1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 controller-gen.kubebuilder.io/version: v0.16.1
6 labels:
7 app.kubernetes.io/component: image-automation-controller
8 app.kubernetes.io/part-of: flux
9 name: imageupdateautomations.image.toolkit.fluxcd.io
10spec:
11 group: image.toolkit.fluxcd.io
12 names:
13 kind: ImageUpdateAutomation
14 listKind: ImageUpdateAutomationList
15 plural: imageupdateautomations
16 singular: imageupdateautomation
17 scope: Namespaced
18 versions:
19 - additionalPrinterColumns:
20 - jsonPath: .status.lastAutomationRunTime
21 name: Last run
22 type: string
23 deprecated: true
24 deprecationWarning: v1beta1 ImageUpdateAutomation is deprecated, upgrade to v1beta2
25 name: v1beta1
26 schema:
27 openAPIV3Schema:
28 description: ImageUpdateAutomation is the Schema for the imageupdateautomations
29 API
30 properties:
31 apiVersion:
32 description: |-
33 APIVersion defines the versioned schema of this representation of an object.
34 Servers should convert recognized schemas to the latest internal value, and
35 may reject unrecognized values.
36 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
37 type: string
38 kind:
39 description: |-
40 Kind is a string value representing the REST resource this object represents.
41 Servers may infer this from the endpoint the client submits requests to.
42 Cannot be updated.
43 In CamelCase.
44 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
45 type: string
46 metadata:
47 type: object
48 spec:
49 description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation
50 properties:
51 git:
52 description: |-
53 GitSpec contains all the git-specific definitions. This is
54 technically optional, but in practice mandatory until there are
55 other kinds of source allowed.
56 properties:
57 checkout:
58 description: |-
59 Checkout gives the parameters for cloning the git repository,
60 ready to make changes. If not present, the `spec.ref` field from the
61 referenced `GitRepository` or its default will be used.
62 properties:
63 ref:
64 description: |-
65 Reference gives a branch, tag or commit to clone from the Git
66 repository.
67 properties:
68 branch:
69 description: Branch to check out, defaults to 'master'
70 if no other field is defined.
71 type: string
72 commit:
73 description: |-
74 Commit SHA to check out, takes precedence over all reference fields.
75
76 This can be combined with Branch to shallow clone the branch, in which
77 the commit is expected to exist.
78 type: string
79 name:
80 description: |-
81 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
82
83 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
84 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
85 type: string
86 semver:
87 description: SemVer tag expression to check out, takes
88 precedence over Tag.
89 type: string
90 tag:
91 description: Tag to check out, takes precedence over Branch.
92 type: string
93 type: object
94 required:
95 - ref
96 type: object
97 commit:
98 description: Commit specifies how to commit to the git repository.
99 properties:
100 author:
101 description: |-
102 Author gives the email and optionally the name to use as the
103 author of commits.
104 properties:
105 email:
106 description: Email gives the email to provide when making
107 a commit.
108 type: string
109 name:
110 description: Name gives the name to provide when making
111 a commit.
112 type: string
113 required:
114 - email
115 type: object
116 messageTemplate:
117 description: |-
118 MessageTemplate provides a template for the commit message,
119 into which will be interpolated the details of the change made.
120 type: string
121 signingKey:
122 description: SigningKey provides the option to sign commits
123 with a GPG key
124 properties:
125 secretRef:
126 description: |-
127 SecretRef holds the name to a secret that contains a 'git.asc' key
128 corresponding to the ASCII Armored file containing the GPG signing
129 keypair as the value. It must be in the same namespace as the
130 ImageUpdateAutomation.
131 properties:
132 name:
133 description: Name of the referent.
134 type: string
135 required:
136 - name
137 type: object
138 required:
139 - secretRef
140 type: object
141 required:
142 - author
143 type: object
144 push:
145 description: |-
146 Push specifies how and where to push commits made by the
147 automation. If missing, commits are pushed (back) to
148 `.spec.checkout.branch` or its default.
149 properties:
150 branch:
151 description: |-
152 Branch specifies that commits should be pushed to the branch
153 named. The branch is created using `.spec.checkout.branch` as the
154 starting point, if it doesn't already exist.
