1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 controller-gen.kubebuilder.io/version: v0.16.1
6 labels:
7 app.kubernetes.io/component: image-reflector-controller
8 app.kubernetes.io/part-of: flux
9 name: imagepolicies.image.toolkit.fluxcd.io
10spec:
11 group: image.toolkit.fluxcd.io
12 names:
13 kind: ImagePolicy
14 listKind: ImagePolicyList
15 plural: imagepolicies
16 singular: imagepolicy
17 scope: Namespaced
18 versions:
19 - additionalPrinterColumns:
20 - jsonPath: .status.latestImage
21 name: LatestImage
22 type: string
23 name: v1beta1
24 schema:
25 openAPIV3Schema:
26 description: ImagePolicy is the Schema for the imagepolicies API
27 properties:
28 apiVersion:
29 description: |-
30 APIVersion defines the versioned schema of this representation of an object.
31 Servers should convert recognized schemas to the latest internal value, and
32 may reject unrecognized values.
33 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
34 type: string
35 kind:
36 description: |-
37 Kind is a string value representing the REST resource this object represents.
38 Servers may infer this from the endpoint the client submits requests to.
39 Cannot be updated.
40 In CamelCase.
41 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
42 type: string
43 metadata:
44 type: object
45 spec:
46 description: |-
47 ImagePolicySpec defines the parameters for calculating the
48 ImagePolicy
49 properties:
50 filterTags:
51 description: |-
52 FilterTags enables filtering for only a subset of tags based on a set of
53 rules. If no rules are provided, all the tags from the repository will be
54 ordered and compared.
55 properties:
56 extract:
57 description: |-
58 Extract allows a capture group to be extracted from the specified regular
59 expression pattern, useful before tag evaluation.
60 type: string
61 pattern:
62 description: |-
63 Pattern specifies a regular expression pattern used to filter for image
64 tags.
65 type: string
66 type: object
67 imageRepositoryRef:
68 description: |-
69 ImageRepositoryRef points at the object specifying the image
70 being scanned
71 properties:
72 name:
73 description: Name of the referent.
74 type: string
75 namespace:
76 description: Namespace of the referent, when not specified it
77 acts as LocalObjectReference.
78 type: string
79 required:
80 - name
81 type: object
82 policy:
83 description: |-
84 Policy gives the particulars of the policy to be followed in
85 selecting the most recent image
86 properties:
87 alphabetical:
88 description: Alphabetical set of rules to use for alphabetical
89 ordering of the tags.
90 properties:
91 order:
92 default: asc
93 description: |-
94 Order specifies the sorting order of the tags. Given the letters of the
95 alphabet as tags, ascending order would select Z, and descending order
96 would select A.
97 enum:
98 - asc
99 - desc
100 type: string
101 type: object
102 numerical:
103 description: Numerical set of rules to use for numerical ordering
104 of the tags.
105 properties:
106 order:
107 default: asc
108 description: |-
109 Order specifies the sorting order of the tags. Given the integer values
110 from 0 to 9 as tags, ascending order would select 9, and descending order
111 would select 0.
112 enum:
113 - asc
114 - desc
115 type: string
116 type: object
117 semver:
118 description: |-
119 SemVer gives a semantic version range to check against the tags
120 available.
121 properties:
122 range:
123 description: |-
124 Range gives a semver range for the image tag; the highest
125 version within the range that's a tag yields the latest image.
126 type: string
127 required:
128 - range
129 type: object
130 type: object
131 required:
132 - imageRepositoryRef
133 - policy
134 type: object
135 status:
136 default:
137 observedGeneration: -1
138 description: ImagePolicyStatus defines the observed state of ImagePolicy
139 properties:
140 conditions:
141 items:
142 description: Condition contains details for one aspect of the current
143 state of this API Resource.
144 properties:
145 lastTransitionTime:
146 description: |-
147 lastTransitionTime is the last time the condition transitioned from one status to another.
