...

Text file src/edge-infra.dev/test/fixtures/crds/fluxcd/source.toolkit.fluxcd.io_ocirepositories.yaml

Documentation: edge-infra.dev/test/fixtures/crds/fluxcd

     1---
     2apiVersion: apiextensions.k8s.io/v1
     3kind: CustomResourceDefinition
     4metadata:
     5  annotations:
     6    controller-gen.kubebuilder.io/version: (unknown)
     7  name: ocirepositories.source.toolkit.fluxcd.io
     8spec:
     9  group: source.toolkit.fluxcd.io
    10  names:
    11    kind: OCIRepository
    12    listKind: OCIRepositoryList
    13    plural: ocirepositories
    14    shortNames:
    15    - ocirepo
    16    singular: ocirepository
    17  scope: Namespaced
    18  versions:
    19  - additionalPrinterColumns:
    20    - jsonPath: .spec.url
    21      name: URL
    22      type: string
    23    - jsonPath: .status.conditions[?(@.type=="Ready")].status
    24      name: Ready
    25      type: string
    26    - jsonPath: .status.conditions[?(@.type=="Ready")].message
    27      name: Status
    28      type: string
    29    - jsonPath: .metadata.creationTimestamp
    30      name: Age
    31      type: date
    32    name: v1beta2
    33    schema:
    34      openAPIV3Schema:
    35        description: OCIRepository is the Schema for the ocirepositories API
    36        properties:
    37          apiVersion:
    38            description: |-
    39              APIVersion defines the versioned schema of this representation of an object.
    40              Servers should convert recognized schemas to the latest internal value, and
    41              may reject unrecognized values.
    42              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
    43            type: string
    44          kind:
    45            description: |-
    46              Kind is a string value representing the REST resource this object represents.
    47              Servers may infer this from the endpoint the client submits requests to.
    48              Cannot be updated.
    49              In CamelCase.
    50              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    51            type: string
    52          metadata:
    53            type: object
    54          spec:
    55            description: OCIRepositorySpec defines the desired state of OCIRepository
    56            properties:
    57              certSecretRef:
    58                description: |-
    59                  CertSecretRef can be given the name of a Secret containing
    60                  either or both of
    61
    62
    63                  - a PEM-encoded client certificate (`tls.crt`) and private
    64                  key (`tls.key`);
    65                  - a PEM-encoded CA certificate (`ca.crt`)
    66
    67
    68                  and whichever are supplied, will be used for connecting to the
    69                  registry. The client cert and key are useful if you are
    70                  authenticating with a certificate; the CA cert is useful if
    71                  you are using a self-signed server certificate. The Secret must
    72                  be of type `Opaque` or `kubernetes.io/tls`.
    73
    74
    75                  Note: Support for the `caFile`, `certFile` and `keyFile` keys have
    76                  been deprecated.
    77                properties:
    78                  name:
    79                    description: Name of the referent.
    80                    type: string
    81                required:
    82                - name
    83                type: object
    84              ignore:
    85                description: |-
    86                  Ignore overrides the set of excluded patterns in the .sourceignore format
    87                  (which is the same as .gitignore). If not provided, a default will be used,
    88                  consult the documentation for your version to find out what those are.
    89                type: string
    90              insecure:
    91                description: Insecure allows connecting to a non-TLS HTTP container
    92                  registry.
    93                type: boolean
    94              interval:
    95                description: |-
    96                  Interval at which the OCIRepository URL is checked for updates.
    97                  This interval is approximate and may be subject to jitter to ensure
    98                  efficient use of resources.
    99                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
   100                type: string
   101              layerSelector:
   102                description: |-
   103                  LayerSelector specifies which layer should be extracted from the OCI artifact.
   104                  When not specified, the first layer found in the artifact is selected.
   105                properties:
   106                  mediaType:
   107                    description: |-
   108                      MediaType specifies the OCI media type of the layer
   109                      which should be extracted from the OCI Artifact. The
   110                      first layer matching this type is selected.
   111                    type: string
   112                  operation:
   113                    description: |-
   114                      Operation specifies how the selected layer should be processed.
   115                      By default, the layer compressed content is extracted to storage.
   116                      When the operation is set to 'copy', the layer compressed content
   117                      is persisted to storage as it is.
   118                    enum:
   119                    - extract
   120                    - copy
   121                    type: string
   122                type: object
   123              provider:
   124                default: generic
   125                description: |-
   126                  The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
   127                  When not specified, defaults to 'generic'.
   128                enum:
   129                - generic
   130                - aws
   131                - azure
   132                - gcp
   133                type: string
   134              proxySecretRef:
   135                description: |-
   136                  ProxySecretRef specifies the Secret containing the proxy configuration
   137                  to use while communicating with the container registry.
