1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 controller-gen.kubebuilder.io/version: v0.16.1
6 labels:
7 app.kubernetes.io/component: source-controller
8 app.kubernetes.io/part-of: flux
9 name: buckets.source.toolkit.fluxcd.io
10spec:
11 group: source.toolkit.fluxcd.io
12 names:
13 kind: Bucket
14 listKind: BucketList
15 plural: buckets
16 singular: bucket
17 scope: Namespaced
18 versions:
19 - additionalPrinterColumns:
20 - jsonPath: .spec.endpoint
21 name: Endpoint
22 type: string
23 - jsonPath: .metadata.creationTimestamp
24 name: Age
25 type: date
26 - jsonPath: .status.conditions[?(@.type=="Ready")].status
27 name: Ready
28 type: string
29 - jsonPath: .status.conditions[?(@.type=="Ready")].message
30 name: Status
31 type: string
32 name: v1
33 schema:
34 openAPIV3Schema:
35 description: Bucket is the Schema for the buckets API.
36 properties:
37 apiVersion:
38 description: |-
39 APIVersion defines the versioned schema of this representation of an object.
40 Servers should convert recognized schemas to the latest internal value, and
41 may reject unrecognized values.
42 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
43 type: string
44 kind:
45 description: |-
46 Kind is a string value representing the REST resource this object represents.
47 Servers may infer this from the endpoint the client submits requests to.
48 Cannot be updated.
49 In CamelCase.
50 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
51 type: string
52 metadata:
53 type: object
54 spec:
55 description: |-
56 BucketSpec specifies the required configuration to produce an Artifact for
57 an object storage bucket.
58 properties:
59 bucketName:
60 description: BucketName is the name of the object storage bucket.
61 type: string
62 certSecretRef:
63 description: |-
64 CertSecretRef can be given the name of a Secret containing
65 either or both of
66
67 - a PEM-encoded client certificate (`tls.crt`) and private
68 key (`tls.key`);
69 - a PEM-encoded CA certificate (`ca.crt`)
70
71 and whichever are supplied, will be used for connecting to the
72 bucket. The client cert and key are useful if you are
73 authenticating with a certificate; the CA cert is useful if
74 you are using a self-signed server certificate. The Secret must
75 be of type `Opaque` or `kubernetes.io/tls`.
76
77 This field is only supported for the `generic` provider.
78 properties:
79 name:
80 description: Name of the referent.
81 type: string
82 required:
83 - name
84 type: object
85 endpoint:
86 description: Endpoint is the object storage address the BucketName
87 is located at.
88 type: string
89 ignore:
90 description: |-
91 Ignore overrides the set of excluded patterns in the .sourceignore format
92 (which is the same as .gitignore). If not provided, a default will be used,
93 consult the documentation for your version to find out what those are.
94 type: string
95 insecure:
96 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
97 type: boolean
98 interval:
99 description: |-
100 Interval at which the Bucket Endpoint is checked for updates.
101 This interval is approximate and may be subject to jitter to ensure
102 efficient use of resources.
103 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
104 type: string
105 prefix:
106 description: Prefix to use for server-side filtering of files in the
107 Bucket.
108 type: string
109 provider:
110 default: generic
111 description: |-
112 Provider of the object storage bucket.
113 Defaults to 'generic', which expects an S3 (API) compatible object
114 storage.
115 enum:
116 - generic
117 - aws
118 - gcp
119 - azure
120 type: string
121 proxySecretRef:
122 description: |-
123 ProxySecretRef specifies the Secret containing the proxy configuration
124 to use while communicating with the Bucket server.
125 properties:
126 name:
127 description: Name of the referent.
128 type: string
129 required:
130 - name
131 type: object
132 region:
133 description: Region of the Endpoint where the BucketName is located
134 in.
135 type: string
136 secretRef:
137 description: |-
138 SecretRef specifies the Secret containing authentication credentials
139 for the Bucket.
140 properties:
141 name:
142 description: Name of the referent.
143 type: string
144 required:
145 - name
146 type: object
147 sts:
148 description: |-
149 STS specifies the required configuration to use a Security Token
150 Service for fetching temporary credentials to authenticate in a
151 Bucket provider.
152
153 This field is only supported for the `aws` and `generic` providers.
154 properties:
155 certSecretRef:
156 description: |-
157 CertSecretRef can be given the name of a Secret containing
158 either or both of
159
160 - a PEM-encoded client certificate (`tls.crt`) and private
161 key (`tls.key`);
162 - a PEM-encoded CA certificate (`ca.crt`)
163
164 and whichever are supplied, will be used for connecting to the
165 STS endpoint. The client cert and key are useful if you are
166 authenticating with a certificate; the CA cert is useful if
167 you are using a self-signed server certificate. The Secret must
168 be of type `Opaque` or `kubernetes.io/tls`.
169
170 This field is only supported for the `ldap` provider.
171 properties:
172 name:
173 description: Name of the referent.
174 type: string
175 required:
176 - name
177 type: object
178 endpoint:
179 description: |-
180 Endpoint is the HTTP/S endpoint of the Security Token Service from
181 where temporary credentials will be fetched.
182 pattern: ^(http|https)://.*$
183 type: string
184 provider:
185 description: Provider of the Security Token Service.
186 enum:
187 - aws
188 - ldap
189 type: string
190 secretRef:
191 description: |-
192 SecretRef specifies the Secret containing authentication credentials
193 for the STS endpoint. This Secret must contain the fields `username`
194 and `password` and is supported only for the `ldap` provider.
195 properties:
196 name:
197 description: Name of the referent.
198 type: string
199 required:
200 - name
201 type: object
202 required:
203 - endpoint
204 - provider
205 type: object
206 suspend:
207 description: |-
208 Suspend tells the controller to suspend the reconciliation of this
209 Bucket.
210 type: boolean
211 timeout:
212 default: 60s
213 description: Timeout for fetch operations, defaults to 60s.
214 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
215 type: string
216 required:
217 - bucketName
218 - endpoint
219 - interval
220 type: object
221 x-kubernetes-validations:
222 - message: STS configuration is only supported for the 'aws' and 'generic'
223 Bucket providers
224 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
225 - message: '''aws'' is the only supported STS provider for the ''aws''
226 Bucket provider'
227 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
228 == 'aws'
229 - message: '''ldap'' is the only supported STS provider for the ''generic''
230 Bucket provider'
231 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
232 == 'ldap'
233 - message: spec.sts.secretRef is not required for the 'aws' STS provider
234 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
235 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
236 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
237 status:
238 default:
239 observedGeneration: -1
240 description: BucketStatus records the observed state of a Bucket.
241 properties:
242 artifact:
243 description: Artifact represents the last successful Bucket reconciliation.
244 properties:
245 digest:
246 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
247 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
248 type: string
249 lastUpdateTime:
250 description: |-
251 LastUpdateTime is the timestamp corresponding to the last update of the
252 Artifact.
253 format: date-time
254 type: string
255 metadata:
256 additionalProperties:
257 type: string
258 description: Metadata holds upstream information such as OCI annotations.
259 type: object
260 path:
261 description: |-
262 Path is the relative file path of the Artifact. It can be used to locate
263 the file in the root of the Artifact storage on the local file system of
264 the controller managing the Source.
265 type: string
266 revision:
267 description: |-
268 Revision is a human-readable identifier traceable in the origin source
269 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
270 type: string
271 size:
272 description: Size is the number of bytes in the file.
273 format: int64
274 type: integer
275 url:
276 description: |-
277 URL is the HTTP address of the Artifact as exposed by the controller
278 managing the Source. It can be used to retrieve the Artifact for
279 consumption, e.g. by another controller applying the Artifact contents.
280 type: string
281 required:
282 - lastUpdateTime
283 - path
284 - revision
285 - url
286 type: object
287 conditions:
288 description: Conditions holds the conditions for the Bucket.
289 items:
290 description: Condition contains details for one aspect of the current
291 state of this API Resource.
292 properties:
293 lastTransitionTime:
294 description: |-
295 lastTransitionTime is the last time the condition transitioned from one status to another.
296 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
297 format: date-time
298 type: string
299 message:
300 description: |-
301 message is a human readable message indicating details about the transition.
302 This may be an empty string.
303 maxLength: 32768
304 type: string
305 observedGeneration:
306 description: |-
307 observedGeneration represents the .metadata.generation that the condition was set based upon.
308 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
309 with respect to the current state of the instance.
310 format: int64
311 minimum: 0
312 type: integer
313 reason:
314 description: |-
315 reason contains a programmatic identifier indicating the reason for the condition's last transition.
316 Producers of specific condition types may define expected values and meanings for this field,
317 and whether the values are considered a guaranteed API.
318 The value should be a CamelCase string.
319 This field may not be empty.
320 maxLength: 1024
321 minLength: 1
322 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
323 type: string
324 status:
325 description: status of the condition, one of True, False, Unknown.
326 enum:
327 - "True"
328 - "False"
329 - Unknown
330 type: string
331 type:
332 description: type of condition in CamelCase or in foo.example.com/CamelCase.
333 maxLength: 316
334 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
335 type: string
336 required:
337 - lastTransitionTime
338 - message
339 - reason
340 - status
341 - type
342 type: object
343 type: array
344 lastHandledReconcileAt:
345 description: |-
346 LastHandledReconcileAt holds the value of the most recent
347 reconcile request value, so a change of the annotation value
348 can be detected.
349 type: string
350 observedGeneration:
351 description: ObservedGeneration is the last observed generation of
352 the Bucket object.
353 format: int64
354 type: integer
355 observedIgnore:
356 description: |-
357 ObservedIgnore is the observed exclusion patterns used for constructing
358 the source artifact.
359 type: string
360 url:
361 description: |-
362 URL is the dynamic fetch link for the latest Artifact.
363 It is provided on a "best effort" basis, and using the precise
364 BucketStatus.Artifact data is recommended.
365 type: string
366 type: object
367 type: object
368 served: true
369 storage: true
370 subresources:
371 status: {}
372 - additionalPrinterColumns:
373 - jsonPath: .spec.endpoint
374 name: Endpoint
375 type: string
376 - jsonPath: .status.conditions[?(@.type=="Ready")].status
377 name: Ready
378 type: string
379 - jsonPath: .status.conditions[?(@.type=="Ready")].message
380 name: Status
381 type: string
382 - jsonPath: .metadata.creationTimestamp
383 name: Age
384 type: date
385 deprecated: true
386 deprecationWarning: v1beta1 Bucket is deprecated, upgrade to v1
387 name: v1beta1
388 schema:
389 openAPIV3Schema:
390 description: Bucket is the Schema for the buckets API
391 properties:
392 apiVersion:
393 description: |-
394 APIVersion defines the versioned schema of this representation of an object.
395 Servers should convert recognized schemas to the latest internal value, and
396 may reject unrecognized values.
397 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
398 type: string
399 kind:
400 description: |-
401 Kind is a string value representing the REST resource this object represents.
402 Servers may infer this from the endpoint the client submits requests to.
403 Cannot be updated.
404 In CamelCase.
405 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
406 type: string
407 metadata:
408 type: object
409 spec:
410 description: BucketSpec defines the desired state of an S3 compatible
411 bucket
412 properties:
413 accessFrom:
414 description: AccessFrom defines an Access Control List for allowing
415 cross-namespace references to this object.
416 properties:
417 namespaceSelectors:
418 description: |-
419 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
420 Items in this list are evaluated using a logical OR operation.
421 items:
422 description: |-
423 NamespaceSelector selects the namespaces to which this ACL applies.
424 An empty map of MatchLabels matches all namespaces in a cluster.
425 properties:
426 matchLabels:
427 additionalProperties:
428 type: string
429 description: |-
430 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
431 map is equivalent to an element of matchExpressions, whose key field is "key", the
432 operator is "In", and the values array contains only "value". The requirements are ANDed.
433 type: object
434 type: object
435 type: array
436 required:
437 - namespaceSelectors
438 type: object
439 bucketName:
440 description: The bucket name.
441 type: string
442 endpoint:
443 description: The bucket endpoint address.
444 type: string
445 ignore:
446 description: |-
447 Ignore overrides the set of excluded patterns in the .sourceignore format
448 (which is the same as .gitignore). If not provided, a default will be used,
449 consult the documentation for your version to find out what those are.
450 type: string
451 insecure:
452 description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
453 type: boolean
454 interval:
455 description: The interval at which to check for bucket updates.
456 type: string
457 provider:
458 default: generic
459 description: The S3 compatible storage provider name, default ('generic').
460 enum:
461 - generic
462 - aws
463 - gcp
464 type: string
465 region:
466 description: The bucket region.
467 type: string
468 secretRef:
469 description: |-
470 The name of the secret containing authentication credentials
471 for the Bucket.
472 properties:
473 name:
474 description: Name of the referent.
475 type: string
476 required:
477 - name
478 type: object
479 suspend:
480 description: This flag tells the controller to suspend the reconciliation
481 of this source.
482 type: boolean
483 timeout:
484 default: 60s
485 description: The timeout for download operations, defaults to 60s.
486 type: string
487 required:
488 - bucketName
489 - endpoint
490 - interval
491 type: object
492 status:
493 default:
494 observedGeneration: -1
495 description: BucketStatus defines the observed state of a bucket
496 properties:
497 artifact:
498 description: Artifact represents the output of the last successful
499 Bucket sync.
500 properties:
501 checksum:
502 description: Checksum is the SHA256 checksum of the artifact.
503 type: string
504 lastUpdateTime:
505 description: |-
506 LastUpdateTime is the timestamp corresponding to the last update of this
507 artifact.
508 format: date-time
509 type: string
510 path:
511 description: Path is the relative file path of this artifact.
512 type: string
513 revision:
514 description: |-
515 Revision is a human readable identifier traceable in the origin source
516 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
517 chart version, etc.
518 type: string
519 url:
520 description: URL is the HTTP address of this artifact.
521 type: string
522 required:
523 - lastUpdateTime
524 - path
525 - url
526 type: object
527 conditions:
528 description: Conditions holds the conditions for the Bucket.
529 items:
530 description: Condition contains details for one aspect of the current
531 state of this API Resource.
532 properties:
533 lastTransitionTime:
534 description: |-
535 lastTransitionTime is the last time the condition transitioned from one status to another.
536 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
537 format: date-time
538 type: string
539 message:
540 description: |-
541 message is a human readable message indicating details about the transition.
542 This may be an empty string.
543 maxLength: 32768
544 type: string
545 observedGeneration:
546 description: |-
547 observedGeneration represents the .metadata.generation that the condition was set based upon.
548 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
549 with respect to the current state of the instance.
550 format: int64
551 minimum: 0
552 type: integer
553 reason:
554 description: |-
555 reason contains a programmatic identifier indicating the reason for the condition's last transition.
556 Producers of specific condition types may define expected values and meanings for this field,
557 and whether the values are considered a guaranteed API.
558 The value should be a CamelCase string.
559 This field may not be empty.
560 maxLength: 1024
561 minLength: 1
562 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
563 type: string
564 status:
565 description: status of the condition, one of True, False, Unknown.
566 enum:
567 - "True"
568 - "False"
569 - Unknown
570 type: string
571 type:
572 description: type of condition in CamelCase or in foo.example.com/CamelCase.
573 maxLength: 316
574 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
575 type: string
576 required:
577 - lastTransitionTime
578 - message
579 - reason
580 - status
581 - type
582 type: object
583 type: array
584 lastHandledReconcileAt:
585 description: |-
586 LastHandledReconcileAt holds the value of the most recent
587 reconcile request value, so a change of the annotation value
588 can be detected.
589 type: string
590 observedGeneration:
591 description: ObservedGeneration is the last observed generation.
592 format: int64
593 type: integer
594 url:
595 description: URL is the download link for the artifact output of the
596 last Bucket sync.
597 type: string
598 type: object
599 type: object
600 served: true
601 storage: false
602 subresources:
603 status: {}
604 - additionalPrinterColumns:
605 - jsonPath: .spec.endpoint
606 name: Endpoint
607 type: string
608 - jsonPath: .metadata.creationTimestamp
609 name: Age
610 type: date
611 - jsonPath: .status.conditions[?(@.type=="Ready")].status
612 name: Ready
613 type: string
614 - jsonPath: .status.conditions[?(@.type=="Ready")].message
615 name: Status
616 type: string
617 deprecated: true
618 deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
619 name: v1beta2
620 schema:
621 openAPIV3Schema:
622 description: Bucket is the Schema for the buckets API.