148 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
149 format: date-time
150 type: string
151 message:
152 description: |-
153 message is a human readable message indicating details about the transition.
154 This may be an empty string.
155 maxLength: 32768
156 type: string
157 observedGeneration:
158 description: |-
159 observedGeneration represents the .metadata.generation that the condition was set based upon.
160 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
161 with respect to the current state of the instance.
162 format: int64
163 minimum: 0
164 type: integer
165 reason:
166 description: |-
167 reason contains a programmatic identifier indicating the reason for the condition's last transition.
168 Producers of specific condition types may define expected values and meanings for this field,
169 and whether the values are considered a guaranteed API.
170 The value should be a CamelCase string.
171 This field may not be empty.
172 maxLength: 1024
173 minLength: 1
174 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
175 type: string
176 status:
177 description: status of the condition, one of True, False, Unknown.
178 enum:
179 - "True"
180 - "False"
181 - Unknown
182 type: string
183 type:
184 description: type of condition in CamelCase or in foo.example.com/CamelCase.
185 maxLength: 316
186 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
187 type: string
188 required:
189 - lastTransitionTime
190 - message
191 - reason
192 - status
193 - type
194 type: object
195 type: array
196 latestImage:
197 description: |-
198 LatestImage gives the first in the list of images scanned by
199 the image repository, when filtered and ordered according to
200 the policy.
201 type: string
202 observedGeneration:
203 format: int64
204 type: integer
205 type: object
206 type: object
207 served: true
208 storage: false
209 subresources:
210 status: {}
211 - additionalPrinterColumns:
212 - jsonPath: .status.latestImage
213 name: LatestImage
214 type: string
215 name: v1beta2
216 schema:
217 openAPIV3Schema:
218 description: ImagePolicy is the Schema for the imagepolicies API
219 properties:
220 apiVersion:
221 description: |-
222 APIVersion defines the versioned schema of this representation of an object.
223 Servers should convert recognized schemas to the latest internal value, and
224 may reject unrecognized values.
225 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
226 type: string
227 kind:
228 description: |-
229 Kind is a string value representing the REST resource this object represents.
230 Servers may infer this from the endpoint the client submits requests to.
231 Cannot be updated.
232 In CamelCase.
233 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
234 type: string
235 metadata:
236 type: object
237 spec:
238 description: |-
239 ImagePolicySpec defines the parameters for calculating the
240 ImagePolicy.
241 properties:
242 filterTags:
243 description: |-
244 FilterTags enables filtering for only a subset of tags based on a set of
245 rules. If no rules are provided, all the tags from the repository will be
246 ordered and compared.
247 properties:
248 extract:
249 description: |-
250 Extract allows a capture group to be extracted from the specified regular
251 expression pattern, useful before tag evaluation.
252 type: string
253 pattern:
254 description: |-
255 Pattern specifies a regular expression pattern used to filter for image
256 tags.
257 type: string
258 type: object
259 imageRepositoryRef:
260 description: |-
261 ImageRepositoryRef points at the object specifying the image
262 being scanned
263 properties:
264 name:
265 description: Name of the referent.
266 type: string
267 namespace:
268 description: Namespace of the referent, when not specified it
269 acts as LocalObjectReference.
270 type: string
271 required:
272 - name
273 type: object
274 policy:
275 description: |-
276 Policy gives the particulars of the policy to be followed in
277 selecting the most recent image
278 properties:
279 alphabetical:
280 description: Alphabetical set of rules to use for alphabetical
281 ordering of the tags.
282 properties:
283 order:
284 default: asc
285 description: |-
286 Order specifies the sorting order of the tags. Given the letters of the
287 alphabet as tags, ascending order would select Z, and descending order
288 would select A.
289 enum:
290 - asc
291 - desc
292 type: string
293 type: object
294 numerical:
295 description: Numerical set of rules to use for numerical ordering
296 of the tags.
