This is page 124 of 126. Use http://codebase.md/controlplaneio-fluxcd/flux-operator?lines=true&page={x} to view the full context.
# Directory Structure
```
├── .github
│ ├── actions
│ │ └── runner-cleanup
│ │ └── action.yml
│ ├── copilot-instructions.md
│ ├── dependabot.yaml
│ └── workflows
│ ├── actions-test.yaml
│ ├── e2e-olm.yaml
│ ├── preview.yaml
│ ├── push-manifests.yaml
│ ├── release.yaml
│ └── test.yaml
├── .gitignore
├── .golangci.yml
├── .goreleaser.yml
├── actions
│ └── setup
│ ├── action.yaml
│ └── README.md
├── AGENTS.md
├── api
│ └── v1
│ ├── common_types_test.go
│ ├── common_types.go
│ ├── fluxinstance_types.go
│ ├── fluxreport_types.go
│ ├── groupversion_info.go
│ ├── history_types_test.go
│ ├── history_types.go
│ ├── resourceset_types.go
│ ├── resourcesetinputprovider_types.go
│ ├── schedule_types.go
│ └── zz_generated.deepcopy.go
├── cmd
│ ├── cli
│ │ ├── build_instance.go
│ │ ├── build_resourceset_test.go
│ │ ├── build_resourceset.go
│ │ ├── build.go
│ │ ├── client.go
│ │ ├── completion_bash.go
│ │ ├── completion_fish.go
│ │ ├── completion_powershell.go
│ │ ├── completion_zsh.go
│ │ ├── completion.go
│ │ ├── create_secret_basicauth_test.go
│ │ ├── create_secret_basicauth.go
│ │ ├── create_secret_githubapp.go
│ │ ├── create_secret_proxy_test.go
│ │ ├── create_secret_proxy.go
│ │ ├── create_secret_registry_test.go
│ │ ├── create_secret_registry.go
│ │ ├── create_secret_sops_test.go
│ │ ├── create_secret_sops.go
│ │ ├── create_secret_ssh.go
│ │ ├── create_secret_tls.go
│ │ ├── create_secret.go
│ │ ├── create.go
│ │ ├── debug_web_cookie.go
│ │ ├── debug_web.go
│ │ ├── debug.go
│ │ ├── delete_inputprovider_test.go
│ │ ├── delete_inputprovider.go
│ │ ├── delete_instance_test.go
│ │ ├── delete_instance.go
│ │ ├── delete_resourceset_test.go
│ │ ├── delete_resourceset.go
│ │ ├── delete.go
│ │ ├── distro_decrypt_manifests_test.go
│ │ ├── distro_decrypt_manifests.go
│ │ ├── distro_decrypt_token_test.go
│ │ ├── distro_decrypt_token.go
│ │ ├── distro_decrypt.go
│ │ ├── distro_encrypt_manifests_test.go
│ │ ├── distro_encrypt_manifests.go
│ │ ├── distro_encrypt_token_test.go
│ │ ├── distro_encrypt_token.go
│ │ ├── distro_encrypt.go
│ │ ├── distro_keygen_enc_test.go
│ │ ├── distro_keygen_enc.go
│ │ ├── distro_keygen_sig_test.go
│ │ ├── distro_keygen_sig.go
│ │ ├── distro_keygen.go
│ │ ├── distro_revoke_license_key_test.go
│ │ ├── distro_revoke_license_key.go
│ │ ├── distro_revoke.go
│ │ ├── distro_sign_artifacts_test.go
│ │ ├── distro_sign_artifacts.go
│ │ ├── distro_sign_license_key_test.go
│ │ ├── distro_sign_license_key.go
│ │ ├── distro_sign_manifests_test.go
│ │ ├── distro_sign_manifests.go
│ │ ├── distro_sign.go
│ │ ├── distro_verify_artifacts_test.go
│ │ ├── distro_verify_artifacts.go
│ │ ├── distro_verify_license_key_test.go
│ │ ├── distro_verify_license_key.go
│ │ ├── distro_verify_manifests_test.go
│ │ ├── distro_verify_manifests.go
│ │ ├── distro_verify.go
│ │ ├── distro.go
│ │ ├── Dockerfile
│ │ ├── export_report_test.go
│ │ ├── export_report.go
│ │ ├── export_resource_test.go
│ │ ├── export_resource.go
│ │ ├── export.go
│ │ ├── get_inputprovider_test.go
│ │ ├── get_inputprovider.go
│ │ ├── get_instance.go
│ │ ├── get_resources.go
│ │ ├── get_resourceset_test.go
│ │ ├── get_resourceset.go
│ │ ├── get.go
│ │ ├── install.go
│ │ ├── main.go
│ │ ├── README.md
│ │ ├── reconcile_inputprovider.go
│ │ ├── reconcile_instance.go
│ │ ├── reconcile_resource.go
│ │ ├── reconcile_resources.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile.go
│ │ ├── resume_inputprovider.go
│ │ ├── resume_instance.go
│ │ ├── resume_resource.go
│ │ ├── resume_resourceset.go
│ │ ├── resume.go
│ │ ├── stats.go
│ │ ├── suite_test.go
│ │ ├── suspend_inputprovider.go
│ │ ├── suspend_instance.go
│ │ ├── suspend_resource.go
│ │ ├── suspend_resourceset.go
│ │ ├── suspend.go
│ │ ├── testdata
│ │ │ └── build_resourceset
│ │ │ ├── golden-labeled.yaml
│ │ │ ├── golden-named.yaml
│ │ │ ├── golden-permuted.yaml
│ │ │ ├── golden.yaml
│ │ │ ├── inputs.yaml
│ │ │ ├── rset-standalone.yaml
│ │ │ ├── rset-with-rsip-labeled.yaml
│ │ │ ├── rset-with-rsip-named.yaml
│ │ │ ├── rset-with-rsip-permuted.yaml
│ │ │ ├── rset-with-rsip.yaml
│ │ │ ├── rsip-labeled.yaml
│ │ │ ├── rsip-named.yaml
│ │ │ └── rsip.yaml
│ │ ├── trace_test.go
│ │ ├── trace_types.go
│ │ ├── trace.go
│ │ ├── tree_helmrelease.go
│ │ ├── tree_kustomization.go
│ │ ├── tree_resourceset_test.go
│ │ ├── tree_resourceset.go
│ │ ├── tree.go
│ │ ├── uninstall.go
│ │ ├── version_test.go
│ │ ├── version.go
│ │ ├── wait_inputprovider_test.go
│ │ ├── wait_inputprovider.go
│ │ ├── wait_instance_test.go
│ │ ├── wait_instance.go
│ │ ├── wait_resourceset_test.go
│ │ ├── wait_resourceset.go
│ │ └── wait.go
│ ├── mcp
│ │ ├── Dockerfile
│ │ ├── k8s
│ │ │ ├── actions_test.go
│ │ │ ├── actions.go
│ │ │ ├── client_test.go
│ │ │ ├── client.go
│ │ │ ├── config.go
│ │ │ ├── events_test.go
│ │ │ ├── events.go
│ │ │ ├── export_test.go
│ │ │ ├── export.go
│ │ │ ├── helm.go
│ │ │ ├── logs.go
│ │ │ ├── metrics.go
│ │ │ └── suite_test.go
│ │ ├── main.go
│ │ ├── prompter
│ │ │ ├── debug_helmrelease_test.go
│ │ │ ├── debug_helmrelease.go
│ │ │ ├── debug_kustomization_test.go
│ │ │ ├── debug_kustomization.go
│ │ │ ├── index.go
│ │ │ └── manager.go
│ │ ├── README.md
│ │ └── toolbox
│ │ ├── apply_manifest_test.go
│ │ ├── apply_manifest.go
│ │ ├── delete_resource_test.go
│ │ ├── delete_resource.go
│ │ ├── get_apis_test.go
│ │ ├── get_apis.go
│ │ ├── get_contexts_test.go
│ │ ├── get_contexts.go
│ │ ├── get_instance_test.go
│ │ ├── get_instance.go
│ │ ├── get_logs_test.go
│ │ ├── get_logs.go
│ │ ├── get_metrics_test.go
│ │ ├── get_metrics.go
│ │ ├── get_resource_test.go
│ │ ├── get_resource.go
│ │ ├── helpers.go
│ │ ├── indexer
│ │ │ └── main.go
│ │ ├── install_instance_test.go
│ │ ├── install_instance.go
│ │ ├── library
│ │ │ ├── bm25_test.go
│ │ │ ├── bm25.go
│ │ │ ├── index.go
│ │ │ ├── index.gob
│ │ │ ├── library.go
│ │ │ ├── search_test.go
│ │ │ ├── search.go
│ │ │ ├── tokenizer_test.go
│ │ │ └── tokenizer.go
│ │ ├── manager_test.go
│ │ ├── manager.go
│ │ ├── reconcile_helmrelease_test.go
│ │ ├── reconcile_helmrelease.go
│ │ ├── reconcile_kustomization_test.go
│ │ ├── reconcile_kustomization.go
│ │ ├── reconcile_resourceset_test.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile_source_test.go
│ │ ├── reconcile_source.go
│ │ ├── resume_reconciliation_test.go
│ │ ├── resume_reconciliation.go
│ │ ├── scopes_test.go
│ │ ├── scopes.go
│ │ ├── search_flux_docs_test.go
│ │ ├── search_flux_docs.go
│ │ ├── set_context_test.go
│ │ ├── set_context.go
│ │ ├── suspend_reconciliation_test.go
│ │ ├── suspend_reconciliation.go
│ │ └── testdata
│ │ ├── kubeconfig_golden.yaml
│ │ └── kubeconfig.yaml
│ └── operator
│ └── main.go
├── config
│ ├── crd
│ │ ├── bases
│ │ │ ├── fluxcd.controlplane.io_fluxinstances.yaml
│ │ │ ├── fluxcd.controlplane.io_fluxreports.yaml
│ │ │ ├── fluxcd.controlplane.io_resourcesetinputproviders.yaml
│ │ │ └── fluxcd.controlplane.io_resourcesets.yaml
│ │ ├── kustomization.yaml
│ │ └── kustomizeconfig.yaml
│ ├── data
│ │ ├── flux
│ │ │ ├── v2.2.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.5
│ │ │ ├── helm-controller.yaml
│ │ │ ├── image-automation-controller.yaml
│ │ │ ├── image-reflector-controller.yaml
│ │ │ ├── kustomize-controller.yaml
│ │ │ ├── notification-controller.yaml
│ │ │ ├── policies.yaml
│ │ │ ├── rbac.yaml
│ │ │ ├── source-controller.yaml
│ │ │ └── source-watcher.yaml
│ │ ├── flux-images
│ │ │ ├── v2.2.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.5
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ └── VERSION
│ │ └── flux-vex
│ │ ├── v2.2.json
│ │ ├── v2.3.json
│ │ ├── v2.4.json
│ │ ├── v2.5.json
│ │ ├── v2.6.json
│ │ └── v2.7.json
│ ├── default
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── rbac.yaml
│ ├── manager
│ │ ├── account.yaml
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── mcp
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── monitoring
│ │ ├── dashboards
│ │ │ ├── flux-k8s-api-performance.json
│ │ │ └── flux-performance.json
│ │ ├── flux-controllers.yaml
│ │ ├── flux-operator.yaml
│ │ └── kustomization.yaml
│ ├── olm
│ │ ├── build
│ │ │ └── Dockerfile
│ │ ├── bundle
│ │ │ ├── manifests
│ │ │ │ ├── flux-operator.clusterserviceversion.yaml
│ │ │ │ ├── flux-operator.service.yaml
│ │ │ │ ├── fluxinstances.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── fluxreports.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── resourcesetinputproviders.fluxcd.controlplane.io.crd.yaml
│ │ │ │ └── resourcesets.fluxcd.controlplane.io.crd.yaml
│ │ │ ├── metadata
│ │ │ │ └── annotations.yaml
│ │ │ └── tests
│ │ │ └── scorecard
│ │ │ └── config.yaml
│ │ ├── ci.yaml
│ │ └── test
│ │ ├── bundle.Dockerfile
│ │ ├── olm.yaml
│ │ └── opm.Dockerfile
│ ├── rbac
│ │ ├── fluxinstance_editor_role.yaml
│ │ ├── fluxinstance_viewer_role.yaml
│ │ ├── fluxreport_editor_role.yaml
│ │ ├── fluxreport_viewer_role.yaml
│ │ ├── kustomization.yaml
│ │ ├── leader_election_role_binding.yaml
│ │ ├── leader_election_role.yaml
│ │ ├── resourceset_editor_role.yaml
│ │ ├── resourceset_viewer_role.yaml
│ │ ├── role_binding.yaml
│ │ ├── role.yaml
│ │ └── service_account.yaml
│ ├── samples
│ │ ├── fluxcd_v1_fluxinstance.yaml
│ │ ├── fluxcd_v1_fluxreport.yaml
│ │ ├── fluxcd_v1_resourceset.yaml
│ │ ├── fluxcd_v1_resourcesetinputprovider.yaml
│ │ └── kustomization.yaml
│ └── terraform
│ ├── main.tf
│ ├── outputs.tf
│ ├── providers.tf
│ ├── README.md
│ ├── values
│ │ └── components.yaml
│ ├── variables.tf
│ └── versions.tf
├── CONTRIBUTING.md
├── Dockerfile
├── docs
│ ├── api
│ │ └── v1
│ │ ├── fluxinstance.md
│ │ ├── fluxreport.md
│ │ ├── resourceset.md
│ │ └── resourcesetinputprovider.md
│ ├── dev
│ │ └── README.md
│ ├── guides
│ │ ├── instance
│ │ │ ├── instance-controllers.md
│ │ │ ├── instance-customization.md
│ │ │ ├── instance-monitoring.md
│ │ │ ├── instance-sharding.md
│ │ │ └── instance-sync.md
│ │ ├── operator
│ │ │ ├── operator-install.md
│ │ │ └── operator-migration.md
│ │ └── resourcesets
│ │ ├── rset-app-definition.md
│ │ ├── rset-github-pull-requests.md
│ │ ├── rset-gitlab-environments.md
│ │ ├── rset-gitlab-merge-requests.md
│ │ ├── rset-image-automation.md
│ │ ├── rset-introduction.md
│ │ └── rset-time-based-delivery.md
│ ├── lkm
│ │ └── README.md
│ ├── logo
│ │ ├── flux-operator-banner.png
│ │ ├── flux-operator-banner.svg
│ │ ├── flux-operator-icon.png
│ │ ├── flux-operator-icon.svg
│ │ ├── flux-operator-logo.png
│ │ └── flux-operator-logo.svg
│ ├── mcp
│ │ ├── instructions.md
│ │ ├── mcp-config.md
│ │ ├── mcp-install.md
│ │ ├── mcp-prompting.md
│ │ ├── prompts.md
│ │ └── tools.md
│ └── web
│ ├── web-config-api.md
│ ├── web-ingress.md
│ ├── web-sso-dex.md
│ ├── web-sso-keycloak.md
│ ├── web-sso-openshift.md
│ ├── web-standalone.md
│ └── web-user-management.md
├── go.mod
├── go.sum
├── hack
│ ├── boilerplate.go.txt
│ ├── build-dist-manifests.sh
│ ├── build-olm-images.sh
│ ├── build-olm-manifests.sh
│ ├── install-operator-sdk.sh
│ ├── prep-release.sh
│ ├── vendor-flux-manifests.sh
│ └── web-ui-load-test.sh
├── internal
│ ├── builder
│ │ ├── build_test.go
│ │ ├── build.go
│ │ ├── components.go
│ │ ├── digest.go
│ │ ├── images_test.go
│ │ ├── images.go
│ │ ├── options.go
│ │ ├── preflight_test.go
│ │ ├── preflight.go
│ │ ├── profiles.go
│ │ ├── pull.go
│ │ ├── resourceset_test.go
│ │ ├── resourceset.go
│ │ ├── result.go
│ │ ├── semver_test.go
│ │ ├── semver.go
│ │ ├── templates.go
│ │ ├── testdata
│ │ │ ├── flux
│ │ │ │ ├── v2.2.0
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── v2.2.1
│ │ │ │ │ └── .gitkeep
│ │ │ │ └── v2.3.0
│ │ │ │ └── .gitkeep
│ │ │ ├── flux-images
│ │ │ │ └── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── resourceset
│ │ │ │ ├── dedup.golden.yaml
│ │ │ │ ├── dedup.yaml
│ │ │ │ ├── empty.yaml
│ │ │ │ ├── exclude.golden.yaml
│ │ │ │ ├── exclude.yaml
│ │ │ │ ├── invalid-output.yaml
│ │ │ │ ├── missing-inputs.yaml
│ │ │ │ ├── multi-doc-template.golden.yaml
│ │ │ │ ├── multi-doc-template.yaml
│ │ │ │ ├── nestedinputs.golden.yaml
│ │ │ │ ├── nestedinputs.yaml
│ │ │ │ ├── noinputs.golden.yaml
│ │ │ │ ├── noinputs.yaml
│ │ │ │ ├── slugify.golden.yaml
│ │ │ │ └── slugify.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0-golden
│ │ │ │ ├── default.kustomization.yaml
│ │ │ │ ├── patches.kustomization.yaml
│ │ │ │ ├── profiles.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── storage.kustomization.yaml
│ │ │ │ └── sync.kustomization.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0-golden
│ │ │ │ ├── shard1.kustomization.yaml
│ │ │ │ ├── shard2.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── size.large.kustomization.yaml
│ │ │ │ ├── size.medium.kustomization.yaml
│ │ │ │ └── size.small.kustomization.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.0-golden
│ │ │ └── source-watcher.kustomization.yaml
│ │ └── workload_identity.go
│ ├── controller
│ │ ├── common.go
│ │ ├── entitlement_controller_test.go
│ │ ├── entitlement_controller.go
│ │ ├── fluxinstance_artifact_controller_test.go
│ │ ├── fluxinstance_artifact_controller.go
│ │ ├── fluxinstance_artifact_manager_test.go
│ │ ├── fluxinstance_artifact_manager.go
│ │ ├── fluxinstance_controller_test.go
│ │ ├── fluxinstance_controller.go
│ │ ├── fluxinstance_manager.go
│ │ ├── fluxinstance_migrator.go
│ │ ├── fluxinstance_uninstaller.go
│ │ ├── fluxreport_controller_test.go
│ │ ├── fluxreport_controller.go
│ │ ├── resourceset_controller_test.go
│ │ ├── resourceset_controller.go
│ │ ├── resourceset_manager_test.go
│ │ ├── resourceset_manager.go
│ │ ├── resourcesetinputprovider_controller_git_test.go
│ │ ├── resourcesetinputprovider_controller_oci_test.go
│ │ ├── resourcesetinputprovider_controller_test.go
│ │ ├── resourcesetinputprovider_controller.go
│ │ ├── resourcesetinputprovider_manager.go