623 properties:
624 apiVersion:
625 description: |-
626 APIVersion defines the versioned schema of this representation of an object.
627 Servers should convert recognized schemas to the latest internal value, and
628 may reject unrecognized values.
629 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
630 type: string
631 kind:
632 description: |-
633 Kind is a string value representing the REST resource this object represents.
634 Servers may infer this from the endpoint the client submits requests to.
635 Cannot be updated.
636 In CamelCase.
637 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
638 type: string
639 metadata:
640 type: object
641 spec:
642 description: |-
643 BucketSpec specifies the required configuration to produce an Artifact for
644 an object storage bucket.
645 properties:
646 accessFrom:
647 description: |-
648 AccessFrom specifies an Access Control List for allowing cross-namespace
649 references to this object.
650 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
651 properties:
652 namespaceSelectors:
653 description: |-
654 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
655 Items in this list are evaluated using a logical OR operation.
656 items:
657 description: |-
658 NamespaceSelector selects the namespaces to which this ACL applies.
659 An empty map of MatchLabels matches all namespaces in a cluster.
660 properties:
661 matchLabels:
662 additionalProperties:
663 type: string
664 description: |-
665 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
666 map is equivalent to an element of matchExpressions, whose key field is "key", the
667 operator is "In", and the values array contains only "value". The requirements are ANDed.
668 type: object
669 type: object
670 type: array
671 required:
672 - namespaceSelectors
673 type: object
674 bucketName:
675 description: BucketName is the name of the object storage bucket.
676 type: string
677 certSecretRef:
678 description: |-
679 CertSecretRef can be given the name of a Secret containing
680 either or both of
681
682 - a PEM-encoded client certificate (`tls.crt`) and private
683 key (`tls.key`);
684 - a PEM-encoded CA certificate (`ca.crt`)
685
686 and whichever are supplied, will be used for connecting to the
687 bucket. The client cert and key are useful if you are
688 authenticating with a certificate; the CA cert is useful if
689 you are using a self-signed server certificate. The Secret must
690 be of type `Opaque` or `kubernetes.io/tls`.
691
692 This field is only supported for the `generic` provider.
693 properties:
694 name:
695 description: Name of the referent.
696 type: string
697 required:
698 - name
699 type: object
700 endpoint:
701 description: Endpoint is the object storage address the BucketName
702 is located at.
703 type: string
704 ignore:
705 description: |-
706 Ignore overrides the set of excluded patterns in the .sourceignore format
707 (which is the same as .gitignore). If not provided, a default will be used,
708 consult the documentation for your version to find out what those are.
709 type: string
710 insecure:
711 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
712 type: boolean
713 interval:
714 description: |-
715 Interval at which the Bucket Endpoint is checked for updates.
716 This interval is approximate and may be subject to jitter to ensure
717 efficient use of resources.
718 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
719 type: string
720 prefix:
721 description: Prefix to use for server-side filtering of files in the
722 Bucket.
723 type: string
724 provider:
725 default: generic
726 description: |-
727 Provider of the object storage bucket.
728 Defaults to 'generic', which expects an S3 (API) compatible object
729 storage.
730 enum:
731 - generic
732 - aws
733 - gcp
734 - azure
735 type: string
736 proxySecretRef:
737 description: |-
738 ProxySecretRef specifies the Secret containing the proxy configuration
739 to use while communicating with the Bucket server.
740 properties:
741 name:
742 description: Name of the referent.
743 type: string
744 required:
745 - name
746 type: object
747 region:
748 description: Region of the Endpoint where the BucketName is located
749 in.
750 type: string
751 secretRef:
752 description: |-
753 SecretRef specifies the Secret containing authentication credentials
754 for the Bucket.
755 properties:
756 name:
757 description: Name of the referent.
758 type: string
759 required:
760 - name
761 type: object
762 sts:
763 description: |-
764 STS specifies the required configuration to use a Security Token
765 Service for fetching temporary credentials to authenticate in a
766 Bucket provider.
767
768 This field is only supported for the `aws` and `generic` providers.
769 properties:
770 certSecretRef:
771 description: |-
772 CertSecretRef can be given the name of a Secret containing
773 either or both of
774
775 - a PEM-encoded client certificate (`tls.crt`) and private
776 key (`tls.key`);
777 - a PEM-encoded CA certificate (`ca.crt`)
778
779 and whichever are supplied, will be used for connecting to the
780 STS endpoint. The client cert and key are useful if you are
781 authenticating with a certificate; the CA cert is useful if
782 you are using a self-signed server certificate. The Secret must
783 be of type `Opaque` or `kubernetes.io/tls`.
784
785 This field is only supported for the `ldap` provider.
786 properties:
787 name:
788 description: Name of the referent.
789 type: string
790 required:
791 - name
792 type: object
793 endpoint:
794 description: |-
795 Endpoint is the HTTP/S endpoint of the Security Token Service from
796 where temporary credentials will be fetched.
797 pattern: ^(http|https)://.*$
798 type: string
799 provider:
800 description: Provider of the Security Token Service.
801 enum:
802 - aws
803 - ldap
804 type: string
805 secretRef:
806 description: |-
807 SecretRef specifies the Secret containing authentication credentials
808 for the STS endpoint. This Secret must contain the fields `username`
809 and `password` and is supported only for the `ldap` provider.
810 properties:
811 name:
812 description: Name of the referent.
813 type: string
814 required:
815 - name
816 type: object
817 required:
818 - endpoint
819 - provider
820 type: object
821 suspend:
822 description: |-
823 Suspend tells the controller to suspend the reconciliation of this
824 Bucket.
825 type: boolean
826 timeout:
827 default: 60s
828 description: Timeout for fetch operations, defaults to 60s.
829 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
830 type: string
831 required:
832 - bucketName
833 - endpoint
834 - interval
835 type: object
836 x-kubernetes-validations:
837 - message: STS configuration is only supported for the 'aws' and 'generic'
838 Bucket providers
839 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
840 - message: '''aws'' is the only supported STS provider for the ''aws''
841 Bucket provider'
842 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
843 == 'aws'
844 - message: '''ldap'' is the only supported STS provider for the ''generic''
845 Bucket provider'
846 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
847 == 'ldap'
848 - message: spec.sts.secretRef is not required for the 'aws' STS provider
849 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
850 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
851 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
852 status:
853 default:
854 observedGeneration: -1
855 description: BucketStatus records the observed state of a Bucket.
856 properties:
857 artifact:
858 description: Artifact represents the last successful Bucket reconciliation.
859 properties:
860 digest:
861 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
862 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
863 type: string
864 lastUpdateTime:
865 description: |-
866 LastUpdateTime is the timestamp corresponding to the last update of the
867 Artifact.
868 format: date-time
869 type: string
870 metadata:
871 additionalProperties:
872 type: string
873 description: Metadata holds upstream information such as OCI annotations.
874 type: object
875 path:
876 description: |-
877 Path is the relative file path of the Artifact. It can be used to locate
878 the file in the root of the Artifact storage on the local file system of
879 the controller managing the Source.
880 type: string
881 revision:
882 description: |-
883 Revision is a human-readable identifier traceable in the origin source
884 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
885 type: string
886 size:
887 description: Size is the number of bytes in the file.
888 format: int64
889 type: integer
890 url:
891 description: |-
892 URL is the HTTP address of the Artifact as exposed by the controller
893 managing the Source. It can be used to retrieve the Artifact for
894 consumption, e.g. by another controller applying the Artifact contents.
895 type: string
896 required:
897 - lastUpdateTime
898 - path
899 - revision
900 - url
901 type: object
902 conditions:
903 description: Conditions holds the conditions for the Bucket.
904 items:
905 description: Condition contains details for one aspect of the current
906 state of this API Resource.
907 properties:
908 lastTransitionTime:
909 description: |-
910 lastTransitionTime is the last time the condition transitioned from one status to another.
911 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
912 format: date-time
913 type: string
914 message:
915 description: |-
916 message is a human readable message indicating details about the transition.
917 This may be an empty string.
918 maxLength: 32768
919 type: string
920 observedGeneration:
921 description: |-
922 observedGeneration represents the .metadata.generation that the condition was set based upon.
923 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
924 with respect to the current state of the instance.
925 format: int64
926 minimum: 0
927 type: integer
928 reason:
929 description: |-
930 reason contains a programmatic identifier indicating the reason for the condition's last transition.
931 Producers of specific condition types may define expected values and meanings for this field,
932 and whether the values are considered a guaranteed API.
933 The value should be a CamelCase string.
934 This field may not be empty.
935 maxLength: 1024
936 minLength: 1
937 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
938 type: string
939 status:
940 description: status of the condition, one of True, False, Unknown.
941 enum:
942 - "True"
943 - "False"
944 - Unknown
945 type: string
946 type:
947 description: type of condition in CamelCase or in foo.example.com/CamelCase.
948 maxLength: 316
949 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
950 type: string
951 required:
952 - lastTransitionTime
953 - message
954 - reason
955 - status
956 - type
957 type: object
958 type: array
959 lastHandledReconcileAt:
960 description: |-
961 LastHandledReconcileAt holds the value of the most recent
962 reconcile request value, so a change of the annotation value
963 can be detected.
964 type: string
965 observedGeneration:
966 description: ObservedGeneration is the last observed generation of
967 the Bucket object.
968 format: int64
969 type: integer
970 observedIgnore:
971 description: |-
972 ObservedIgnore is the observed exclusion patterns used for constructing
973 the source artifact.
974 type: string
975 url:
976 description: |-
977 URL is the dynamic fetch link for the latest Artifact.
978 It is provided on a "best effort" basis, and using the precise
979 BucketStatus.Artifact data is recommended.
980 type: string
981 type: object
982 type: object
983 served: true
984 storage: false
985 subresources:
986 status: {}
987---
988apiVersion: apiextensions.k8s.io/v1
989kind: CustomResourceDefinition
990metadata:
991 annotations:
992 controller-gen.kubebuilder.io/version: v0.16.1
993 labels:
994 app.kubernetes.io/component: source-controller
995 app.kubernetes.io/part-of: flux
996 name: gitrepositories.source.toolkit.fluxcd.io
997spec:
998 group: source.toolkit.fluxcd.io
999 names:
1000 kind: GitRepository
1001 listKind: GitRepositoryList
1002 plural: gitrepositories
1003 shortNames:
1004 - gitrepo
1005 singular: gitrepository
1006 scope: Namespaced
1007 versions:
1008 - additionalPrinterColumns:
1009 - jsonPath: .spec.url
1010 name: URL
1011 type: string
1012 - jsonPath: .metadata.creationTimestamp
1013 name: Age
1014 type: date
1015 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1016 name: Ready
1017 type: string
1018 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1019 name: Status
1020 type: string
1021 name: v1
1022 schema:
1023 openAPIV3Schema:
1024 description: GitRepository is the Schema for the gitrepositories API.
1025 properties:
1026 apiVersion:
1027 description: |-
1028 APIVersion defines the versioned schema of this representation of an object.
1029 Servers should convert recognized schemas to the latest internal value, and
1030 may reject unrecognized values.
1031 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1032 type: string
1033 kind:
1034 description: |-
1035 Kind is a string value representing the REST resource this object represents.
1036 Servers may infer this from the endpoint the client submits requests to.
1037 Cannot be updated.
1038 In CamelCase.
1039 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1040 type: string
1041 metadata:
1042 type: object
1043 spec:
1044 description: |-
1045 GitRepositorySpec specifies the required configuration to produce an
1046 Artifact for a Git repository.
1047 properties:
1048 ignore:
1049 description: |-
1050 Ignore overrides the set of excluded patterns in the .sourceignore format
1051 (which is the same as .gitignore). If not provided, a default will be used,
1052 consult the documentation for your version to find out what those are.
1053 type: string
1054 include:
1055 description: |-
1056 Include specifies a list of GitRepository resources which Artifacts
1057 should be included in the Artifact produced for this GitRepository.
1058 items:
1059 description: |-
1060 GitRepositoryInclude specifies a local reference to a GitRepository which
1061 Artifact (sub-)contents must be included, and where they should be placed.
1062 properties:
1063 fromPath:
1064 description: |-
1065 FromPath specifies the path to copy contents from, defaults to the root
1066 of the Artifact.
1067 type: string
1068 repository:
1069 description: |-
1070 GitRepositoryRef specifies the GitRepository which Artifact contents
1071 must be included.
1072 properties:
1073 name:
1074 description: Name of the referent.
1075 type: string
1076 required:
1077 - name
1078 type: object
1079 toPath:
1080 description: |-
1081 ToPath specifies the path to copy contents to, defaults to the name of
1082 the GitRepositoryRef.
1083 type: string
1084 required:
1085 - repository
1086 type: object
1087 type: array
1088 interval:
1089 description: |-
1090 Interval at which the GitRepository URL is checked for updates.
1091 This interval is approximate and may be subject to jitter to ensure
1092 efficient use of resources.
1093 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1094 type: string
1095 provider:
1096 description: |-
1097 Provider used for authentication, can be 'azure', 'generic'.
1098 When not specified, defaults to 'generic'.
1099 enum:
1100 - generic
1101 - azure
1102 type: string
1103 proxySecretRef:
1104 description: |-
1105 ProxySecretRef specifies the Secret containing the proxy configuration
1106 to use while communicating with the Git server.
1107 properties:
1108 name:
1109 description: Name of the referent.
1110 type: string
1111 required:
1112 - name
1113 type: object
1114 recurseSubmodules:
1115 description: |-
1116 RecurseSubmodules enables the initialization of all submodules within
1117 the GitRepository as cloned from the URL, using their default settings.
1118 type: boolean
1119 ref:
1120 description: |-
1121 Reference specifies the Git reference to resolve and monitor for
1122 changes, defaults to the 'master' branch.
1123 properties:
1124 branch:
1125 description: Branch to check out, defaults to 'master' if no other
1126 field is defined.
1127 type: string
1128 commit:
1129 description: |-
1130 Commit SHA to check out, takes precedence over all reference fields.
1131
1132 This can be combined with Branch to shallow clone the branch, in which
1133 the commit is expected to exist.
1134 type: string
1135 name:
1136 description: |-
1137 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1138
1139 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1140 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1141 type: string
1142 semver:
1143 description: SemVer tag expression to check out, takes precedence
1144 over Tag.
1145 type: string
1146 tag:
1147 description: Tag to check out, takes precedence over Branch.
1148 type: string
1149 type: object
1150 secretRef:
1151 description: |-
1152 SecretRef specifies the Secret containing authentication credentials for
1153 the GitRepository.
1154 For HTTPS repositories the Secret must contain 'username' and 'password'
1155 fields for basic auth or 'bearerToken' field for token auth.
1156 For SSH repositories the Secret must contain 'identity'
1157 and 'known_hosts' fields.
1158 properties:
1159 name:
1160 description: Name of the referent.
1161 type: string
1162 required:
1163 - name
1164 type: object
1165 suspend:
1166 description: |-
1167 Suspend tells the controller to suspend the reconciliation of this
1168 GitRepository.
1169 type: boolean
1170 timeout:
1171 default: 60s
1172 description: Timeout for Git operations like cloning, defaults to
1173 60s.
1174 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1175 type: string
1176 url:
1177 description: URL specifies the Git repository URL, it can be an HTTP/S
1178 or SSH address.
1179 pattern: ^(http|https|ssh)://.*$
1180 type: string
1181 verify:
1182 description: |-
1183 Verification specifies the configuration to verify the Git commit
1184 signature(s).
1185 properties:
1186 mode:
1187 default: HEAD
1188 description: |-
1189 Mode specifies which Git object(s) should be verified.
1190
1191 The variants "head" and "HEAD" both imply the same thing, i.e. verify
1192 the commit that the HEAD of the Git repository points to. The variant
1193 "head" solely exists to ensure backwards compatibility.
1194 enum:
1195 - head
1196 - HEAD
1197 - Tag
1198 - TagAndHEAD
1199 type: string
1200 secretRef:
1201 description: |-
1202 SecretRef specifies the Secret containing the public keys of trusted Git
1203 authors.
1204 properties:
1205 name:
1206 description: Name of the referent.