297 properties:
298 order:
299 default: asc
300 description: |-
301 Order specifies the sorting order of the tags. Given the integer values
302 from 0 to 9 as tags, ascending order would select 9, and descending order
303 would select 0.
304 enum:
305 - asc
306 - desc
307 type: string
308 type: object
309 semver:
310 description: |-
311 SemVer gives a semantic version range to check against the tags
312 available.
313 properties:
314 range:
315 description: |-
316 Range gives a semver range for the image tag; the highest
317 version within the range that's a tag yields the latest image.
318 type: string
319 required:
320 - range
321 type: object
322 type: object
323 required:
324 - imageRepositoryRef
325 - policy
326 type: object
327 status:
328 default:
329 observedGeneration: -1
330 description: ImagePolicyStatus defines the observed state of ImagePolicy
331 properties:
332 conditions:
333 items:
334 description: Condition contains details for one aspect of the current
335 state of this API Resource.
336 properties:
337 lastTransitionTime:
338 description: |-
339 lastTransitionTime is the last time the condition transitioned from one status to another.
340 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
341 format: date-time
342 type: string
343 message:
344 description: |-
345 message is a human readable message indicating details about the transition.
346 This may be an empty string.
347 maxLength: 32768
348 type: string
349 observedGeneration:
350 description: |-
351 observedGeneration represents the .metadata.generation that the condition was set based upon.
352 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
353 with respect to the current state of the instance.
354 format: int64
355 minimum: 0
356 type: integer
357 reason:
358 description: |-
359 reason contains a programmatic identifier indicating the reason for the condition's last transition.
360 Producers of specific condition types may define expected values and meanings for this field,
361 and whether the values are considered a guaranteed API.
362 The value should be a CamelCase string.
363 This field may not be empty.
364 maxLength: 1024
365 minLength: 1
366 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
367 type: string
368 status:
369 description: status of the condition, one of True, False, Unknown.
370 enum:
371 - "True"
372 - "False"
373 - Unknown
374 type: string
375 type:
376 description: type of condition in CamelCase or in foo.example.com/CamelCase.
377 maxLength: 316
378 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
379 type: string
380 required:
381 - lastTransitionTime
382 - message
383 - reason
384 - status
385 - type
386 type: object
387 type: array
388 latestImage:
389 description: |-
390 LatestImage gives the first in the list of images scanned by
391 the image repository, when filtered and ordered according to
392 the policy.
393 type: string
394 observedGeneration:
395 format: int64
396 type: integer
397 observedPreviousImage:
398 description: |-
399 ObservedPreviousImage is the observed previous LatestImage. It is used
400 to keep track of the previous and current images.
401 type: string
402 type: object
403 type: object
404 served: true
405 storage: true
406 subresources:
407 status: {}
408---
409apiVersion: apiextensions.k8s.io/v1
410kind: CustomResourceDefinition
411metadata:
412 annotations:
413 controller-gen.kubebuilder.io/version: v0.16.1
414 labels:
415 app.kubernetes.io/component: image-reflector-controller
416 app.kubernetes.io/part-of: flux
417 name: imagerepositories.image.toolkit.fluxcd.io
418spec:
419 group: image.toolkit.fluxcd.io
420 names:
421 kind: ImageRepository
422 listKind: ImageRepositoryList
423 plural: imagerepositories
424 singular: imagerepository
425 scope: Namespaced
426 versions:
427 - additionalPrinterColumns:
428 - jsonPath: .status.lastScanResult.scanTime
429 name: Last scan
430 type: string
431 - jsonPath: .status.lastScanResult.tagCount
432 name: Tags
433 type: string
434 name: v1beta1
435 schema:
436 openAPIV3Schema:
437 description: ImageRepository is the Schema for the imagerepositories API
438 properties:
439 apiVersion:
440 description: |-
441 APIVersion defines the versioned schema of this representation of an object.
442 Servers should convert recognized schemas to the latest internal value, and
443 may reject unrecognized values.