│ │ ├── suite_test.go
│ │ └── testdata
│ │ └── rsa-private-key.pem
│ ├── entitlement
│ │ ├── aws.go
│ │ ├── client_test.go
│ │ ├── client.go
│ │ ├── default_test.go
│ │ └── default.go
│ ├── filtering
│ │ ├── filters_test.go
│ │ └── filters.go
│ ├── gitprovider
│ │ ├── azuredevops_test.go
│ │ ├── azuredevops.go
│ │ ├── github_test.go
│ │ ├── github.go
│ │ ├── gitlab_test.go
│ │ ├── gitlab.go
│ │ ├── interface.go
│ │ ├── options.go
│ │ ├── result_test.go
│ │ └── result.go
│ ├── inputs
│ │ ├── combine_test.go
│ │ ├── combine.go
│ │ ├── flattener.go
│ │ ├── id.go
│ │ ├── json_test.go
│ │ ├── json.go
│ │ ├── keys_test.go
│ │ ├── keys.go
│ │ ├── permuter_test.go
│ │ ├── permuter.go
│ │ └── provider.go
│ ├── install
│ │ ├── autoupdate.go
│ │ ├── client.go
│ │ ├── credentials.go
│ │ ├── deploy.go
│ │ ├── download.go
│ │ ├── events.go
│ │ ├── installer.go
│ │ ├── options.go
│ │ └── uninstall.go
│ ├── inventory
│ │ ├── inventory_test.go
│ │ ├── inventory.go
│ │ ├── reader_test.go
│ │ ├── reader.go
│ │ └── testdata
│ │ ├── inventory1.yaml
│ │ └── inventory2.yaml
│ ├── lkm
│ │ ├── artifacts_attestation_test.go
│ │ ├── artifacts_attestation.go
│ │ ├── attestation_test.go
│ │ ├── attestation.go
│ │ ├── doc.go
│ │ ├── errors.go
│ │ ├── fetch_test.go
│ │ ├── fetch.go
│ │ ├── jwe_test.go
│ │ ├── jwe.go
│ │ ├── jwt_test.go
│ │ ├── jwt.go
│ │ ├── keygen_test.go
│ │ ├── keygen.go
│ │ ├── keyset_test.go
│ │ ├── keyset.go
│ │ ├── license_test.go
│ │ ├── license.go
│ │ ├── licensekey.go
│ │ ├── manifests_attestation_test.go
│ │ ├── manifests_attestation.go
│ │ ├── revocation_test.go
│ │ └── revocation.go
│ ├── notifier
│ │ └── notifier.go
│ ├── reporter
│ │ ├── cluster.go
│ │ ├── components.go
│ │ ├── crds.go
│ │ ├── distribution.go
│ │ ├── metrics_test.go
│ │ ├── metrics.go
│ │ ├── reconcilers.go
│ │ ├── reporter.go
│ │ └── sync.go
│ ├── schedule
│ │ ├── scheduler_test.go
│ │ └── scheduler.go
│ ├── tests
│ │ ├── fluxinstance
│ │ │ ├── health_check_test.go
│ │ │ └── suite_test.go
│ │ └── resourceset
│ │ ├── health_check_test.go
│ │ └── suite_test.go
│ ├── testutils
│ │ ├── log.go
│ │ └── time.go
│ └── web
│ ├── action_test.go
│ ├── action.go
│ ├── auth
│ │ ├── claims_test.go
│ │ ├── claims.go
│ │ ├── cookies_test.go
│ │ ├── cookies.go
│ │ ├── errors_test.go
│ │ ├── errors.go
│ │ ├── middlewares_test.go
│ │ ├── middlewares.go
│ │ ├── oauth2_test.go
│ │ ├── oauth2.go
│ │ └── oidc.go
│ ├── config
│ │ ├── authentication_types_test.go
│ │ ├── authentication_types.go
│ │ ├── config_types_test.go
│ │ ├── config_types.go
│ │ ├── groupversion_info.go
│ │ ├── loader_test.go
│ │ ├── loader.go
│ │ ├── user_actions_types_test.go
│ │ ├── user_actions_types.go
│ │ └── watcher.go
│ ├── events_test.go
│ ├── events.go
│ ├── favorites_test.go
│ ├── favorites.go
│ ├── fs.go
│ ├── handler.go
│ ├── inventory.go
│ ├── kubeclient
│ │ ├── client_test.go
│ │ ├── client.go
│ │ └── suite_test.go
│ ├── middlewares_test.go
│ ├── middlewares.go
│ ├── report_test.go
│ ├── report.go
│ ├── resource_test.go
│ ├── resource.go
│ ├── resources_test.go
│ ├── resources.go
│ ├── search_test.go
│ ├── search.go
│ ├── server_test.go
│ ├── server.go
│ ├── source.go
│ ├── suite_test.go
│ ├── user
│ │ ├── user_test.go
│ │ └── user.go
│ ├── workload_test.go
│ ├── workload.go
│ ├── workloads_test.go
│ └── workloads.go
├── LICENSE
├── Makefile
├── PROJECT
├── README.md
├── SECURITY.md
├── test
│ ├── e2e
│ │ ├── e2e_suite_test.go
│ │ ├── e2e_test.go
│ │ ├── instance_test.go
│ │ └── utils.go
│ └── olm
│ ├── e2e_suite_test.go
│ ├── e2e_test.go
│ ├── instance_test.go
│ └── scorecard_test.go
└── web
├── .gitignore
├── embed.go
├── eslint.config.js
├── index.html
├── package-lock.json
├── package.json
├── postcss.config.js
├── public
│ ├── favicon.svg
│ └── fonts
│ └── inter.woff2
├── README.md
├── src
│ ├── app.jsx
│ ├── app.test.jsx
│ ├── components
│ │ ├── auth
│ │ │ ├── LoginPage.jsx
│ │ │ └── LoginPage.test.jsx
│ │ ├── dashboards
│ │ │ ├── cluster
│ │ │ │ ├── ClusterPage.jsx
│ │ │ │ ├── ClusterPage.test.jsx
│ │ │ │ ├── ControllersPanel.jsx
│ │ │ │ ├── ControllersPanel.test.jsx
│ │ │ │ ├── InfoPanel.jsx
│ │ │ │ ├── InfoPanel.test.jsx
│ │ │ │ ├── OverallStatusPanel.jsx
│ │ │ │ ├── OverallStatusPanel.test.jsx
│ │ │ │ ├── ReconcilersPanel.jsx
│ │ │ │ ├── ReconcilersPanel.test.jsx
│ │ │ │ ├── SyncPanel.jsx
│ │ │ │ └── SyncPanel.test.jsx
│ │ │ ├── common
│ │ │ │ ├── panel.jsx
│ │ │ │ ├── panel.test.jsx
│ │ │ │ ├── yaml.jsx
│ │ │ │ └── yaml.test.jsx
│ │ │ └── resource
│ │ │ ├── ActionBar.jsx
│ │ │ ├── ActionBar.test.jsx
│ │ │ ├── ArtifactPanel.jsx
│ │ │ ├── ArtifactPanel.test.jsx
│ │ │ ├── ExportedInputsPanel.jsx
│ │ │ ├── ExportedInputsPanel.test.jsx
│ │ │ ├── GraphTabContent.jsx
│ │ │ ├── GraphTabContent.test.jsx
│ │ │ ├── HistoryTimeline.jsx
│ │ │ ├── HistoryTimeline.test.jsx
│ │ │ ├── InputsPanel.jsx
│ │ │ ├── InputsPanel.test.jsx
│ │ │ ├── InventoryPanel.jsx
│ │ │ ├── InventoryPanel.test.jsx
│ │ │ ├── ReconcilerPanel.jsx
│ │ │ ├── ReconcilerPanel.test.jsx
│ │ │ ├── ResourcePage.jsx
│ │ │ ├── ResourcePage.test.jsx
│ │ │ ├── SourcePanel.jsx
│ │ │ ├── SourcePanel.test.jsx
│ │ │ ├── WorkloadsTabContent.jsx
│ │ │ └── WorkloadsTabContent.test.jsx
│ │ ├── favorites
│ │ │ ├── FavoriteCard.jsx
│ │ │ ├── FavoriteCard.test.jsx
│ │ │ ├── FavoritesHeader.jsx
│ │ │ ├── FavoritesHeader.test.jsx
│ │ │ ├── FavoritesPage.jsx
│ │ │ ├── FavoritesPage.test.jsx
│ │ │ ├── FavoritesSearch.jsx
│ │ │ └── FavoritesSearch.test.jsx
│ │ ├── layout
│ │ │ ├── ConnectionStatus.jsx
│ │ │ ├── ConnectionStatus.test.jsx
│ │ │ ├── Footer.jsx
│ │ │ ├── Footer.test.jsx
│ │ │ ├── Header.jsx
│ │ │ ├── Header.test.jsx
│ │ │ ├── Icons.jsx
│ │ │ ├── NotFoundPage.jsx
│ │ │ ├── NotFoundPage.test.jsx
│ │ │ ├── ThemeToggle.jsx
│ │ │ ├── ThemeToggle.test.jsx
│ │ │ ├── UserMenu.jsx
│ │ │ └── UserMenu.test.jsx
│ │ └── search
│ │ ├── EventList.jsx
│ │ ├── EventList.test.jsx
│ │ ├── FilterForm.jsx
│ │ ├── FilterForm.test.jsx
│ │ ├── QuickSearch.jsx
│ │ ├── QuickSearch.test.jsx
│ │ ├── ResourceDetailsView.jsx
│ │ ├── ResourceDetailsView.test.jsx
│ │ ├── ResourceList.jsx
│ │ ├── ResourceList.test.jsx
│ │ ├── StatusChart.jsx
│ │ └── StatusChart.test.jsx
│ ├── index.css
│ ├── main.jsx
│ ├── mock
│ │ ├── action.js
│ │ ├── events.js
│ │ ├── events.test.js
│ │ ├── report.js
│ │ ├── resource.js
│ │ ├── resources.js
│ │ ├── resources.test.js
│ │ ├── workload.js
│ │ └── workload.test.js
│ └── utils
│ ├── constants.js
│ ├── cookies.js
│ ├── cookies.test.js
│ ├── favorites.js
│ ├── favorites.test.js
│ ├── fetch.js
│ ├── fetch.test.js
│ ├── hash.js
│ ├── hash.test.js
│ ├── meta.js
│ ├── meta.test.js
│ ├── navHistory.js
│ ├── navHistory.test.js
│ ├── routing.js
│ ├── routing.test.js
│ ├── scroll.js
│ ├── scroll.test.js
│ ├── status.js
│ ├── status.test.js
│ ├── theme.js
│ ├── theme.test.js
│ ├── time.js
│ ├── time.test.js
│ ├── version.js
│ └── version.test.js
├── tailwind.config.js
├── vite.config.js
└── vitest.setup.js
```
# Files
--------------------------------------------------------------------------------
/config/data/flux/v2.6.3/source-controller.yaml:
--------------------------------------------------------------------------------
```yaml
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.16.1
6 | labels:
7 | app.kubernetes.io/component: source-controller
8 | app.kubernetes.io/part-of: flux
9 | name: buckets.source.toolkit.fluxcd.io
10 | spec:
11 | group: source.toolkit.fluxcd.io
12 | names:
13 | kind: Bucket
14 | listKind: BucketList
15 | plural: buckets
16 | singular: bucket
17 | scope: Namespaced
18 | versions:
19 | - additionalPrinterColumns:
20 | - jsonPath: .spec.endpoint
21 | name: Endpoint
22 | type: string
23 | - jsonPath: .metadata.creationTimestamp
24 | name: Age
25 | type: date
26 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
27 | name: Ready
28 | type: string
29 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
30 | name: Status
31 | type: string
32 | name: v1
33 | schema:
34 | openAPIV3Schema:
35 | description: Bucket is the Schema for the buckets API.
36 | properties:
37 | apiVersion:
38 | description: |-
39 | APIVersion defines the versioned schema of this representation of an object.
40 | Servers should convert recognized schemas to the latest internal value, and
41 | may reject unrecognized values.
42 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
43 | type: string
44 | kind:
45 | description: |-
46 | Kind is a string value representing the REST resource this object represents.
47 | Servers may infer this from the endpoint the client submits requests to.
48 | Cannot be updated.
49 | In CamelCase.
50 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
51 | type: string
52 | metadata:
53 | type: object
54 | spec:
55 | description: |-
56 | BucketSpec specifies the required configuration to produce an Artifact for
57 | an object storage bucket.
58 | properties:
59 | bucketName:
60 | description: BucketName is the name of the object storage bucket.
61 | type: string
62 | certSecretRef:
63 | description: |-
64 | CertSecretRef can be given the name of a Secret containing
65 | either or both of
66 |
67 | - a PEM-encoded client certificate (`tls.crt`) and private
68 | key (`tls.key`);
69 | - a PEM-encoded CA certificate (`ca.crt`)
70 |
71 | and whichever are supplied, will be used for connecting to the
72 | bucket. The client cert and key are useful if you are
73 | authenticating with a certificate; the CA cert is useful if
74 | you are using a self-signed server certificate. The Secret must
75 | be of type `Opaque` or `kubernetes.io/tls`.
76 |
77 | This field is only supported for the `generic` provider.
78 | properties:
79 | name:
80 | description: Name of the referent.
81 | type: string
82 | required:
83 | - name
84 | type: object
85 | endpoint:
86 | description: Endpoint is the object storage address the BucketName
87 | is located at.
88 | type: string
89 | ignore:
90 | description: |-
91 | Ignore overrides the set of excluded patterns in the .sourceignore format
92 | (which is the same as .gitignore). If not provided, a default will be used,
93 | consult the documentation for your version to find out what those are.
94 | type: string
95 | insecure:
96 | description: Insecure allows connecting to a non-TLS HTTP Endpoint.
97 | type: boolean
98 | interval:
99 | description: |-
100 | Interval at which the Bucket Endpoint is checked for updates.
101 | This interval is approximate and may be subject to jitter to ensure
102 | efficient use of resources.
103 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
104 | type: string
105 | prefix:
106 | description: Prefix to use for server-side filtering of files in the
107 | Bucket.
108 | type: string
109 | provider:
110 | default: generic
111 | description: |-
112 | Provider of the object storage bucket.
113 | Defaults to 'generic', which expects an S3 (API) compatible object
114 | storage.
115 | enum:
116 | - generic
117 | - aws
118 | - gcp
119 | - azure
120 | type: string
121 | proxySecretRef:
122 | description: |-
123 | ProxySecretRef specifies the Secret containing the proxy configuration
124 | to use while communicating with the Bucket server.
125 | properties:
126 | name:
127 | description: Name of the referent.
128 | type: string
129 | required:
130 | - name
131 | type: object
132 | region:
133 | description: Region of the Endpoint where the BucketName is located
134 | in.
135 | type: string
136 | secretRef:
137 | description: |-
138 | SecretRef specifies the Secret containing authentication credentials
139 | for the Bucket.
140 | properties:
141 | name:
142 | description: Name of the referent.
143 | type: string
144 | required:
145 | - name
146 | type: object
147 | sts:
148 | description: |-
149 | STS specifies the required configuration to use a Security Token
150 | Service for fetching temporary credentials to authenticate in a
151 | Bucket provider.
152 |
153 | This field is only supported for the `aws` and `generic` providers.
154 | properties:
155 | certSecretRef:
156 | description: |-
157 | CertSecretRef can be given the name of a Secret containing
158 | either or both of
159 |
160 | - a PEM-encoded client certificate (`tls.crt`) and private
161 | key (`tls.key`);
162 | - a PEM-encoded CA certificate (`ca.crt`)
163 |
164 | and whichever are supplied, will be used for connecting to the
165 | STS endpoint. The client cert and key are useful if you are
166 | authenticating with a certificate; the CA cert is useful if
167 | you are using a self-signed server certificate. The Secret must
168 | be of type `Opaque` or `kubernetes.io/tls`.
169 |
170 | This field is only supported for the `ldap` provider.
171 | properties:
172 | name:
173 | description: Name of the referent.
174 | type: string
175 | required:
176 | - name
177 | type: object
178 | endpoint:
179 | description: |-
180 | Endpoint is the HTTP/S endpoint of the Security Token Service from
181 | where temporary credentials will be fetched.
182 | pattern: ^(http|https)://.*$
183 | type: string
184 | provider:
185 | description: Provider of the Security Token Service.
186 | enum:
187 | - aws
188 | - ldap
189 | type: string
190 | secretRef:
191 | description: |-
192 | SecretRef specifies the Secret containing authentication credentials
193 | for the STS endpoint. This Secret must contain the fields `username`
194 | and `password` and is supported only for the `ldap` provider.
195 | properties:
196 | name:
197 | description: Name of the referent.
198 | type: string
199 | required:
200 | - name
201 | type: object
202 | required:
203 | - endpoint
204 | - provider
205 | type: object
206 | suspend:
207 | description: |-
208 | Suspend tells the controller to suspend the reconciliation of this
209 | Bucket.
210 | type: boolean
211 | timeout:
212 | default: 60s
213 | description: Timeout for fetch operations, defaults to 60s.