1207 type: string
1208 required:
1209 - name
1210 type: object
1211 required:
1212 - secretRef
1213 type: object
1214 required:
1215 - interval
1216 - url
1217 type: object
1218 status:
1219 default:
1220 observedGeneration: -1
1221 description: GitRepositoryStatus records the observed state of a Git repository.
1222 properties:
1223 artifact:
1224 description: Artifact represents the last successful GitRepository
1225 reconciliation.
1226 properties:
1227 digest:
1228 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1229 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1230 type: string
1231 lastUpdateTime:
1232 description: |-
1233 LastUpdateTime is the timestamp corresponding to the last update of the
1234 Artifact.
1235 format: date-time
1236 type: string
1237 metadata:
1238 additionalProperties:
1239 type: string
1240 description: Metadata holds upstream information such as OCI annotations.
1241 type: object
1242 path:
1243 description: |-
1244 Path is the relative file path of the Artifact. It can be used to locate
1245 the file in the root of the Artifact storage on the local file system of
1246 the controller managing the Source.
1247 type: string
1248 revision:
1249 description: |-
1250 Revision is a human-readable identifier traceable in the origin source
1251 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1252 type: string
1253 size:
1254 description: Size is the number of bytes in the file.
1255 format: int64
1256 type: integer
1257 url:
1258 description: |-
1259 URL is the HTTP address of the Artifact as exposed by the controller
1260 managing the Source. It can be used to retrieve the Artifact for
1261 consumption, e.g. by another controller applying the Artifact contents.
1262 type: string
1263 required:
1264 - lastUpdateTime
1265 - path
1266 - revision
1267 - url
1268 type: object
1269 conditions:
1270 description: Conditions holds the conditions for the GitRepository.
1271 items:
1272 description: Condition contains details for one aspect of the current
1273 state of this API Resource.
1274 properties:
1275 lastTransitionTime:
1276 description: |-
1277 lastTransitionTime is the last time the condition transitioned from one status to another.
1278 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1279 format: date-time
1280 type: string
1281 message:
1282 description: |-
1283 message is a human readable message indicating details about the transition.
1284 This may be an empty string.
1285 maxLength: 32768
1286 type: string
1287 observedGeneration:
1288 description: |-
1289 observedGeneration represents the .metadata.generation that the condition was set based upon.
1290 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1291 with respect to the current state of the instance.
1292 format: int64
1293 minimum: 0
1294 type: integer
1295 reason:
1296 description: |-
1297 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1298 Producers of specific condition types may define expected values and meanings for this field,
1299 and whether the values are considered a guaranteed API.
1300 The value should be a CamelCase string.
1301 This field may not be empty.
1302 maxLength: 1024
1303 minLength: 1
1304 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1305 type: string
1306 status:
1307 description: status of the condition, one of True, False, Unknown.
1308 enum:
1309 - "True"
1310 - "False"
1311 - Unknown
1312 type: string
1313 type:
1314 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1315 maxLength: 316
1316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1317 type: string
1318 required:
1319 - lastTransitionTime
1320 - message
1321 - reason
1322 - status
1323 - type
1324 type: object
1325 type: array
1326 includedArtifacts:
1327 description: |-
1328 IncludedArtifacts contains a list of the last successfully included
1329 Artifacts as instructed by GitRepositorySpec.Include.
1330 items:
1331 description: Artifact represents the output of a Source reconciliation.
1332 properties:
1333 digest:
1334 description: Digest is the digest of the file in the form of
1335 '<algorithm>:<checksum>'.
1336 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1337 type: string
1338 lastUpdateTime:
1339 description: |-
1340 LastUpdateTime is the timestamp corresponding to the last update of the
1341 Artifact.
1342 format: date-time
1343 type: string
1344 metadata:
1345 additionalProperties:
1346 type: string
1347 description: Metadata holds upstream information such as OCI
1348 annotations.
1349 type: object
1350 path:
1351 description: |-
1352 Path is the relative file path of the Artifact. It can be used to locate
1353 the file in the root of the Artifact storage on the local file system of
1354 the controller managing the Source.
1355 type: string
1356 revision:
1357 description: |-
1358 Revision is a human-readable identifier traceable in the origin source
1359 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1360 type: string
1361 size:
1362 description: Size is the number of bytes in the file.
1363 format: int64
1364 type: integer
1365 url:
1366 description: |-
1367 URL is the HTTP address of the Artifact as exposed by the controller
1368 managing the Source. It can be used to retrieve the Artifact for
1369 consumption, e.g. by another controller applying the Artifact contents.
1370 type: string
1371 required:
1372 - lastUpdateTime
1373 - path
1374 - revision
1375 - url
1376 type: object
1377 type: array
1378 lastHandledReconcileAt:
1379 description: |-
1380 LastHandledReconcileAt holds the value of the most recent
1381 reconcile request value, so a change of the annotation value
1382 can be detected.
1383 type: string
1384 observedGeneration:
1385 description: |-
1386 ObservedGeneration is the last observed generation of the GitRepository
1387 object.
1388 format: int64
1389 type: integer
1390 observedIgnore:
1391 description: |-
1392 ObservedIgnore is the observed exclusion patterns used for constructing
1393 the source artifact.
1394 type: string
1395 observedInclude:
1396 description: |-
1397 ObservedInclude is the observed list of GitRepository resources used to
1398 produce the current Artifact.
1399 items:
1400 description: |-
1401 GitRepositoryInclude specifies a local reference to a GitRepository which
1402 Artifact (sub-)contents must be included, and where they should be placed.
1403 properties:
1404 fromPath:
1405 description: |-
1406 FromPath specifies the path to copy contents from, defaults to the root
1407 of the Artifact.
1408 type: string
1409 repository:
1410 description: |-
1411 GitRepositoryRef specifies the GitRepository which Artifact contents
1412 must be included.
1413 properties:
1414 name:
1415 description: Name of the referent.
1416 type: string
1417 required:
1418 - name
1419 type: object
1420 toPath:
1421 description: |-
1422 ToPath specifies the path to copy contents to, defaults to the name of
1423 the GitRepositoryRef.
1424 type: string
1425 required:
1426 - repository
1427 type: object
1428 type: array
1429 observedRecurseSubmodules:
1430 description: |-
1431 ObservedRecurseSubmodules is the observed resource submodules
1432 configuration used to produce the current Artifact.
1433 type: boolean
1434 sourceVerificationMode:
1435 description: |-
1436 SourceVerificationMode is the last used verification mode indicating
1437 which Git object(s) have been verified.
1438 type: string
1439 type: object
1440 type: object
1441 served: true
1442 storage: true
1443 subresources:
1444 status: {}
1445 - additionalPrinterColumns:
1446 - jsonPath: .spec.url
1447 name: URL
1448 type: string
1449 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1450 name: Ready
1451 type: string
1452 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1453 name: Status
1454 type: string
1455 - jsonPath: .metadata.creationTimestamp
1456 name: Age
1457 type: date
1458 deprecated: true
1459 deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
1460 name: v1beta1
1461 schema:
1462 openAPIV3Schema:
1463 description: GitRepository is the Schema for the gitrepositories API
1464 properties:
1465 apiVersion:
1466 description: |-
1467 APIVersion defines the versioned schema of this representation of an object.
1468 Servers should convert recognized schemas to the latest internal value, and
1469 may reject unrecognized values.
1470 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1471 type: string
1472 kind:
1473 description: |-
1474 Kind is a string value representing the REST resource this object represents.
1475 Servers may infer this from the endpoint the client submits requests to.
1476 Cannot be updated.
1477 In CamelCase.
1478 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1479 type: string
1480 metadata:
1481 type: object
1482 spec:
1483 description: GitRepositorySpec defines the desired state of a Git repository.
1484 properties:
1485 accessFrom:
1486 description: AccessFrom defines an Access Control List for allowing
1487 cross-namespace references to this object.
1488 properties:
1489 namespaceSelectors:
1490 description: |-
1491 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1492 Items in this list are evaluated using a logical OR operation.
1493 items:
1494 description: |-
1495 NamespaceSelector selects the namespaces to which this ACL applies.
1496 An empty map of MatchLabels matches all namespaces in a cluster.
1497 properties:
1498 matchLabels:
1499 additionalProperties:
1500 type: string
1501 description: |-
1502 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1503 map is equivalent to an element of matchExpressions, whose key field is "key", the
1504 operator is "In", and the values array contains only "value". The requirements are ANDed.
1505 type: object
1506 type: object
1507 type: array
1508 required:
1509 - namespaceSelectors
1510 type: object
1511 gitImplementation:
1512 default: go-git
1513 description: |-
1514 Determines which git client library to use.
1515 Defaults to go-git, valid values are ('go-git', 'libgit2').
1516 enum:
1517 - go-git
1518 - libgit2
1519 type: string
1520 ignore:
1521 description: |-
1522 Ignore overrides the set of excluded patterns in the .sourceignore format
1523 (which is the same as .gitignore). If not provided, a default will be used,
1524 consult the documentation for your version to find out what those are.
1525 type: string
1526 include:
1527 description: Extra git repositories to map into the repository
1528 items:
1529 description: GitRepositoryInclude defines a source with a from and
1530 to path.
1531 properties:
1532 fromPath:
1533 description: The path to copy contents from, defaults to the
1534 root directory.
1535 type: string
1536 repository:
1537 description: Reference to a GitRepository to include.
1538 properties:
1539 name:
1540 description: Name of the referent.
1541 type: string
1542 required:
1543 - name
1544 type: object
1545 toPath:
1546 description: The path to copy contents to, defaults to the name
1547 of the source ref.
1548 type: string
1549 required:
1550 - repository
1551 type: object
1552 type: array
1553 interval:
1554 description: The interval at which to check for repository updates.
1555 type: string
1556 recurseSubmodules:
1557 description: |-
1558 When enabled, after the clone is created, initializes all submodules within,
1559 using their default settings.
1560 This option is available only when using the 'go-git' GitImplementation.
1561 type: boolean
1562 ref:
1563 description: |-
1564 The Git reference to checkout and monitor for changes, defaults to
1565 master branch.
1566 properties:
1567 branch:
1568 description: The Git branch to checkout, defaults to master.
1569 type: string
1570 commit:
1571 description: The Git commit SHA to checkout, if specified Tag
1572 filters will be ignored.
1573 type: string
1574 semver:
1575 description: The Git tag semver expression, takes precedence over
1576 Tag.
1577 type: string
1578 tag:
1579 description: The Git tag to checkout, takes precedence over Branch.
1580 type: string
1581 type: object
1582 secretRef:
1583 description: |-
1584 The secret name containing the Git credentials.
1585 For HTTPS repositories the secret must contain username and password
1586 fields.
1587 For SSH repositories the secret must contain identity and known_hosts
1588 fields.
1589 properties:
1590 name:
1591 description: Name of the referent.
1592 type: string
1593 required:
1594 - name
1595 type: object
1596 suspend:
1597 description: This flag tells the controller to suspend the reconciliation
1598 of this source.
1599 type: boolean
1600 timeout:
1601 default: 60s
1602 description: The timeout for remote Git operations like cloning, defaults
1603 to 60s.
1604 type: string
1605 url:
1606 description: The repository URL, can be a HTTP/S or SSH address.
1607 pattern: ^(http|https|ssh)://.*$
1608 type: string
1609 verify:
1610 description: Verify OpenPGP signature for the Git commit HEAD points
1611 to.
1612 properties:
1613 mode:
1614 description: Mode describes what git object should be verified,
1615 currently ('head').
1616 enum:
1617 - head
1618 type: string
1619 secretRef:
1620 description: The secret name containing the public keys of all
1621 trusted Git authors.
1622 properties:
1623 name:
1624 description: Name of the referent.
1625 type: string
1626 required:
1627 - name
1628 type: object
1629 required:
1630 - mode
1631 type: object
1632 required:
1633 - interval
1634 - url
1635 type: object
1636 status:
1637 default:
1638 observedGeneration: -1
1639 description: GitRepositoryStatus defines the observed state of a Git repository.
1640 properties:
1641 artifact:
1642 description: Artifact represents the output of the last successful
1643 repository sync.
1644 properties:
1645 checksum:
1646 description: Checksum is the SHA256 checksum of the artifact.
1647 type: string
1648 lastUpdateTime:
1649 description: |-
1650 LastUpdateTime is the timestamp corresponding to the last update of this
1651 artifact.
1652 format: date-time
1653 type: string
1654 path:
1655 description: Path is the relative file path of this artifact.
1656 type: string
1657 revision:
1658 description: |-
1659 Revision is a human readable identifier traceable in the origin source
1660 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
1661 chart version, etc.
1662 type: string
1663 url:
1664 description: URL is the HTTP address of this artifact.
1665 type: string
1666 required:
1667 - lastUpdateTime
1668 - path
1669 - url
1670 type: object
1671 conditions:
1672 description: Conditions holds the conditions for the GitRepository.
1673 items:
1674 description: Condition contains details for one aspect of the current
1675 state of this API Resource.
1676 properties:
1677 lastTransitionTime:
1678 description: |-
1679 lastTransitionTime is the last time the condition transitioned from one status to another.
1680 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1681 format: date-time
1682 type: string
1683 message:
1684 description: |-
1685 message is a human readable message indicating details about the transition.
1686 This may be an empty string.
1687 maxLength: 32768
1688 type: string
1689 observedGeneration:
1690 description: |-
1691 observedGeneration represents the .metadata.generation that the condition was set based upon.
1692 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1693 with respect to the current state of the instance.
1694 format: int64
1695 minimum: 0
1696 type: integer
1697 reason:
1698 description: |-
1699 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1700 Producers of specific condition types may define expected values and meanings for this field,
1701 and whether the values are considered a guaranteed API.
1702 The value should be a CamelCase string.
1703 This field may not be empty.
1704 maxLength: 1024
1705 minLength: 1
1706 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1707 type: string
1708 status:
1709 description: status of the condition, one of True, False, Unknown.
1710 enum:
1711 - "True"
1712 - "False"
1713 - Unknown
1714 type: string
1715 type:
1716 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1717 maxLength: 316
1718 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1719 type: string
1720 required:
1721 - lastTransitionTime
1722 - message
1723 - reason
1724 - status
1725 - type
1726 type: object
1727 type: array
1728 includedArtifacts:
1729 description: IncludedArtifacts represents the included artifacts from
1730 the last successful repository sync.
1731 items:
1732 description: Artifact represents the output of a source synchronisation.
1733 properties:
1734 checksum:
1735 description: Checksum is the SHA256 checksum of the artifact.
1736 type: string
1737 lastUpdateTime:
1738 description: |-
1739 LastUpdateTime is the timestamp corresponding to the last update of this
1740 artifact.
1741 format: date-time
1742 type: string
1743 path:
1744 description: Path is the relative file path of this artifact.
1745 type: string
1746 revision:
1747 description: |-
1748 Revision is a human readable identifier traceable in the origin source
1749 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
1750 chart version, etc.
1751 type: string
1752 url:
1753 description: URL is the HTTP address of this artifact.
1754 type: string
1755 required:
1756 - lastUpdateTime
1757 - path
1758 - url
1759 type: object
1760 type: array
1761 lastHandledReconcileAt:
1762 description: |-
1763 LastHandledReconcileAt holds the value of the most recent
1764 reconcile request value, so a change of the annotation value
1765 can be detected.
1766 type: string
1767 observedGeneration:
1768 description: ObservedGeneration is the last observed generation.
1769 format: int64
1770 type: integer
1771 url:
1772 description: |-
1773 URL is the download link for the artifact output of the last repository
1774 sync.
1775 type: string
1776 type: object
1777 type: object
1778 served: true
1779 storage: false
1780 subresources:
1781 status: {}
1782 - additionalPrinterColumns:
1783 - jsonPath: .spec.url
1784 name: URL
1785 type: string
1786 - jsonPath: .metadata.creationTimestamp
1787 name: Age
1788 type: date
1789 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1790 name: Ready
1791 type: string
1792 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1793 name: Status
1794 type: string
1795 deprecated: true
1796 deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
1797 name: v1beta2
1798 schema:
1799 openAPIV3Schema:
1800 description: GitRepository is the Schema for the gitrepositories API.
