--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: (unknown) name: shipments.warehouse.edge.ncr.com spec: group: warehouse.edge.ncr.com names: kind: Shipment listKind: ShipmentList plural: shipments singular: shipment scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string deprecated: true name: v1alpha1 schema: openAPIV3Schema: description: |- Shipment is one or more Pallets that will be unpacked and scheduled to the cluster. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: creds: description: |- Credentials is an optional secret reference pointing to a secret containing registry credentials. The secret must be of type kubernetes.io/dockerconfigjson properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string type: object x-kubernetes-map-type: atomic force: default: false description: |- Force indicates whether or not objects should be forced by deleting and re-creating when there is a conflict due to immutable fields changing. type: boolean interval: default: 60s description: |- Interval is how often the object will be reconciled, in order to prevent drift. type: string packagePullOptions: description: |- PackagePullOptions are options used to configure pulling packages from remote registry, memory cache or disk layout. properties: pullPolicy: default: Always description: |- PackagePullPolicy is the strategy used to decide when a package should be pulled from remote registry, memory cache or disk layout TODO(aw185176): Support "Never" pull policy. enum: - Always - IfNotPresent type: string type: object pallets: description: |- Pallets is the set of Pallet packages that will be pulled and reconciled, without the base repository string. Each Pallet reference is completed from the Repository field. All Pallets are resolved into a single, deduped graph to ensure that there is no more than one version of a package. How conflicts are resolved is configurable via Resolution items: description: |- BaseArtifact describes a reference to a Warehouse package without a repository that can be embedded in a K8s resource spec. properties: digest: description: |- Digest is the sha256 digest of the OCI artifact to apply to the cluster. Takes precedence over tag if set. type: string name: description: |- Name is the unique Warehouse package name. It is typically equal to the last segment of an image repository string, depending on registry implementation e.g., gcr.io/foo/bar, where bar is the name of the package and gcr.io/foo/bar is the provided Repository string. Or, us-east1-docker.pkg.dev/ret-edge-pltf-infra/warehouse/nested/name where nested/name is the Name and the us-east1-docker.pkg.dev/ret-edge-pltf-infra/warehouse/nested/name is the Repository. An Artifact can not be resolved by Name alone. type: string tag: description: |- Tag is a mutable reference to the OCI artifact to apply. Defaults to "latest" if neither Tag or Digest are set. type: string required: - name type: object minItems: 1 type: array prune: description: |- Prune indicates whether or not objects should be pruned between reconciles or when the object is deleted. You may want to use this for deployments that you really don't want deleted. type: boolean rendering: description: |- Rendering is the configuration controlling how the unpacked K8s manifests are rendered before applying. items: properties: configMapRef: description: |- ConfigMapRef references a K8s ConfigMap to pull parameters from. Mutually exclusive with Variables. properties: name: description: Name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent, when not specified it acts as LocalObjectReference. maxLength: 253 minLength: 1 type: string required: - name type: object mapping: additionalProperties: type: string description: |- Mapping of rendering parameters to specific keys in the referenced ConfigMap, e.g.: {gcp_project_id: gcp.projectId} where 'gcp.projectId' is a key in the ConfigMap. type: object parameters: additionalProperties: type: string description: Parameters are inlined parameters. Mutually exclusive with ConfigMapRef. type: object type: object type: array repo: description: |- Repository is the base path of the image repositories that Pallets will be pulled from. It MUST be the entire repository string up to the Pallet package name, e.g. gcr.io/foo if packages are gcr.io/foo/bar, gcr.io/foo/bax, ... All packages must come from the same repository because resolving the graph of packages may discover the same digest in multiple repositories. This controller won't make value judgements as to which repository should be used in conflict. type: string resolution: description: |- Resolution is the rules for resolving conflicts in the resolved graph for the pallets included in this shipment. By default, a Shipment will be marked Stalled if it references a list of pallets which don't produce a consistent (e.g., no conflicting digests) resolved graph. properties: acceptFirst: description: |- AcceptFirst will accept the first digest it encounters for each package during graph resolution. If the package exists in the graph with a differing digest, it is dropped. This is the simplest way to force a set of conflicting packages to produce a consistent graph, but doesn't provide any additional control type: boolean pins: description: |- Pins are a mapping of package names to digests that are forced during graph resolution, analogous to pinning transitive dependency versions using `replace` directives in a `go.mod` file. items: description: |- Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array type: object retryInterval: default: 10s description: |- RetryInterval is how often to retry previously failed reconciliations. Defaults to Interval if not provided. type: string suspend: description: |- This flag tells the controller to suspend subsequent reconciliations, it does not apply to already started reconciliations. Defaults to false. type: boolean timeout: default: 120s description: |- Timeout is how long the controller will wait for the applied objects to reconcile. type: string unpack: description: UnpackOptions properties: capabilities: description: |- Capabilities are additional runtime layers to apply. If Runtime