214 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
215 | type: string
216 | required:
217 | - bucketName
218 | - endpoint
219 | - interval
220 | type: object
221 | x-kubernetes-validations:
222 | - message: STS configuration is only supported for the 'aws' and 'generic'
223 | Bucket providers
224 | rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
225 | - message: '''aws'' is the only supported STS provider for the ''aws''
226 | Bucket provider'
227 | rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
228 | == 'aws'
229 | - message: '''ldap'' is the only supported STS provider for the ''generic''
230 | Bucket provider'
231 | rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
232 | == 'ldap'
233 | - message: spec.sts.secretRef is not required for the 'aws' STS provider
234 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
235 | - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
236 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
237 | status:
238 | default:
239 | observedGeneration: -1
240 | description: BucketStatus records the observed state of a Bucket.
241 | properties:
242 | artifact:
243 | description: Artifact represents the last successful Bucket reconciliation.
244 | properties:
245 | digest:
246 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
247 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
248 | type: string
249 | lastUpdateTime:
250 | description: |-
251 | LastUpdateTime is the timestamp corresponding to the last update of the
252 | Artifact.
253 | format: date-time
254 | type: string
255 | metadata:
256 | additionalProperties:
257 | type: string
258 | description: Metadata holds upstream information such as OCI annotations.
259 | type: object
260 | path:
261 | description: |-
262 | Path is the relative file path of the Artifact. It can be used to locate
263 | the file in the root of the Artifact storage on the local file system of
264 | the controller managing the Source.
265 | type: string
266 | revision:
267 | description: |-
268 | Revision is a human-readable identifier traceable in the origin source
269 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
270 | type: string
271 | size:
272 | description: Size is the number of bytes in the file.
273 | format: int64
274 | type: integer
275 | url:
276 | description: |-
277 | URL is the HTTP address of the Artifact as exposed by the controller
278 | managing the Source. It can be used to retrieve the Artifact for
279 | consumption, e.g. by another controller applying the Artifact contents.
280 | type: string
281 | required:
282 | - lastUpdateTime
283 | - path
284 | - revision
285 | - url
286 | type: object
287 | conditions:
288 | description: Conditions holds the conditions for the Bucket.
289 | items:
290 | description: Condition contains details for one aspect of the current
291 | state of this API Resource.
292 | properties:
293 | lastTransitionTime:
294 | description: |-
295 | lastTransitionTime is the last time the condition transitioned from one status to another.
296 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
297 | format: date-time
298 | type: string
299 | message:
300 | description: |-
301 | message is a human readable message indicating details about the transition.
302 | This may be an empty string.
303 | maxLength: 32768
304 | type: string
305 | observedGeneration:
306 | description: |-
307 | observedGeneration represents the .metadata.generation that the condition was set based upon.
308 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
309 | with respect to the current state of the instance.
310 | format: int64
311 | minimum: 0
312 | type: integer
313 | reason:
314 | description: |-
315 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
316 | Producers of specific condition types may define expected values and meanings for this field,
317 | and whether the values are considered a guaranteed API.
318 | The value should be a CamelCase string.
319 | This field may not be empty.
320 | maxLength: 1024
321 | minLength: 1
322 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
323 | type: string
324 | status:
325 | description: status of the condition, one of True, False, Unknown.
326 | enum:
327 | - "True"
328 | - "False"
329 | - Unknown
330 | type: string
331 | type:
332 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
333 | maxLength: 316
334 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
335 | type: string
336 | required:
337 | - lastTransitionTime
338 | - message
339 | - reason
340 | - status
341 | - type
342 | type: object
343 | type: array
344 | lastHandledReconcileAt:
345 | description: |-
346 | LastHandledReconcileAt holds the value of the most recent
347 | reconcile request value, so a change of the annotation value
348 | can be detected.
349 | type: string
350 | observedGeneration:
351 | description: ObservedGeneration is the last observed generation of
352 | the Bucket object.
353 | format: int64
354 | type: integer
355 | observedIgnore:
356 | description: |-
357 | ObservedIgnore is the observed exclusion patterns used for constructing
358 | the source artifact.
359 | type: string
360 | url:
361 | description: |-
362 | URL is the dynamic fetch link for the latest Artifact.
363 | It is provided on a "best effort" basis, and using the precise
364 | BucketStatus.Artifact data is recommended.
365 | type: string
366 | type: object
367 | type: object
368 | served: true
369 | storage: true
370 | subresources:
371 | status: {}
372 | - additionalPrinterColumns:
373 | - jsonPath: .spec.endpoint
374 | name: Endpoint
375 | type: string
376 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
377 | name: Ready
378 | type: string
379 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
380 | name: Status
381 | type: string
382 | - jsonPath: .metadata.creationTimestamp
383 | name: Age
384 | type: date
385 | deprecated: true
386 | deprecationWarning: v1beta1 Bucket is deprecated, upgrade to v1
387 | name: v1beta1
388 | schema:
389 | openAPIV3Schema:
390 | description: Bucket is the Schema for the buckets API
391 | properties:
392 | apiVersion:
393 | description: |-
394 | APIVersion defines the versioned schema of this representation of an object.
395 | Servers should convert recognized schemas to the latest internal value, and
396 | may reject unrecognized values.
397 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
398 | type: string
399 | kind:
400 | description: |-
401 | Kind is a string value representing the REST resource this object represents.
402 | Servers may infer this from the endpoint the client submits requests to.
403 | Cannot be updated.
404 | In CamelCase.
405 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
406 | type: string
407 | metadata:
408 | type: object
409 | spec:
410 | description: BucketSpec defines the desired state of an S3 compatible
411 | bucket
412 | properties:
413 | accessFrom:
414 | description: AccessFrom defines an Access Control List for allowing
415 | cross-namespace references to this object.
416 | properties:
417 | namespaceSelectors:
418 | description: |-
419 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
420 | Items in this list are evaluated using a logical OR operation.
421 | items:
422 | description: |-
423 | NamespaceSelector selects the namespaces to which this ACL applies.
424 | An empty map of MatchLabels matches all namespaces in a cluster.
425 | properties:
426 | matchLabels:
427 | additionalProperties:
428 | type: string
429 | description: |-
430 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
431 | map is equivalent to an element of matchExpressions, whose key field is "key", the
432 | operator is "In", and the values array contains only "value". The requirements are ANDed.
433 | type: object
434 | type: object
435 | type: array
436 | required:
437 | - namespaceSelectors
438 | type: object
439 | bucketName:
440 | description: The bucket name.
441 | type: string
442 | endpoint:
443 | description: The bucket endpoint address.
444 | type: string
445 | ignore:
446 | description: |-
447 | Ignore overrides the set of excluded patterns in the .sourceignore format
448 | (which is the same as .gitignore). If not provided, a default will be used,
449 | consult the documentation for your version to find out what those are.
450 | type: string
451 | insecure:
452 | description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
453 | type: boolean
454 | interval:
455 | description: The interval at which to check for bucket updates.
456 | type: string
457 | provider:
458 | default: generic
459 | description: The S3 compatible storage provider name, default ('generic').
460 | enum:
461 | - generic
462 | - aws
463 | - gcp
464 | type: string
465 | region:
466 | description: The bucket region.
467 | type: string
468 | secretRef:
469 | description: |-
470 | The name of the secret containing authentication credentials
471 | for the Bucket.
472 | properties:
473 | name:
474 | description: Name of the referent.
475 | type: string
476 | required:
477 | - name
478 | type: object
479 | suspend:
480 | description: This flag tells the controller to suspend the reconciliation
481 | of this source.
482 | type: boolean
483 | timeout:
484 | default: 60s
485 | description: The timeout for download operations, defaults to 60s.
486 | type: string
487 | required:
488 | - bucketName
489 | - endpoint
490 | - interval
491 | type: object
492 | status:
493 | default:
494 | observedGeneration: -1
495 | description: BucketStatus defines the observed state of a bucket
496 | properties:
497 | artifact:
498 | description: Artifact represents the output of the last successful
499 | Bucket sync.
500 | properties:
501 | checksum:
502 | description: Checksum is the SHA256 checksum of the artifact.
503 | type: string
504 | lastUpdateTime:
505 | description: |-
506 | LastUpdateTime is the timestamp corresponding to the last update of this
507 | artifact.
508 | format: date-time
509 | type: string
510 | path:
511 | description: Path is the relative file path of this artifact.
512 | type: string
513 | revision:
514 | description: |-
515 | Revision is a human readable identifier traceable in the origin source
516 | system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
517 | chart version, etc.
518 | type: string
519 | url:
520 | description: URL is the HTTP address of this artifact.
521 | type: string
522 | required:
523 | - lastUpdateTime
524 | - path
525 | - url
526 | type: object
527 | conditions:
528 | description: Conditions holds the conditions for the Bucket.
529 | items:
530 | description: Condition contains details for one aspect of the current
531 | state of this API Resource.
532 | properties:
533 | lastTransitionTime:
534 | description: |-
535 | lastTransitionTime is the last time the condition transitioned from one status to another.
536 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
537 | format: date-time
538 | type: string
539 | message:
540 | description: |-
541 | message is a human readable message indicating details about the transition.
542 | This may be an empty string.
543 | maxLength: 32768
544 | type: string
545 | observedGeneration:
546 | description: |-
547 | observedGeneration represents the .metadata.generation that the condition was set based upon.
548 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
549 | with respect to the current state of the instance.
550 | format: int64
551 | minimum: 0
552 | type: integer
553 | reason:
554 | description: |-
555 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
556 | Producers of specific condition types may define expected values and meanings for this field,
557 | and whether the values are considered a guaranteed API.
558 | The value should be a CamelCase string.
559 | This field may not be empty.
560 | maxLength: 1024
561 | minLength: 1
562 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
563 | type: string
564 | status:
565 | description: status of the condition, one of True, False, Unknown.
566 | enum:
567 | - "True"
568 | - "False"
569 | - Unknown
570 | type: string
571 | type:
572 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
573 | maxLength: 316
574 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
575 | type: string
576 | required:
577 | - lastTransitionTime
578 | - message
579 | - reason
580 | - status
581 | - type
582 | type: object
583 | type: array
584 | lastHandledReconcileAt:
585 | description: |-
586 | LastHandledReconcileAt holds the value of the most recent
587 | reconcile request value, so a change of the annotation value
588 | can be detected.
589 | type: string
590 | observedGeneration:
591 | description: ObservedGeneration is the last observed generation.
592 | format: int64
593 | type: integer
594 | url:
595 | description: URL is the download link for the artifact output of the
596 | last Bucket sync.
597 | type: string
598 | type: object
599 | type: object
600 | served: true
601 | storage: false
602 | subresources:
603 | status: {}
604 | - additionalPrinterColumns:
605 | - jsonPath: .spec.endpoint
606 | name: Endpoint
607 | type: string
608 | - jsonPath: .metadata.creationTimestamp
609 | name: Age
610 | type: date
611 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
612 | name: Ready
613 | type: string
614 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
615 | name: Status
616 | type: string
617 | deprecated: true
618 | deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
619 | name: v1beta2
620 | schema:
621 | openAPIV3Schema:
622 | description: Bucket is the Schema for the buckets API.
623 | properties:
624 | apiVersion:
625 | description: |-
626 | APIVersion defines the versioned schema of this representation of an object.
627 | Servers should convert recognized schemas to the latest internal value, and
628 | may reject unrecognized values.
629 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
630 | type: string
631 | kind:
632 | description: |-
633 | Kind is a string value representing the REST resource this object represents.
634 | Servers may infer this from the endpoint the client submits requests to.
635 | Cannot be updated.
636 | In CamelCase.
637 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
638 | type: string
639 | metadata:
640 | type: object
641 | spec:
642 | description: |-
643 | BucketSpec specifies the required configuration to produce an Artifact for
644 | an object storage bucket.
645 | properties:
646 | accessFrom:
647 | description: |-
648 | AccessFrom specifies an Access Control List for allowing cross-namespace
649 | references to this object.
650 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
651 | properties:
652 | namespaceSelectors:
653 | description: |-
654 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
655 | Items in this list are evaluated using a logical OR operation.
656 | items:
657 | description: |-
658 | NamespaceSelector selects the namespaces to which this ACL applies.
659 | An empty map of MatchLabels matches all namespaces in a cluster.
660 | properties:
661 | matchLabels:
662 | additionalProperties:
663 | type: string
664 | description: |-
665 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
666 | map is equivalent to an element of matchExpressions, whose key field is "key", the
667 | operator is "In", and the values array contains only "value". The requirements are ANDed.
668 | type: object
669 | type: object
670 | type: array
671 | required:
672 | - namespaceSelectors
673 | type: object
674 | bucketName:
675 | description: BucketName is the name of the object storage bucket.
676 | type: string
677 | certSecretRef:
678 | description: |-
679 | CertSecretRef can be given the name of a Secret containing
680 | either or both of
681 |
682 | - a PEM-encoded client certificate (`tls.crt`) and private
683 | key (`tls.key`);
684 | - a PEM-encoded CA certificate (`ca.crt`)
685 |
686 | and whichever are supplied, will be used for connecting to the
687 | bucket. The client cert and key are useful if you are
688 | authenticating with a certificate; the CA cert is useful if
689 | you are using a self-signed server certificate. The Secret must
690 | be of type `Opaque` or `kubernetes.io/tls`.
691 |
692 | This field is only supported for the `generic` provider.
693 | properties:
694 | name:
695 | description: Name of the referent.
696 | type: string
697 | required:
698 | - name
699 | type: object
700 | endpoint:
701 | description: Endpoint is the object storage address the BucketName
702 | is located at.
703 | type: string
704 | ignore:
705 | description: |-
706 | Ignore overrides the set of excluded patterns in the .sourceignore format
707 | (which is the same as .gitignore). If not provided, a default will be used,
708 | consult the documentation for your version to find out what those are.
709 | type: string
710 | insecure:
711 | description: Insecure allows connecting to a non-TLS HTTP Endpoint.
712 | type: boolean
713 | interval:
714 | description: |-
715 | Interval at which the Bucket Endpoint is checked for updates.
716 | This interval is approximate and may be subject to jitter to ensure
717 | efficient use of resources.
718 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
719 | type: string
720 | prefix:
721 | description: Prefix to use for server-side filtering of files in the
722 | Bucket.
723 | type: string
724 | provider:
725 | default: generic
726 | description: |-
727 | Provider of the object storage bucket.
728 | Defaults to 'generic', which expects an S3 (API) compatible object
729 | storage.
730 | enum:
731 | - generic
732 | - aws
733 | - gcp
734 | - azure
735 | type: string
736 | proxySecretRef:
737 | description: |-
738 | ProxySecretRef specifies the Secret containing the proxy configuration
739 | to use while communicating with the Bucket server.
740 | properties:
741 | name:
742 | description: Name of the referent.
743 | type: string
744 | required:
745 | - name
746 | type: object
747 | region:
748 | description: Region of the Endpoint where the BucketName is located
749 | in.
750 | type: string
751 | secretRef:
752 | description: |-
753 | SecretRef specifies the Secret containing authentication credentials
754 | for the Bucket.
755 | properties:
756 | name:
757 | description: Name of the referent.
758 | type: string
759 | required:
760 | - name
761 | type: object
762 | sts:
763 | description: |-
764 | STS specifies the required configuration to use a Security Token
765 | Service for fetching temporary credentials to authenticate in a
766 | Bucket provider.
767 |
768 | This field is only supported for the `aws` and `generic` providers.
769 | properties:
770 | certSecretRef:
771 | description: |-
772 | CertSecretRef can be given the name of a Secret containing
773 | either or both of
774 |
775 | - a PEM-encoded client certificate (`tls.crt`) and private
776 | key (`tls.key`);
777 | - a PEM-encoded CA certificate (`ca.crt`)
778 |
779 | and whichever are supplied, will be used for connecting to the
780 | STS endpoint. The client cert and key are useful if you are
781 | authenticating with a certificate; the CA cert is useful if
782 | you are using a self-signed server certificate. The Secret must
783 | be of type `Opaque` or `kubernetes.io/tls`.
784 |
785 | This field is only supported for the `ldap` provider.
786 | properties:
787 | name:
788 | description: Name of the referent.
789 | type: string
790 | required:
791 | - name
792 | type: object
793 | endpoint:
794 | description: |-
795 | Endpoint is the HTTP/S endpoint of the Security Token Service from
796 | where temporary credentials will be fetched.
797 | pattern: ^(http|https)://.*$
798 | type: string
799 | provider:
800 | description: Provider of the Security Token Service.
801 | enum:
802 | - aws
803 | - ldap
804 | type: string
805 | secretRef:
806 | description: |-
807 | SecretRef specifies the Secret containing authentication credentials
808 | for the STS endpoint. This Secret must contain the fields `username`
809 | and `password` and is supported only for the `ldap` provider.
810 | properties:
811 | name:
812 | description: Name of the referent.
813 | type: string
814 | required:
815 | - name
816 | type: object
817 | required:
818 | - endpoint
819 | - provider
820 | type: object
821 | suspend:
822 | description: |-
823 | Suspend tells the controller to suspend the reconciliation of this
824 | Bucket.
825 | type: boolean
826 | timeout:
827 | default: 60s
828 | description: Timeout for fetch operations, defaults to 60s.
829 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
830 | type: string
831 | required:
832 | - bucketName
833 | - endpoint
834 | - interval
835 | type: object
836 | x-kubernetes-validations:
837 | - message: STS configuration is only supported for the 'aws' and 'generic'
838 | Bucket providers
839 | rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
840 | - message: '''aws'' is the only supported STS provider for the ''aws''
841 | Bucket provider'
842 | rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
843 | == 'aws'
844 | - message: '''ldap'' is the only supported STS provider for the ''generic''
845 | Bucket provider'
846 | rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
847 | == 'ldap'
848 | - message: spec.sts.secretRef is not required for the 'aws' STS provider
849 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
850 | - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
851 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
852 | status:
853 | default:
854 | observedGeneration: -1
855 | description: BucketStatus records the observed state of a Bucket.
856 | properties:
857 | artifact:
858 | description: Artifact represents the last successful Bucket reconciliation.
