   637      type: string
   638    - jsonPath: .metadata.creationTimestamp
   639      name: Age
   640      type: date
   641    - jsonPath: .status.conditions[?(@.type=="Ready")].status
   642      name: Ready
   643      type: string
   644    - jsonPath: .status.conditions[?(@.type=="Ready")].message
   645      name: Status
   646      type: string
   647    deprecated: true
   648    deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
   649    name: v1beta2
   650    schema:
   651      openAPIV3Schema:
   652        description: Bucket is the Schema for the buckets API.
   653        properties:
   654          apiVersion:
   655            description: |-
   656              APIVersion defines the versioned schema of this representation of an object.
   657              Servers should convert recognized schemas to the latest internal value, and
   658              may reject unrecognized values.
   659              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
   660            type: string
   661          kind:
   662            description: |-
   663              Kind is a string value representing the REST resource this object represents.
   664              Servers may infer this from the endpoint the client submits requests to.
   665              Cannot be updated.
   666              In CamelCase.
   667              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
   668            type: string
   669          metadata:
   670            type: object
   671          spec:
   672            description: |-
   673              BucketSpec specifies the required configuration to produce an Artifact for
   674              an object storage bucket.
   675            properties:
   676              accessFrom:
   677                description: |-
   678                  AccessFrom specifies an Access Control List for allowing cross-namespace
   679                  references to this object.
   680                  NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
   681                properties:
   682                  namespaceSelectors:
   683                    description: |-
   684                      NamespaceSelectors is the list of namespace selectors to which this ACL applies.
   685                      Items in this list are evaluated using a logical OR operation.
   686                    items:
   687                      description: |-
   688                        NamespaceSelector selects the namespaces to which this ACL applies.
   689                        An empty map of MatchLabels matches all namespaces in a cluster.
   690                      properties:
   691                        matchLabels:
   692                          additionalProperties:
   693                            type: string
   694                          description: |-
   695                            MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
   696                            map is equivalent to an element of matchExpressions, whose key field is "key", the
   697                            operator is "In", and the values array contains only "value". The requirements are ANDed.
   698                          type: object
   699                      type: object
   700                    type: array
   701                required:
   702                - namespaceSelectors
   703                type: object
   704              bucketName:
   705                description: BucketName is the name of the object storage bucket.
   706                type: string
   707              certSecretRef:
   708                description: |-
   709                  CertSecretRef can be given the name of a Secret containing
   710                  either or both of
   711
   712
   713                  - a PEM-encoded client certificate (`tls.crt`) and private
   714                  key (`tls.key`);
   715                  - a PEM-encoded CA certificate (`ca.crt`)
   716
   717
   718                  and whichever are supplied, will be used for connecting to the
   719                  bucket. The client cert and key are useful if you are
   720                  authenticating with a certificate; the CA cert is useful if
   721                  you are using a self-signed server certificate. The Secret must
   722                  be of type `Opaque` or `kubernetes.io/tls`.
   723
   724
   725                  This field is only supported for the `generic` provider.
   726                properties:
   727                  name:
   728                    description: Name of the referent.
   729                    type: string
   730                required:
   731                - name
   732                type: object
   733              endpoint:
   734                description: Endpoint is the object storage address the BucketName
   735                  is located at.
   736                type: string
   737              ignore:
   738                description: |-
   739                  Ignore overrides the set of excluded patterns in the .sourceignore format
   740                  (which is the same as .gitignore). If not provided, a default will be used,
   741                  consult the documentation for your version to find out what those are.
   742                type: string
   743              insecure:
   744                description: Insecure allows connecting to a non-TLS HTTP Endpoint.
   745                type: boolean
   746              interval:
   747                description: |-
   748                  Interval at which the Bucket Endpoint is checked for updates.
   749                  This interval is approximate and may be subject to jitter to ensure
   750                  efficient use of resources.
   751                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
   752                type: string
   753              prefix:
   754                description: Prefix to use for server-side filtering of files in the
   755                  Bucket.
   756                type: string
   757              provider:
   758                default: generic
   759                description: |-
   760                  Provider of the object storage bucket.
   761                  Defaults to 'generic', which expects an S3 (API) compatible object
   762                  storage.