   138                properties:
   139                  name:
   140                    description: Name of the referent.
   141                    type: string
   142                required:
   143                - name
   144                type: object
   145              ref:
   146                description: |-
   147                  The OCI reference to pull and monitor for changes,
   148                  defaults to the latest tag.
   149                properties:
   150                  digest:
   151                    description: |-
   152                      Digest is the image digest to pull, takes precedence over SemVer.
   153                      The value should be in the format 'sha256:<HASH>'.
   154                    type: string
   155                  semver:
   156                    description: |-
   157                      SemVer is the range of tags to pull selecting the latest within
   158                      the range, takes precedence over Tag.
   159                    type: string
   160                  semverFilter:
   161                    description: SemverFilter is a regex pattern to filter the tags
   162                      within the SemVer range.
   163                    type: string
   164                  tag:
   165                    description: Tag is the image tag to pull, defaults to latest.
   166                    type: string
   167                type: object
   168              secretRef:
   169                description: |-
   170                  SecretRef contains the secret name containing the registry login
   171                  credentials to resolve image metadata.
   172                  The secret must be of type kubernetes.io/dockerconfigjson.
   173                properties:
   174                  name:
   175                    description: Name of the referent.
   176                    type: string
   177                required:
   178                - name
   179                type: object
   180              serviceAccountName:
   181                description: |-
   182                  ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
   183                  the image pull if the service account has attached pull secrets. For more information:
   184                  https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
   185                type: string
   186              suspend:
   187                description: This flag tells the controller to suspend the reconciliation
   188                  of this source.
   189                type: boolean
   190              timeout:
   191                default: 60s
   192                description: The timeout for remote OCI Repository operations like
   193                  pulling, defaults to 60s.
   194                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
   195                type: string
   196              url:
   197                description: |-
   198                  URL is a reference to an OCI artifact repository hosted
   199                  on a remote container registry.
   200                pattern: ^oci://.*$
   201                type: string
   202              verify:
   203                description: |-
   204                  Verify contains the secret name containing the trusted public keys
   205                  used to verify the signature and specifies which provider to use to check
   206                  whether OCI image is authentic.
   207                properties:
   208                  matchOIDCIdentity:
   209                    description: |-
   210                      MatchOIDCIdentity specifies the identity matching criteria to use
   211                      while verifying an OCI artifact which was signed using Cosign keyless
   212                      signing. The artifact's identity is deemed to be verified if any of the
   213                      specified matchers match against the identity.
   214                    items:
   215                      description: |-
   216                        OIDCIdentityMatch specifies options for verifying the certificate identity,
   217                        i.e. the issuer and the subject of the certificate.
   218                      properties:
   219                        issuer:
   220                          description: |-
   221                            Issuer specifies the regex pattern to match against to verify
   222                            the OIDC issuer in the Fulcio certificate. The pattern must be a
   223                            valid Go regular expression.
   224                          type: string
   225                        subject:
   226                          description: |-
   227                            Subject specifies the regex pattern to match against to verify
   228                            the identity subject in the Fulcio certificate. The pattern must
   229                            be a valid Go regular expression.
   230                          type: string
   231                      required:
   232                      - issuer
   233                      - subject
   234                      type: object
   235                    type: array
   236                  provider:
   237                    default: cosign
   238                    description: Provider specifies the technology used to sign the
   239                      OCI Artifact.
   240                    enum:
   241                    - cosign
   242                    - notation
   243                    type: string
   244                  secretRef:
   245                    description: |-
   246                      SecretRef specifies the Kubernetes Secret containing the
   247                      trusted public keys.
   248                    properties:
   249                      name:
   250                        description: Name of the referent.
   251                        type: string
   252                    required:
   253                    - name
   254                    type: object
   255                required:
   256                - provider
   257                type: object
   258            required:
   259            - interval
   260            - url
   261            type: object
   262          status:
   263            default:
   264              observedGeneration: -1
   265            description: OCIRepositoryStatus defines the observed state of OCIRepository
   266            properties:
   267              artifact:
   268                description: Artifact represents the output of the last successful
   269                  OCI Repository sync.
   270                properties:
   271                  digest:
   272                    description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
   273                    pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
   274                    type: string
   275                  lastUpdateTime:
   276                    description: |-
   277                      LastUpdateTime is the timestamp corresponding to the last update of the
   278                      Artifact.
   279                    format: date-time
   280                    type: string
   281                  metadata:
   282                    additionalProperties:
   283                      type: string
   284                    description: Metadata holds upstream information such as OCI annotations.
   285                    type: object
   286                  path:
   287                    description: |-
   288                      Path is the relative file path of the Artifact. It can be used to locate
   289                      the file in the root of the Artifact storage on the local file system of
   290                      the controller managing the Source.