444 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
445 type: string
446 kind:
447 description: |-
448 Kind is a string value representing the REST resource this object represents.
449 Servers may infer this from the endpoint the client submits requests to.
450 Cannot be updated.
451 In CamelCase.
452 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
453 type: string
454 metadata:
455 type: object
456 spec:
457 description: |-
458 ImageRepositorySpec defines the parameters for scanning an image
459 repository, e.g., `fluxcd/flux`.
460 properties:
461 accessFrom:
462 description: |-
463 AccessFrom defines an ACL for allowing cross-namespace references
464 to the ImageRepository object based on the caller's namespace labels.
465 properties:
466 namespaceSelectors:
467 description: |-
468 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
469 Items in this list are evaluated using a logical OR operation.
470 items:
471 description: |-
472 NamespaceSelector selects the namespaces to which this ACL applies.
473 An empty map of MatchLabels matches all namespaces in a cluster.
474 properties:
475 matchLabels:
476 additionalProperties:
477 type: string
478 description: |-
479 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
480 map is equivalent to an element of matchExpressions, whose key field is "key", the
481 operator is "In", and the values array contains only "value". The requirements are ANDed.
482 type: object
483 type: object
484 type: array
485 required:
486 - namespaceSelectors
487 type: object
488 certSecretRef:
489 description: |-
490 CertSecretRef can be given the name of a secret containing
491 either or both of
492
493 - a PEM-encoded client certificate (`certFile`) and private
494 key (`keyFile`);
495 - a PEM-encoded CA certificate (`caFile`)
496
497 and whichever are supplied, will be used for connecting to the
498 registry. The client cert and key are useful if you are
499 authenticating with a certificate; the CA cert is useful if
500 you are using a self-signed server certificate.
501 properties:
502 name:
503 description: Name of the referent.
504 type: string
505 required:
506 - name
507 type: object
508 exclusionList:
509 description: |-
510 ExclusionList is a list of regex strings used to exclude certain tags
511 from being stored in the database.
512 items:
513 type: string
514 type: array
515 image:
516 description: Image is the name of the image repository
517 type: string
518 interval:
519 description: |-
520 Interval is the length of time to wait between
521 scans of the image repository.
522 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
523 type: string
524 secretRef:
525 description: |-
526 SecretRef can be given the name of a secret containing
527 credentials to use for the image registry. The secret should be
528 created with `kubectl create secret docker-registry`, or the
529 equivalent.
530 properties:
531 name:
532 description: Name of the referent.
533 type: string
534 required:
535 - name
536 type: object
537 serviceAccountName:
538 description: |-
539 ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
540 the image pull if the service account has attached pull secrets.
541 maxLength: 253
542 type: string
543 suspend:
544 description: |-
545 This flag tells the controller to suspend subsequent image scans.
546 It does not apply to already started scans. Defaults to false.
547 type: boolean
548 timeout:
549 description: |-
550 Timeout for image scanning.
551 Defaults to 'Interval' duration.
552 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
553 type: string
554 required:
555 - image
556 - interval
557 type: object
558 status:
559 default:
560 observedGeneration: -1
561 description: ImageRepositoryStatus defines the observed state of ImageRepository
562 properties:
563 canonicalImageName:
564 description: |-
565 CanonicalName is the name of the image repository with all the
566 implied bits made explicit; e.g., `docker.io/library/alpine`
567 rather than `alpine`.
568 type: string
569 conditions:
570 items:
571 description: Condition contains details for one aspect of the current
572 state of this API Resource.
573 properties:
574 lastTransitionTime:
575 description: |-
576 lastTransitionTime is the last time the condition transitioned from one status to another.
577 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
578 format: date-time
579 type: string
580 message:
581 description: |-
582 message is a human readable message indicating details about the transition.