859 | properties:
860 | digest:
861 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
862 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
863 | type: string
864 | lastUpdateTime:
865 | description: |-
866 | LastUpdateTime is the timestamp corresponding to the last update of the
867 | Artifact.
868 | format: date-time
869 | type: string
870 | metadata:
871 | additionalProperties:
872 | type: string
873 | description: Metadata holds upstream information such as OCI annotations.
874 | type: object
875 | path:
876 | description: |-
877 | Path is the relative file path of the Artifact. It can be used to locate
878 | the file in the root of the Artifact storage on the local file system of
879 | the controller managing the Source.
880 | type: string
881 | revision:
882 | description: |-
883 | Revision is a human-readable identifier traceable in the origin source
884 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
885 | type: string
886 | size:
887 | description: Size is the number of bytes in the file.
888 | format: int64
889 | type: integer
890 | url:
891 | description: |-
892 | URL is the HTTP address of the Artifact as exposed by the controller
893 | managing the Source. It can be used to retrieve the Artifact for
894 | consumption, e.g. by another controller applying the Artifact contents.
895 | type: string
896 | required:
897 | - lastUpdateTime
898 | - path
899 | - revision
900 | - url
901 | type: object
902 | conditions:
903 | description: Conditions holds the conditions for the Bucket.
904 | items:
905 | description: Condition contains details for one aspect of the current
906 | state of this API Resource.
907 | properties:
908 | lastTransitionTime:
909 | description: |-
910 | lastTransitionTime is the last time the condition transitioned from one status to another.
911 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
912 | format: date-time
913 | type: string
914 | message:
915 | description: |-
916 | message is a human readable message indicating details about the transition.
917 | This may be an empty string.
918 | maxLength: 32768
919 | type: string
920 | observedGeneration:
921 | description: |-
922 | observedGeneration represents the .metadata.generation that the condition was set based upon.
923 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
924 | with respect to the current state of the instance.
925 | format: int64
926 | minimum: 0
927 | type: integer
928 | reason:
929 | description: |-
930 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
931 | Producers of specific condition types may define expected values and meanings for this field,
932 | and whether the values are considered a guaranteed API.
933 | The value should be a CamelCase string.
934 | This field may not be empty.
935 | maxLength: 1024
936 | minLength: 1
937 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
938 | type: string
939 | status:
940 | description: status of the condition, one of True, False, Unknown.
941 | enum:
942 | - "True"
943 | - "False"
944 | - Unknown
945 | type: string
946 | type:
947 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
948 | maxLength: 316
949 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
950 | type: string
951 | required:
952 | - lastTransitionTime
953 | - message
954 | - reason
955 | - status
956 | - type
957 | type: object
958 | type: array
959 | lastHandledReconcileAt:
960 | description: |-
961 | LastHandledReconcileAt holds the value of the most recent
962 | reconcile request value, so a change of the annotation value
963 | can be detected.
964 | type: string
965 | observedGeneration:
966 | description: ObservedGeneration is the last observed generation of
967 | the Bucket object.
968 | format: int64
969 | type: integer
970 | observedIgnore:
971 | description: |-
972 | ObservedIgnore is the observed exclusion patterns used for constructing
973 | the source artifact.
974 | type: string
975 | url:
976 | description: |-
977 | URL is the dynamic fetch link for the latest Artifact.
978 | It is provided on a "best effort" basis, and using the precise
979 | BucketStatus.Artifact data is recommended.
980 | type: string
981 | type: object
982 | type: object
983 | served: true
984 | storage: false
985 | subresources:
986 | status: {}
987 | ---
988 | apiVersion: apiextensions.k8s.io/v1
989 | kind: CustomResourceDefinition
990 | metadata:
991 | annotations:
992 | controller-gen.kubebuilder.io/version: v0.16.1
993 | labels:
994 | app.kubernetes.io/component: source-controller
995 | app.kubernetes.io/part-of: flux
996 | name: gitrepositories.source.toolkit.fluxcd.io
997 | spec:
998 | group: source.toolkit.fluxcd.io
999 | names:
1000 | kind: GitRepository
1001 | listKind: GitRepositoryList
1002 | plural: gitrepositories
1003 | shortNames:
1004 | - gitrepo
1005 | singular: gitrepository
1006 | scope: Namespaced
1007 | versions:
1008 | - additionalPrinterColumns:
1009 | - jsonPath: .spec.url
1010 | name: URL
1011 | type: string
1012 | - jsonPath: .metadata.creationTimestamp
1013 | name: Age
1014 | type: date
1015 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1016 | name: Ready
1017 | type: string
1018 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1019 | name: Status
1020 | type: string
1021 | name: v1
1022 | schema:
1023 | openAPIV3Schema:
1024 | description: GitRepository is the Schema for the gitrepositories API.
1025 | properties:
1026 | apiVersion:
1027 | description: |-
1028 | APIVersion defines the versioned schema of this representation of an object.
1029 | Servers should convert recognized schemas to the latest internal value, and
1030 | may reject unrecognized values.
1031 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1032 | type: string
1033 | kind:
1034 | description: |-
1035 | Kind is a string value representing the REST resource this object represents.
1036 | Servers may infer this from the endpoint the client submits requests to.
1037 | Cannot be updated.
1038 | In CamelCase.
1039 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1040 | type: string
1041 | metadata:
1042 | type: object
1043 | spec:
1044 | description: |-
1045 | GitRepositorySpec specifies the required configuration to produce an
1046 | Artifact for a Git repository.
1047 | properties:
1048 | ignore:
1049 | description: |-
1050 | Ignore overrides the set of excluded patterns in the .sourceignore format
1051 | (which is the same as .gitignore). If not provided, a default will be used,
1052 | consult the documentation for your version to find out what those are.
1053 | type: string
1054 | include:
1055 | description: |-
1056 | Include specifies a list of GitRepository resources which Artifacts
1057 | should be included in the Artifact produced for this GitRepository.
1058 | items:
1059 | description: |-
1060 | GitRepositoryInclude specifies a local reference to a GitRepository which
1061 | Artifact (sub-)contents must be included, and where they should be placed.
1062 | properties:
1063 | fromPath:
1064 | description: |-
1065 | FromPath specifies the path to copy contents from, defaults to the root
1066 | of the Artifact.
1067 | type: string
1068 | repository:
1069 | description: |-
1070 | GitRepositoryRef specifies the GitRepository which Artifact contents
1071 | must be included.
1072 | properties:
1073 | name:
1074 | description: Name of the referent.
1075 | type: string
1076 | required:
1077 | - name
1078 | type: object
1079 | toPath:
1080 | description: |-
1081 | ToPath specifies the path to copy contents to, defaults to the name of
1082 | the GitRepositoryRef.
1083 | type: string
1084 | required:
1085 | - repository
1086 | type: object
1087 | type: array
1088 | interval:
1089 | description: |-
1090 | Interval at which the GitRepository URL is checked for updates.
1091 | This interval is approximate and may be subject to jitter to ensure
1092 | efficient use of resources.
1093 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1094 | type: string
1095 | provider:
1096 | description: |-
1097 | Provider used for authentication, can be 'azure', 'github', 'generic'.
1098 | When not specified, defaults to 'generic'.
1099 | enum:
1100 | - generic
1101 | - azure
1102 | - github
1103 | type: string
1104 | proxySecretRef:
1105 | description: |-
1106 | ProxySecretRef specifies the Secret containing the proxy configuration
1107 | to use while communicating with the Git server.
1108 | properties:
1109 | name:
1110 | description: Name of the referent.
1111 | type: string
1112 | required:
1113 | - name
1114 | type: object
1115 | recurseSubmodules:
1116 | description: |-
1117 | RecurseSubmodules enables the initialization of all submodules within
1118 | the GitRepository as cloned from the URL, using their default settings.
1119 | type: boolean
1120 | ref:
1121 | description: |-
1122 | Reference specifies the Git reference to resolve and monitor for
1123 | changes, defaults to the 'master' branch.
1124 | properties:
1125 | branch:
1126 | description: Branch to check out, defaults to 'master' if no other
1127 | field is defined.
1128 | type: string
1129 | commit:
1130 | description: |-
1131 | Commit SHA to check out, takes precedence over all reference fields.
1132 |
1133 | This can be combined with Branch to shallow clone the branch, in which
1134 | the commit is expected to exist.
1135 | type: string
1136 | name:
1137 | description: |-
1138 | Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1139 |
1140 | It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1141 | Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1142 | type: string
1143 | semver:
1144 | description: SemVer tag expression to check out, takes precedence
1145 | over Tag.
1146 | type: string
1147 | tag:
1148 | description: Tag to check out, takes precedence over Branch.
1149 | type: string
1150 | type: object
1151 | secretRef:
1152 | description: |-
1153 | SecretRef specifies the Secret containing authentication credentials for
1154 | the GitRepository.
1155 | For HTTPS repositories the Secret must contain 'username' and 'password'
1156 | fields for basic auth or 'bearerToken' field for token auth.
1157 | For SSH repositories the Secret must contain 'identity'
1158 | and 'known_hosts' fields.
1159 | properties:
1160 | name:
1161 | description: Name of the referent.
1162 | type: string
1163 | required:
1164 | - name
1165 | type: object
1166 | sparseCheckout:
1167 | description: |-
1168 | SparseCheckout specifies a list of directories to checkout when cloning
1169 | the repository. If specified, only these directories are included in the
1170 | Artifact produced for this GitRepository.
1171 | items:
1172 | type: string
1173 | type: array
1174 | suspend:
1175 | description: |-
1176 | Suspend tells the controller to suspend the reconciliation of this
1177 | GitRepository.
1178 | type: boolean
1179 | timeout:
1180 | default: 60s
1181 | description: Timeout for Git operations like cloning, defaults to
1182 | 60s.
1183 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1184 | type: string
1185 | url:
1186 | description: URL specifies the Git repository URL, it can be an HTTP/S
1187 | or SSH address.
1188 | pattern: ^(http|https|ssh)://.*$
1189 | type: string
1190 | verify:
1191 | description: |-
1192 | Verification specifies the configuration to verify the Git commit
1193 | signature(s).
1194 | properties:
1195 | mode:
1196 | default: HEAD
1197 | description: |-
1198 | Mode specifies which Git object(s) should be verified.
1199 |
1200 | The variants "head" and "HEAD" both imply the same thing, i.e. verify
1201 | the commit that the HEAD of the Git repository points to. The variant
1202 | "head" solely exists to ensure backwards compatibility.
1203 | enum:
1204 | - head
1205 | - HEAD
1206 | - Tag
1207 | - TagAndHEAD
1208 | type: string
1209 | secretRef:
1210 | description: |-
1211 | SecretRef specifies the Secret containing the public keys of trusted Git
1212 | authors.
1213 | properties:
1214 | name:
1215 | description: Name of the referent.
1216 | type: string
1217 | required:
1218 | - name
1219 | type: object
1220 | required:
1221 | - secretRef
1222 | type: object
1223 | required:
1224 | - interval
1225 | - url
1226 | type: object
1227 | status:
1228 | default:
1229 | observedGeneration: -1
1230 | description: GitRepositoryStatus records the observed state of a Git repository.
1231 | properties:
1232 | artifact:
1233 | description: Artifact represents the last successful GitRepository
1234 | reconciliation.
1235 | properties:
1236 | digest:
1237 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1238 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1239 | type: string
1240 | lastUpdateTime:
1241 | description: |-
1242 | LastUpdateTime is the timestamp corresponding to the last update of the
1243 | Artifact.
1244 | format: date-time
1245 | type: string
1246 | metadata:
1247 | additionalProperties:
1248 | type: string
1249 | description: Metadata holds upstream information such as OCI annotations.
1250 | type: object
1251 | path:
1252 | description: |-
1253 | Path is the relative file path of the Artifact. It can be used to locate
1254 | the file in the root of the Artifact storage on the local file system of
1255 | the controller managing the Source.
1256 | type: string
1257 | revision:
1258 | description: |-
1259 | Revision is a human-readable identifier traceable in the origin source
1260 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1261 | type: string
1262 | size:
1263 | description: Size is the number of bytes in the file.
1264 | format: int64
1265 | type: integer
1266 | url:
1267 | description: |-
1268 | URL is the HTTP address of the Artifact as exposed by the controller
1269 | managing the Source. It can be used to retrieve the Artifact for
1270 | consumption, e.g. by another controller applying the Artifact contents.
1271 | type: string
1272 | required:
1273 | - lastUpdateTime
1274 | - path
1275 | - revision
1276 | - url
1277 | type: object
1278 | conditions:
1279 | description: Conditions holds the conditions for the GitRepository.
1280 | items:
1281 | description: Condition contains details for one aspect of the current
1282 | state of this API Resource.
1283 | properties:
1284 | lastTransitionTime:
1285 | description: |-
1286 | lastTransitionTime is the last time the condition transitioned from one status to another.
1287 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1288 | format: date-time
1289 | type: string
1290 | message:
1291 | description: |-
1292 | message is a human readable message indicating details about the transition.
1293 | This may be an empty string.
1294 | maxLength: 32768
1295 | type: string
1296 | observedGeneration:
1297 | description: |-
1298 | observedGeneration represents the .metadata.generation that the condition was set based upon.
1299 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1300 | with respect to the current state of the instance.
1301 | format: int64
1302 | minimum: 0
1303 | type: integer
1304 | reason:
1305 | description: |-
1306 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
1307 | Producers of specific condition types may define expected values and meanings for this field,
1308 | and whether the values are considered a guaranteed API.
1309 | The value should be a CamelCase string.
1310 | This field may not be empty.
1311 | maxLength: 1024
1312 | minLength: 1
1313 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1314 | type: string
1315 | status:
1316 | description: status of the condition, one of True, False, Unknown.
1317 | enum:
1318 | - "True"
1319 | - "False"
1320 | - Unknown
1321 | type: string
1322 | type:
1323 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1324 | maxLength: 316
1325 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1326 | type: string
1327 | required:
1328 | - lastTransitionTime
1329 | - message
1330 | - reason
1331 | - status
1332 | - type
1333 | type: object
1334 | type: array
1335 | includedArtifacts:
1336 | description: |-
1337 | IncludedArtifacts contains a list of the last successfully included
1338 | Artifacts as instructed by GitRepositorySpec.Include.
1339 | items:
1340 | description: Artifact represents the output of a Source reconciliation.
1341 | properties:
1342 | digest:
1343 | description: Digest is the digest of the file in the form of
1344 | '<algorithm>:<checksum>'.
1345 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1346 | type: string
1347 | lastUpdateTime:
1348 | description: |-
1349 | LastUpdateTime is the timestamp corresponding to the last update of the
1350 | Artifact.
1351 | format: date-time
1352 | type: string
1353 | metadata:
1354 | additionalProperties:
1355 | type: string
1356 | description: Metadata holds upstream information such as OCI
1357 | annotations.
1358 | type: object
1359 | path:
1360 | description: |-
1361 | Path is the relative file path of the Artifact. It can be used to locate
1362 | the file in the root of the Artifact storage on the local file system of
1363 | the controller managing the Source.
1364 | type: string
1365 | revision:
1366 | description: |-
1367 | Revision is a human-readable identifier traceable in the origin source
1368 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1369 | type: string
1370 | size:
1371 | description: Size is the number of bytes in the file.
1372 | format: int64
1373 | type: integer
1374 | url:
1375 | description: |-
1376 | URL is the HTTP address of the Artifact as exposed by the controller
1377 | managing the Source. It can be used to retrieve the Artifact for
1378 | consumption, e.g. by another controller applying the Artifact contents.
1379 | type: string
1380 | required:
1381 | - lastUpdateTime
1382 | - path
1383 | - revision
1384 | - url
1385 | type: object
1386 | type: array
1387 | lastHandledReconcileAt:
1388 | description: |-
1389 | LastHandledReconcileAt holds the value of the most recent
1390 | reconcile request value, so a change of the annotation value
1391 | can be detected.
1392 | type: string
1393 | observedGeneration:
1394 | description: |-
1395 | ObservedGeneration is the last observed generation of the GitRepository
1396 | object.
1397 | format: int64
1398 | type: integer
1399 | observedIgnore:
1400 | description: |-
1401 | ObservedIgnore is the observed exclusion patterns used for constructing
1402 | the source artifact.
1403 | type: string
1404 | observedInclude:
1405 | description: |-
1406 | ObservedInclude is the observed list of GitRepository resources used to
1407 | produce the current Artifact.
1408 | items:
1409 | description: |-
1410 | GitRepositoryInclude specifies a local reference to a GitRepository which
1411 | Artifact (sub-)contents must be included, and where they should be placed.
1412 | properties:
1413 | fromPath:
1414 | description: |-
1415 | FromPath specifies the path to copy contents from, defaults to the root
1416 | of the Artifact.
1417 | type: string
1418 | repository:
1419 | description: |-
1420 | GitRepositoryRef specifies the GitRepository which Artifact contents
1421 | must be included.
1422 | properties:
1423 | name:
1424 | description: Name of the referent.
1425 | type: string
1426 | required:
1427 | - name
1428 | type: object
1429 | toPath:
1430 | description: |-
1431 | ToPath specifies the path to copy contents to, defaults to the name of
1432 | the GitRepositoryRef.
1433 | type: string
1434 | required:
1435 | - repository
1436 | type: object
1437 | type: array
1438 | observedRecurseSubmodules:
1439 | description: |-
1440 | ObservedRecurseSubmodules is the observed resource submodules
1441 | configuration used to produce the current Artifact.
1442 | type: boolean
1443 | observedSparseCheckout:
1444 | description: |-
1445 | ObservedSparseCheckout is the observed list of directories used to
1446 | produce the current Artifact.
1447 | items:
1448 | type: string
1449 | type: array
1450 | sourceVerificationMode:
1451 | description: |-
1452 | SourceVerificationMode is the last used verification mode indicating
1453 | which Git object(s) have been verified.