1801 properties:
1802 apiVersion:
1803 description: |-
1804 APIVersion defines the versioned schema of this representation of an object.
1805 Servers should convert recognized schemas to the latest internal value, and
1806 may reject unrecognized values.
1807 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1808 type: string
1809 kind:
1810 description: |-
1811 Kind is a string value representing the REST resource this object represents.
1812 Servers may infer this from the endpoint the client submits requests to.
1813 Cannot be updated.
1814 In CamelCase.
1815 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1816 type: string
1817 metadata:
1818 type: object
1819 spec:
1820 description: |-
1821 GitRepositorySpec specifies the required configuration to produce an
1822 Artifact for a Git repository.
1823 properties:
1824 accessFrom:
1825 description: |-
1826 AccessFrom specifies an Access Control List for allowing cross-namespace
1827 references to this object.
1828 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
1829 properties:
1830 namespaceSelectors:
1831 description: |-
1832 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1833 Items in this list are evaluated using a logical OR operation.
1834 items:
1835 description: |-
1836 NamespaceSelector selects the namespaces to which this ACL applies.
1837 An empty map of MatchLabels matches all namespaces in a cluster.
1838 properties:
1839 matchLabels:
1840 additionalProperties:
1841 type: string
1842 description: |-
1843 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1844 map is equivalent to an element of matchExpressions, whose key field is "key", the
1845 operator is "In", and the values array contains only "value". The requirements are ANDed.
1846 type: object
1847 type: object
1848 type: array
1849 required:
1850 - namespaceSelectors
1851 type: object
1852 gitImplementation:
1853 default: go-git
1854 description: |-
1855 GitImplementation specifies which Git client library implementation to
1856 use. Defaults to 'go-git', valid values are ('go-git', 'libgit2').
1857 Deprecated: gitImplementation is deprecated now that 'go-git' is the
1858 only supported implementation.
1859 enum:
1860 - go-git
1861 - libgit2
1862 type: string
1863 ignore:
1864 description: |-
1865 Ignore overrides the set of excluded patterns in the .sourceignore format
1866 (which is the same as .gitignore). If not provided, a default will be used,
1867 consult the documentation for your version to find out what those are.
1868 type: string
1869 include:
1870 description: |-
1871 Include specifies a list of GitRepository resources which Artifacts
1872 should be included in the Artifact produced for this GitRepository.
1873 items:
1874 description: |-
1875 GitRepositoryInclude specifies a local reference to a GitRepository which
1876 Artifact (sub-)contents must be included, and where they should be placed.
1877 properties:
1878 fromPath:
1879 description: |-
1880 FromPath specifies the path to copy contents from, defaults to the root
1881 of the Artifact.
1882 type: string
1883 repository:
1884 description: |-
1885 GitRepositoryRef specifies the GitRepository which Artifact contents
1886 must be included.
1887 properties:
1888 name:
1889 description: Name of the referent.
1890 type: string
1891 required:
1892 - name
1893 type: object
1894 toPath:
1895 description: |-
1896 ToPath specifies the path to copy contents to, defaults to the name of
1897 the GitRepositoryRef.
1898 type: string
1899 required:
1900 - repository
1901 type: object
1902 type: array
1903 interval:
1904 description: Interval at which to check the GitRepository for updates.
1905 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1906 type: string
1907 recurseSubmodules:
1908 description: |-
1909 RecurseSubmodules enables the initialization of all submodules within
1910 the GitRepository as cloned from the URL, using their default settings.
1911 type: boolean
1912 ref:
1913 description: |-
1914 Reference specifies the Git reference to resolve and monitor for
1915 changes, defaults to the 'master' branch.
1916 properties:
1917 branch:
1918 description: Branch to check out, defaults to 'master' if no other
1919 field is defined.
1920 type: string
1921 commit:
1922 description: |-
1923 Commit SHA to check out, takes precedence over all reference fields.
1924
1925 This can be combined with Branch to shallow clone the branch, in which
1926 the commit is expected to exist.
1927 type: string
1928 name:
1929 description: |-
1930 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1931
1932 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1933 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1934 type: string
1935 semver:
1936 description: SemVer tag expression to check out, takes precedence
1937 over Tag.
1938 type: string
1939 tag:
1940 description: Tag to check out, takes precedence over Branch.
1941 type: string
1942 type: object
1943 secretRef:
1944 description: |-
1945 SecretRef specifies the Secret containing authentication credentials for
1946 the GitRepository.
1947 For HTTPS repositories the Secret must contain 'username' and 'password'
1948 fields for basic auth or 'bearerToken' field for token auth.
1949 For SSH repositories the Secret must contain 'identity'
1950 and 'known_hosts' fields.
1951 properties:
1952 name:
1953 description: Name of the referent.
1954 type: string
1955 required:
1956 - name
1957 type: object
1958 suspend:
1959 description: |-
1960 Suspend tells the controller to suspend the reconciliation of this
1961 GitRepository.
1962 type: boolean
1963 timeout:
1964 default: 60s
1965 description: Timeout for Git operations like cloning, defaults to
1966 60s.
1967 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1968 type: string
1969 url:
1970 description: URL specifies the Git repository URL, it can be an HTTP/S
1971 or SSH address.
1972 pattern: ^(http|https|ssh)://.*$
1973 type: string
1974 verify:
1975 description: |-
1976 Verification specifies the configuration to verify the Git commit
1977 signature(s).
1978 properties:
1979 mode:
1980 description: Mode specifies what Git object should be verified,
1981 currently ('head').
1982 enum:
1983 - head
1984 type: string
1985 secretRef:
1986 description: |-
1987 SecretRef specifies the Secret containing the public keys of trusted Git
1988 authors.
1989 properties:
1990 name:
1991 description: Name of the referent.
1992 type: string
1993 required:
1994 - name
1995 type: object
1996 required:
1997 - mode
1998 - secretRef
1999 type: object
2000 required:
2001 - interval
2002 - url
2003 type: object
2004 status:
2005 default:
2006 observedGeneration: -1
2007 description: GitRepositoryStatus records the observed state of a Git repository.
2008 properties:
2009 artifact:
2010 description: Artifact represents the last successful GitRepository
2011 reconciliation.
2012 properties:
2013 digest:
2014 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2015 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2016 type: string
2017 lastUpdateTime:
2018 description: |-
2019 LastUpdateTime is the timestamp corresponding to the last update of the
2020 Artifact.
2021 format: date-time
2022 type: string
2023 metadata:
2024 additionalProperties:
2025 type: string
2026 description: Metadata holds upstream information such as OCI annotations.
2027 type: object
2028 path:
2029 description: |-
2030 Path is the relative file path of the Artifact. It can be used to locate
2031 the file in the root of the Artifact storage on the local file system of
2032 the controller managing the Source.
2033 type: string
2034 revision:
2035 description: |-
2036 Revision is a human-readable identifier traceable in the origin source
2037 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2038 type: string
2039 size:
2040 description: Size is the number of bytes in the file.
2041 format: int64
2042 type: integer
2043 url:
2044 description: |-
2045 URL is the HTTP address of the Artifact as exposed by the controller
2046 managing the Source. It can be used to retrieve the Artifact for
2047 consumption, e.g. by another controller applying the Artifact contents.
2048 type: string
2049 required:
2050 - lastUpdateTime
2051 - path
2052 - revision
2053 - url
2054 type: object
2055 conditions:
2056 description: Conditions holds the conditions for the GitRepository.
2057 items:
2058 description: Condition contains details for one aspect of the current
2059 state of this API Resource.
2060 properties:
2061 lastTransitionTime:
2062 description: |-
2063 lastTransitionTime is the last time the condition transitioned from one status to another.
2064 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2065 format: date-time
2066 type: string
2067 message:
2068 description: |-
2069 message is a human readable message indicating details about the transition.
2070 This may be an empty string.
2071 maxLength: 32768
2072 type: string
2073 observedGeneration:
2074 description: |-
2075 observedGeneration represents the .metadata.generation that the condition was set based upon.
2076 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2077 with respect to the current state of the instance.
2078 format: int64
2079 minimum: 0
2080 type: integer
2081 reason:
2082 description: |-
2083 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2084 Producers of specific condition types may define expected values and meanings for this field,
2085 and whether the values are considered a guaranteed API.
2086 The value should be a CamelCase string.
2087 This field may not be empty.
2088 maxLength: 1024
2089 minLength: 1
2090 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2091 type: string
2092 status:
2093 description: status of the condition, one of True, False, Unknown.
2094 enum:
2095 - "True"
2096 - "False"
2097 - Unknown
2098 type: string
2099 type:
2100 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2101 maxLength: 316
2102 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2103 type: string
2104 required:
2105 - lastTransitionTime
2106 - message
2107 - reason
2108 - status
2109 - type
2110 type: object
2111 type: array
2112 contentConfigChecksum:
2113 description: |-
2114 ContentConfigChecksum is a checksum of all the configurations related to
2115 the content of the source artifact:
2116 - .spec.ignore
2117 - .spec.recurseSubmodules
2118 - .spec.included and the checksum of the included artifacts
2119 observed in .status.observedGeneration version of the object. This can
2120 be used to determine if the content of the included repository has
2121 changed.
2122 It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
2123
2124 Deprecated: Replaced with explicit fields for observed artifact content
2125 config in the status.
2126 type: string
2127 includedArtifacts:
2128 description: |-
2129 IncludedArtifacts contains a list of the last successfully included
2130 Artifacts as instructed by GitRepositorySpec.Include.
2131 items:
2132 description: Artifact represents the output of a Source reconciliation.
2133 properties:
2134 digest:
2135 description: Digest is the digest of the file in the form of
2136 '<algorithm>:<checksum>'.
2137 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2138 type: string
2139 lastUpdateTime:
2140 description: |-
2141 LastUpdateTime is the timestamp corresponding to the last update of the
2142 Artifact.
2143 format: date-time
2144 type: string
2145 metadata:
2146 additionalProperties:
2147 type: string
2148 description: Metadata holds upstream information such as OCI
2149 annotations.
2150 type: object
2151 path:
2152 description: |-
2153 Path is the relative file path of the Artifact. It can be used to locate
2154 the file in the root of the Artifact storage on the local file system of
2155 the controller managing the Source.
2156 type: string
2157 revision:
2158 description: |-
2159 Revision is a human-readable identifier traceable in the origin source
2160 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2161 type: string
2162 size:
2163 description: Size is the number of bytes in the file.
2164 format: int64
2165 type: integer
2166 url:
2167 description: |-
2168 URL is the HTTP address of the Artifact as exposed by the controller
2169 managing the Source. It can be used to retrieve the Artifact for
2170 consumption, e.g. by another controller applying the Artifact contents.
2171 type: string
2172 required:
2173 - lastUpdateTime
2174 - path
2175 - revision
2176 - url
2177 type: object
2178 type: array
2179 lastHandledReconcileAt:
2180 description: |-
2181 LastHandledReconcileAt holds the value of the most recent
2182 reconcile request value, so a change of the annotation value
2183 can be detected.
2184 type: string
2185 observedGeneration:
2186 description: |-
2187 ObservedGeneration is the last observed generation of the GitRepository
2188 object.
2189 format: int64
2190 type: integer
2191 observedIgnore:
2192 description: |-
2193 ObservedIgnore is the observed exclusion patterns used for constructing
2194 the source artifact.
2195 type: string
2196 observedInclude:
2197 description: |-
2198 ObservedInclude is the observed list of GitRepository resources used to
2199 to produce the current Artifact.
2200 items:
2201 description: |-
2202 GitRepositoryInclude specifies a local reference to a GitRepository which
2203 Artifact (sub-)contents must be included, and where they should be placed.
2204 properties:
2205 fromPath:
2206 description: |-
2207 FromPath specifies the path to copy contents from, defaults to the root
2208 of the Artifact.
2209 type: string
2210 repository:
2211 description: |-
2212 GitRepositoryRef specifies the GitRepository which Artifact contents
2213 must be included.
2214 properties:
2215 name:
2216 description: Name of the referent.
2217 type: string
2218 required:
2219 - name
2220 type: object
2221 toPath:
2222 description: |-
2223 ToPath specifies the path to copy contents to, defaults to the name of
2224 the GitRepositoryRef.
2225 type: string
2226 required:
2227 - repository
2228 type: object
2229 type: array
2230 observedRecurseSubmodules:
2231 description: |-
2232 ObservedRecurseSubmodules is the observed resource submodules
2233 configuration used to produce the current Artifact.
2234 type: boolean
2235 url:
2236 description: |-
2237 URL is the dynamic fetch link for the latest Artifact.
2238 It is provided on a "best effort" basis, and using the precise
2239 GitRepositoryStatus.Artifact data is recommended.
2240 type: string
2241 type: object
2242 type: object
2243 served: true
2244 storage: false
2245 subresources:
2246 status: {}
2247---
2248apiVersion: apiextensions.k8s.io/v1
2249kind: CustomResourceDefinition
2250metadata:
2251 annotations:
2252 controller-gen.kubebuilder.io/version: v0.16.1
2253 labels:
2254 app.kubernetes.io/component: source-controller
2255 app.kubernetes.io/part-of: flux
2256 name: helmcharts.source.toolkit.fluxcd.io
2257spec:
2258 group: source.toolkit.fluxcd.io
2259 names:
2260 kind: HelmChart
2261 listKind: HelmChartList
2262 plural: helmcharts
2263 shortNames:
2264 - hc
2265 singular: helmchart
2266 scope: Namespaced
2267 versions:
2268 - additionalPrinterColumns:
2269 - jsonPath: .spec.chart
2270 name: Chart
2271 type: string
2272 - jsonPath: .spec.version
2273 name: Version
2274 type: string
2275 - jsonPath: .spec.sourceRef.kind
2276 name: Source Kind
2277 type: string
2278 - jsonPath: .spec.sourceRef.name
2279 name: Source Name
2280 type: string
2281 - jsonPath: .metadata.creationTimestamp
2282 name: Age
2283 type: date
2284 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2285 name: Ready
2286 type: string
2287 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2288 name: Status
2289 type: string
2290 name: v1
2291 schema:
2292 openAPIV3Schema:
2293 description: HelmChart is the Schema for the helmcharts API.
2294 properties:
2295 apiVersion:
2296 description: |-
2297 APIVersion defines the versioned schema of this representation of an object.
2298 Servers should convert recognized schemas to the latest internal value, and
2299 may reject unrecognized values.
2300 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2301 type: string
2302 kind:
2303 description: |-
2304 Kind is a string value representing the REST resource this object represents.
2305 Servers may infer this from the endpoint the client submits requests to.
2306 Cannot be updated.
2307 In CamelCase.
2308 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2309 type: string
2310 metadata:
2311 type: object
2312 spec:
2313 description: HelmChartSpec specifies the desired state of a Helm chart.
2314 properties:
2315 chart:
2316 description: |-
2317 Chart is the name or path the Helm chart is available at in the
2318 SourceRef.
2319 type: string
2320 ignoreMissingValuesFiles:
2321 description: |-
2322 IgnoreMissingValuesFiles controls whether to silently ignore missing values
2323 files rather than failing.
2324 type: boolean
2325 interval:
2326 description: |-
2327 Interval at which the HelmChart SourceRef is checked for updates.
2328 This interval is approximate and may be subject to jitter to ensure
2329 efficient use of resources.
2330 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2331 type: string
2332 reconcileStrategy:
2333 default: ChartVersion
2334 description: |-
2335 ReconcileStrategy determines what enables the creation of a new artifact.
2336 Valid values are ('ChartVersion', 'Revision').
2337 See the documentation of the values for an explanation on their behavior.
2338 Defaults to ChartVersion when omitted.
2339 enum:
2340 - ChartVersion
2341 - Revision
2342 type: string
2343 sourceRef:
2344 description: SourceRef is the reference to the Source the chart is
2345 available at.
2346 properties:
2347 apiVersion:
2348 description: APIVersion of the referent.
2349 type: string
2350 kind:
2351 description: |-
2352 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2353 'Bucket').
2354 enum:
2355 - HelmRepository
2356 - GitRepository
2357 - Bucket
2358 type: string
2359 name:
2360 description: Name of the referent.
2361 type: string
2362 required:
2363 - kind
2364 - name
2365 type: object
2366 suspend:
2367 description: |-
2368 Suspend tells the controller to suspend the reconciliation of this
2369 source.