155 type: string
156 options:
157 additionalProperties:
158 type: string
159 description: |-
160 Options specifies the push options that are sent to the Git
161 server when performing a push operation. For details, see:
162 https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
163 type: object
164 refspec:
165 description: |-
166 Refspec specifies the Git Refspec to use for a push operation.
167 If both Branch and Refspec are provided, then the commit is pushed
168 to the branch and also using the specified refspec.
169 For more details about Git Refspecs, see:
170 https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
171 type: string
172 type: object
173 required:
174 - commit
175 type: object
176 interval:
177 description: |-
178 Interval gives an lower bound for how often the automation
179 run should be attempted.
180 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
181 type: string
182 sourceRef:
183 description: |-
184 SourceRef refers to the resource giving access details
185 to a git repository.
186 properties:
187 apiVersion:
188 description: API version of the referent.
189 type: string
190 kind:
191 default: GitRepository
192 description: Kind of the referent.
193 enum:
194 - GitRepository
195 type: string
196 name:
197 description: Name of the referent.
198 type: string
199 namespace:
200 description: Namespace of the referent, defaults to the namespace
201 of the Kubernetes resource object that contains the reference.
202 type: string
203 required:
204 - kind
205 - name
206 type: object
207 suspend:
208 description: |-
209 Suspend tells the controller to not run this automation, until
210 it is unset (or set to false). Defaults to false.
211 type: boolean
212 update:
213 default:
214 strategy: Setters
215 description: |-
216 Update gives the specification for how to update the files in
217 the repository. This can be left empty, to use the default
218 value.
219 properties:
220 path:
221 description: |-
222 Path to the directory containing the manifests to be updated.
223 Defaults to 'None', which translates to the root path
224 of the GitRepositoryRef.
225 type: string
226 strategy:
227 default: Setters
228 description: Strategy names the strategy to be used.
229 enum:
230 - Setters
231 type: string
232 required:
233 - strategy
234 type: object
235 required:
236 - interval
237 - sourceRef
238 type: object
239 status:
240 default:
241 observedGeneration: -1
242 description: ImageUpdateAutomationStatus defines the observed state of
243 ImageUpdateAutomation
244 properties:
245 conditions:
246 items:
247 description: Condition contains details for one aspect of the current
248 state of this API Resource.
249 properties:
250 lastTransitionTime:
251 description: |-
252 lastTransitionTime is the last time the condition transitioned from one status to another.
253 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
254 format: date-time
255 type: string
256 message:
257 description: |-
258 message is a human readable message indicating details about the transition.
259 This may be an empty string.
260 maxLength: 32768
261 type: string
262 observedGeneration:
263 description: |-
264 observedGeneration represents the .metadata.generation that the condition was set based upon.
265 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
266 with respect to the current state of the instance.
267 format: int64
268 minimum: 0
269 type: integer
270 reason:
271 description: |-
272 reason contains a programmatic identifier indicating the reason for the condition's last transition.
273 Producers of specific condition types may define expected values and meanings for this field,
274 and whether the values are considered a guaranteed API.
275 The value should be a CamelCase string.
276 This field may not be empty.
277 maxLength: 1024
278 minLength: 1
279 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
280 type: string
281 status:
282 description: status of the condition, one of True, False, Unknown.
283 enum:
284 - "True"
285 - "False"
286 - Unknown
287 type: string
288 type:
289 description: type of condition in CamelCase or in foo.example.com/CamelCase.
290 maxLength: 316
291 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
292 type: string
293 required:
294 - lastTransitionTime
295 - message
296 - reason
297 - status
298 - type
299 type: object
300 type: array
301 lastAutomationRunTime:
302 description: |-
303 LastAutomationRunTime records the last time the controller ran
304 this automation through to completion (even if no updates were
305 made).
306 format: date-time
307 type: string
308 lastHandledReconcileAt:
309 description: |-
310 LastHandledReconcileAt holds the value of the most recent
311 reconcile request value, so a change of the annotation value
312 can be detected.
313 type: string
314 lastPushCommit:
315 description: |-
316 LastPushCommit records the SHA1 of the last commit made by the
317 controller, for this automation object
318 type: string
319 lastPushTime:
320 description: LastPushTime records the time of the last pushed change.