   763                enum:
   764                - generic
   765                - aws
   766                - gcp
   767                - azure
   768                type: string
   769              proxySecretRef:
   770                description: |-
   771                  ProxySecretRef specifies the Secret containing the proxy configuration
   772                  to use while communicating with the Bucket server.
   773                properties:
   774                  name:
   775                    description: Name of the referent.
   776                    type: string
   777                required:
   778                - name
   779                type: object
   780              region:
   781                description: Region of the Endpoint where the BucketName is located
   782                  in.
   783                type: string
   784              secretRef:
   785                description: |-
   786                  SecretRef specifies the Secret containing authentication credentials
   787                  for the Bucket.
   788                properties:
   789                  name:
   790                    description: Name of the referent.
   791                    type: string
   792                required:
   793                - name
   794                type: object
   795              sts:
   796                description: |-
   797                  STS specifies the required configuration to use a Security Token
   798                  Service for fetching temporary credentials to authenticate in a
   799                  Bucket provider.
   800
   801
   802                  This field is only supported for the `aws` and `generic` providers.
   803                properties:
   804                  certSecretRef:
   805                    description: |-
   806                      CertSecretRef can be given the name of a Secret containing
   807                      either or both of
   808
   809
   810                      - a PEM-encoded client certificate (`tls.crt`) and private
   811                      key (`tls.key`);
   812                      - a PEM-encoded CA certificate (`ca.crt`)
   813
   814
   815                      and whichever are supplied, will be used for connecting to the
   816                      STS endpoint. The client cert and key are useful if you are
   817                      authenticating with a certificate; the CA cert is useful if
   818                      you are using a self-signed server certificate. The Secret must
   819                      be of type `Opaque` or `kubernetes.io/tls`.
   820
   821
   822                      This field is only supported for the `ldap` provider.
   823                    properties:
   824                      name:
   825                        description: Name of the referent.
   826                        type: string
   827                    required:
   828                    - name
   829                    type: object
   830                  endpoint:
   831                    description: |-
   832                      Endpoint is the HTTP/S endpoint of the Security Token Service from
   833                      where temporary credentials will be fetched.
   834                    pattern: ^(http|https)://.*$
   835                    type: string
   836                  provider:
   837                    description: Provider of the Security Token Service.
   838                    enum:
   839                    - aws
   840                    - ldap
   841                    type: string
   842                  secretRef:
   843                    description: |-
   844                      SecretRef specifies the Secret containing authentication credentials
   845                      for the STS endpoint. This Secret must contain the fields `username`
   846                      and `password` and is supported only for the `ldap` provider.
   847                    properties:
   848                      name:
   849                        description: Name of the referent.
   850                        type: string
   851                    required:
   852                    - name
   853                    type: object
   854                required:
   855                - endpoint
   856                - provider
   857                type: object
   858              suspend:
   859                description: |-
   860                  Suspend tells the controller to suspend the reconciliation of this
   861                  Bucket.
   862                type: boolean
   863              timeout:
   864                default: 60s
   865                description: Timeout for fetch operations, defaults to 60s.
   866                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
   867                type: string
   868            required:
   869            - bucketName
   870            - endpoint
   871            - interval
   872            type: object
   873            x-kubernetes-validations:
   874            - message: STS configuration is only supported for the 'aws' and 'generic'
   875                Bucket providers
   876              rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
   877            - message: '''aws'' is the only supported STS provider for the ''aws''
   878                Bucket provider'
   879              rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
   880                == 'aws'
   881            - message: '''ldap'' is the only supported STS provider for the ''generic''
   882                Bucket provider'
   883              rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
   884                == 'ldap'
   885            - message: spec.sts.secretRef is not required for the 'aws' STS provider
   886              rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
   887            - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
   888              rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
   889          status:
   890            default:
   891              observedGeneration: -1
   892            description: BucketStatus records the observed state of a Bucket.
   893            properties:
   894              artifact:
   895                description: Artifact represents the last successful Bucket reconciliation.