2370 type: boolean
2371 valuesFiles:
2372 description: |-
2373 ValuesFiles is an alternative list of values files to use as the chart
2374 values (values.yaml is not included by default), expected to be a
2375 relative path in the SourceRef.
2376 Values files are merged in the order of this list with the last file
2377 overriding the first. Ignored when omitted.
2378 items:
2379 type: string
2380 type: array
2381 verify:
2382 description: |-
2383 Verify contains the secret name containing the trusted public keys
2384 used to verify the signature and specifies which provider to use to check
2385 whether OCI image is authentic.
2386 This field is only supported when using HelmRepository source with spec.type 'oci'.
2387 Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
2388 properties:
2389 matchOIDCIdentity:
2390 description: |-
2391 MatchOIDCIdentity specifies the identity matching criteria to use
2392 while verifying an OCI artifact which was signed using Cosign keyless
2393 signing. The artifact's identity is deemed to be verified if any of the
2394 specified matchers match against the identity.
2395 items:
2396 description: |-
2397 OIDCIdentityMatch specifies options for verifying the certificate identity,
2398 i.e. the issuer and the subject of the certificate.
2399 properties:
2400 issuer:
2401 description: |-
2402 Issuer specifies the regex pattern to match against to verify
2403 the OIDC issuer in the Fulcio certificate. The pattern must be a
2404 valid Go regular expression.
2405 type: string
2406 subject:
2407 description: |-
2408 Subject specifies the regex pattern to match against to verify
2409 the identity subject in the Fulcio certificate. The pattern must
2410 be a valid Go regular expression.
2411 type: string
2412 required:
2413 - issuer
2414 - subject
2415 type: object
2416 type: array
2417 provider:
2418 default: cosign
2419 description: Provider specifies the technology used to sign the
2420 OCI Artifact.
2421 enum:
2422 - cosign
2423 - notation
2424 type: string
2425 secretRef:
2426 description: |-
2427 SecretRef specifies the Kubernetes Secret containing the
2428 trusted public keys.
2429 properties:
2430 name:
2431 description: Name of the referent.
2432 type: string
2433 required:
2434 - name
2435 type: object
2436 required:
2437 - provider
2438 type: object
2439 version:
2440 default: '*'
2441 description: |-
2442 Version is the chart version semver expression, ignored for charts from
2443 GitRepository and Bucket sources. Defaults to latest when omitted.
2444 type: string
2445 required:
2446 - chart
2447 - interval
2448 - sourceRef
2449 type: object
2450 status:
2451 default:
2452 observedGeneration: -1
2453 description: HelmChartStatus records the observed state of the HelmChart.
2454 properties:
2455 artifact:
2456 description: Artifact represents the output of the last successful
2457 reconciliation.
2458 properties:
2459 digest:
2460 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2461 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2462 type: string
2463 lastUpdateTime:
2464 description: |-
2465 LastUpdateTime is the timestamp corresponding to the last update of the
2466 Artifact.
2467 format: date-time
2468 type: string
2469 metadata:
2470 additionalProperties:
2471 type: string
2472 description: Metadata holds upstream information such as OCI annotations.
2473 type: object
2474 path:
2475 description: |-
2476 Path is the relative file path of the Artifact. It can be used to locate
2477 the file in the root of the Artifact storage on the local file system of
2478 the controller managing the Source.
2479 type: string
2480 revision:
2481 description: |-
2482 Revision is a human-readable identifier traceable in the origin source
2483 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2484 type: string
2485 size:
2486 description: Size is the number of bytes in the file.
2487 format: int64
2488 type: integer
2489 url:
2490 description: |-
2491 URL is the HTTP address of the Artifact as exposed by the controller
2492 managing the Source. It can be used to retrieve the Artifact for
2493 consumption, e.g. by another controller applying the Artifact contents.
2494 type: string
2495 required:
2496 - lastUpdateTime
2497 - path
2498 - revision
2499 - url
2500 type: object
2501 conditions:
2502 description: Conditions holds the conditions for the HelmChart.
2503 items:
2504 description: Condition contains details for one aspect of the current
2505 state of this API Resource.
2506 properties:
2507 lastTransitionTime:
2508 description: |-
2509 lastTransitionTime is the last time the condition transitioned from one status to another.
2510 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2511 format: date-time
2512 type: string
2513 message:
2514 description: |-
2515 message is a human readable message indicating details about the transition.
2516 This may be an empty string.
2517 maxLength: 32768
2518 type: string
2519 observedGeneration:
2520 description: |-
2521 observedGeneration represents the .metadata.generation that the condition was set based upon.
2522 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2523 with respect to the current state of the instance.
2524 format: int64
2525 minimum: 0
2526 type: integer
2527 reason:
2528 description: |-
2529 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2530 Producers of specific condition types may define expected values and meanings for this field,
2531 and whether the values are considered a guaranteed API.
2532 The value should be a CamelCase string.
2533 This field may not be empty.
2534 maxLength: 1024
2535 minLength: 1
2536 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2537 type: string
2538 status:
2539 description: status of the condition, one of True, False, Unknown.
2540 enum:
2541 - "True"
2542 - "False"
2543 - Unknown
2544 type: string
2545 type:
2546 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2547 maxLength: 316
2548 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2549 type: string
2550 required:
2551 - lastTransitionTime
2552 - message
2553 - reason
2554 - status
2555 - type
2556 type: object
2557 type: array
2558 lastHandledReconcileAt:
2559 description: |-
2560 LastHandledReconcileAt holds the value of the most recent
2561 reconcile request value, so a change of the annotation value
2562 can be detected.
2563 type: string
2564 observedChartName:
2565 description: |-
2566 ObservedChartName is the last observed chart name as specified by the
2567 resolved chart reference.
2568 type: string
2569 observedGeneration:
2570 description: |-
2571 ObservedGeneration is the last observed generation of the HelmChart
2572 object.
2573 format: int64
2574 type: integer
2575 observedSourceArtifactRevision:
2576 description: |-
2577 ObservedSourceArtifactRevision is the last observed Artifact.Revision
2578 of the HelmChartSpec.SourceRef.
2579 type: string
2580 observedValuesFiles:
2581 description: |-
2582 ObservedValuesFiles are the observed value files of the last successful
2583 reconciliation.
2584 It matches the chart in the last successfully reconciled artifact.
2585 items:
2586 type: string
2587 type: array
2588 url:
2589 description: |-
2590 URL is the dynamic fetch link for the latest Artifact.
2591 It is provided on a "best effort" basis, and using the precise
2592 BucketStatus.Artifact data is recommended.
2593 type: string
2594 type: object
2595 type: object
2596 served: true
2597 storage: true
2598 subresources:
2599 status: {}
2600 - additionalPrinterColumns:
2601 - jsonPath: .spec.chart
2602 name: Chart
2603 type: string
2604 - jsonPath: .spec.version
2605 name: Version
2606 type: string
2607 - jsonPath: .spec.sourceRef.kind
2608 name: Source Kind
2609 type: string
2610 - jsonPath: .spec.sourceRef.name
2611 name: Source Name
2612 type: string
2613 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2614 name: Ready
2615 type: string
2616 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2617 name: Status
2618 type: string
2619 - jsonPath: .metadata.creationTimestamp
2620 name: Age
2621 type: date
2622 deprecated: true
2623 deprecationWarning: v1beta1 HelmChart is deprecated, upgrade to v1
2624 name: v1beta1
2625 schema:
2626 openAPIV3Schema:
2627 description: HelmChart is the Schema for the helmcharts API
2628 properties:
2629 apiVersion:
2630 description: |-
2631 APIVersion defines the versioned schema of this representation of an object.
2632 Servers should convert recognized schemas to the latest internal value, and
2633 may reject unrecognized values.
2634 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2635 type: string
2636 kind:
2637 description: |-
2638 Kind is a string value representing the REST resource this object represents.
2639 Servers may infer this from the endpoint the client submits requests to.
2640 Cannot be updated.
2641 In CamelCase.
2642 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2643 type: string
2644 metadata:
2645 type: object
2646 spec:
2647 description: HelmChartSpec defines the desired state of a Helm chart.
2648 properties:
2649 accessFrom:
2650 description: AccessFrom defines an Access Control List for allowing
2651 cross-namespace references to this object.
2652 properties:
2653 namespaceSelectors:
2654 description: |-
2655 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2656 Items in this list are evaluated using a logical OR operation.
2657 items:
2658 description: |-
2659 NamespaceSelector selects the namespaces to which this ACL applies.
2660 An empty map of MatchLabels matches all namespaces in a cluster.
2661 properties:
2662 matchLabels:
2663 additionalProperties:
2664 type: string
2665 description: |-
2666 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2667 map is equivalent to an element of matchExpressions, whose key field is "key", the
2668 operator is "In", and the values array contains only "value". The requirements are ANDed.
2669 type: object
2670 type: object
2671 type: array
2672 required:
2673 - namespaceSelectors
2674 type: object
2675 chart:
2676 description: The name or path the Helm chart is available at in the
2677 SourceRef.
2678 type: string
2679 interval:
2680 description: The interval at which to check the Source for updates.
2681 type: string
2682 reconcileStrategy:
2683 default: ChartVersion
2684 description: |-
2685 Determines what enables the creation of a new artifact. Valid values are
2686 ('ChartVersion', 'Revision').
2687 See the documentation of the values for an explanation on their behavior.
2688 Defaults to ChartVersion when omitted.
2689 enum:
2690 - ChartVersion
2691 - Revision
2692 type: string
2693 sourceRef:
2694 description: The reference to the Source the chart is available at.
2695 properties:
2696 apiVersion:
2697 description: APIVersion of the referent.
2698 type: string
2699 kind:
2700 description: |-
2701 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2702 'Bucket').
2703 enum:
2704 - HelmRepository
2705 - GitRepository
2706 - Bucket
2707 type: string
2708 name:
2709 description: Name of the referent.
2710 type: string
2711 required:
2712 - kind
2713 - name
2714 type: object
2715 suspend:
2716 description: This flag tells the controller to suspend the reconciliation
2717 of this source.
2718 type: boolean
2719 valuesFile:
2720 description: |-
2721 Alternative values file to use as the default chart values, expected to
2722 be a relative path in the SourceRef. Deprecated in favor of ValuesFiles,
2723 for backwards compatibility the file defined here is merged before the
2724 ValuesFiles items. Ignored when omitted.
2725 type: string
2726 valuesFiles:
2727 description: |-
2728 Alternative list of values files to use as the chart values (values.yaml
2729 is not included by default), expected to be a relative path in the SourceRef.
2730 Values files are merged in the order of this list with the last file overriding
2731 the first. Ignored when omitted.
2732 items:
2733 type: string
2734 type: array
2735 version:
2736 default: '*'
2737 description: |-
2738 The chart version semver expression, ignored for charts from GitRepository
2739 and Bucket sources. Defaults to latest when omitted.
2740 type: string
2741 required:
2742 - chart
2743 - interval
2744 - sourceRef
2745 type: object
2746 status:
2747 default:
2748 observedGeneration: -1
2749 description: HelmChartStatus defines the observed state of the HelmChart.
2750 properties:
2751 artifact:
2752 description: Artifact represents the output of the last successful
2753 chart sync.
2754 properties:
2755 checksum:
2756 description: Checksum is the SHA256 checksum of the artifact.
2757 type: string
2758 lastUpdateTime:
2759 description: |-
2760 LastUpdateTime is the timestamp corresponding to the last update of this
2761 artifact.
2762 format: date-time
2763 type: string
2764 path:
2765 description: Path is the relative file path of this artifact.
2766 type: string
2767 revision:
2768 description: |-
2769 Revision is a human readable identifier traceable in the origin source
2770 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
2771 chart version, etc.
2772 type: string
2773 url:
2774 description: URL is the HTTP address of this artifact.
2775 type: string
2776 required:
2777 - lastUpdateTime
2778 - path
2779 - url
2780 type: object
2781 conditions:
2782 description: Conditions holds the conditions for the HelmChart.
2783 items:
2784 description: Condition contains details for one aspect of the current
2785 state of this API Resource.
2786 properties:
2787 lastTransitionTime:
2788 description: |-
2789 lastTransitionTime is the last time the condition transitioned from one status to another.
2790 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2791 format: date-time
2792 type: string
2793 message:
2794 description: |-
2795 message is a human readable message indicating details about the transition.
2796 This may be an empty string.
2797 maxLength: 32768
2798 type: string
2799 observedGeneration:
2800 description: |-
2801 observedGeneration represents the .metadata.generation that the condition was set based upon.
2802 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2803 with respect to the current state of the instance.
2804 format: int64
2805 minimum: 0
2806 type: integer
2807 reason:
2808 description: |-
2809 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2810 Producers of specific condition types may define expected values and meanings for this field,
2811 and whether the values are considered a guaranteed API.
2812 The value should be a CamelCase string.
2813 This field may not be empty.
2814 maxLength: 1024
2815 minLength: 1
2816 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2817 type: string
2818 status:
2819 description: status of the condition, one of True, False, Unknown.
2820 enum:
2821 - "True"
2822 - "False"
2823 - Unknown
2824 type: string
2825 type:
2826 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2827 maxLength: 316
2828 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2829 type: string
2830 required:
2831 - lastTransitionTime
2832 - message
2833 - reason
2834 - status
2835 - type
2836 type: object
2837 type: array
2838 lastHandledReconcileAt:
2839 description: |-
2840 LastHandledReconcileAt holds the value of the most recent
2841 reconcile request value, so a change of the annotation value
2842 can be detected.
2843 type: string
2844 observedGeneration:
2845 description: ObservedGeneration is the last observed generation.
2846 format: int64
2847 type: integer
2848 url:
2849 description: URL is the download link for the last chart pulled.
2850 type: string
2851 type: object
2852 type: object
2853 served: true
2854 storage: false
2855 subresources:
2856 status: {}
2857 - additionalPrinterColumns:
2858 - jsonPath: .spec.chart
2859 name: Chart
2860 type: string
2861 - jsonPath: .spec.version
2862 name: Version
2863 type: string
2864 - jsonPath: .spec.sourceRef.kind
2865 name: Source Kind
2866 type: string
2867 - jsonPath: .spec.sourceRef.name
2868 name: Source Name
2869 type: string
2870 - jsonPath: .metadata.creationTimestamp
2871 name: Age
2872 type: date
2873 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2874 name: Ready
2875 type: string
2876 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2877 name: Status
2878 type: string
2879 deprecated: true
2880 deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1
2881 name: v1beta2
2882 schema:
2883 openAPIV3Schema:
2884 description: HelmChart is the Schema for the helmcharts API.
2885 properties:
2886 apiVersion:
2887 description: |-
2888 APIVersion defines the versioned schema of this representation of an object.
2889 Servers should convert recognized schemas to the latest internal value, and
2890 may reject unrecognized values.
2891 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2892 type: string
2893 kind:
2894 description: |-
2895 Kind is a string value representing the REST resource this object represents.
2896 Servers may infer this from the endpoint the client submits requests to.
2897 Cannot be updated.
2898 In CamelCase.
2899 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2900 type: string
2901 metadata:
2902 type: object
2903 spec:
2904 description: HelmChartSpec specifies the desired state of a Helm chart.
2905 properties:
2906 accessFrom:
2907 description: |-
2908 AccessFrom specifies an Access Control List for allowing cross-namespace
2909 references to this object.
2910 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
2911 properties:
2912 namespaceSelectors:
2913 description: |-
2914 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2915 Items in this list are evaluated using a logical OR operation.
2916 items:
2917 description: |-
2918 NamespaceSelector selects the namespaces to which this ACL applies.
2919 An empty map of MatchLabels matches all namespaces in a cluster.
2920 properties:
2921 matchLabels:
2922 additionalProperties:
2923 type: string
2924 description: |-
2925 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2926 map is equivalent to an element of matchExpressions, whose key field is "key", the
2927 operator is "In", and the values array contains only "value". The requirements are ANDed.
2928 type: object
2929 type: object
2930 type: array
2931 required:
2932 - namespaceSelectors
2933 type: object
2934 chart:
2935 description: |-
2936 Chart is the name or path the Helm chart is available at in the
2937 SourceRef.
2938 type: string
2939 ignoreMissingValuesFiles:
2940 description: |-
2941 IgnoreMissingValuesFiles controls whether to silently ignore missing values
2942 files rather than failing.