1454 | type: string
1455 | type: object
1456 | type: object
1457 | served: true
1458 | storage: true
1459 | subresources:
1460 | status: {}
1461 | - additionalPrinterColumns:
1462 | - jsonPath: .spec.url
1463 | name: URL
1464 | type: string
1465 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1466 | name: Ready
1467 | type: string
1468 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1469 | name: Status
1470 | type: string
1471 | - jsonPath: .metadata.creationTimestamp
1472 | name: Age
1473 | type: date
1474 | deprecated: true
1475 | deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
1476 | name: v1beta1
1477 | schema:
1478 | openAPIV3Schema:
1479 | description: GitRepository is the Schema for the gitrepositories API
1480 | properties:
1481 | apiVersion:
1482 | description: |-
1483 | APIVersion defines the versioned schema of this representation of an object.
1484 | Servers should convert recognized schemas to the latest internal value, and
1485 | may reject unrecognized values.
1486 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1487 | type: string
1488 | kind:
1489 | description: |-
1490 | Kind is a string value representing the REST resource this object represents.
1491 | Servers may infer this from the endpoint the client submits requests to.
1492 | Cannot be updated.
1493 | In CamelCase.
1494 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1495 | type: string
1496 | metadata:
1497 | type: object
1498 | spec:
1499 | description: GitRepositorySpec defines the desired state of a Git repository.
1500 | properties:
1501 | accessFrom:
1502 | description: AccessFrom defines an Access Control List for allowing
1503 | cross-namespace references to this object.
1504 | properties:
1505 | namespaceSelectors:
1506 | description: |-
1507 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1508 | Items in this list are evaluated using a logical OR operation.
1509 | items:
1510 | description: |-
1511 | NamespaceSelector selects the namespaces to which this ACL applies.
1512 | An empty map of MatchLabels matches all namespaces in a cluster.
1513 | properties:
1514 | matchLabels:
1515 | additionalProperties:
1516 | type: string
1517 | description: |-
1518 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1519 | map is equivalent to an element of matchExpressions, whose key field is "key", the
1520 | operator is "In", and the values array contains only "value". The requirements are ANDed.
1521 | type: object
1522 | type: object
1523 | type: array
1524 | required:
1525 | - namespaceSelectors
1526 | type: object
1527 | gitImplementation:
1528 | default: go-git
1529 | description: |-
1530 | Determines which git client library to use.
1531 | Defaults to go-git, valid values are ('go-git', 'libgit2').
1532 | enum:
1533 | - go-git
1534 | - libgit2
1535 | type: string
1536 | ignore:
1537 | description: |-
1538 | Ignore overrides the set of excluded patterns in the .sourceignore format
1539 | (which is the same as .gitignore). If not provided, a default will be used,
1540 | consult the documentation for your version to find out what those are.
1541 | type: string
1542 | include:
1543 | description: Extra git repositories to map into the repository
1544 | items:
1545 | description: GitRepositoryInclude defines a source with a from and
1546 | to path.
1547 | properties:
1548 | fromPath:
1549 | description: The path to copy contents from, defaults to the
1550 | root directory.
1551 | type: string
1552 | repository:
1553 | description: Reference to a GitRepository to include.
1554 | properties:
1555 | name:
1556 | description: Name of the referent.
1557 | type: string
1558 | required:
1559 | - name
1560 | type: object
1561 | toPath:
1562 | description: The path to copy contents to, defaults to the name
1563 | of the source ref.
1564 | type: string
1565 | required:
1566 | - repository
1567 | type: object
1568 | type: array
1569 | interval:
1570 | description: The interval at which to check for repository updates.
1571 | type: string
1572 | recurseSubmodules:
1573 | description: |-
1574 | When enabled, after the clone is created, initializes all submodules within,
1575 | using their default settings.
1576 | This option is available only when using the 'go-git' GitImplementation.
1577 | type: boolean
1578 | ref:
1579 | description: |-
1580 | The Git reference to checkout and monitor for changes, defaults to
1581 | master branch.
1582 | properties:
1583 | branch:
1584 | description: The Git branch to checkout, defaults to master.
1585 | type: string
1586 | commit:
1587 | description: The Git commit SHA to checkout, if specified Tag
1588 | filters will be ignored.
1589 | type: string
1590 | semver:
1591 | description: The Git tag semver expression, takes precedence over
1592 | Tag.
1593 | type: string
1594 | tag:
1595 | description: The Git tag to checkout, takes precedence over Branch.
1596 | type: string
1597 | type: object
1598 | secretRef:
1599 | description: |-
1600 | The secret name containing the Git credentials.
1601 | For HTTPS repositories the secret must contain username and password
1602 | fields.
1603 | For SSH repositories the secret must contain identity and known_hosts
1604 | fields.
1605 | properties:
1606 | name:
1607 | description: Name of the referent.
1608 | type: string
1609 | required:
1610 | - name
1611 | type: object
1612 | suspend:
1613 | description: This flag tells the controller to suspend the reconciliation
1614 | of this source.
1615 | type: boolean
1616 | timeout:
1617 | default: 60s
1618 | description: The timeout for remote Git operations like cloning, defaults
1619 | to 60s.
1620 | type: string
1621 | url:
1622 | description: The repository URL, can be a HTTP/S or SSH address.
1623 | pattern: ^(http|https|ssh)://.*$
1624 | type: string
1625 | verify:
1626 | description: Verify OpenPGP signature for the Git commit HEAD points
1627 | to.
1628 | properties:
1629 | mode:
1630 | description: Mode describes what git object should be verified,
1631 | currently ('head').
1632 | enum:
1633 | - head
1634 | type: string
1635 | secretRef:
1636 | description: The secret name containing the public keys of all
1637 | trusted Git authors.
1638 | properties:
1639 | name:
1640 | description: Name of the referent.
1641 | type: string
1642 | required:
1643 | - name
1644 | type: object
1645 | required:
1646 | - mode
1647 | type: object
1648 | required:
1649 | - interval
1650 | - url
1651 | type: object
1652 | status:
1653 | default:
1654 | observedGeneration: -1
1655 | description: GitRepositoryStatus defines the observed state of a Git repository.
1656 | properties:
1657 | artifact:
1658 | description: Artifact represents the output of the last successful
1659 | repository sync.
1660 | properties:
1661 | checksum:
1662 | description: Checksum is the SHA256 checksum of the artifact.
1663 | type: string
1664 | lastUpdateTime:
1665 | description: |-
1666 | LastUpdateTime is the timestamp corresponding to the last update of this
1667 | artifact.
1668 | format: date-time
1669 | type: string
1670 | path:
1671 | description: Path is the relative file path of this artifact.
1672 | type: string
1673 | revision:
1674 | description: |-
1675 | Revision is a human readable identifier traceable in the origin source
1676 | system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
1677 | chart version, etc.
1678 | type: string
1679 | url:
1680 | description: URL is the HTTP address of this artifact.
1681 | type: string
1682 | required:
1683 | - lastUpdateTime
1684 | - path
1685 | - url
1686 | type: object
1687 | conditions:
1688 | description: Conditions holds the conditions for the GitRepository.
1689 | items:
1690 | description: Condition contains details for one aspect of the current
1691 | state of this API Resource.
1692 | properties:
1693 | lastTransitionTime:
1694 | description: |-
1695 | lastTransitionTime is the last time the condition transitioned from one status to another.
1696 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1697 | format: date-time
1698 | type: string
1699 | message:
1700 | description: |-
1701 | message is a human readable message indicating details about the transition.
1702 | This may be an empty string.
1703 | maxLength: 32768
1704 | type: string
1705 | observedGeneration:
1706 | description: |-
1707 | observedGeneration represents the .metadata.generation that the condition was set based upon.
1708 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1709 | with respect to the current state of the instance.
1710 | format: int64
1711 | minimum: 0
1712 | type: integer
1713 | reason:
1714 | description: |-
1715 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
1716 | Producers of specific condition types may define expected values and meanings for this field,
1717 | and whether the values are considered a guaranteed API.
1718 | The value should be a CamelCase string.
1719 | This field may not be empty.
1720 | maxLength: 1024
1721 | minLength: 1
1722 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1723 | type: string
1724 | status:
1725 | description: status of the condition, one of True, False, Unknown.
1726 | enum:
1727 | - "True"
1728 | - "False"
1729 | - Unknown
1730 | type: string
1731 | type:
1732 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1733 | maxLength: 316
1734 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1735 | type: string
1736 | required:
1737 | - lastTransitionTime
1738 | - message
1739 | - reason
1740 | - status
1741 | - type
1742 | type: object
1743 | type: array
1744 | includedArtifacts:
1745 | description: IncludedArtifacts represents the included artifacts from
1746 | the last successful repository sync.
1747 | items:
1748 | description: Artifact represents the output of a source synchronisation.
1749 | properties:
1750 | checksum:
1751 | description: Checksum is the SHA256 checksum of the artifact.
1752 | type: string
1753 | lastUpdateTime:
1754 | description: |-
1755 | LastUpdateTime is the timestamp corresponding to the last update of this
1756 | artifact.
1757 | format: date-time
1758 | type: string
1759 | path:
1760 | description: Path is the relative file path of this artifact.
1761 | type: string
1762 | revision:
1763 | description: |-
1764 | Revision is a human readable identifier traceable in the origin source
1765 | system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
1766 | chart version, etc.
1767 | type: string
1768 | url:
1769 | description: URL is the HTTP address of this artifact.
1770 | type: string
1771 | required:
1772 | - lastUpdateTime
1773 | - path
1774 | - url
1775 | type: object
1776 | type: array
1777 | lastHandledReconcileAt:
1778 | description: |-
1779 | LastHandledReconcileAt holds the value of the most recent
1780 | reconcile request value, so a change of the annotation value
1781 | can be detected.
1782 | type: string
1783 | observedGeneration:
1784 | description: ObservedGeneration is the last observed generation.
1785 | format: int64
1786 | type: integer
1787 | url:
1788 | description: |-
1789 | URL is the download link for the artifact output of the last repository
1790 | sync.
1791 | type: string
1792 | type: object
1793 | type: object
1794 | served: true
1795 | storage: false
1796 | subresources:
1797 | status: {}
1798 | - additionalPrinterColumns:
1799 | - jsonPath: .spec.url
1800 | name: URL
1801 | type: string
1802 | - jsonPath: .metadata.creationTimestamp
1803 | name: Age
1804 | type: date
1805 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1806 | name: Ready
1807 | type: string
1808 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1809 | name: Status
1810 | type: string
1811 | deprecated: true
1812 | deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
1813 | name: v1beta2
1814 | schema:
1815 | openAPIV3Schema:
1816 | description: GitRepository is the Schema for the gitrepositories API.
1817 | properties:
1818 | apiVersion:
1819 | description: |-
1820 | APIVersion defines the versioned schema of this representation of an object.
1821 | Servers should convert recognized schemas to the latest internal value, and
1822 | may reject unrecognized values.
1823 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1824 | type: string
1825 | kind:
1826 | description: |-
1827 | Kind is a string value representing the REST resource this object represents.
1828 | Servers may infer this from the endpoint the client submits requests to.
1829 | Cannot be updated.
1830 | In CamelCase.
1831 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1832 | type: string
1833 | metadata:
1834 | type: object
1835 | spec:
1836 | description: |-
1837 | GitRepositorySpec specifies the required configuration to produce an
1838 | Artifact for a Git repository.
1839 | properties:
1840 | accessFrom:
1841 | description: |-
1842 | AccessFrom specifies an Access Control List for allowing cross-namespace
1843 | references to this object.
1844 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
1845 | properties:
1846 | namespaceSelectors:
1847 | description: |-
1848 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1849 | Items in this list are evaluated using a logical OR operation.
1850 | items:
1851 | description: |-
1852 | NamespaceSelector selects the namespaces to which this ACL applies.
1853 | An empty map of MatchLabels matches all namespaces in a cluster.
1854 | properties:
1855 | matchLabels:
1856 | additionalProperties:
1857 | type: string
1858 | description: |-
1859 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1860 | map is equivalent to an element of matchExpressions, whose key field is "key", the
1861 | operator is "In", and the values array contains only "value". The requirements are ANDed.
1862 | type: object
1863 | type: object
1864 | type: array
1865 | required:
1866 | - namespaceSelectors
1867 | type: object
1868 | gitImplementation:
1869 | default: go-git
1870 | description: |-
1871 | GitImplementation specifies which Git client library implementation to
1872 | use. Defaults to 'go-git', valid values are ('go-git', 'libgit2').
1873 | Deprecated: gitImplementation is deprecated now that 'go-git' is the
1874 | only supported implementation.
1875 | enum:
1876 | - go-git
1877 | - libgit2
1878 | type: string
1879 | ignore:
1880 | description: |-
1881 | Ignore overrides the set of excluded patterns in the .sourceignore format
1882 | (which is the same as .gitignore). If not provided, a default will be used,
1883 | consult the documentation for your version to find out what those are.
1884 | type: string
1885 | include:
1886 | description: |-
1887 | Include specifies a list of GitRepository resources which Artifacts
1888 | should be included in the Artifact produced for this GitRepository.
1889 | items:
1890 | description: |-
1891 | GitRepositoryInclude specifies a local reference to a GitRepository which
1892 | Artifact (sub-)contents must be included, and where they should be placed.
1893 | properties:
1894 | fromPath:
1895 | description: |-
1896 | FromPath specifies the path to copy contents from, defaults to the root
1897 | of the Artifact.
1898 | type: string
1899 | repository:
1900 | description: |-
1901 | GitRepositoryRef specifies the GitRepository which Artifact contents
1902 | must be included.
1903 | properties:
1904 | name:
1905 | description: Name of the referent.
1906 | type: string
1907 | required:
1908 | - name
1909 | type: object
1910 | toPath:
1911 | description: |-
1912 | ToPath specifies the path to copy contents to, defaults to the name of
1913 | the GitRepositoryRef.
1914 | type: string
1915 | required:
1916 | - repository
1917 | type: object
1918 | type: array
1919 | interval:
1920 | description: Interval at which to check the GitRepository for updates.
1921 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1922 | type: string
1923 | recurseSubmodules:
1924 | description: |-
1925 | RecurseSubmodules enables the initialization of all submodules within
1926 | the GitRepository as cloned from the URL, using their default settings.
1927 | type: boolean
1928 | ref:
1929 | description: |-
1930 | Reference specifies the Git reference to resolve and monitor for
1931 | changes, defaults to the 'master' branch.
1932 | properties:
1933 | branch:
1934 | description: Branch to check out, defaults to 'master' if no other
1935 | field is defined.
1936 | type: string
1937 | commit:
1938 | description: |-
1939 | Commit SHA to check out, takes precedence over all reference fields.
1940 |
1941 | This can be combined with Branch to shallow clone the branch, in which
1942 | the commit is expected to exist.
1943 | type: string
1944 | name:
1945 | description: |-
1946 | Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1947 |
1948 | It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1949 | Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1950 | type: string
1951 | semver:
1952 | description: SemVer tag expression to check out, takes precedence
1953 | over Tag.
1954 | type: string
1955 | tag:
1956 | description: Tag to check out, takes precedence over Branch.
1957 | type: string
1958 | type: object
1959 | secretRef:
1960 | description: |-
1961 | SecretRef specifies the Secret containing authentication credentials for
1962 | the GitRepository.
1963 | For HTTPS repositories the Secret must contain 'username' and 'password'
1964 | fields for basic auth or 'bearerToken' field for token auth.
1965 | For SSH repositories the Secret must contain 'identity'
1966 | and 'known_hosts' fields.
1967 | properties:
1968 | name:
1969 | description: Name of the referent.
1970 | type: string
1971 | required:
1972 | - name
1973 | type: object
1974 | suspend:
1975 | description: |-
1976 | Suspend tells the controller to suspend the reconciliation of this
1977 | GitRepository.
1978 | type: boolean
1979 | timeout:
1980 | default: 60s
1981 | description: Timeout for Git operations like cloning, defaults to
1982 | 60s.
1983 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1984 | type: string
1985 | url:
1986 | description: URL specifies the Git repository URL, it can be an HTTP/S
1987 | or SSH address.
1988 | pattern: ^(http|https|ssh)://.*$
1989 | type: string
1990 | verify:
1991 | description: |-
1992 | Verification specifies the configuration to verify the Git commit
1993 | signature(s).
1994 | properties:
1995 | mode:
1996 | description: Mode specifies what Git object should be verified,
1997 | currently ('head').
1998 | enum:
1999 | - head
2000 | type: string
2001 | secretRef:
2002 | description: |-
2003 | SecretRef specifies the Secret containing the public keys of trusted Git
2004 | authors.
2005 | properties:
2006 | name:
2007 | description: Name of the referent.
2008 | type: string
2009 | required:
2010 | - name
2011 | type: object
2012 | required:
2013 | - mode
2014 | - secretRef
2015 | type: object
2016 | required:
2017 | - interval
2018 | - url
2019 | type: object
2020 | status:
2021 | default:
2022 | observedGeneration: -1
2023 | description: GitRepositoryStatus records the observed state of a Git repository.
2024 | properties:
2025 | artifact:
2026 | description: Artifact represents the last successful GitRepository
2027 | reconciliation.
2028 | properties:
2029 | digest:
2030 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2031 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2032 | type: string
2033 | lastUpdateTime:
2034 | description: |-
2035 | LastUpdateTime is the timestamp corresponding to the last update of the
2036 | Artifact.
2037 | format: date-time
2038 | type: string
2039 | metadata:
2040 | additionalProperties:
2041 | type: string
2042 | description: Metadata holds upstream information such as OCI annotations.
2043 | type: object
2044 | path:
2045 | description: |-
2046 | Path is the relative file path of the Artifact. It can be used to locate
2047 | the file in the root of the Artifact storage on the local file system of
2048 | the controller managing the Source.
2049 | type: string
2050 | revision:
2051 | description: |-
2052 | Revision is a human-readable identifier traceable in the origin source
2053 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2054 | type: string
2055 | size:
2056 | description: Size is the number of bytes in the file.
2057 | format: int64
2058 | type: integer
2059 | url:
2060 | description: |-
2061 | URL is the HTTP address of the Artifact as exposed by the controller
2062 | managing the Source. It can be used to retrieve the Artifact for
2063 | consumption, e.g. by another controller applying the Artifact contents.