   896                properties:
   897                  digest:
   898                    description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
   899                    pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
   900                    type: string
   901                  lastUpdateTime:
   902                    description: |-
   903                      LastUpdateTime is the timestamp corresponding to the last update of the
   904                      Artifact.
   905                    format: date-time
   906                    type: string
   907                  metadata:
   908                    additionalProperties:
   909                      type: string
   910                    description: Metadata holds upstream information such as OCI annotations.
   911                    type: object
   912                  path:
   913                    description: |-
   914                      Path is the relative file path of the Artifact. It can be used to locate
   915                      the file in the root of the Artifact storage on the local file system of
   916                      the controller managing the Source.
   917                    type: string
   918                  revision:
   919                    description: |-
   920                      Revision is a human-readable identifier traceable in the origin source
   921                      system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
   922                    type: string
   923                  size:
   924                    description: Size is the number of bytes in the file.
   925                    format: int64
   926                    type: integer
   927                  url:
   928                    description: |-
   929                      URL is the HTTP address of the Artifact as exposed by the controller
   930                      managing the Source. It can be used to retrieve the Artifact for
   931                      consumption, e.g. by another controller applying the Artifact contents.
   932                    type: string
   933                required:
   934                - lastUpdateTime
   935                - path
   936                - revision
   937                - url
   938                type: object
   939              conditions:
   940                description: Conditions holds the conditions for the Bucket.
   941                items:
   942                  description: "Condition contains details for one aspect of the current
   943                    state of this API Resource.\n---\nThis struct is intended for
   944                    direct use as an array at the field path .status.conditions.  For
   945                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
   946                    observations of a foo's current state.\n\t    // Known .status.conditions.type
   947                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
   948                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
   949                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
   950                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
   951                    \   // other fields\n\t}"
   952                  properties:
   953                    lastTransitionTime:
   954                      description: |-
   955                        lastTransitionTime is the last time the condition transitioned from one status to another.
   956                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
   957                      format: date-time
   958                      type: string
   959                    message:
   960                      description: |-
   961                        message is a human readable message indicating details about the transition.
   962                        This may be an empty string.
   963                      maxLength: 32768
   964                      type: string
   965                    observedGeneration:
   966                      description: |-
   967                        observedGeneration represents the .metadata.generation that the condition was set based upon.
   968                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
   969                        with respect to the current state of the instance.
   970                      format: int64
   971                      minimum: 0
   972                      type: integer
   973                    reason:
   974                      description: |-
   975                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
   976                        Producers of specific condition types may define expected values and meanings for this field,
   977                        and whether the values are considered a guaranteed API.
   978                        The value should be a CamelCase string.
   979                        This field may not be empty.
   980                      maxLength: 1024
   981                      minLength: 1
   982                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
   983                      type: string
   984                    status:
   985                      description: status of the condition, one of True, False, Unknown.
   986                      enum:
   987                      - "True"
   988                      - "False"
   989                      - Unknown
   990                      type: string
   991                    type:
   992                      description: |-
   993                        type of condition in CamelCase or in foo.example.com/CamelCase.
   994                        ---
   995                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
   996                        useful (see .node.status.conditions), the ability to deconflict is important.
   997                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
   998                      maxLength: 316
   999                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
  1000                      type: string
  1001                  required:
  1002                  - lastTransitionTime
  1003                  - message
  1004                  - reason
  1005                  - status
  1006                  - type
  1007                  type: object
  1008                type: array
  1009              lastHandledReconcileAt:
  1010                description: |-
  1011                  LastHandledReconcileAt holds the value of the most recent
  1012                  reconcile request value, so a change of the annotation value
  1013                  can be detected.
  1014                type: string
  1015              observedGeneration:
  1016                description: ObservedGeneration is the last observed generation of
  1017                  the Bucket object.
  1018                format: int64
  1019                type: integer
  1020              observedIgnore:
  1021                description: |-
  1022                  ObservedIgnore is the observed exclusion patterns used for constructing
  1023                  the source artifact.
  1024                type: string
  1025              url:
  1026                description: |-
  1027                  URL is the dynamic fetch link for the latest Artifact.
  1028                  It is provided on a "best effort" basis, and using the precise
  1029                  BucketStatus.Artifact data is recommended.
  1030                type: string
  1031            type: object
  1032        type: object
  1033    served: true
  1034    storage: false
  1035    subresources:
  1036      status: {}

View as plain text