2943 type: boolean
2944 interval:
2945 description: |-
2946 Interval at which the HelmChart SourceRef is checked for updates.
2947 This interval is approximate and may be subject to jitter to ensure
2948 efficient use of resources.
2949 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2950 type: string
2951 reconcileStrategy:
2952 default: ChartVersion
2953 description: |-
2954 ReconcileStrategy determines what enables the creation of a new artifact.
2955 Valid values are ('ChartVersion', 'Revision').
2956 See the documentation of the values for an explanation on their behavior.
2957 Defaults to ChartVersion when omitted.
2958 enum:
2959 - ChartVersion
2960 - Revision
2961 type: string
2962 sourceRef:
2963 description: SourceRef is the reference to the Source the chart is
2964 available at.
2965 properties:
2966 apiVersion:
2967 description: APIVersion of the referent.
2968 type: string
2969 kind:
2970 description: |-
2971 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2972 'Bucket').
2973 enum:
2974 - HelmRepository
2975 - GitRepository
2976 - Bucket
2977 type: string
2978 name:
2979 description: Name of the referent.
2980 type: string
2981 required:
2982 - kind
2983 - name
2984 type: object
2985 suspend:
2986 description: |-
2987 Suspend tells the controller to suspend the reconciliation of this
2988 source.
2989 type: boolean
2990 valuesFile:
2991 description: |-
2992 ValuesFile is an alternative values file to use as the default chart
2993 values, expected to be a relative path in the SourceRef. Deprecated in
2994 favor of ValuesFiles, for backwards compatibility the file specified here
2995 is merged before the ValuesFiles items. Ignored when omitted.
2996 type: string
2997 valuesFiles:
2998 description: |-
2999 ValuesFiles is an alternative list of values files to use as the chart
3000 values (values.yaml is not included by default), expected to be a
3001 relative path in the SourceRef.
3002 Values files are merged in the order of this list with the last file
3003 overriding the first. Ignored when omitted.
3004 items:
3005 type: string
3006 type: array
3007 verify:
3008 description: |-
3009 Verify contains the secret name containing the trusted public keys
3010 used to verify the signature and specifies which provider to use to check
3011 whether OCI image is authentic.
3012 This field is only supported when using HelmRepository source with spec.type 'oci'.
3013 Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
3014 properties:
3015 matchOIDCIdentity:
3016 description: |-
3017 MatchOIDCIdentity specifies the identity matching criteria to use
3018 while verifying an OCI artifact which was signed using Cosign keyless
3019 signing. The artifact's identity is deemed to be verified if any of the
3020 specified matchers match against the identity.
3021 items:
3022 description: |-
3023 OIDCIdentityMatch specifies options for verifying the certificate identity,
3024 i.e. the issuer and the subject of the certificate.
3025 properties:
3026 issuer:
3027 description: |-
3028 Issuer specifies the regex pattern to match against to verify
3029 the OIDC issuer in the Fulcio certificate. The pattern must be a
3030 valid Go regular expression.
3031 type: string
3032 subject:
3033 description: |-
3034 Subject specifies the regex pattern to match against to verify
3035 the identity subject in the Fulcio certificate. The pattern must
3036 be a valid Go regular expression.
3037 type: string
3038 required:
3039 - issuer
3040 - subject
3041 type: object
3042 type: array
3043 provider:
3044 default: cosign
3045 description: Provider specifies the technology used to sign the
3046 OCI Artifact.
3047 enum:
3048 - cosign
3049 - notation
3050 type: string
3051 secretRef:
3052 description: |-
3053 SecretRef specifies the Kubernetes Secret containing the
3054 trusted public keys.
3055 properties:
3056 name:
3057 description: Name of the referent.
3058 type: string
3059 required:
3060 - name
3061 type: object
3062 required:
3063 - provider
3064 type: object
3065 version:
3066 default: '*'
3067 description: |-
3068 Version is the chart version semver expression, ignored for charts from
3069 GitRepository and Bucket sources. Defaults to latest when omitted.
3070 type: string
3071 required:
3072 - chart
3073 - interval
3074 - sourceRef
3075 type: object
3076 status:
3077 default:
3078 observedGeneration: -1
3079 description: HelmChartStatus records the observed state of the HelmChart.
3080 properties:
3081 artifact:
3082 description: Artifact represents the output of the last successful
3083 reconciliation.
3084 properties:
3085 digest:
3086 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3087 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3088 type: string
3089 lastUpdateTime:
3090 description: |-
3091 LastUpdateTime is the timestamp corresponding to the last update of the
3092 Artifact.
3093 format: date-time
3094 type: string
3095 metadata:
3096 additionalProperties:
3097 type: string
3098 description: Metadata holds upstream information such as OCI annotations.
3099 type: object
3100 path:
3101 description: |-
3102 Path is the relative file path of the Artifact. It can be used to locate
3103 the file in the root of the Artifact storage on the local file system of
3104 the controller managing the Source.
3105 type: string
3106 revision:
3107 description: |-
3108 Revision is a human-readable identifier traceable in the origin source
3109 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3110 type: string
3111 size:
3112 description: Size is the number of bytes in the file.
3113 format: int64
3114 type: integer
3115 url:
3116 description: |-
3117 URL is the HTTP address of the Artifact as exposed by the controller
3118 managing the Source. It can be used to retrieve the Artifact for
3119 consumption, e.g. by another controller applying the Artifact contents.
3120 type: string
3121 required:
3122 - lastUpdateTime
3123 - path
3124 - revision
3125 - url
3126 type: object
3127 conditions:
3128 description: Conditions holds the conditions for the HelmChart.
3129 items:
3130 description: Condition contains details for one aspect of the current
3131 state of this API Resource.
3132 properties:
3133 lastTransitionTime:
3134 description: |-
3135 lastTransitionTime is the last time the condition transitioned from one status to another.
3136 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3137 format: date-time
3138 type: string
3139 message:
3140 description: |-
3141 message is a human readable message indicating details about the transition.
3142 This may be an empty string.
3143 maxLength: 32768
3144 type: string
3145 observedGeneration:
3146 description: |-
3147 observedGeneration represents the .metadata.generation that the condition was set based upon.
3148 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3149 with respect to the current state of the instance.
3150 format: int64
3151 minimum: 0
3152 type: integer
3153 reason:
3154 description: |-
3155 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3156 Producers of specific condition types may define expected values and meanings for this field,
3157 and whether the values are considered a guaranteed API.
3158 The value should be a CamelCase string.
3159 This field may not be empty.
3160 maxLength: 1024
3161 minLength: 1
3162 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3163 type: string
3164 status:
3165 description: status of the condition, one of True, False, Unknown.
3166 enum:
3167 - "True"
3168 - "False"
3169 - Unknown
3170 type: string
3171 type:
3172 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3173 maxLength: 316
3174 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3175 type: string
3176 required:
3177 - lastTransitionTime
3178 - message
3179 - reason
3180 - status
3181 - type
3182 type: object
3183 type: array
3184 lastHandledReconcileAt:
3185 description: |-
3186 LastHandledReconcileAt holds the value of the most recent
3187 reconcile request value, so a change of the annotation value
3188 can be detected.
3189 type: string
3190 observedChartName:
3191 description: |-
3192 ObservedChartName is the last observed chart name as specified by the
3193 resolved chart reference.
3194 type: string
3195 observedGeneration:
3196 description: |-
3197 ObservedGeneration is the last observed generation of the HelmChart
3198 object.
3199 format: int64
3200 type: integer
3201 observedSourceArtifactRevision:
3202 description: |-
3203 ObservedSourceArtifactRevision is the last observed Artifact.Revision
3204 of the HelmChartSpec.SourceRef.
3205 type: string
3206 observedValuesFiles:
3207 description: |-
3208 ObservedValuesFiles are the observed value files of the last successful
3209 reconciliation.
3210 It matches the chart in the last successfully reconciled artifact.
3211 items:
3212 type: string
3213 type: array
3214 url:
3215 description: |-
3216 URL is the dynamic fetch link for the latest Artifact.
3217 It is provided on a "best effort" basis, and using the precise
3218 BucketStatus.Artifact data is recommended.
3219 type: string
3220 type: object
3221 type: object
3222 served: true
3223 storage: false
3224 subresources:
3225 status: {}
3226---
3227apiVersion: apiextensions.k8s.io/v1
3228kind: CustomResourceDefinition
3229metadata:
3230 annotations:
3231 controller-gen.kubebuilder.io/version: v0.16.1
3232 labels:
3233 app.kubernetes.io/component: source-controller
3234 app.kubernetes.io/part-of: flux
3235 name: helmrepositories.source.toolkit.fluxcd.io
3236spec:
3237 group: source.toolkit.fluxcd.io
3238 names:
3239 kind: HelmRepository
3240 listKind: HelmRepositoryList
3241 plural: helmrepositories
3242 shortNames:
3243 - helmrepo
3244 singular: helmrepository
3245 scope: Namespaced
3246 versions:
3247 - additionalPrinterColumns:
3248 - jsonPath: .spec.url
3249 name: URL
3250 type: string
3251 - jsonPath: .metadata.creationTimestamp
3252 name: Age
3253 type: date
3254 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3255 name: Ready
3256 type: string
3257 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3258 name: Status
3259 type: string
3260 name: v1
3261 schema:
3262 openAPIV3Schema:
3263 description: HelmRepository is the Schema for the helmrepositories API.
3264 properties:
3265 apiVersion:
3266 description: |-
3267 APIVersion defines the versioned schema of this representation of an object.
3268 Servers should convert recognized schemas to the latest internal value, and
3269 may reject unrecognized values.
3270 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3271 type: string
3272 kind:
3273 description: |-
3274 Kind is a string value representing the REST resource this object represents.
3275 Servers may infer this from the endpoint the client submits requests to.
3276 Cannot be updated.
3277 In CamelCase.
3278 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3279 type: string
3280 metadata:
3281 type: object
3282 spec:
3283 description: |-
3284 HelmRepositorySpec specifies the required configuration to produce an
3285 Artifact for a Helm repository index YAML.
3286 properties:
3287 accessFrom:
3288 description: |-
3289 AccessFrom specifies an Access Control List for allowing cross-namespace
3290 references to this object.
3291 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3292 properties:
3293 namespaceSelectors:
3294 description: |-
3295 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3296 Items in this list are evaluated using a logical OR operation.
3297 items:
3298 description: |-
3299 NamespaceSelector selects the namespaces to which this ACL applies.
3300 An empty map of MatchLabels matches all namespaces in a cluster.
3301 properties:
3302 matchLabels:
3303 additionalProperties:
3304 type: string
3305 description: |-
3306 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3307 map is equivalent to an element of matchExpressions, whose key field is "key", the
3308 operator is "In", and the values array contains only "value". The requirements are ANDed.
3309 type: object
3310 type: object
3311 type: array
3312 required:
3313 - namespaceSelectors
3314 type: object
3315 certSecretRef:
3316 description: |-
3317 CertSecretRef can be given the name of a Secret containing
3318 either or both of
3319
3320 - a PEM-encoded client certificate (`tls.crt`) and private
3321 key (`tls.key`);
3322 - a PEM-encoded CA certificate (`ca.crt`)
3323
3324 and whichever are supplied, will be used for connecting to the
3325 registry. The client cert and key are useful if you are
3326 authenticating with a certificate; the CA cert is useful if
3327 you are using a self-signed server certificate. The Secret must
3328 be of type `Opaque` or `kubernetes.io/tls`.
3329
3330 It takes precedence over the values specified in the Secret referred
3331 to by `.spec.secretRef`.
3332 properties:
3333 name:
3334 description: Name of the referent.
3335 type: string
3336 required:
3337 - name
3338 type: object
3339 insecure:
3340 description: |-
3341 Insecure allows connecting to a non-TLS HTTP container registry.
3342 This field is only taken into account if the .spec.type field is set to 'oci'.
3343 type: boolean
3344 interval:
3345 description: |-
3346 Interval at which the HelmRepository URL is checked for updates.
3347 This interval is approximate and may be subject to jitter to ensure
3348 efficient use of resources.
3349 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3350 type: string
3351 passCredentials:
3352 description: |-
3353 PassCredentials allows the credentials from the SecretRef to be passed
3354 on to a host that does not match the host as defined in URL.
3355 This may be required if the host of the advertised chart URLs in the
3356 index differ from the defined URL.
3357 Enabling this should be done with caution, as it can potentially result
3358 in credentials getting stolen in a MITM-attack.
3359 type: boolean
3360 provider:
3361 default: generic
3362 description: |-
3363 Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3364 This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3365 When not specified, defaults to 'generic'.
3366 enum:
3367 - generic
3368 - aws
3369 - azure
3370 - gcp
3371 type: string
3372 secretRef:
3373 description: |-
3374 SecretRef specifies the Secret containing authentication credentials
3375 for the HelmRepository.
3376 For HTTP/S basic auth the secret must contain 'username' and 'password'
3377 fields.
3378 Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3379 keys is deprecated. Please use `.spec.certSecretRef` instead.
3380 properties:
3381 name:
3382 description: Name of the referent.
3383 type: string
3384 required:
3385 - name
3386 type: object
3387 suspend:
3388 description: |-
3389 Suspend tells the controller to suspend the reconciliation of this
3390 HelmRepository.
3391 type: boolean
3392 timeout:
3393 description: |-
3394 Timeout is used for the index fetch operation for an HTTPS helm repository,
3395 and for remote OCI Repository operations like pulling for an OCI helm
3396 chart by the associated HelmChart.
3397 Its default value is 60s.
3398 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3399 type: string
3400 type:
3401 description: |-
3402 Type of the HelmRepository.
3403 When this field is set to "oci", the URL field value must be prefixed with "oci://".
3404 enum:
3405 - default
3406 - oci
3407 type: string
3408 url:
3409 description: |-
3410 URL of the Helm repository, a valid URL contains at least a protocol and
3411 host.
3412 pattern: ^(http|https|oci)://.*$
3413 type: string
3414 required:
3415 - url
3416 type: object
3417 status:
3418 default:
3419 observedGeneration: -1
3420 description: HelmRepositoryStatus records the observed state of the HelmRepository.
3421 properties:
3422 artifact:
3423 description: Artifact represents the last successful HelmRepository
3424 reconciliation.
3425 properties:
3426 digest:
3427 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3428 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3429 type: string
3430 lastUpdateTime:
3431 description: |-
3432 LastUpdateTime is the timestamp corresponding to the last update of the
3433 Artifact.
3434 format: date-time
3435 type: string
3436 metadata:
3437 additionalProperties:
3438 type: string
3439 description: Metadata holds upstream information such as OCI annotations.
3440 type: object
3441 path:
3442 description: |-
3443 Path is the relative file path of the Artifact. It can be used to locate
3444 the file in the root of the Artifact storage on the local file system of
3445 the controller managing the Source.
3446 type: string
3447 revision:
3448 description: |-
3449 Revision is a human-readable identifier traceable in the origin source
3450 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3451 type: string
3452 size:
3453 description: Size is the number of bytes in the file.
3454 format: int64
3455 type: integer
3456 url:
3457 description: |-
3458 URL is the HTTP address of the Artifact as exposed by the controller
3459 managing the Source. It can be used to retrieve the Artifact for
3460 consumption, e.g. by another controller applying the Artifact contents.
3461 type: string
3462 required:
3463 - lastUpdateTime
3464 - path
3465 - revision
3466 - url
3467 type: object
3468 conditions:
3469 description: Conditions holds the conditions for the HelmRepository.
3470 items:
3471 description: Condition contains details for one aspect of the current
3472 state of this API Resource.
3473 properties:
3474 lastTransitionTime:
3475 description: |-
3476 lastTransitionTime is the last time the condition transitioned from one status to another.
3477 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3478 format: date-time
3479 type: string
3480 message:
3481 description: |-
3482 message is a human readable message indicating details about the transition.
3483 This may be an empty string.
3484 maxLength: 32768
3485 type: string
3486 observedGeneration:
3487 description: |-
3488 observedGeneration represents the .metadata.generation that the condition was set based upon.
3489 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3490 with respect to the current state of the instance.
3491 format: int64
3492 minimum: 0
3493 type: integer
3494 reason:
3495 description: |-
3496 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3497 Producers of specific condition types may define expected values and meanings for this field,
3498 and whether the values are considered a guaranteed API.