2064 | type: string
2065 | required:
2066 | - lastUpdateTime
2067 | - path
2068 | - revision
2069 | - url
2070 | type: object
2071 | conditions:
2072 | description: Conditions holds the conditions for the GitRepository.
2073 | items:
2074 | description: Condition contains details for one aspect of the current
2075 | state of this API Resource.
2076 | properties:
2077 | lastTransitionTime:
2078 | description: |-
2079 | lastTransitionTime is the last time the condition transitioned from one status to another.
2080 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2081 | format: date-time
2082 | type: string
2083 | message:
2084 | description: |-
2085 | message is a human readable message indicating details about the transition.
2086 | This may be an empty string.
2087 | maxLength: 32768
2088 | type: string
2089 | observedGeneration:
2090 | description: |-
2091 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2092 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2093 | with respect to the current state of the instance.
2094 | format: int64
2095 | minimum: 0
2096 | type: integer
2097 | reason:
2098 | description: |-
2099 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2100 | Producers of specific condition types may define expected values and meanings for this field,
2101 | and whether the values are considered a guaranteed API.
2102 | The value should be a CamelCase string.
2103 | This field may not be empty.
2104 | maxLength: 1024
2105 | minLength: 1
2106 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2107 | type: string
2108 | status:
2109 | description: status of the condition, one of True, False, Unknown.
2110 | enum:
2111 | - "True"
2112 | - "False"
2113 | - Unknown
2114 | type: string
2115 | type:
2116 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2117 | maxLength: 316
2118 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2119 | type: string
2120 | required:
2121 | - lastTransitionTime
2122 | - message
2123 | - reason
2124 | - status
2125 | - type
2126 | type: object
2127 | type: array
2128 | contentConfigChecksum:
2129 | description: |-
2130 | ContentConfigChecksum is a checksum of all the configurations related to
2131 | the content of the source artifact:
2132 | - .spec.ignore
2133 | - .spec.recurseSubmodules
2134 | - .spec.included and the checksum of the included artifacts
2135 | observed in .status.observedGeneration version of the object. This can
2136 | be used to determine if the content of the included repository has
2137 | changed.
2138 | It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
2139 |
2140 | Deprecated: Replaced with explicit fields for observed artifact content
2141 | config in the status.
2142 | type: string
2143 | includedArtifacts:
2144 | description: |-
2145 | IncludedArtifacts contains a list of the last successfully included
2146 | Artifacts as instructed by GitRepositorySpec.Include.
2147 | items:
2148 | description: Artifact represents the output of a Source reconciliation.
2149 | properties:
2150 | digest:
2151 | description: Digest is the digest of the file in the form of
2152 | '<algorithm>:<checksum>'.
2153 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2154 | type: string
2155 | lastUpdateTime:
2156 | description: |-
2157 | LastUpdateTime is the timestamp corresponding to the last update of the
2158 | Artifact.
2159 | format: date-time
2160 | type: string
2161 | metadata:
2162 | additionalProperties:
2163 | type: string
2164 | description: Metadata holds upstream information such as OCI
2165 | annotations.
2166 | type: object
2167 | path:
2168 | description: |-
2169 | Path is the relative file path of the Artifact. It can be used to locate
2170 | the file in the root of the Artifact storage on the local file system of
2171 | the controller managing the Source.
2172 | type: string
2173 | revision:
2174 | description: |-
2175 | Revision is a human-readable identifier traceable in the origin source
2176 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2177 | type: string
2178 | size:
2179 | description: Size is the number of bytes in the file.
2180 | format: int64
2181 | type: integer
2182 | url:
2183 | description: |-
2184 | URL is the HTTP address of the Artifact as exposed by the controller
2185 | managing the Source. It can be used to retrieve the Artifact for
2186 | consumption, e.g. by another controller applying the Artifact contents.
2187 | type: string
2188 | required:
2189 | - lastUpdateTime
2190 | - path
2191 | - revision
2192 | - url
2193 | type: object
2194 | type: array
2195 | lastHandledReconcileAt:
2196 | description: |-
2197 | LastHandledReconcileAt holds the value of the most recent
2198 | reconcile request value, so a change of the annotation value
2199 | can be detected.
2200 | type: string
2201 | observedGeneration:
2202 | description: |-
2203 | ObservedGeneration is the last observed generation of the GitRepository
2204 | object.
2205 | format: int64
2206 | type: integer
2207 | observedIgnore:
2208 | description: |-
2209 | ObservedIgnore is the observed exclusion patterns used for constructing
2210 | the source artifact.
2211 | type: string
2212 | observedInclude:
2213 | description: |-
2214 | ObservedInclude is the observed list of GitRepository resources used to
2215 | to produce the current Artifact.
2216 | items:
2217 | description: |-
2218 | GitRepositoryInclude specifies a local reference to a GitRepository which
2219 | Artifact (sub-)contents must be included, and where they should be placed.
2220 | properties:
2221 | fromPath:
2222 | description: |-
2223 | FromPath specifies the path to copy contents from, defaults to the root
2224 | of the Artifact.
2225 | type: string
2226 | repository:
2227 | description: |-
2228 | GitRepositoryRef specifies the GitRepository which Artifact contents
2229 | must be included.
2230 | properties:
2231 | name:
2232 | description: Name of the referent.
2233 | type: string
2234 | required:
2235 | - name
2236 | type: object
2237 | toPath:
2238 | description: |-
2239 | ToPath specifies the path to copy contents to, defaults to the name of
2240 | the GitRepositoryRef.
2241 | type: string
2242 | required:
2243 | - repository
2244 | type: object
2245 | type: array
2246 | observedRecurseSubmodules:
2247 | description: |-
2248 | ObservedRecurseSubmodules is the observed resource submodules
2249 | configuration used to produce the current Artifact.
2250 | type: boolean
2251 | url:
2252 | description: |-
2253 | URL is the dynamic fetch link for the latest Artifact.
2254 | It is provided on a "best effort" basis, and using the precise
2255 | GitRepositoryStatus.Artifact data is recommended.
2256 | type: string
2257 | type: object
2258 | type: object
2259 | served: true
2260 | storage: false
2261 | subresources:
2262 | status: {}
2263 | ---
2264 | apiVersion: apiextensions.k8s.io/v1
2265 | kind: CustomResourceDefinition
2266 | metadata:
2267 | annotations:
2268 | controller-gen.kubebuilder.io/version: v0.16.1
2269 | labels:
2270 | app.kubernetes.io/component: source-controller
2271 | app.kubernetes.io/part-of: flux
2272 | name: helmcharts.source.toolkit.fluxcd.io
2273 | spec:
2274 | group: source.toolkit.fluxcd.io
2275 | names:
2276 | kind: HelmChart
2277 | listKind: HelmChartList
2278 | plural: helmcharts
2279 | shortNames:
2280 | - hc
2281 | singular: helmchart
2282 | scope: Namespaced
2283 | versions:
2284 | - additionalPrinterColumns:
2285 | - jsonPath: .spec.chart
2286 | name: Chart
2287 | type: string
2288 | - jsonPath: .spec.version
2289 | name: Version
2290 | type: string
2291 | - jsonPath: .spec.sourceRef.kind
2292 | name: Source Kind
2293 | type: string
2294 | - jsonPath: .spec.sourceRef.name
2295 | name: Source Name
2296 | type: string
2297 | - jsonPath: .metadata.creationTimestamp
2298 | name: Age
2299 | type: date
2300 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2301 | name: Ready
2302 | type: string
2303 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2304 | name: Status
2305 | type: string
2306 | name: v1
2307 | schema:
2308 | openAPIV3Schema:
2309 | description: HelmChart is the Schema for the helmcharts API.
2310 | properties:
2311 | apiVersion:
2312 | description: |-
2313 | APIVersion defines the versioned schema of this representation of an object.
2314 | Servers should convert recognized schemas to the latest internal value, and
2315 | may reject unrecognized values.
2316 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2317 | type: string
2318 | kind:
2319 | description: |-
2320 | Kind is a string value representing the REST resource this object represents.
2321 | Servers may infer this from the endpoint the client submits requests to.
2322 | Cannot be updated.
2323 | In CamelCase.
2324 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2325 | type: string
2326 | metadata:
2327 | type: object
2328 | spec:
2329 | description: HelmChartSpec specifies the desired state of a Helm chart.
2330 | properties:
2331 | chart:
2332 | description: |-
2333 | Chart is the name or path the Helm chart is available at in the
2334 | SourceRef.
2335 | type: string
2336 | ignoreMissingValuesFiles:
2337 | description: |-
2338 | IgnoreMissingValuesFiles controls whether to silently ignore missing values
2339 | files rather than failing.
2340 | type: boolean
2341 | interval:
2342 | description: |-
2343 | Interval at which the HelmChart SourceRef is checked for updates.
2344 | This interval is approximate and may be subject to jitter to ensure
2345 | efficient use of resources.
2346 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2347 | type: string
2348 | reconcileStrategy:
2349 | default: ChartVersion
2350 | description: |-
2351 | ReconcileStrategy determines what enables the creation of a new artifact.
2352 | Valid values are ('ChartVersion', 'Revision').
2353 | See the documentation of the values for an explanation on their behavior.
2354 | Defaults to ChartVersion when omitted.
2355 | enum:
2356 | - ChartVersion
2357 | - Revision
2358 | type: string
2359 | sourceRef:
2360 | description: SourceRef is the reference to the Source the chart is
2361 | available at.
2362 | properties:
2363 | apiVersion:
2364 | description: APIVersion of the referent.
2365 | type: string
2366 | kind:
2367 | description: |-
2368 | Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2369 | 'Bucket').
2370 | enum:
2371 | - HelmRepository
2372 | - GitRepository
2373 | - Bucket
2374 | type: string
2375 | name:
2376 | description: Name of the referent.
2377 | type: string
2378 | required:
2379 | - kind
2380 | - name
2381 | type: object
2382 | suspend:
2383 | description: |-
2384 | Suspend tells the controller to suspend the reconciliation of this
2385 | source.
2386 | type: boolean
2387 | valuesFiles:
2388 | description: |-
2389 | ValuesFiles is an alternative list of values files to use as the chart
2390 | values (values.yaml is not included by default), expected to be a
2391 | relative path in the SourceRef.
2392 | Values files are merged in the order of this list with the last file
2393 | overriding the first. Ignored when omitted.
2394 | items:
2395 | type: string
2396 | type: array
2397 | verify:
2398 | description: |-
2399 | Verify contains the secret name containing the trusted public keys
2400 | used to verify the signature and specifies which provider to use to check
2401 | whether OCI image is authentic.
2402 | This field is only supported when using HelmRepository source with spec.type 'oci'.
2403 | Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
2404 | properties:
2405 | matchOIDCIdentity:
2406 | description: |-
2407 | MatchOIDCIdentity specifies the identity matching criteria to use
2408 | while verifying an OCI artifact which was signed using Cosign keyless
2409 | signing. The artifact's identity is deemed to be verified if any of the
2410 | specified matchers match against the identity.
2411 | items:
2412 | description: |-
2413 | OIDCIdentityMatch specifies options for verifying the certificate identity,
2414 | i.e. the issuer and the subject of the certificate.
2415 | properties:
2416 | issuer:
2417 | description: |-
2418 | Issuer specifies the regex pattern to match against to verify
2419 | the OIDC issuer in the Fulcio certificate. The pattern must be a
2420 | valid Go regular expression.
2421 | type: string
2422 | subject:
2423 | description: |-
2424 | Subject specifies the regex pattern to match against to verify
2425 | the identity subject in the Fulcio certificate. The pattern must
2426 | be a valid Go regular expression.
2427 | type: string
2428 | required:
2429 | - issuer
2430 | - subject
2431 | type: object
2432 | type: array
2433 | provider:
2434 | default: cosign
2435 | description: Provider specifies the technology used to sign the
2436 | OCI Artifact.
2437 | enum:
2438 | - cosign
2439 | - notation
2440 | type: string
2441 | secretRef:
2442 | description: |-
2443 | SecretRef specifies the Kubernetes Secret containing the
2444 | trusted public keys.
2445 | properties:
2446 | name:
2447 | description: Name of the referent.
2448 | type: string
2449 | required:
2450 | - name
2451 | type: object
2452 | required:
2453 | - provider
2454 | type: object
2455 | version:
2456 | default: '*'
2457 | description: |-
2458 | Version is the chart version semver expression, ignored for charts from
2459 | GitRepository and Bucket sources. Defaults to latest when omitted.
2460 | type: string
2461 | required:
2462 | - chart
2463 | - interval
2464 | - sourceRef
2465 | type: object
2466 | status:
2467 | default:
2468 | observedGeneration: -1
2469 | description: HelmChartStatus records the observed state of the HelmChart.
2470 | properties:
2471 | artifact:
2472 | description: Artifact represents the output of the last successful
2473 | reconciliation.
2474 | properties:
2475 | digest:
2476 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2477 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2478 | type: string
2479 | lastUpdateTime:
2480 | description: |-
2481 | LastUpdateTime is the timestamp corresponding to the last update of the
2482 | Artifact.
2483 | format: date-time
2484 | type: string
2485 | metadata:
2486 | additionalProperties:
2487 | type: string
2488 | description: Metadata holds upstream information such as OCI annotations.
2489 | type: object
2490 | path:
2491 | description: |-
2492 | Path is the relative file path of the Artifact. It can be used to locate
2493 | the file in the root of the Artifact storage on the local file system of
2494 | the controller managing the Source.
2495 | type: string
2496 | revision:
2497 | description: |-
2498 | Revision is a human-readable identifier traceable in the origin source
2499 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2500 | type: string
2501 | size:
2502 | description: Size is the number of bytes in the file.
2503 | format: int64
2504 | type: integer
2505 | url:
2506 | description: |-
2507 | URL is the HTTP address of the Artifact as exposed by the controller
2508 | managing the Source. It can be used to retrieve the Artifact for
2509 | consumption, e.g. by another controller applying the Artifact contents.
2510 | type: string
2511 | required:
2512 | - lastUpdateTime
2513 | - path
2514 | - revision
2515 | - url
2516 | type: object
2517 | conditions:
2518 | description: Conditions holds the conditions for the HelmChart.
2519 | items:
2520 | description: Condition contains details for one aspect of the current
2521 | state of this API Resource.
2522 | properties:
2523 | lastTransitionTime:
2524 | description: |-
2525 | lastTransitionTime is the last time the condition transitioned from one status to another.
2526 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2527 | format: date-time
2528 | type: string
2529 | message:
2530 | description: |-
2531 | message is a human readable message indicating details about the transition.
2532 | This may be an empty string.
2533 | maxLength: 32768
2534 | type: string
2535 | observedGeneration:
2536 | description: |-
2537 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2538 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2539 | with respect to the current state of the instance.
2540 | format: int64
2541 | minimum: 0
2542 | type: integer
2543 | reason:
2544 | description: |-
2545 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2546 | Producers of specific condition types may define expected values and meanings for this field,
2547 | and whether the values are considered a guaranteed API.
2548 | The value should be a CamelCase string.
2549 | This field may not be empty.
2550 | maxLength: 1024
2551 | minLength: 1
2552 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2553 | type: string
2554 | status:
2555 | description: status of the condition, one of True, False, Unknown.
2556 | enum:
2557 | - "True"
2558 | - "False"
2559 | - Unknown
2560 | type: string
2561 | type:
2562 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2563 | maxLength: 316
2564 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2565 | type: string
2566 | required:
2567 | - lastTransitionTime
2568 | - message
2569 | - reason
2570 | - status
2571 | - type
2572 | type: object
2573 | type: array
2574 | lastHandledReconcileAt:
2575 | description: |-
2576 | LastHandledReconcileAt holds the value of the most recent
2577 | reconcile request value, so a change of the annotation value
2578 | can be detected.
2579 | type: string
2580 | observedChartName:
2581 | description: |-
2582 | ObservedChartName is the last observed chart name as specified by the
2583 | resolved chart reference.
2584 | type: string
2585 | observedGeneration:
2586 | description: |-
2587 | ObservedGeneration is the last observed generation of the HelmChart
2588 | object.
2589 | format: int64
2590 | type: integer
2591 | observedSourceArtifactRevision:
2592 | description: |-
2593 | ObservedSourceArtifactRevision is the last observed Artifact.Revision
2594 | of the HelmChartSpec.SourceRef.
2595 | type: string
2596 | observedValuesFiles:
2597 | description: |-
2598 | ObservedValuesFiles are the observed value files of the last successful
2599 | reconciliation.
2600 | It matches the chart in the last successfully reconciled artifact.
2601 | items:
2602 | type: string
2603 | type: array
2604 | url:
2605 | description: |-
2606 | URL is the dynamic fetch link for the latest Artifact.
2607 | It is provided on a "best effort" basis, and using the precise
2608 | BucketStatus.Artifact data is recommended.
2609 | type: string
2610 | type: object
2611 | type: object
2612 | served: true
2613 | storage: true
2614 | subresources:
2615 | status: {}
2616 | - additionalPrinterColumns:
2617 | - jsonPath: .spec.chart
2618 | name: Chart
2619 | type: string
2620 | - jsonPath: .spec.version
2621 | name: Version
2622 | type: string
2623 | - jsonPath: .spec.sourceRef.kind
2624 | name: Source Kind
2625 | type: string
2626 | - jsonPath: .spec.sourceRef.name
2627 | name: Source Name
2628 | type: string
2629 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2630 | name: Ready
2631 | type: string
2632 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2633 | name: Status
2634 | type: string
2635 | - jsonPath: .metadata.creationTimestamp
2636 | name: Age
2637 | type: date
2638 | deprecated: true
2639 | deprecationWarning: v1beta1 HelmChart is deprecated, upgrade to v1
2640 | name: v1beta1
2641 | schema:
2642 | openAPIV3Schema:
2643 | description: HelmChart is the Schema for the helmcharts API
2644 | properties:
2645 | apiVersion:
2646 | description: |-
2647 | APIVersion defines the versioned schema of this representation of an object.
2648 | Servers should convert recognized schemas to the latest internal value, and
2649 | may reject unrecognized values.