583 This may be an empty string.
584 maxLength: 32768
585 type: string
586 observedGeneration:
587 description: |-
588 observedGeneration represents the .metadata.generation that the condition was set based upon.
589 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
590 with respect to the current state of the instance.
591 format: int64
592 minimum: 0
593 type: integer
594 reason:
595 description: |-
596 reason contains a programmatic identifier indicating the reason for the condition's last transition.
597 Producers of specific condition types may define expected values and meanings for this field,
598 and whether the values are considered a guaranteed API.
599 The value should be a CamelCase string.
600 This field may not be empty.
601 maxLength: 1024
602 minLength: 1
603 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
604 type: string
605 status:
606 description: status of the condition, one of True, False, Unknown.
607 enum:
608 - "True"
609 - "False"
610 - Unknown
611 type: string
612 type:
613 description: type of condition in CamelCase or in foo.example.com/CamelCase.
614 maxLength: 316
615 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
616 type: string
617 required:
618 - lastTransitionTime
619 - message
620 - reason
621 - status
622 - type
623 type: object
624 type: array
625 lastHandledReconcileAt:
626 description: |-
627 LastHandledReconcileAt holds the value of the most recent
628 reconcile request value, so a change of the annotation value
629 can be detected.
630 type: string
631 lastScanResult:
632 description: LastScanResult contains the number of fetched tags.
633 properties:
634 scanTime:
635 format: date-time
636 type: string
637 tagCount:
638 type: integer
639 required:
640 - tagCount
641 type: object
642 observedGeneration:
643 description: ObservedGeneration is the last reconciled generation.
644 format: int64
645 type: integer
646 type: object
647 type: object
648 served: true
649 storage: false
650 subresources:
651 status: {}
652 - additionalPrinterColumns:
653 - jsonPath: .status.lastScanResult.scanTime
654 name: Last scan
655 type: string
656 - jsonPath: .status.lastScanResult.tagCount
657 name: Tags
658 type: string
659 name: v1beta2
660 schema:
661 openAPIV3Schema:
662 description: ImageRepository is the Schema for the imagerepositories API
663 properties:
664 apiVersion:
665 description: |-
666 APIVersion defines the versioned schema of this representation of an object.
667 Servers should convert recognized schemas to the latest internal value, and
668 may reject unrecognized values.
669 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
670 type: string
671 kind:
672 description: |-
673 Kind is a string value representing the REST resource this object represents.
674 Servers may infer this from the endpoint the client submits requests to.
675 Cannot be updated.
676 In CamelCase.
677 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
678 type: string
679 metadata:
680 type: object
681 spec:
682 description: |-
683 ImageRepositorySpec defines the parameters for scanning an image
684 repository, e.g., `fluxcd/flux`.
685 properties:
686 accessFrom:
687 description: |-
688 AccessFrom defines an ACL for allowing cross-namespace references
689 to the ImageRepository object based on the caller's namespace labels.
690 properties:
691 namespaceSelectors:
692 description: |-
693 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
694 Items in this list are evaluated using a logical OR operation.
695 items:
696 description: |-
697 NamespaceSelector selects the namespaces to which this ACL applies.
698 An empty map of MatchLabels matches all namespaces in a cluster.
699 properties:
700 matchLabels:
701 additionalProperties:
702 type: string
703 description: |-
704 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
705 map is equivalent to an element of matchExpressions, whose key field is "key", the
706 operator is "In", and the values array contains only "value". The requirements are ANDed.
707 type: object
708 type: object
709 type: array
710 required:
711 - namespaceSelectors
712 type: object
713 certSecretRef:
714 description: |-
715 CertSecretRef can be given the name of a Secret containing
716 either or both of
717
718 - a PEM-encoded client certificate (`tls.crt`) and private
719 key (`tls.key`);
720 - a PEM-encoded CA certificate (`ca.crt`)
721
722 and whichever are supplied, will be used for connecting to the
723 registry. The client cert and key are useful if you are
724 authenticating with a certificate; the CA cert is useful if
725 you are using a self-signed server certificate. The Secret must
726 be of type `Opaque` or `kubernetes.io/tls`.