3499 The value should be a CamelCase string.
3500 This field may not be empty.
3501 maxLength: 1024
3502 minLength: 1
3503 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3504 type: string
3505 status:
3506 description: status of the condition, one of True, False, Unknown.
3507 enum:
3508 - "True"
3509 - "False"
3510 - Unknown
3511 type: string
3512 type:
3513 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3514 maxLength: 316
3515 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3516 type: string
3517 required:
3518 - lastTransitionTime
3519 - message
3520 - reason
3521 - status
3522 - type
3523 type: object
3524 type: array
3525 lastHandledReconcileAt:
3526 description: |-
3527 LastHandledReconcileAt holds the value of the most recent
3528 reconcile request value, so a change of the annotation value
3529 can be detected.
3530 type: string
3531 observedGeneration:
3532 description: |-
3533 ObservedGeneration is the last observed generation of the HelmRepository
3534 object.
3535 format: int64
3536 type: integer
3537 url:
3538 description: |-
3539 URL is the dynamic fetch link for the latest Artifact.
3540 It is provided on a "best effort" basis, and using the precise
3541 HelmRepositoryStatus.Artifact data is recommended.
3542 type: string
3543 type: object
3544 type: object
3545 served: true
3546 storage: true
3547 subresources:
3548 status: {}
3549 - additionalPrinterColumns:
3550 - jsonPath: .spec.url
3551 name: URL
3552 type: string
3553 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3554 name: Ready
3555 type: string
3556 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3557 name: Status
3558 type: string
3559 - jsonPath: .metadata.creationTimestamp
3560 name: Age
3561 type: date
3562 deprecated: true
3563 deprecationWarning: v1beta1 HelmRepository is deprecated, upgrade to v1
3564 name: v1beta1
3565 schema:
3566 openAPIV3Schema:
3567 description: HelmRepository is the Schema for the helmrepositories API
3568 properties:
3569 apiVersion:
3570 description: |-
3571 APIVersion defines the versioned schema of this representation of an object.
3572 Servers should convert recognized schemas to the latest internal value, and
3573 may reject unrecognized values.
3574 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3575 type: string
3576 kind:
3577 description: |-
3578 Kind is a string value representing the REST resource this object represents.
3579 Servers may infer this from the endpoint the client submits requests to.
3580 Cannot be updated.
3581 In CamelCase.
3582 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3583 type: string
3584 metadata:
3585 type: object
3586 spec:
3587 description: HelmRepositorySpec defines the reference to a Helm repository.
3588 properties:
3589 accessFrom:
3590 description: AccessFrom defines an Access Control List for allowing
3591 cross-namespace references to this object.
3592 properties:
3593 namespaceSelectors:
3594 description: |-
3595 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3596 Items in this list are evaluated using a logical OR operation.
3597 items:
3598 description: |-
3599 NamespaceSelector selects the namespaces to which this ACL applies.
3600 An empty map of MatchLabels matches all namespaces in a cluster.
3601 properties:
3602 matchLabels:
3603 additionalProperties:
3604 type: string
3605 description: |-
3606 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3607 map is equivalent to an element of matchExpressions, whose key field is "key", the
3608 operator is "In", and the values array contains only "value". The requirements are ANDed.
3609 type: object
3610 type: object
3611 type: array
3612 required:
3613 - namespaceSelectors
3614 type: object
3615 interval:
3616 description: The interval at which to check the upstream for updates.
3617 type: string
3618 passCredentials:
3619 description: |-
3620 PassCredentials allows the credentials from the SecretRef to be passed on to
3621 a host that does not match the host as defined in URL.
3622 This may be required if the host of the advertised chart URLs in the index
3623 differ from the defined URL.
3624 Enabling this should be done with caution, as it can potentially result in
3625 credentials getting stolen in a MITM-attack.
3626 type: boolean
3627 secretRef:
3628 description: |-
3629 The name of the secret containing authentication credentials for the Helm
3630 repository.
3631 For HTTP/S basic auth the secret must contain username and
3632 password fields.
3633 For TLS the secret must contain a certFile and keyFile, and/or
3634 caFile fields.
3635 properties:
3636 name:
3637 description: Name of the referent.
3638 type: string
3639 required:
3640 - name
3641 type: object
3642 suspend:
3643 description: This flag tells the controller to suspend the reconciliation
3644 of this source.
3645 type: boolean
3646 timeout:
3647 default: 60s
3648 description: The timeout of index downloading, defaults to 60s.
3649 type: string
3650 url:
3651 description: The Helm repository URL, a valid URL contains at least
3652 a protocol and host.
3653 type: string
3654 required:
3655 - interval
3656 - url
3657 type: object
3658 status:
3659 default:
3660 observedGeneration: -1
3661 description: HelmRepositoryStatus defines the observed state of the HelmRepository.
3662 properties:
3663 artifact:
3664 description: Artifact represents the output of the last successful
3665 repository sync.
3666 properties:
3667 checksum:
3668 description: Checksum is the SHA256 checksum of the artifact.
3669 type: string
3670 lastUpdateTime:
3671 description: |-
3672 LastUpdateTime is the timestamp corresponding to the last update of this
3673 artifact.
3674 format: date-time
3675 type: string
3676 path:
3677 description: Path is the relative file path of this artifact.
3678 type: string
3679 revision:
3680 description: |-
3681 Revision is a human readable identifier traceable in the origin source
3682 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
3683 chart version, etc.
3684 type: string
3685 url:
3686 description: URL is the HTTP address of this artifact.
3687 type: string
3688 required:
3689 - lastUpdateTime
3690 - path
3691 - url
3692 type: object
3693 conditions:
3694 description: Conditions holds the conditions for the HelmRepository.
3695 items:
3696 description: Condition contains details for one aspect of the current
3697 state of this API Resource.
3698 properties:
3699 lastTransitionTime:
3700 description: |-
3701 lastTransitionTime is the last time the condition transitioned from one status to another.
3702 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3703 format: date-time
3704 type: string
3705 message:
3706 description: |-
3707 message is a human readable message indicating details about the transition.
3708 This may be an empty string.
3709 maxLength: 32768
3710 type: string
3711 observedGeneration:
3712 description: |-
3713 observedGeneration represents the .metadata.generation that the condition was set based upon.
3714 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3715 with respect to the current state of the instance.
3716 format: int64
3717 minimum: 0
3718 type: integer
3719 reason:
3720 description: |-
3721 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3722 Producers of specific condition types may define expected values and meanings for this field,
3723 and whether the values are considered a guaranteed API.
3724 The value should be a CamelCase string.
3725 This field may not be empty.
3726 maxLength: 1024
3727 minLength: 1
3728 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3729 type: string
3730 status:
3731 description: status of the condition, one of True, False, Unknown.
3732 enum:
3733 - "True"
3734 - "False"
3735 - Unknown
3736 type: string
3737 type:
3738 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3739 maxLength: 316
3740 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3741 type: string
3742 required:
3743 - lastTransitionTime
3744 - message
3745 - reason
3746 - status
3747 - type
3748 type: object
3749 type: array
3750 lastHandledReconcileAt:
3751 description: |-
3752 LastHandledReconcileAt holds the value of the most recent
3753 reconcile request value, so a change of the annotation value
3754 can be detected.
3755 type: string
3756 observedGeneration:
3757 description: ObservedGeneration is the last observed generation.
3758 format: int64
3759 type: integer
3760 url:
3761 description: URL is the download link for the last index fetched.
3762 type: string
3763 type: object
3764 type: object
3765 served: true
3766 storage: false
3767 subresources:
3768 status: {}
3769 - additionalPrinterColumns:
3770 - jsonPath: .spec.url
3771 name: URL
3772 type: string
3773 - jsonPath: .metadata.creationTimestamp
3774 name: Age
3775 type: date
3776 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3777 name: Ready
3778 type: string
3779 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3780 name: Status
3781 type: string
3782 deprecated: true
3783 deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1
3784 name: v1beta2
3785 schema:
3786 openAPIV3Schema:
3787 description: HelmRepository is the Schema for the helmrepositories API.
3788 properties:
3789 apiVersion:
3790 description: |-
3791 APIVersion defines the versioned schema of this representation of an object.
3792 Servers should convert recognized schemas to the latest internal value, and
3793 may reject unrecognized values.
3794 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3795 type: string
3796 kind:
3797 description: |-
3798 Kind is a string value representing the REST resource this object represents.
3799 Servers may infer this from the endpoint the client submits requests to.
3800 Cannot be updated.
3801 In CamelCase.
3802 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3803 type: string
3804 metadata:
3805 type: object
3806 spec:
3807 description: |-
3808 HelmRepositorySpec specifies the required configuration to produce an
3809 Artifact for a Helm repository index YAML.
3810 properties:
3811 accessFrom:
3812 description: |-
3813 AccessFrom specifies an Access Control List for allowing cross-namespace
3814 references to this object.
3815 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3816 properties:
3817 namespaceSelectors:
3818 description: |-
3819 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3820 Items in this list are evaluated using a logical OR operation.
3821 items:
3822 description: |-
3823 NamespaceSelector selects the namespaces to which this ACL applies.
3824 An empty map of MatchLabels matches all namespaces in a cluster.
3825 properties:
3826 matchLabels:
3827 additionalProperties:
3828 type: string
3829 description: |-
3830 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3831 map is equivalent to an element of matchExpressions, whose key field is "key", the
3832 operator is "In", and the values array contains only "value". The requirements are ANDed.
3833 type: object
3834 type: object
3835 type: array
3836 required:
3837 - namespaceSelectors
3838 type: object
3839 certSecretRef:
3840 description: |-
3841 CertSecretRef can be given the name of a Secret containing
3842 either or both of
3843
3844 - a PEM-encoded client certificate (`tls.crt`) and private
3845 key (`tls.key`);
3846 - a PEM-encoded CA certificate (`ca.crt`)
3847
3848 and whichever are supplied, will be used for connecting to the
3849 registry. The client cert and key are useful if you are
3850 authenticating with a certificate; the CA cert is useful if
3851 you are using a self-signed server certificate. The Secret must
3852 be of type `Opaque` or `kubernetes.io/tls`.
3853
3854 It takes precedence over the values specified in the Secret referred
3855 to by `.spec.secretRef`.
3856 properties:
3857 name:
3858 description: Name of the referent.
3859 type: string
3860 required:
3861 - name
3862 type: object
3863 insecure:
3864 description: |-
3865 Insecure allows connecting to a non-TLS HTTP container registry.
3866 This field is only taken into account if the .spec.type field is set to 'oci'.
3867 type: boolean
3868 interval:
3869 description: |-
3870 Interval at which the HelmRepository URL is checked for updates.
3871 This interval is approximate and may be subject to jitter to ensure
3872 efficient use of resources.
3873 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3874 type: string
3875 passCredentials:
3876 description: |-
3877 PassCredentials allows the credentials from the SecretRef to be passed
3878 on to a host that does not match the host as defined in URL.
3879 This may be required if the host of the advertised chart URLs in the
3880 index differ from the defined URL.
3881 Enabling this should be done with caution, as it can potentially result
3882 in credentials getting stolen in a MITM-attack.
3883 type: boolean
3884 provider:
3885 default: generic
3886 description: |-
3887 Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3888 This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3889 When not specified, defaults to 'generic'.
3890 enum:
3891 - generic
3892 - aws
3893 - azure
3894 - gcp
3895 type: string
3896 secretRef:
3897 description: |-
3898 SecretRef specifies the Secret containing authentication credentials
3899 for the HelmRepository.
3900 For HTTP/S basic auth the secret must contain 'username' and 'password'
3901 fields.
3902 Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3903 keys is deprecated. Please use `.spec.certSecretRef` instead.
3904 properties:
3905 name:
3906 description: Name of the referent.
3907 type: string
3908 required:
3909 - name
3910 type: object
3911 suspend:
3912 description: |-
3913 Suspend tells the controller to suspend the reconciliation of this
3914 HelmRepository.
3915 type: boolean
3916 timeout:
3917 description: |-
3918 Timeout is used for the index fetch operation for an HTTPS helm repository,
3919 and for remote OCI Repository operations like pulling for an OCI helm
3920 chart by the associated HelmChart.
3921 Its default value is 60s.
3922 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3923 type: string
3924 type:
3925 description: |-
3926 Type of the HelmRepository.
3927 When this field is set to "oci", the URL field value must be prefixed with "oci://".
3928 enum:
3929 - default
3930 - oci
3931 type: string
3932 url:
3933 description: |-
3934 URL of the Helm repository, a valid URL contains at least a protocol and
3935 host.
3936 pattern: ^(http|https|oci)://.*$
3937 type: string
3938 required:
3939 - url
3940 type: object
3941 status:
3942 default:
3943 observedGeneration: -1
3944 description: HelmRepositoryStatus records the observed state of the HelmRepository.
3945 properties:
3946 artifact:
3947 description: Artifact represents the last successful HelmRepository
3948 reconciliation.
3949 properties:
3950 digest:
3951 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3952 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3953 type: string
3954 lastUpdateTime:
3955 description: |-
3956 LastUpdateTime is the timestamp corresponding to the last update of the
3957 Artifact.
3958 format: date-time
3959 type: string
3960 metadata:
3961 additionalProperties:
3962 type: string
3963 description: Metadata holds upstream information such as OCI annotations.
3964 type: object
3965 path:
3966 description: |-
3967 Path is the relative file path of the Artifact. It can be used to locate
3968 the file in the root of the Artifact storage on the local file system of
3969 the controller managing the Source.
3970 type: string
3971 revision:
3972 description: |-
3973 Revision is a human-readable identifier traceable in the origin source
3974 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3975 type: string
3976 size:
3977 description: Size is the number of bytes in the file.
3978 format: int64
3979 type: integer
3980 url:
3981 description: |-
3982 URL is the HTTP address of the Artifact as exposed by the controller
3983 managing the Source. It can be used to retrieve the Artifact for
3984 consumption, e.g. by another controller applying the Artifact contents.
3985 type: string
3986 required:
3987 - lastUpdateTime
3988 - path
3989 - revision
3990 - url
3991 type: object
3992 conditions:
3993 description: Conditions holds the conditions for the HelmRepository.
3994 items:
3995 description: Condition contains details for one aspect of the current
3996 state of this API Resource.
3997 properties:
3998 lastTransitionTime:
3999 description: |-
4000 lastTransitionTime is the last time the condition transitioned from one status to another.
4001 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4002 format: date-time
4003 type: string
4004 message:
4005 description: |-
4006 message is a human readable message indicating details about the transition.
4007 This may be an empty string.
4008 maxLength: 32768
4009 type: string
4010 observedGeneration:
4011 description: |-
4012 observedGeneration represents the .metadata.generation that the condition was set based upon.
4013 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4014 with respect to the current state of the instance.
4015 format: int64
4016 minimum: 0
4017 type: integer
4018 reason:
4019 description: |-
4020 reason contains a programmatic identifier indicating the reason for the condition's last transition.
4021 Producers of specific condition types may define expected values and meanings for this field,
4022 and whether the values are considered a guaranteed API.
4023 The value should be a CamelCase string.
4024 This field may not be empty.
4025 maxLength: 1024
4026 minLength: 1
4027 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4028 type: string
4029 status:
4030 description: status of the condition, one of True, False, Unknown.
4031 enum:
4032 - "True"
4033 - "False"
4034 - Unknown
4035 type: string
4036 type:
4037 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4038 maxLength: 316
4039 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4040 type: string
4041 required:
4042 - lastTransitionTime
4043 - message
4044 - reason
4045 - status
4046 - type
4047 type: object
4048 type: array
4049 lastHandledReconcileAt:
4050 description: |-
4051 LastHandledReconcileAt holds the value of the most recent
4052 reconcile request value, so a change of the annotation value
4053 can be detected.
4054 type: string
4055 observedGeneration:
4056 description: |-
4057 ObservedGeneration is the last observed generation of the HelmRepository
4058 object.