   291                    type: string
   292                  revision:
   293                    description: |-
   294                      Revision is a human-readable identifier traceable in the origin source
   295                      system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
   296                    type: string
   297                  size:
   298                    description: Size is the number of bytes in the file.
   299                    format: int64
   300                    type: integer
   301                  url:
   302                    description: |-
   303                      URL is the HTTP address of the Artifact as exposed by the controller
   304                      managing the Source. It can be used to retrieve the Artifact for
   305                      consumption, e.g. by another controller applying the Artifact contents.
   306                    type: string
   307                required:
   308                - lastUpdateTime
   309                - path
   310                - revision
   311                - url
   312                type: object
   313              conditions:
   314                description: Conditions holds the conditions for the OCIRepository.
   315                items:
   316                  description: "Condition contains details for one aspect of the current
   317                    state of this API Resource.\n---\nThis struct is intended for
   318                    direct use as an array at the field path .status.conditions.  For
   319                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
   320                    observations of a foo's current state.\n\t    // Known .status.conditions.type
   321                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
   322                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
   323                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
   324                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
   325                    \   // other fields\n\t}"
   326                  properties:
   327                    lastTransitionTime:
   328                      description: |-
   329                        lastTransitionTime is the last time the condition transitioned from one status to another.
   330                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
   331                      format: date-time
   332                      type: string
   333                    message:
   334                      description: |-
   335                        message is a human readable message indicating details about the transition.
   336                        This may be an empty string.
   337                      maxLength: 32768
   338                      type: string
   339                    observedGeneration:
   340                      description: |-
   341                        observedGeneration represents the .metadata.generation that the condition was set based upon.
   342                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
   343                        with respect to the current state of the instance.
   344                      format: int64
   345                      minimum: 0
   346                      type: integer
   347                    reason:
   348                      description: |-
   349                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
   350                        Producers of specific condition types may define expected values and meanings for this field,
   351                        and whether the values are considered a guaranteed API.
   352                        The value should be a CamelCase string.
   353                        This field may not be empty.
   354                      maxLength: 1024
   355                      minLength: 1
   356                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
   357                      type: string
   358                    status:
   359                      description: status of the condition, one of True, False, Unknown.
   360                      enum:
   361                      - "True"
   362                      - "False"
   363                      - Unknown
   364                      type: string
   365                    type:
   366                      description: |-
   367                        type of condition in CamelCase or in foo.example.com/CamelCase.
   368                        ---
   369                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
   370                        useful (see .node.status.conditions), the ability to deconflict is important.
   371                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
   372                      maxLength: 316
   373                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
   374                      type: string
   375                  required:
   376                  - lastTransitionTime
   377                  - message
   378                  - reason
   379                  - status
   380                  - type
   381                  type: object
   382                type: array
   383              contentConfigChecksum:
   384                description: |-
   385                  ContentConfigChecksum is a checksum of all the configurations related to
   386                  the content of the source artifact:
   387                   - .spec.ignore
   388                   - .spec.layerSelector
   389                  observed in .status.observedGeneration version of the object. This can
   390                  be used to determine if the content configuration has changed and the
   391                  artifact needs to be rebuilt.
   392                  It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
   393
   394
   395                  Deprecated: Replaced with explicit fields for observed artifact content
   396                  config in the status.
   397                type: string
   398              lastHandledReconcileAt:
   399                description: |-
   400                  LastHandledReconcileAt holds the value of the most recent
   401                  reconcile request value, so a change of the annotation value
   402                  can be detected.
   403                type: string
   404              observedGeneration:
   405                description: ObservedGeneration is the last observed generation.
   406                format: int64
   407                type: integer
   408              observedIgnore:
   409                description: |-
   410                  ObservedIgnore is the observed exclusion patterns used for constructing
   411                  the source artifact.
   412                type: string
   413              observedLayerSelector:
   414                description: |-
   415                  ObservedLayerSelector is the observed layer selector used for constructing
   416                  the source artifact.
   417                properties:
   418                  mediaType:
   419                    description: |-
   420                      MediaType specifies the OCI media type of the layer
   421                      which should be extracted from the OCI Artifact. The
   422                      first layer matching this type is selected.
   423                    type: string
   424                  operation:
   425                    description: |-
   426                      Operation specifies how the selected layer should be processed.
   427                      By default, the layer compressed content is extracted to storage.
   428                      When the operation is set to 'copy', the layer compressed content
   429                      is persisted to storage as it is.
   430                    enum:
   431                    - extract
   432                    - copy
   433                    type: string
   434                type: object
   435              url:
   436                description: URL is the download link for the artifact output of the
   437                  last OCI Repository sync.
   438                type: string
   439            type: object
   440        type: object
   441    served: true
   442    storage: true
   443    subresources:
   444      status: {}

View as plain text