727
728 Note: Support for the `caFile`, `certFile` and `keyFile` keys has
729 been deprecated.
730 properties:
731 name:
732 description: Name of the referent.
733 type: string
734 required:
735 - name
736 type: object
737 exclusionList:
738 default:
739 - ^.*\.sig$
740 description: |-
741 ExclusionList is a list of regex strings used to exclude certain tags
742 from being stored in the database.
743 items:
744 type: string
745 maxItems: 25
746 type: array
747 image:
748 description: Image is the name of the image repository
749 type: string
750 insecure:
751 description: Insecure allows connecting to a non-TLS HTTP container
752 registry.
753 type: boolean
754 interval:
755 description: |-
756 Interval is the length of time to wait between
757 scans of the image repository.
758 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
759 type: string
760 provider:
761 default: generic
762 description: |-
763 The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
764 When not specified, defaults to 'generic'.
765 enum:
766 - generic
767 - aws
768 - azure
769 - gcp
770 type: string
771 proxySecretRef:
772 description: |-
773 ProxySecretRef specifies the Secret containing the proxy configuration
774 to use while communicating with the container registry.
775 properties:
776 name:
777 description: Name of the referent.
778 type: string
779 required:
780 - name
781 type: object
782 secretRef:
783 description: |-
784 SecretRef can be given the name of a secret containing
785 credentials to use for the image registry. The secret should be
786 created with `kubectl create secret docker-registry`, or the
787 equivalent.
788 properties:
789 name:
790 description: Name of the referent.
791 type: string
792 required:
793 - name
794 type: object
795 serviceAccountName:
796 description: |-
797 ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
798 the image pull if the service account has attached pull secrets.
799 maxLength: 253
800 type: string
801 suspend:
802 description: |-
803 This flag tells the controller to suspend subsequent image scans.
804 It does not apply to already started scans. Defaults to false.
805 type: boolean
806 timeout:
807 description: |-
808 Timeout for image scanning.
809 Defaults to 'Interval' duration.
810 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
811 type: string
812 required:
813 - image
814 - interval
815 type: object
816 status:
817 default:
818 observedGeneration: -1
819 description: ImageRepositoryStatus defines the observed state of ImageRepository
820 properties:
821 canonicalImageName:
822 description: |-
823 CanonicalName is the name of the image repository with all the
824 implied bits made explicit; e.g., `docker.io/library/alpine`
825 rather than `alpine`.
826 type: string
827 conditions:
828 items:
829 description: Condition contains details for one aspect of the current
830 state of this API Resource.
831 properties:
832 lastTransitionTime:
833 description: |-
834 lastTransitionTime is the last time the condition transitioned from one status to another.
835 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
836 format: date-time
837 type: string
838 message:
839 description: |-
840 message is a human readable message indicating details about the transition.
841 This may be an empty string.
842 maxLength: 32768
843 type: string
844 observedGeneration:
845 description: |-
846 observedGeneration represents the .metadata.generation that the condition was set based upon.
847 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
848 with respect to the current state of the instance.
849 format: int64
850 minimum: 0
851 type: integer
852 reason:
853 description: |-
854 reason contains a programmatic identifier indicating the reason for the condition's last transition.
855 Producers of specific condition types may define expected values and meanings for this field,
856 and whether the values are considered a guaranteed API.
857 The value should be a CamelCase string.
858 This field may not be empty.
859 maxLength: 1024
860 minLength: 1
861 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
862 type: string
863 status:
864 description: status of the condition, one of True, False, Unknown.
865 enum:
866 - "True"
867 - "False"
868 - Unknown
869 type: string
870 type:
871 description: type of condition in CamelCase or in foo.example.com/CamelCase.