is set to false, this field must be empty. items: type: string type: array infra: default: false description: Infra is whether or not to schedule infrastructure objects. type: boolean infraNamespace: description: |- InfraNamespace is the K8s namespace the infra objects should be scheduled to. If provided, the metadata.namespace of unpacked infra objects is updated using Kustomize filters on unpack. type: string provider: description: |- Provider is the K8s cluster provider that should be unpacked. By default, it is the same cluster provider that Lumper was scheduled onto. If Runtime is true, this option cannot be set to a value that conflicts with Lumper's startup configuration (e.g., you cannot schedule non-GKE runtime resources to a GKE cluster) type: string runtime: default: false description: |- Runtime determines if runtime resources should be applied. By default, only the base runtime layer is applied. type: boolean type: object required: - force - pallets - prune - repo type: object status: default: observedGeneration: -1 description: |- ShipmentStatus contains the readiness of the reconciled resources and an inventory of currently applied resources. properties: conditions: items: description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t \ // other fields\n\t}" properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: |- type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array inventory: description: Inventory is the K8s resources that this object manages. properties: entries: description: Entries of Kubernetes resource object references. items: description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: description: |- ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. type: string v: description: Version is the API version of the Kubernetes resource object's kind. type: string required: - id - v type: object type: array type: object lastApplied: description: LastApplied is the last set of resolved artifacts that were applied. items: description: |- Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array lastAttempted: description: |- LastAttempted is the last set of resolved artifacts that the controller attempted to apply. items: description: |- Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs or reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array lastHandledReconcileAt: description: |- LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. type: string observedGeneration: format: int64 type: integer type: object type: object served: true storage: false subresources: status: {} - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string name: v1alpha2 schema: openAPIV3Schema: description: |- Shipment is one or more Pallets that will be unpacked and scheduled to the cluster. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: creds: description: |- Credentials is an optional secret reference pointing to a secret containing registry credentials. The secret must be of type kubernetes.io/dockerconfigjson properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string type: object x-kubernetes-map-type: atomic force: default: false description: |- Force indicates whether or not objects should be forced by deleting and re-creating when there is a conflict due to immutable fields changing. type: boolean interval: default: 60s description: |- Interval is how often the object will be reconciled, in order to prevent drift. type: string packagePullOptions: description: |- PackagePullOptions are options used to configure pulling packages from remote registry, memory cache or disk layout. properties: pullPolicy: default: Always description: |- PackagePullPolicy is the strategy used to decide when a package should be pulled from remote registry, memory cache or disk layout TODO(aw185176): Support "Never" pull policy. enum: - Always - IfNotPresent type: string type: object pallets: description: |- Pallets is the set of Pallet packages that will be pulled and reconciled, without the base repository string. Each Pallet reference is completed from the Repository field. All Pallets are resolved into a single, deduped graph to ensure that there is no more than one version of a package. How conflicts are resolved is configurable via Resolution items: description: |- BaseArtifact describes a reference to a Warehouse package without a repository that can be embedded in a K8s resource spec. properties: digest: description: |- Digest is the sha256 digest of the OCI artifact to apply to the cluster. Takes precedence over tag if set. type: string name: description: |- Name is the unique Warehouse package name. It is typically equal to the last segment of an image repository string, depending on registry implementation e.g., gcr.io/foo/bar, where bar is the name of the package and gcr.io/foo/bar is the provided Repository string. Or, us-east1-docker.pkg.dev/ret-edge-pltf-infra/warehouse/nested/name where nested/name is the Name and the us-east1-docker.pkg.dev/ret-edge-pltf-infra/warehouse/nested/name is the Repository. An Artifact can not be resolved by Name alone. type: string tag: description: |- Tag is a mutable reference to the OCI artifact to apply. Defaults to "latest" if neither Tag or Digest are set. type: string required: - name type: object minItems: 1 type: array prune: description: |- Prune indicates whether or not objects should be pruned between reconciles or when the object is deleted. You may want to use this for deployments that you really don't want deleted. type: boolean rendering: description: |- Rendering is the configuration controlling how the unpacked K8s manifests are rendered before applying. items: properties: configMapRef: description: |- ConfigMapRef references a K8s ConfigMap to pull parameters from. Mutually exclusive with Variables. properties: name: description: Name of the referent. maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent, when not specified it acts as LocalObjectReference. maxLength: 253 minLength: 1 type: string required: - name type: object mapping: additionalProperties: type: string description: |- Mapping of rendering parameters to specific keys in the referenced ConfigMap, e.g.: {gcp_project_id: gcp.projectId} where 'gcp.projectId' is a key in the ConfigMap. type: object parameters: additionalProperties: type: string description: Parameters are inlined parameters. Mutually exclusive with ConfigMapRef. type: object type: object type: array repo: description: |- Repository is the base path of the image repositories that Pallets will be pulled from. It MUST be the entire repository string up to the Pallet package name, e.g. gcr.io/foo if packages are gcr.io/foo/bar, gcr.io/foo/bax, ... All packages must come from the same repository because resolving the graph of packages may discover the same digest in multiple repositories. This controller won't make value judgements as to which repository should be used in conflict. type: string resolution: description: |- Resolution is the rules for resolving conflicts in the resolved graph for the pallets included in this shipment. By default, a Shipment will be marked Stalled if it references a list of pallets which don't produce a consistent (e.g., no conflicting digests) resolved graph. properties: acceptFirst: description: |- AcceptFirst will accept the first digest it encounters for each package during graph resolution. If the package exists in the graph with a differing digest, it is dropped. This is the simplest way to force a set of conflicting packages to produce a consistent graph, but doesn't provide any additional control type: boolean pins: description: |- Pins are a mapping of package names to digests that are forced during graph resolution, analogous to pinning transitive dependency versions using `replace` directives in a `go.mod` file. items: description: |- Pin is a specific digest associated with a package name, used to "pin" the package to that digest when resolving package graphs properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string required: - digest - name - resolvedDigest type: object type: array type: object retryInterval: default: 10s description: |- RetryInterval is how often to retry previously failed reconciliations. Defaults to Interval if not provided. type: string suspend: description: |- This flag tells the controller to suspend subsequent reconciliations, it does not apply to already started reconciliations. Defaults to false. type: boolean timeout: default: 120s description: |- Timeout is how long the controller will wait for the applied objects to reconcile. type: string unpack: description: UnpackOptions properties: capabilities: description: |- Capabilities are additional runtime layers to apply. If Runtime is set to false, this field must be empty. items: type: string type: array infra: default: false description: Infra is whether or not to schedule infrastructure objects. type: boolean infraNamespace: description: |- InfraNamespace is the K8s namespace the infra objects should be scheduled to. If provided, the metadata.namespace of unpacked infra objects is updated using Kustomize filters on unpack. type: string provider: description: |- Provider is the K8s cluster provider that should be unpacked. By default, it is the same cluster provider that Lumper was scheduled onto. If Runtime is true, this option cannot be set to a value that conflicts with Lumper's startup configuration (e.g., you cannot schedule non-GKE runtime resources to a GKE cluster) type: string runtime: default: false description: |- Runtime determines if runtime resources should be applied. By default, only the base runtime layer is applied. type: boolean type: object required: - force - pallets - prune - repo type: object status: default: observedGeneration: -1 description: |- ShipmentStatus contains the readiness of the reconciled resources and an inventory of currently applied resources. properties: conditions: items: description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t \ // other fields\n\t}" properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: |- type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array inventory: description: Inventory is the K8s resources that this object manages. properties: entries: description: Entries of Kubernetes resource object references. items: description: ResourceRef contains the information necessary to locate a resource within a cluster. properties: id: description: |- ID is the string representation of the Kubernetes resource object's metadata, in the format '___'. type: string v: description: Version is the API version of the Kubernetes resource object's kind. type: string required: - id - v type: object type: array type: object lastApplied: description: LastApplied is the last set of resolved artifacts that were applied. items: description: |- ResolvedArtifact is a specific digest associated with a package name, used reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string version: description: |- Version is the full semver of the package, e.g. `0.18.0-rc.1711660462+commit.eba956b`. It is based on the "org.opencontainers.image.version" annotation on the OCI image type: string required: - digest - name - resolvedDigest type: object type: array lastAttempted: description: |- LastAttempted is the last set of resolved artifacts that the controller attempted to apply. items: description: |- ResolvedArtifact is a specific digest associated with a package name, used reflect the result of a resolved set of packages. properties: digest: description: Digest is the digest for the package reference (e.g., `shoot:latest`, Pallet.Digest()) type: string name: type: string resolvedDigest: description: |- ResolvedDigest is the digest of the provider-specific variant pulled from the package based on where it is being scheduled. type: string version: description: |- Version is the full semver of the package, e.g. `0.18.0-rc.1711660462+commit.eba956b`. It is based on the "org.opencontainers.image.version" annotation on the OCI image type: string required: - digest - name - resolvedDigest type: object type: array lastHandledReconcileAt: description: |- LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. type: string observedGeneration: format: int64 type: integer type: object type: object served: true storage: true subresources: status: {}