321 format: date-time
322 type: string
323 observedGeneration:
324 format: int64
325 type: integer
326 type: object
327 type: object
328 served: true
329 storage: false
330 subresources:
331 status: {}
332 - additionalPrinterColumns:
333 - jsonPath: .status.lastAutomationRunTime
334 name: Last run
335 type: string
336 name: v1beta2
337 schema:
338 openAPIV3Schema:
339 description: ImageUpdateAutomation is the Schema for the imageupdateautomations
340 API
341 properties:
342 apiVersion:
343 description: |-
344 APIVersion defines the versioned schema of this representation of an object.
345 Servers should convert recognized schemas to the latest internal value, and
346 may reject unrecognized values.
347 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
348 type: string
349 kind:
350 description: |-
351 Kind is a string value representing the REST resource this object represents.
352 Servers may infer this from the endpoint the client submits requests to.
353 Cannot be updated.
354 In CamelCase.
355 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
356 type: string
357 metadata:
358 type: object
359 spec:
360 description: ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation
361 properties:
362 git:
363 description: |-
364 GitSpec contains all the git-specific definitions. This is
365 technically optional, but in practice mandatory until there are
366 other kinds of source allowed.
367 properties:
368 checkout:
369 description: |-
370 Checkout gives the parameters for cloning the git repository,
371 ready to make changes. If not present, the `spec.ref` field from the
372 referenced `GitRepository` or its default will be used.
373 properties:
374 ref:
375 description: |-
376 Reference gives a branch, tag or commit to clone from the Git
377 repository.
378 properties:
379 branch:
380 description: Branch to check out, defaults to 'master'
381 if no other field is defined.
382 type: string
383 commit:
384 description: |-
385 Commit SHA to check out, takes precedence over all reference fields.
386
387 This can be combined with Branch to shallow clone the branch, in which
388 the commit is expected to exist.
389 type: string
390 name:
391 description: |-
392 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
393
394 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
395 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
396 type: string
397 semver:
398 description: SemVer tag expression to check out, takes
399 precedence over Tag.
400 type: string
401 tag:
402 description: Tag to check out, takes precedence over Branch.
403 type: string
404 type: object
405 required:
406 - ref
407 type: object
408 commit:
409 description: Commit specifies how to commit to the git repository.
410 properties:
411 author:
412 description: |-
413 Author gives the email and optionally the name to use as the
414 author of commits.
415 properties:
416 email:
417 description: Email gives the email to provide when making
418 a commit.
419 type: string
420 name:
421 description: Name gives the name to provide when making
422 a commit.
423 type: string
424 required:
425 - email
426 type: object
427 messageTemplate:
428 description: |-
429 MessageTemplate provides a template for the commit message,
430 into which will be interpolated the details of the change made.
431 type: string
432 signingKey:
433 description: SigningKey provides the option to sign commits
434 with a GPG key
435 properties:
436 secretRef:
437 description: |-
438 SecretRef holds the name to a secret that contains a 'git.asc' key
439 corresponding to the ASCII Armored file containing the GPG signing
440 keypair as the value. It must be in the same namespace as the
441 ImageUpdateAutomation.
442 properties:
443 name:
444 description: Name of the referent.
445 type: string
446 required:
447 - name
448 type: object
449 required:
450 - secretRef
451 type: object
452 required:
453 - author
454 type: object
455 push:
456 description: |-
457 Push specifies how and where to push commits made by the
458 automation. If missing, commits are pushed (back) to
459 `.spec.checkout.branch` or its default.
460 properties:
461 branch:
462 description: |-
463 Branch specifies that commits should be pushed to the branch
464 named. The branch is created using `.spec.checkout.branch` as the
465 starting point, if it doesn't already exist.
466 type: string
467 options:
468 additionalProperties:
469 type: string
470 description: |-
471 Options specifies the push options that are sent to the Git
472 server when performing a push operation. For details, see:
473 https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
474 type: object
475 refspec:
476 description: |-
477 Refspec specifies the Git Refspec to use for a push operation.
478 If both Branch and Refspec are provided, then the commit is pushed
479 to the branch and also using the specified refspec.
480 For more details about Git Refspecs, see:
481 https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
482 type: string
483 type: object
484 required:
485 - commit
486 type: object
487 interval:
488 description: |-
489 Interval gives an lower bound for how often the automation
490 run should be attempted.