4059 format: int64
4060 type: integer
4061 url:
4062 description: |-
4063 URL is the dynamic fetch link for the latest Artifact.
4064 It is provided on a "best effort" basis, and using the precise
4065 HelmRepositoryStatus.Artifact data is recommended.
4066 type: string
4067 type: object
4068 type: object
4069 served: true
4070 storage: false
4071 subresources:
4072 status: {}
4073---
4074apiVersion: apiextensions.k8s.io/v1
4075kind: CustomResourceDefinition
4076metadata:
4077 annotations:
4078 controller-gen.kubebuilder.io/version: v0.16.1
4079 labels:
4080 app.kubernetes.io/component: source-controller
4081 app.kubernetes.io/part-of: flux
4082 name: ocirepositories.source.toolkit.fluxcd.io
4083spec:
4084 group: source.toolkit.fluxcd.io
4085 names:
4086 kind: OCIRepository
4087 listKind: OCIRepositoryList
4088 plural: ocirepositories
4089 shortNames:
4090 - ocirepo
4091 singular: ocirepository
4092 scope: Namespaced
4093 versions:
4094 - additionalPrinterColumns:
4095 - jsonPath: .spec.url
4096 name: URL
4097 type: string
4098 - jsonPath: .status.conditions[?(@.type=="Ready")].status
4099 name: Ready
4100 type: string
4101 - jsonPath: .status.conditions[?(@.type=="Ready")].message
4102 name: Status
4103 type: string
4104 - jsonPath: .metadata.creationTimestamp
4105 name: Age
4106 type: date
4107 name: v1beta2
4108 schema:
4109 openAPIV3Schema:
4110 description: OCIRepository is the Schema for the ocirepositories API
4111 properties:
4112 apiVersion:
4113 description: |-
4114 APIVersion defines the versioned schema of this representation of an object.
4115 Servers should convert recognized schemas to the latest internal value, and
4116 may reject unrecognized values.
4117 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4118 type: string
4119 kind:
4120 description: |-
4121 Kind is a string value representing the REST resource this object represents.
4122 Servers may infer this from the endpoint the client submits requests to.
4123 Cannot be updated.
4124 In CamelCase.
4125 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4126 type: string
4127 metadata:
4128 type: object
4129 spec:
4130 description: OCIRepositorySpec defines the desired state of OCIRepository
4131 properties:
4132 certSecretRef:
4133 description: |-
4134 CertSecretRef can be given the name of a Secret containing
4135 either or both of
4136
4137 - a PEM-encoded client certificate (`tls.crt`) and private
4138 key (`tls.key`);
4139 - a PEM-encoded CA certificate (`ca.crt`)
4140
4141 and whichever are supplied, will be used for connecting to the
4142 registry. The client cert and key are useful if you are
4143 authenticating with a certificate; the CA cert is useful if
4144 you are using a self-signed server certificate. The Secret must
4145 be of type `Opaque` or `kubernetes.io/tls`.
4146
4147 Note: Support for the `caFile`, `certFile` and `keyFile` keys have
4148 been deprecated.
4149 properties:
4150 name:
4151 description: Name of the referent.
4152 type: string
4153 required:
4154 - name
4155 type: object
4156 ignore:
4157 description: |-
4158 Ignore overrides the set of excluded patterns in the .sourceignore format
4159 (which is the same as .gitignore). If not provided, a default will be used,
4160 consult the documentation for your version to find out what those are.
4161 type: string
4162 insecure:
4163 description: Insecure allows connecting to a non-TLS HTTP container
4164 registry.
4165 type: boolean
4166 interval:
4167 description: |-
4168 Interval at which the OCIRepository URL is checked for updates.
4169 This interval is approximate and may be subject to jitter to ensure
4170 efficient use of resources.
4171 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
4172 type: string
4173 layerSelector:
4174 description: |-
4175 LayerSelector specifies which layer should be extracted from the OCI artifact.
4176 When not specified, the first layer found in the artifact is selected.
4177 properties:
4178 mediaType:
4179 description: |-
4180 MediaType specifies the OCI media type of the layer
4181 which should be extracted from the OCI Artifact. The
4182 first layer matching this type is selected.
4183 type: string
4184 operation:
4185 description: |-
4186 Operation specifies how the selected layer should be processed.
4187 By default, the layer compressed content is extracted to storage.
4188 When the operation is set to 'copy', the layer compressed content
4189 is persisted to storage as it is.
4190 enum:
4191 - extract
4192 - copy
4193 type: string
4194 type: object
4195 provider:
4196 default: generic
4197 description: |-
4198 The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
4199 When not specified, defaults to 'generic'.
4200 enum:
4201 - generic
4202 - aws
4203 - azure
4204 - gcp
4205 type: string
4206 proxySecretRef:
4207 description: |-
4208 ProxySecretRef specifies the Secret containing the proxy configuration
4209 to use while communicating with the container registry.
4210 properties:
4211 name:
4212 description: Name of the referent.
4213 type: string
4214 required:
4215 - name
4216 type: object
4217 ref:
4218 description: |-
4219 The OCI reference to pull and monitor for changes,
4220 defaults to the latest tag.
4221 properties:
4222 digest:
4223 description: |-
4224 Digest is the image digest to pull, takes precedence over SemVer.
4225 The value should be in the format 'sha256:<HASH>'.
4226 type: string
4227 semver:
4228 description: |-
4229 SemVer is the range of tags to pull selecting the latest within
4230 the range, takes precedence over Tag.
4231 type: string
4232 semverFilter:
4233 description: SemverFilter is a regex pattern to filter the tags
4234 within the SemVer range.
4235 type: string
4236 tag:
4237 description: Tag is the image tag to pull, defaults to latest.
4238 type: string
4239 type: object
4240 secretRef:
4241 description: |-
4242 SecretRef contains the secret name containing the registry login
4243 credentials to resolve image metadata.
4244 The secret must be of type kubernetes.io/dockerconfigjson.
4245 properties:
4246 name:
4247 description: Name of the referent.
4248 type: string
4249 required:
4250 - name
4251 type: object
4252 serviceAccountName:
4253 description: |-
4254 ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
4255 the image pull if the service account has attached pull secrets. For more information:
4256 https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
4257 type: string
4258 suspend:
4259 description: This flag tells the controller to suspend the reconciliation
4260 of this source.
4261 type: boolean
4262 timeout:
4263 default: 60s
4264 description: The timeout for remote OCI Repository operations like
4265 pulling, defaults to 60s.
4266 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
4267 type: string
4268 url:
4269 description: |-
4270 URL is a reference to an OCI artifact repository hosted
4271 on a remote container registry.
4272 pattern: ^oci://.*$
4273 type: string
4274 verify:
4275 description: |-
4276 Verify contains the secret name containing the trusted public keys
4277 used to verify the signature and specifies which provider to use to check
4278 whether OCI image is authentic.
4279 properties:
4280 matchOIDCIdentity:
4281 description: |-
4282 MatchOIDCIdentity specifies the identity matching criteria to use
4283 while verifying an OCI artifact which was signed using Cosign keyless
4284 signing. The artifact's identity is deemed to be verified if any of the
4285 specified matchers match against the identity.
4286 items:
4287 description: |-
4288 OIDCIdentityMatch specifies options for verifying the certificate identity,
4289 i.e. the issuer and the subject of the certificate.
4290 properties:
4291 issuer:
4292 description: |-
4293 Issuer specifies the regex pattern to match against to verify
4294 the OIDC issuer in the Fulcio certificate. The pattern must be a
4295 valid Go regular expression.
4296 type: string
4297 subject:
4298 description: |-
4299 Subject specifies the regex pattern to match against to verify
4300 the identity subject in the Fulcio certificate. The pattern must
4301 be a valid Go regular expression.
4302 type: string
4303 required:
4304 - issuer
4305 - subject
4306 type: object
4307 type: array
4308 provider:
4309 default: cosign
4310 description: Provider specifies the technology used to sign the
4311 OCI Artifact.
4312 enum:
4313 - cosign
4314 - notation
4315 type: string
4316 secretRef:
4317 description: |-
4318 SecretRef specifies the Kubernetes Secret containing the
4319 trusted public keys.
4320 properties:
4321 name:
4322 description: Name of the referent.
4323 type: string
4324 required:
4325 - name
4326 type: object
4327 required:
4328 - provider
4329 type: object
4330 required:
4331 - interval
4332 - url
4333 type: object
4334 status:
4335 default:
4336 observedGeneration: -1
4337 description: OCIRepositoryStatus defines the observed state of OCIRepository
4338 properties:
4339 artifact:
4340 description: Artifact represents the output of the last successful
4341 OCI Repository sync.
4342 properties:
4343 digest:
4344 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
4345 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
4346 type: string
4347 lastUpdateTime:
4348 description: |-
4349 LastUpdateTime is the timestamp corresponding to the last update of the
4350 Artifact.
4351 format: date-time
4352 type: string
4353 metadata:
4354 additionalProperties:
4355 type: string
4356 description: Metadata holds upstream information such as OCI annotations.
4357 type: object
4358 path:
4359 description: |-
4360 Path is the relative file path of the Artifact. It can be used to locate
4361 the file in the root of the Artifact storage on the local file system of
4362 the controller managing the Source.
4363 type: string
4364 revision:
4365 description: |-
4366 Revision is a human-readable identifier traceable in the origin source
4367 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
4368 type: string
4369 size:
4370 description: Size is the number of bytes in the file.
4371 format: int64
4372 type: integer
4373 url:
4374 description: |-
4375 URL is the HTTP address of the Artifact as exposed by the controller
4376 managing the Source. It can be used to retrieve the Artifact for
4377 consumption, e.g. by another controller applying the Artifact contents.
4378 type: string
4379 required:
4380 - lastUpdateTime
4381 - path
4382 - revision
4383 - url
4384 type: object
4385 conditions:
4386 description: Conditions holds the conditions for the OCIRepository.
4387 items:
4388 description: Condition contains details for one aspect of the current
4389 state of this API Resource.
4390 properties:
4391 lastTransitionTime:
4392 description: |-
4393 lastTransitionTime is the last time the condition transitioned from one status to another.
4394 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4395 format: date-time
4396 type: string
4397 message:
4398 description: |-
4399 message is a human readable message indicating details about the transition.
4400 This may be an empty string.
4401 maxLength: 32768
4402 type: string
4403 observedGeneration:
4404 description: |-
4405 observedGeneration represents the .metadata.generation that the condition was set based upon.
4406 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4407 with respect to the current state of the instance.
4408 format: int64
4409 minimum: 0
4410 type: integer
4411 reason:
4412 description: |-
4413 reason contains a programmatic identifier indicating the reason for the condition's last transition.
4414 Producers of specific condition types may define expected values and meanings for this field,
4415 and whether the values are considered a guaranteed API.
4416 The value should be a CamelCase string.
4417 This field may not be empty.
4418 maxLength: 1024
4419 minLength: 1
4420 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4421 type: string
4422 status:
4423 description: status of the condition, one of True, False, Unknown.
4424 enum:
4425 - "True"
4426 - "False"
4427 - Unknown
4428 type: string
4429 type:
4430 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4431 maxLength: 316
4432 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4433 type: string
4434 required:
4435 - lastTransitionTime
4436 - message
4437 - reason
4438 - status
4439 - type
4440 type: object
4441 type: array
4442 contentConfigChecksum:
4443 description: |-
4444 ContentConfigChecksum is a checksum of all the configurations related to
4445 the content of the source artifact:
4446 - .spec.ignore
4447 - .spec.layerSelector
4448 observed in .status.observedGeneration version of the object. This can
4449 be used to determine if the content configuration has changed and the
4450 artifact needs to be rebuilt.
4451 It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
4452
4453 Deprecated: Replaced with explicit fields for observed artifact content
4454 config in the status.
4455 type: string
4456 lastHandledReconcileAt:
4457 description: |-
4458 LastHandledReconcileAt holds the value of the most recent
4459 reconcile request value, so a change of the annotation value
4460 can be detected.
4461 type: string
4462 observedGeneration:
4463 description: ObservedGeneration is the last observed generation.
4464 format: int64
4465 type: integer
4466 observedIgnore:
4467 description: |-
4468 ObservedIgnore is the observed exclusion patterns used for constructing
4469 the source artifact.
4470 type: string
4471 observedLayerSelector:
4472 description: |-
4473 ObservedLayerSelector is the observed layer selector used for constructing
4474 the source artifact.
4475 properties:
4476 mediaType:
4477 description: |-
4478 MediaType specifies the OCI media type of the layer
4479 which should be extracted from the OCI Artifact. The
4480 first layer matching this type is selected.
4481 type: string
4482 operation:
4483 description: |-
4484 Operation specifies how the selected layer should be processed.
4485 By default, the layer compressed content is extracted to storage.
4486 When the operation is set to 'copy', the layer compressed content
4487 is persisted to storage as it is.
4488 enum:
4489 - extract
4490 - copy
4491 type: string
4492 type: object
4493 url:
4494 description: URL is the download link for the artifact output of the
4495 last OCI Repository sync.
4496 type: string
4497 type: object
4498 type: object
4499 served: true
4500 storage: true
4501 subresources:
4502 status: {}
4503---
4504apiVersion: v1
4505kind: ServiceAccount
4506metadata:
4507 labels:
4508 app.kubernetes.io/component: source-controller
4509 app.kubernetes.io/part-of: flux
4510 name: source-controller
4511---
4512apiVersion: v1
4513kind: Service
4514metadata:
4515 labels:
4516 app.kubernetes.io/component: source-controller
4517 app.kubernetes.io/part-of: flux
4518 control-plane: controller
4519 name: source-controller
4520spec:
4521 ports:
4522 - name: http
4523 port: 80
4524 protocol: TCP
4525 targetPort: http
4526 selector:
4527 app: source-controller
4528 type: ClusterIP
4529---
4530apiVersion: apps/v1
4531kind: Deployment
4532metadata:
4533 labels:
4534 app.kubernetes.io/component: source-controller
4535 app.kubernetes.io/part-of: flux
4536 control-plane: controller
4537 name: source-controller
4538spec:
4539 replicas: 1
4540 selector:
4541 matchLabels:
4542 app: source-controller
4543 strategy:
4544 type: Recreate
4545 template:
4546 metadata:
4547 annotations:
4548 prometheus.io/port: "8080"
4549 prometheus.io/scrape: "true"
4550 labels:
4551 app: source-controller
4552 spec:
4553 containers:
4554 - args:
4555 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
4556 - --watch-all-namespaces
4557 - --log-level=info
4558 - --log-encoding=json
4559 - --enable-leader-election
4560 - --storage-path=/data
4561 - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
4562 env:
4563 - name: RUNTIME_NAMESPACE
4564 valueFrom:
4565 fieldRef:
4566 fieldPath: metadata.namespace
4567 - name: TUF_ROOT
4568 value: /tmp/.sigstore
4569 - name: GOMAXPROCS
4570 valueFrom:
4571 resourceFieldRef:
4572 containerName: manager
4573 resource: limits.cpu
4574 - name: GOMEMLIMIT
4575 valueFrom:
4576 resourceFieldRef:
4577 containerName: manager
4578 resource: limits.memory
4579 image: fluxcd/source-controller:v1.4.1
4580 imagePullPolicy: IfNotPresent
4581 livenessProbe:
4582 httpGet:
4583 path: /healthz
4584 port: healthz
4585 name: manager
4586 ports:
4587 - containerPort: 9090
4588 name: http
4589 protocol: TCP
4590 - containerPort: 8080
4591 name: http-prom
4592 protocol: TCP
4593 - containerPort: 9440
4594 name: healthz
4595 protocol: TCP
4596 readinessProbe:
4597 httpGet:
4598 path: /
4599 port: http
4600 resources:
4601 limits:
4602 cpu: 1000m
4603 memory: 1Gi
4604 requests:
4605 cpu: 50m
4606 memory: 64Mi
4607 securityContext:
4608 allowPrivilegeEscalation: false
4609 capabilities:
4610 drop:
4611 - ALL
4612 readOnlyRootFilesystem: true
4613 runAsNonRoot: true
4614 seccompProfile:
4615 type: RuntimeDefault
4616 volumeMounts:
4617 - mountPath: /data
4618 name: data
4619 - mountPath: /tmp
4620 name: tmp
4621 priorityClassName: system-cluster-critical
4622 securityContext:
4623 fsGroup: 1337
4624 serviceAccountName: source-controller
4625 terminationGracePeriodSeconds: 10
4626 volumes:
4627 - emptyDir: {}
4628 name: data
4629 - emptyDir: {}
4630 name: tmp
View as plain text