2650 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2651 | type: string
2652 | kind:
2653 | description: |-
2654 | Kind is a string value representing the REST resource this object represents.
2655 | Servers may infer this from the endpoint the client submits requests to.
2656 | Cannot be updated.
2657 | In CamelCase.
2658 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2659 | type: string
2660 | metadata:
2661 | type: object
2662 | spec:
2663 | description: HelmChartSpec defines the desired state of a Helm chart.
2664 | properties:
2665 | accessFrom:
2666 | description: AccessFrom defines an Access Control List for allowing
2667 | cross-namespace references to this object.
2668 | properties:
2669 | namespaceSelectors:
2670 | description: |-
2671 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2672 | Items in this list are evaluated using a logical OR operation.
2673 | items:
2674 | description: |-
2675 | NamespaceSelector selects the namespaces to which this ACL applies.
2676 | An empty map of MatchLabels matches all namespaces in a cluster.
2677 | properties:
2678 | matchLabels:
2679 | additionalProperties:
2680 | type: string
2681 | description: |-
2682 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2683 | map is equivalent to an element of matchExpressions, whose key field is "key", the
2684 | operator is "In", and the values array contains only "value". The requirements are ANDed.
2685 | type: object
2686 | type: object
2687 | type: array
2688 | required:
2689 | - namespaceSelectors
2690 | type: object
2691 | chart:
2692 | description: The name or path the Helm chart is available at in the
2693 | SourceRef.
2694 | type: string
2695 | interval:
2696 | description: The interval at which to check the Source for updates.
2697 | type: string
2698 | reconcileStrategy:
2699 | default: ChartVersion
2700 | description: |-
2701 | Determines what enables the creation of a new artifact. Valid values are
2702 | ('ChartVersion', 'Revision').
2703 | See the documentation of the values for an explanation on their behavior.
2704 | Defaults to ChartVersion when omitted.
2705 | enum:
2706 | - ChartVersion
2707 | - Revision
2708 | type: string
2709 | sourceRef:
2710 | description: The reference to the Source the chart is available at.
2711 | properties:
2712 | apiVersion:
2713 | description: APIVersion of the referent.
2714 | type: string
2715 | kind:
2716 | description: |-
2717 | Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2718 | 'Bucket').
2719 | enum:
2720 | - HelmRepository
2721 | - GitRepository
2722 | - Bucket
2723 | type: string
2724 | name:
2725 | description: Name of the referent.
2726 | type: string
2727 | required:
2728 | - kind
2729 | - name
2730 | type: object
2731 | suspend:
2732 | description: This flag tells the controller to suspend the reconciliation
2733 | of this source.
2734 | type: boolean
2735 | valuesFile:
2736 | description: |-
2737 | Alternative values file to use as the default chart values, expected to
2738 | be a relative path in the SourceRef. Deprecated in favor of ValuesFiles,
2739 | for backwards compatibility the file defined here is merged before the
2740 | ValuesFiles items. Ignored when omitted.
2741 | type: string
2742 | valuesFiles:
2743 | description: |-
2744 | Alternative list of values files to use as the chart values (values.yaml
2745 | is not included by default), expected to be a relative path in the SourceRef.
2746 | Values files are merged in the order of this list with the last file overriding
2747 | the first. Ignored when omitted.
2748 | items:
2749 | type: string
2750 | type: array
2751 | version:
2752 | default: '*'
2753 | description: |-
2754 | The chart version semver expression, ignored for charts from GitRepository
2755 | and Bucket sources. Defaults to latest when omitted.
2756 | type: string
2757 | required:
2758 | - chart
2759 | - interval
2760 | - sourceRef
2761 | type: object
2762 | status:
2763 | default:
2764 | observedGeneration: -1
2765 | description: HelmChartStatus defines the observed state of the HelmChart.
2766 | properties:
2767 | artifact:
2768 | description: Artifact represents the output of the last successful
2769 | chart sync.
2770 | properties:
2771 | checksum:
2772 | description: Checksum is the SHA256 checksum of the artifact.
2773 | type: string
2774 | lastUpdateTime:
2775 | description: |-
2776 | LastUpdateTime is the timestamp corresponding to the last update of this
2777 | artifact.
2778 | format: date-time
2779 | type: string
2780 | path:
2781 | description: Path is the relative file path of this artifact.
2782 | type: string
2783 | revision:
2784 | description: |-
2785 | Revision is a human readable identifier traceable in the origin source
2786 | system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
2787 | chart version, etc.
2788 | type: string
2789 | url:
2790 | description: URL is the HTTP address of this artifact.
2791 | type: string
2792 | required:
2793 | - lastUpdateTime
2794 | - path
2795 | - url
2796 | type: object
2797 | conditions:
2798 | description: Conditions holds the conditions for the HelmChart.
2799 | items:
2800 | description: Condition contains details for one aspect of the current
2801 | state of this API Resource.
2802 | properties:
2803 | lastTransitionTime:
2804 | description: |-
2805 | lastTransitionTime is the last time the condition transitioned from one status to another.
2806 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2807 | format: date-time
2808 | type: string
2809 | message:
2810 | description: |-
2811 | message is a human readable message indicating details about the transition.
2812 | This may be an empty string.
2813 | maxLength: 32768
2814 | type: string
2815 | observedGeneration:
2816 | description: |-
2817 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2818 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2819 | with respect to the current state of the instance.
2820 | format: int64
2821 | minimum: 0
2822 | type: integer
2823 | reason:
2824 | description: |-
2825 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2826 | Producers of specific condition types may define expected values and meanings for this field,
2827 | and whether the values are considered a guaranteed API.
2828 | The value should be a CamelCase string.
2829 | This field may not be empty.
2830 | maxLength: 1024
2831 | minLength: 1
2832 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2833 | type: string
2834 | status:
2835 | description: status of the condition, one of True, False, Unknown.
2836 | enum:
2837 | - "True"
2838 | - "False"
2839 | - Unknown
2840 | type: string
2841 | type:
2842 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2843 | maxLength: 316
2844 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2845 | type: string
2846 | required:
2847 | - lastTransitionTime
2848 | - message
2849 | - reason
2850 | - status
2851 | - type
2852 | type: object
2853 | type: array
2854 | lastHandledReconcileAt:
2855 | description: |-
2856 | LastHandledReconcileAt holds the value of the most recent
2857 | reconcile request value, so a change of the annotation value
2858 | can be detected.
2859 | type: string
2860 | observedGeneration:
2861 | description: ObservedGeneration is the last observed generation.
2862 | format: int64
2863 | type: integer
2864 | url:
2865 | description: URL is the download link for the last chart pulled.
2866 | type: string
2867 | type: object
2868 | type: object
2869 | served: true
2870 | storage: false
2871 | subresources:
2872 | status: {}
2873 | - additionalPrinterColumns:
2874 | - jsonPath: .spec.chart
2875 | name: Chart
2876 | type: string
2877 | - jsonPath: .spec.version
2878 | name: Version
2879 | type: string
2880 | - jsonPath: .spec.sourceRef.kind
2881 | name: Source Kind
2882 | type: string
2883 | - jsonPath: .spec.sourceRef.name
2884 | name: Source Name
2885 | type: string
2886 | - jsonPath: .metadata.creationTimestamp
2887 | name: Age
2888 | type: date
2889 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2890 | name: Ready
2891 | type: string
2892 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2893 | name: Status
2894 | type: string
2895 | deprecated: true
2896 | deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1
2897 | name: v1beta2
2898 | schema:
2899 | openAPIV3Schema:
2900 | description: HelmChart is the Schema for the helmcharts API.
2901 | properties:
2902 | apiVersion:
2903 | description: |-
2904 | APIVersion defines the versioned schema of this representation of an object.
2905 | Servers should convert recognized schemas to the latest internal value, and
2906 | may reject unrecognized values.
2907 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2908 | type: string
2909 | kind:
2910 | description: |-
2911 | Kind is a string value representing the REST resource this object represents.
2912 | Servers may infer this from the endpoint the client submits requests to.
2913 | Cannot be updated.
2914 | In CamelCase.
2915 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2916 | type: string
2917 | metadata:
2918 | type: object
2919 | spec:
2920 | description: HelmChartSpec specifies the desired state of a Helm chart.
2921 | properties:
2922 | accessFrom:
2923 | description: |-
2924 | AccessFrom specifies an Access Control List for allowing cross-namespace
2925 | references to this object.
2926 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
2927 | properties:
2928 | namespaceSelectors:
2929 | description: |-
2930 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2931 | Items in this list are evaluated using a logical OR operation.
2932 | items:
2933 | description: |-
2934 | NamespaceSelector selects the namespaces to which this ACL applies.
2935 | An empty map of MatchLabels matches all namespaces in a cluster.
2936 | properties:
2937 | matchLabels:
2938 | additionalProperties:
2939 | type: string
2940 | description: |-
2941 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2942 | map is equivalent to an element of matchExpressions, whose key field is "key", the
2943 | operator is "In", and the values array contains only "value". The requirements are ANDed.
2944 | type: object
2945 | type: object
2946 | type: array
2947 | required:
2948 | - namespaceSelectors
2949 | type: object
2950 | chart:
2951 | description: |-
2952 | Chart is the name or path the Helm chart is available at in the
2953 | SourceRef.
2954 | type: string
2955 | ignoreMissingValuesFiles:
2956 | description: |-
2957 | IgnoreMissingValuesFiles controls whether to silently ignore missing values
2958 | files rather than failing.
2959 | type: boolean
2960 | interval:
2961 | description: |-
2962 | Interval at which the HelmChart SourceRef is checked for updates.
2963 | This interval is approximate and may be subject to jitter to ensure
2964 | efficient use of resources.
2965 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2966 | type: string
2967 | reconcileStrategy:
2968 | default: ChartVersion
2969 | description: |-
2970 | ReconcileStrategy determines what enables the creation of a new artifact.
2971 | Valid values are ('ChartVersion', 'Revision').
2972 | See the documentation of the values for an explanation on their behavior.
2973 | Defaults to ChartVersion when omitted.
2974 | enum:
2975 | - ChartVersion
2976 | - Revision
2977 | type: string
2978 | sourceRef:
2979 | description: SourceRef is the reference to the Source the chart is
2980 | available at.
2981 | properties:
2982 | apiVersion:
2983 | description: APIVersion of the referent.
2984 | type: string
2985 | kind:
2986 | description: |-
2987 | Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2988 | 'Bucket').
2989 | enum:
2990 | - HelmRepository
2991 | - GitRepository
2992 | - Bucket
2993 | type: string
2994 | name:
2995 | description: Name of the referent.
2996 | type: string
2997 | required:
2998 | - kind
2999 | - name
3000 | type: object
3001 | suspend:
3002 | description: |-
3003 | Suspend tells the controller to suspend the reconciliation of this
3004 | source.
3005 | type: boolean
3006 | valuesFile:
3007 | description: |-
3008 | ValuesFile is an alternative values file to use as the default chart
3009 | values, expected to be a relative path in the SourceRef. Deprecated in
3010 | favor of ValuesFiles, for backwards compatibility the file specified here
3011 | is merged before the ValuesFiles items. Ignored when omitted.
3012 | type: string
3013 | valuesFiles:
3014 | description: |-
3015 | ValuesFiles is an alternative list of values files to use as the chart
3016 | values (values.yaml is not included by default), expected to be a
3017 | relative path in the SourceRef.
3018 | Values files are merged in the order of this list with the last file
3019 | overriding the first. Ignored when omitted.
3020 | items:
3021 | type: string
3022 | type: array
3023 | verify:
3024 | description: |-
3025 | Verify contains the secret name containing the trusted public keys
3026 | used to verify the signature and specifies which provider to use to check
3027 | whether OCI image is authentic.
3028 | This field is only supported when using HelmRepository source with spec.type 'oci'.
3029 | Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
3030 | properties:
3031 | matchOIDCIdentity:
3032 | description: |-
3033 | MatchOIDCIdentity specifies the identity matching criteria to use
3034 | while verifying an OCI artifact which was signed using Cosign keyless
3035 | signing. The artifact's identity is deemed to be verified if any of the
3036 | specified matchers match against the identity.
3037 | items:
3038 | description: |-
3039 | OIDCIdentityMatch specifies options for verifying the certificate identity,
3040 | i.e. the issuer and the subject of the certificate.
3041 | properties:
3042 | issuer:
3043 | description: |-
3044 | Issuer specifies the regex pattern to match against to verify
3045 | the OIDC issuer in the Fulcio certificate. The pattern must be a
3046 | valid Go regular expression.
3047 | type: string
3048 | subject:
3049 | description: |-
3050 | Subject specifies the regex pattern to match against to verify
3051 | the identity subject in the Fulcio certificate. The pattern must
3052 | be a valid Go regular expression.
3053 | type: string
3054 | required:
3055 | - issuer
3056 | - subject
3057 | type: object
3058 | type: array
3059 | provider:
3060 | default: cosign
3061 | description: Provider specifies the technology used to sign the
3062 | OCI Artifact.
3063 | enum:
3064 | - cosign
3065 | - notation
3066 | type: string
3067 | secretRef:
3068 | description: |-
3069 | SecretRef specifies the Kubernetes Secret containing the
3070 | trusted public keys.
3071 | properties:
3072 | name:
3073 | description: Name of the referent.
3074 | type: string
3075 | required:
3076 | - name
3077 | type: object
3078 | required:
3079 | - provider
3080 | type: object
3081 | version:
3082 | default: '*'
3083 | description: |-
3084 | Version is the chart version semver expression, ignored for charts from
3085 | GitRepository and Bucket sources. Defaults to latest when omitted.
3086 | type: string
3087 | required:
3088 | - chart
3089 | - interval
3090 | - sourceRef
3091 | type: object
3092 | status:
3093 | default:
3094 | observedGeneration: -1
3095 | description: HelmChartStatus records the observed state of the HelmChart.
3096 | properties:
3097 | artifact:
3098 | description: Artifact represents the output of the last successful
3099 | reconciliation.
3100 | properties:
3101 | digest:
3102 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3103 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3104 | type: string
3105 | lastUpdateTime:
3106 | description: |-
3107 | LastUpdateTime is the timestamp corresponding to the last update of the
3108 | Artifact.
3109 | format: date-time
3110 | type: string
3111 | metadata:
3112 | additionalProperties:
3113 | type: string
3114 | description: Metadata holds upstream information such as OCI annotations.
3115 | type: object
3116 | path:
3117 | description: |-
3118 | Path is the relative file path of the Artifact. It can be used to locate
3119 | the file in the root of the Artifact storage on the local file system of
3120 | the controller managing the Source.
3121 | type: string
3122 | revision:
3123 | description: |-
3124 | Revision is a human-readable identifier traceable in the origin source
3125 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3126 | type: string
3127 | size:
3128 | description: Size is the number of bytes in the file.
3129 | format: int64
3130 | type: integer
3131 | url:
3132 | description: |-
3133 | URL is the HTTP address of the Artifact as exposed by the controller
3134 | managing the Source. It can be used to retrieve the Artifact for
3135 | consumption, e.g. by another controller applying the Artifact contents.
3136 | type: string
3137 | required:
3138 | - lastUpdateTime
3139 | - path
3140 | - revision
3141 | - url
3142 | type: object
3143 | conditions:
3144 | description: Conditions holds the conditions for the HelmChart.
3145 | items:
3146 | description: Condition contains details for one aspect of the current
3147 | state of this API Resource.
3148 | properties:
3149 | lastTransitionTime:
3150 | description: |-
3151 | lastTransitionTime is the last time the condition transitioned from one status to another.
3152 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3153 | format: date-time
3154 | type: string
3155 | message:
3156 | description: |-
3157 | message is a human readable message indicating details about the transition.
3158 | This may be an empty string.
3159 | maxLength: 32768
3160 | type: string
3161 | observedGeneration:
3162 | description: |-
3163 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3164 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3165 | with respect to the current state of the instance.
3166 | format: int64
3167 | minimum: 0
3168 | type: integer
3169 | reason:
3170 | description: |-
3171 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
3172 | Producers of specific condition types may define expected values and meanings for this field,
3173 | and whether the values are considered a guaranteed API.
3174 | The value should be a CamelCase string.
3175 | This field may not be empty.
3176 | maxLength: 1024
3177 | minLength: 1
3178 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3179 | type: string
3180 | status:
3181 | description: status of the condition, one of True, False, Unknown.
3182 | enum:
3183 | - "True"
3184 | - "False"
3185 | - Unknown
3186 | type: string
3187 | type:
3188 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3189 | maxLength: 316
3190 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3191 | type: string
3192 | required:
3193 | - lastTransitionTime
3194 | - message
3195 | - reason
3196 | - status
3197 | - type
3198 | type: object
3199 | type: array
3200 | lastHandledReconcileAt:
3201 | description: |-
3202 | LastHandledReconcileAt holds the value of the most recent
3203 | reconcile request value, so a change of the annotation value
3204 | can be detected.
3205 | type: string
3206 | observedChartName:
3207 | description: |-
3208 | ObservedChartName is the last observed chart name as specified by the
3209 | resolved chart reference.
3210 | type: string
3211 | observedGeneration:
3212 | description: |-
3213 | ObservedGeneration is the last observed generation of the HelmChart
3214 | object.
3215 | format: int64
3216 | type: integer
3217 | observedSourceArtifactRevision:
3218 | description: |-
3219 | ObservedSourceArtifactRevision is the last observed Artifact.Revision
3220 | of the HelmChartSpec.SourceRef.
3221 | type: string
3222 | observedValuesFiles:
3223 | description: |-
3224 | ObservedValuesFiles are the observed value files of the last successful
3225 | reconciliation.
3226 | It matches the chart in the last successfully reconciled artifact.
3227 | items:
3228 | type: string
3229 | type: array
3230 | url:
3231 | description: |-
3232 | URL is the dynamic fetch link for the latest Artifact.
3233 | It is provided on a "best effort" basis, and using the precise
3234 | BucketStatus.Artifact data is recommended.