491 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
492 type: string
493 policySelector:
494 description: |-
495 PolicySelector allows to filter applied policies based on labels.
496 By default includes all policies in namespace.
497 properties:
498 matchExpressions:
499 description: matchExpressions is a list of label selector requirements.
500 The requirements are ANDed.
501 items:
502 description: |-
503 A label selector requirement is a selector that contains values, a key, and an operator that
504 relates the key and values.
505 properties:
506 key:
507 description: key is the label key that the selector applies
508 to.
509 type: string
510 operator:
511 description: |-
512 operator represents a key's relationship to a set of values.
513 Valid operators are In, NotIn, Exists and DoesNotExist.
514 type: string
515 values:
516 description: |-
517 values is an array of string values. If the operator is In or NotIn,
518 the values array must be non-empty. If the operator is Exists or DoesNotExist,
519 the values array must be empty. This array is replaced during a strategic
520 merge patch.
521 items:
522 type: string
523 type: array
524 x-kubernetes-list-type: atomic
525 required:
526 - key
527 - operator
528 type: object
529 type: array
530 x-kubernetes-list-type: atomic
531 matchLabels:
532 additionalProperties:
533 type: string
534 description: |-
535 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
536 map is equivalent to an element of matchExpressions, whose key field is "key", the
537 operator is "In", and the values array contains only "value". The requirements are ANDed.
538 type: object
539 type: object
540 x-kubernetes-map-type: atomic
541 sourceRef:
542 description: |-
543 SourceRef refers to the resource giving access details
544 to a git repository.
545 properties:
546 apiVersion:
547 description: API version of the referent.
548 type: string
549 kind:
550 default: GitRepository
551 description: Kind of the referent.
552 enum:
553 - GitRepository
554 type: string
555 name:
556 description: Name of the referent.
557 type: string
558 namespace:
559 description: Namespace of the referent, defaults to the namespace
560 of the Kubernetes resource object that contains the reference.
561 type: string
562 required:
563 - kind
564 - name
565 type: object
566 suspend:
567 description: |-
568 Suspend tells the controller to not run this automation, until
569 it is unset (or set to false). Defaults to false.
570 type: boolean
571 update:
572 default:
573 strategy: Setters
574 description: |-
575 Update gives the specification for how to update the files in
576 the repository. This can be left empty, to use the default
577 value.
578 properties:
579 path:
580 description: |-
581 Path to the directory containing the manifests to be updated.
582 Defaults to 'None', which translates to the root path
583 of the GitRepositoryRef.
584 type: string
585 strategy:
586 default: Setters
587 description: Strategy names the strategy to be used.
588 enum:
589 - Setters
590 type: string
591 required:
592 - strategy
593 type: object
594 required:
595 - interval
596 - sourceRef
597 type: object
598 status:
599 default:
600 observedGeneration: -1
601 description: ImageUpdateAutomationStatus defines the observed state of
602 ImageUpdateAutomation
603 properties:
604 conditions:
605 items:
606 description: Condition contains details for one aspect of the current
607 state of this API Resource.
608 properties:
609 lastTransitionTime:
610 description: |-
611 lastTransitionTime is the last time the condition transitioned from one status to another.
612 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
613 format: date-time
614 type: string
615 message:
616 description: |-
617 message is a human readable message indicating details about the transition.
618 This may be an empty string.
619 maxLength: 32768
620 type: string
621 observedGeneration:
622 description: |-
623 observedGeneration represents the .metadata.generation that the condition was set based upon.
624 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
625 with respect to the current state of the instance.
626 format: int64
627 minimum: 0
628 type: integer
629 reason:
630 description: |-
631 reason contains a programmatic identifier indicating the reason for the condition's last transition.
632 Producers of specific condition types may define expected values and meanings for this field,
633 and whether the values are considered a guaranteed API.
634 The value should be a CamelCase string.
635 This field may not be empty.
636 maxLength: 1024
637 minLength: 1
638 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
639 type: string
640 status:
641 description: status of the condition, one of True, False, Unknown.
642 enum:
643 - "True"
644 - "False"
645 - Unknown
646 type: string
647 type:
648 description: type of condition in CamelCase or in foo.example.com/CamelCase.