872 maxLength: 316
873 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
874 type: string
875 required:
876 - lastTransitionTime
877 - message
878 - reason
879 - status
880 - type
881 type: object
882 type: array
883 lastHandledReconcileAt:
884 description: |-
885 LastHandledReconcileAt holds the value of the most recent
886 reconcile request value, so a change of the annotation value
887 can be detected.
888 type: string
889 lastScanResult:
890 description: LastScanResult contains the number of fetched tags.
891 properties:
892 latestTags:
893 items:
894 type: string
895 type: array
896 scanTime:
897 format: date-time
898 type: string
899 tagCount:
900 type: integer
901 required:
902 - tagCount
903 type: object
904 observedExclusionList:
905 description: |-
906 ObservedExclusionList is a list of observed exclusion list. It reflects
907 the exclusion rules used for the observed scan result in
908 spec.lastScanResult.
909 items:
910 type: string
911 type: array
912 observedGeneration:
913 description: ObservedGeneration is the last reconciled generation.
914 format: int64
915 type: integer
916 type: object
917 type: object
918 served: true
919 storage: true
920 subresources:
921 status: {}
922---
923apiVersion: v1
924kind: ServiceAccount
925metadata:
926 labels:
927 app.kubernetes.io/component: image-reflector-controller
928 app.kubernetes.io/part-of: flux
929 name: image-reflector-controller
930---
931apiVersion: apps/v1
932kind: Deployment
933metadata:
934 labels:
935 app.kubernetes.io/component: image-reflector-controller
936 app.kubernetes.io/part-of: flux
937 control-plane: controller
938 name: image-reflector-controller
939spec:
940 replicas: 1
941 selector:
942 matchLabels:
943 app: image-reflector-controller
944 template:
945 metadata:
946 annotations:
947 prometheus.io/port: "8080"
948 prometheus.io/scrape: "true"
949 labels:
950 app: image-reflector-controller
951 spec:
952 containers:
953 - args:
954 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
955 - --watch-all-namespaces
956 - --log-level=info
957 - --log-encoding=json
958 - --enable-leader-election
959 env:
960 - name: RUNTIME_NAMESPACE
961 valueFrom:
962 fieldRef:
963 fieldPath: metadata.namespace
964 - name: GOMAXPROCS
965 valueFrom:
966 resourceFieldRef:
967 containerName: manager
968 resource: limits.cpu
969 - name: GOMEMLIMIT
970 valueFrom:
971 resourceFieldRef:
972 containerName: manager
973 resource: limits.memory
974 image: fluxcd/image-reflector-controller:v0.33.0
975 imagePullPolicy: IfNotPresent
976 livenessProbe:
977 httpGet:
978 path: /healthz
979 port: healthz
980 name: manager
981 ports:
982 - containerPort: 8080
983 name: http-prom
984 protocol: TCP
985 - containerPort: 9440
986 name: healthz
987 protocol: TCP
988 readinessProbe:
989 httpGet:
990 path: /readyz
991 port: healthz
992 resources:
993 limits:
994 cpu: 1000m
995 memory: 1Gi
996 requests:
997 cpu: 100m
998 memory: 64Mi
999 securityContext:
1000 allowPrivilegeEscalation: false
1001 capabilities:
1002 drop:
1003 - ALL
1004 readOnlyRootFilesystem: true
1005 runAsNonRoot: true
1006 seccompProfile:
1007 type: RuntimeDefault
1008 volumeMounts:
1009 - mountPath: /tmp
1010 name: temp
1011 - mountPath: /data
1012 name: data
1013 securityContext:
1014 fsGroup: 1337
1015 serviceAccountName: image-reflector-controller
1016 terminationGracePeriodSeconds: 10
1017 volumes:
1018 - emptyDir: {}
1019 name: temp
1020 - emptyDir: {}
1021 name: data
View as plain text