649 maxLength: 316
650 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
651 type: string
652 required:
653 - lastTransitionTime
654 - message
655 - reason
656 - status
657 - type
658 type: object
659 type: array
660 lastAutomationRunTime:
661 description: |-
662 LastAutomationRunTime records the last time the controller ran
663 this automation through to completion (even if no updates were
664 made).
665 format: date-time
666 type: string
667 lastHandledReconcileAt:
668 description: |-
669 LastHandledReconcileAt holds the value of the most recent
670 reconcile request value, so a change of the annotation value
671 can be detected.
672 type: string
673 lastPushCommit:
674 description: |-
675 LastPushCommit records the SHA1 of the last commit made by the
676 controller, for this automation object
677 type: string
678 lastPushTime:
679 description: LastPushTime records the time of the last pushed change.
680 format: date-time
681 type: string
682 observedGeneration:
683 format: int64
684 type: integer
685 observedPolicies:
686 additionalProperties:
687 description: ImageRef represents an image reference.
688 properties:
689 name:
690 description: Name is the bare image's name.
691 type: string
692 tag:
693 description: Tag is the image's tag.
694 type: string
695 required:
696 - name
697 - tag
698 type: object
699 description: |-
700 ObservedPolicies is the list of observed ImagePolicies that were
701 considered by the ImageUpdateAutomation update process.
702 type: object
703 observedSourceRevision:
704 description: |-
705 ObservedPolicies []ObservedPolicy `json:"observedPolicies,omitempty"`
706 ObservedSourceRevision is the last observed source revision. This can be
707 used to determine if the source has been updated since last observation.
708 type: string
709 type: object
710 type: object
711 served: true
712 storage: true
713 subresources:
714 status: {}
715---
716apiVersion: v1
717kind: ServiceAccount
718metadata:
719 labels:
720 app.kubernetes.io/component: image-automation-controller
721 app.kubernetes.io/part-of: flux
722 name: image-automation-controller
723---
724apiVersion: apps/v1
725kind: Deployment
726metadata:
727 labels:
728 app.kubernetes.io/component: image-automation-controller
729 app.kubernetes.io/part-of: flux
730 control-plane: controller
731 name: image-automation-controller
732spec:
733 replicas: 1
734 selector:
735 matchLabels:
736 app: image-automation-controller
737 template:
738 metadata:
739 annotations:
740 prometheus.io/port: "8080"
741 prometheus.io/scrape: "true"
742 labels:
743 app: image-automation-controller
744 spec:
745 containers:
746 - args:
747 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
748 - --watch-all-namespaces
749 - --log-level=info
750 - --log-encoding=json
751 - --enable-leader-election
752 env:
753 - name: RUNTIME_NAMESPACE
754 valueFrom:
755 fieldRef:
756 fieldPath: metadata.namespace
757 - name: GOMAXPROCS
758 valueFrom:
759 resourceFieldRef:
760 containerName: manager
761 resource: limits.cpu
762 - name: GOMEMLIMIT
763 valueFrom:
764 resourceFieldRef:
765 containerName: manager
766 resource: limits.memory
767 image: fluxcd/image-automation-controller:v0.39.0
768 imagePullPolicy: IfNotPresent
769 livenessProbe:
770 httpGet:
771 path: /healthz
772 port: healthz
773 name: manager
774 ports:
775 - containerPort: 8080
776 name: http-prom
777 protocol: TCP
778 - containerPort: 9440
779 name: healthz
780 protocol: TCP
781 readinessProbe:
782 httpGet:
783 path: /readyz
784 port: healthz
785 resources:
786 limits:
787 cpu: 1000m
788 memory: 1Gi
789 requests:
790 cpu: 100m
791 memory: 64Mi
792 securityContext:
793 allowPrivilegeEscalation: false
794 capabilities:
795 drop:
796 - ALL
797 readOnlyRootFilesystem: true
798 runAsNonRoot: true
799 seccompProfile:
800 type: RuntimeDefault
801 volumeMounts:
802 - mountPath: /tmp
803 name: temp
804 securityContext:
805 fsGroup: 1337
806 serviceAccountName: image-automation-controller
807 terminationGracePeriodSeconds: 10
808 volumes:
809 - emptyDir: {}
810 name: temp
View as plain text