3235 | type: string
3236 | type: object
3237 | type: object
3238 | served: true
3239 | storage: false
3240 | subresources:
3241 | status: {}
3242 | ---
3243 | apiVersion: apiextensions.k8s.io/v1
3244 | kind: CustomResourceDefinition
3245 | metadata:
3246 | annotations:
3247 | controller-gen.kubebuilder.io/version: v0.16.1
3248 | labels:
3249 | app.kubernetes.io/component: source-controller
3250 | app.kubernetes.io/part-of: flux
3251 | name: helmrepositories.source.toolkit.fluxcd.io
3252 | spec:
3253 | group: source.toolkit.fluxcd.io
3254 | names:
3255 | kind: HelmRepository
3256 | listKind: HelmRepositoryList
3257 | plural: helmrepositories
3258 | shortNames:
3259 | - helmrepo
3260 | singular: helmrepository
3261 | scope: Namespaced
3262 | versions:
3263 | - additionalPrinterColumns:
3264 | - jsonPath: .spec.url
3265 | name: URL
3266 | type: string
3267 | - jsonPath: .metadata.creationTimestamp
3268 | name: Age
3269 | type: date
3270 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
3271 | name: Ready
3272 | type: string
3273 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
3274 | name: Status
3275 | type: string
3276 | name: v1
3277 | schema:
3278 | openAPIV3Schema:
3279 | description: HelmRepository is the Schema for the helmrepositories API.
3280 | properties:
3281 | apiVersion:
3282 | description: |-
3283 | APIVersion defines the versioned schema of this representation of an object.
3284 | Servers should convert recognized schemas to the latest internal value, and
3285 | may reject unrecognized values.
3286 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3287 | type: string
3288 | kind:
3289 | description: |-
3290 | Kind is a string value representing the REST resource this object represents.
3291 | Servers may infer this from the endpoint the client submits requests to.
3292 | Cannot be updated.
3293 | In CamelCase.
3294 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3295 | type: string
3296 | metadata:
3297 | type: object
3298 | spec:
3299 | description: |-
3300 | HelmRepositorySpec specifies the required configuration to produce an
3301 | Artifact for a Helm repository index YAML.
3302 | properties:
3303 | accessFrom:
3304 | description: |-
3305 | AccessFrom specifies an Access Control List for allowing cross-namespace
3306 | references to this object.
3307 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3308 | properties:
3309 | namespaceSelectors:
3310 | description: |-
3311 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3312 | Items in this list are evaluated using a logical OR operation.
3313 | items:
3314 | description: |-
3315 | NamespaceSelector selects the namespaces to which this ACL applies.
3316 | An empty map of MatchLabels matches all namespaces in a cluster.
3317 | properties:
3318 | matchLabels:
3319 | additionalProperties:
3320 | type: string
3321 | description: |-
3322 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3323 | map is equivalent to an element of matchExpressions, whose key field is "key", the
3324 | operator is "In", and the values array contains only "value". The requirements are ANDed.
3325 | type: object
3326 | type: object
3327 | type: array
3328 | required:
3329 | - namespaceSelectors
3330 | type: object
3331 | certSecretRef:
3332 | description: |-
3333 | CertSecretRef can be given the name of a Secret containing
3334 | either or both of
3335 |
3336 | - a PEM-encoded client certificate (`tls.crt`) and private
3337 | key (`tls.key`);
3338 | - a PEM-encoded CA certificate (`ca.crt`)
3339 |
3340 | and whichever are supplied, will be used for connecting to the
3341 | registry. The client cert and key are useful if you are
3342 | authenticating with a certificate; the CA cert is useful if
3343 | you are using a self-signed server certificate. The Secret must
3344 | be of type `Opaque` or `kubernetes.io/tls`.
3345 |
3346 | It takes precedence over the values specified in the Secret referred
3347 | to by `.spec.secretRef`.
3348 | properties:
3349 | name:
3350 | description: Name of the referent.
3351 | type: string
3352 | required:
3353 | - name
3354 | type: object
3355 | insecure:
3356 | description: |-
3357 | Insecure allows connecting to a non-TLS HTTP container registry.
3358 | This field is only taken into account if the .spec.type field is set to 'oci'.
3359 | type: boolean
3360 | interval:
3361 | description: |-
3362 | Interval at which the HelmRepository URL is checked for updates.
3363 | This interval is approximate and may be subject to jitter to ensure
3364 | efficient use of resources.
3365 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3366 | type: string
3367 | passCredentials:
3368 | description: |-
3369 | PassCredentials allows the credentials from the SecretRef to be passed
3370 | on to a host that does not match the host as defined in URL.
3371 | This may be required if the host of the advertised chart URLs in the
3372 | index differ from the defined URL.
3373 | Enabling this should be done with caution, as it can potentially result
3374 | in credentials getting stolen in a MITM-attack.
3375 | type: boolean
3376 | provider:
3377 | default: generic
3378 | description: |-
3379 | Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3380 | This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3381 | When not specified, defaults to 'generic'.
3382 | enum:
3383 | - generic
3384 | - aws
3385 | - azure
3386 | - gcp
3387 | type: string
3388 | secretRef:
3389 | description: |-
3390 | SecretRef specifies the Secret containing authentication credentials
3391 | for the HelmRepository.
3392 | For HTTP/S basic auth the secret must contain 'username' and 'password'
3393 | fields.
3394 | Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3395 | keys is deprecated. Please use `.spec.certSecretRef` instead.
3396 | properties:
3397 | name:
3398 | description: Name of the referent.
3399 | type: string
3400 | required:
3401 | - name
3402 | type: object
3403 | suspend:
3404 | description: |-
3405 | Suspend tells the controller to suspend the reconciliation of this
3406 | HelmRepository.
3407 | type: boolean
3408 | timeout:
3409 | description: |-
3410 | Timeout is used for the index fetch operation for an HTTPS helm repository,
3411 | and for remote OCI Repository operations like pulling for an OCI helm
3412 | chart by the associated HelmChart.
3413 | Its default value is 60s.
3414 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3415 | type: string
3416 | type:
3417 | description: |-
3418 | Type of the HelmRepository.
3419 | When this field is set to "oci", the URL field value must be prefixed with "oci://".
3420 | enum:
3421 | - default
3422 | - oci
3423 | type: string
3424 | url:
3425 | description: |-
3426 | URL of the Helm repository, a valid URL contains at least a protocol and
3427 | host.
3428 | pattern: ^(http|https|oci)://.*$
3429 | type: string
3430 | required:
3431 | - url
3432 | type: object
3433 | status:
3434 | default:
3435 | observedGeneration: -1
3436 | description: HelmRepositoryStatus records the observed state of the HelmRepository.
3437 | properties:
3438 | artifact:
3439 | description: Artifact represents the last successful HelmRepository
3440 | reconciliation.
3441 | properties:
3442 | digest:
3443 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3444 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3445 | type: string
3446 | lastUpdateTime:
3447 | description: |-
3448 | LastUpdateTime is the timestamp corresponding to the last update of the
3449 | Artifact.
3450 | format: date-time
3451 | type: string
3452 | metadata:
3453 | additionalProperties:
3454 | type: string
3455 | description: Metadata holds upstream information such as OCI annotations.
3456 | type: object
3457 | path:
3458 | description: |-
3459 | Path is the relative file path of the Artifact. It can be used to locate
3460 | the file in the root of the Artifact storage on the local file system of
3461 | the controller managing the Source.
3462 | type: string
3463 | revision:
3464 | description: |-
3465 | Revision is a human-readable identifier traceable in the origin source
3466 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3467 | type: string
3468 | size:
3469 | description: Size is the number of bytes in the file.
3470 | format: int64
3471 | type: integer
3472 | url:
3473 | description: |-
3474 | URL is the HTTP address of the Artifact as exposed by the controller
3475 | managing the Source. It can be used to retrieve the Artifact for
3476 | consumption, e.g. by another controller applying the Artifact contents.
3477 | type: string
3478 | required:
3479 | - lastUpdateTime
3480 | - path
3481 | - revision
3482 | - url
3483 | type: object
3484 | conditions:
3485 | description: Conditions holds the conditions for the HelmRepository.
3486 | items:
3487 | description: Condition contains details for one aspect of the current
3488 | state of this API Resource.
3489 | properties:
3490 | lastTransitionTime:
3491 | description: |-
3492 | lastTransitionTime is the last time the condition transitioned from one status to another.
3493 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3494 | format: date-time
3495 | type: string
3496 | message:
3497 | description: |-
3498 | message is a human readable message indicating details about the transition.
3499 | This may be an empty string.
3500 | maxLength: 32768
3501 | type: string
3502 | observedGeneration:
3503 | description: |-
3504 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3505 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3506 | with respect to the current state of the instance.
3507 | format: int64
3508 | minimum: 0
3509 | type: integer
3510 | reason:
3511 | description: |-
3512 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
3513 | Producers of specific condition types may define expected values and meanings for this field,
3514 | and whether the values are considered a guaranteed API.
3515 | The value should be a CamelCase string.
3516 | This field may not be empty.
3517 | maxLength: 1024
3518 | minLength: 1
3519 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3520 | type: string
3521 | status:
3522 | description: status of the condition, one of True, False, Unknown.
3523 | enum:
3524 | - "True"
3525 | - "False"
3526 | - Unknown
3527 | type: string
3528 | type:
3529 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3530 | maxLength: 316
3531 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3532 | type: string
3533 | required:
3534 | - lastTransitionTime
3535 | - message
3536 | - reason
3537 | - status
3538 | - type
3539 | type: object
3540 | type: array
3541 | lastHandledReconcileAt:
3542 | description: |-
3543 | LastHandledReconcileAt holds the value of the most recent
3544 | reconcile request value, so a change of the annotation value
3545 | can be detected.
3546 | type: string
3547 | observedGeneration:
3548 | description: |-
3549 | ObservedGeneration is the last observed generation of the HelmRepository
3550 | object.
3551 | format: int64
3552 | type: integer
3553 | url:
3554 | description: |-
3555 | URL is the dynamic fetch link for the latest Artifact.
3556 | It is provided on a "best effort" basis, and using the precise
3557 | HelmRepositoryStatus.Artifact data is recommended.
3558 | type: string
3559 | type: object
3560 | type: object
3561 | served: true
3562 | storage: true
3563 | subresources:
3564 | status: {}
3565 | - additionalPrinterColumns:
3566 | - jsonPath: .spec.url
3567 | name: URL
3568 | type: string
3569 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
3570 | name: Ready
3571 | type: string
3572 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
3573 | name: Status
3574 | type: string
3575 | - jsonPath: .metadata.creationTimestamp
3576 | name: Age
3577 | type: date
3578 | deprecated: true
3579 | deprecationWarning: v1beta1 HelmRepository is deprecated, upgrade to v1
3580 | name: v1beta1
3581 | schema:
3582 | openAPIV3Schema:
3583 | description: HelmRepository is the Schema for the helmrepositories API
3584 | properties:
3585 | apiVersion:
3586 | description: |-
3587 | APIVersion defines the versioned schema of this representation of an object.
3588 | Servers should convert recognized schemas to the latest internal value, and
3589 | may reject unrecognized values.
3590 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3591 | type: string
3592 | kind:
3593 | description: |-
3594 | Kind is a string value representing the REST resource this object represents.
3595 | Servers may infer this from the endpoint the client submits requests to.
3596 | Cannot be updated.
3597 | In CamelCase.
3598 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3599 | type: string
3600 | metadata:
3601 | type: object
3602 | spec:
3603 | description: HelmRepositorySpec defines the reference to a Helm repository.
3604 | properties:
3605 | accessFrom:
3606 | description: AccessFrom defines an Access Control List for allowing
3607 | cross-namespace references to this object.
3608 | properties:
3609 | namespaceSelectors:
3610 | description: |-
3611 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3612 | Items in this list are evaluated using a logical OR operation.
3613 | items:
3614 | description: |-
3615 | NamespaceSelector selects the namespaces to which this ACL applies.
3616 | An empty map of MatchLabels matches all namespaces in a cluster.
3617 | properties:
3618 | matchLabels:
3619 | additionalProperties:
3620 | type: string
3621 | description: |-
3622 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3623 | map is equivalent to an element of matchExpressions, whose key field is "key", the
3624 | operator is "In", and the values array contains only "value". The requirements are ANDed.
3625 | type: object
3626 | type: object
3627 | type: array
3628 | required:
3629 | - namespaceSelectors
3630 | type: object
3631 | interval:
3632 | description: The interval at which to check the upstream for updates.
3633 | type: string
3634 | passCredentials:
3635 | description: |-
3636 | PassCredentials allows the credentials from the SecretRef to be passed on to
3637 | a host that does not match the host as defined in URL.
3638 | This may be required if the host of the advertised chart URLs in the index
3639 | differ from the defined URL.
3640 | Enabling this should be done with caution, as it can potentially result in
3641 | credentials getting stolen in a MITM-attack.
3642 | type: boolean
3643 | secretRef:
3644 | description: |-
3645 | The name of the secret containing authentication credentials for the Helm
3646 | repository.
3647 | For HTTP/S basic auth the secret must contain username and
3648 | password fields.
3649 | For TLS the secret must contain a certFile and keyFile, and/or
3650 | caFile fields.
3651 | properties:
3652 | name:
3653 | description: Name of the referent.
3654 | type: string
3655 | required:
3656 | - name
3657 | type: object
3658 | suspend:
3659 | description: This flag tells the controller to suspend the reconciliation
3660 | of this source.
3661 | type: boolean
3662 | timeout:
3663 | default: 60s
3664 | description: The timeout of index downloading, defaults to 60s.
3665 | type: string
3666 | url:
3667 | description: The Helm repository URL, a valid URL contains at least
3668 | a protocol and host.
3669 | type: string
3670 | required:
3671 | - interval
3672 | - url
3673 | type: object
3674 | status:
3675 | default:
3676 | observedGeneration: -1
3677 | description: HelmRepositoryStatus defines the observed state of the HelmRepository.
3678 | properties:
3679 | artifact:
3680 | description: Artifact represents the output of the last successful
3681 | repository sync.
3682 | properties:
3683 | checksum:
3684 | description: Checksum is the SHA256 checksum of the artifact.
3685 | type: string
3686 | lastUpdateTime:
3687 | description: |-
3688 | LastUpdateTime is the timestamp corresponding to the last update of this
3689 | artifact.
3690 | format: date-time
3691 | type: string
3692 | path:
3693 | description: Path is the relative file path of this artifact.
3694 | type: string
3695 | revision:
3696 | description: |-
3697 | Revision is a human readable identifier traceable in the origin source
3698 | system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
3699 | chart version, etc.
3700 | type: string
3701 | url:
3702 | description: URL is the HTTP address of this artifact.
3703 | type: string
3704 | required:
3705 | - lastUpdateTime
3706 | - path
3707 | - url
3708 | type: object
3709 | conditions:
3710 | description: Conditions holds the conditions for the HelmRepository.
3711 | items:
3712 | description: Condition contains details for one aspect of the current
3713 | state of this API Resource.
3714 | properties:
3715 | lastTransitionTime:
3716 | description: |-
3717 | lastTransitionTime is the last time the condition transitioned from one status to another.
3718 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3719 | format: date-time
3720 | type: string
3721 | message:
3722 | description: |-
3723 | message is a human readable message indicating details about the transition.
3724 | This may be an empty string.
3725 | maxLength: 32768
3726 | type: string
3727 | observedGeneration:
3728 | description: |-
3729 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3730 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3731 | with respect to the current state of the instance.
3732 | format: int64
3733 | minimum: 0
3734 | type: integer
3735 | reason:
3736 | description: |-
3737 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
3738 | Producers of specific condition types may define expected values and meanings for this field,
3739 | and whether the values are considered a guaranteed API.
3740 | The value should be a CamelCase string.
3741 | This field may not be empty.
3742 | maxLength: 1024
3743 | minLength: 1
3744 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3745 | type: string
3746 | status:
3747 | description: status of the condition, one of True, False, Unknown.
3748 | enum:
3749 | - "True"
3750 | - "False"
3751 | - Unknown
3752 | type: string
3753 | type:
3754 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3755 | maxLength: 316
3756 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3757 | type: string
3758 | required:
3759 | - lastTransitionTime
3760 | - message
3761 | - reason
3762 | - status
3763 | - type
3764 | type: object
3765 | type: array
3766 | lastHandledReconcileAt:
3767 | description: |-
3768 | LastHandledReconcileAt holds the value of the most recent
3769 | reconcile request value, so a change of the annotation value
3770 | can be detected.
3771 | type: string
3772 | observedGeneration:
3773 | description: ObservedGeneration is the last observed generation.
3774 | format: int64
3775 | type: integer
3776 | url:
3777 | description: URL is the download link for the last index fetched.
3778 | type: string
3779 | type: object
3780 | type: object
3781 | served: true
3782 | storage: false
3783 | subresources:
3784 | status: {}
3785 | - additionalPrinterColumns:
3786 | - jsonPath: .spec.url
3787 | name: URL
3788 | type: string
3789 | - jsonPath: .metadata.creationTimestamp
3790 | name: Age
3791 | type: date
3792 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
3793 | name: Ready
3794 | type: string
3795 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
3796 | name: Status
3797 | type: string
3798 | deprecated: true
3799 | deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1
3800 | name: v1beta2
3801 | schema:
3802 | openAPIV3Schema:
3803 | description: HelmRepository is the Schema for the helmrepositories API.
3804 | properties:
3805 | apiVersion:
3806 | description: |-
3807 | APIVersion defines the versioned schema of this representation of an object.
3808 | Servers should convert recognized schemas to the latest internal value, and
3809 | may reject unrecognized values.
3810 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3811 | type: string
3812 | kind:
3813 | description: |-
3814 | Kind is a string value representing the REST resource this object represents.
3815 | Servers may infer this from the endpoint the client submits requests to.
3816 | Cannot be updated.
3817 | In CamelCase.
3818 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3819 | type: string
3820 | metadata:
3821 | type: object
3822 | spec:
3823 | description: |-
3824 | HelmRepositorySpec specifies the required configuration to produce an
3825 | Artifact for a Helm repository index YAML.
3826 | properties:
3827 | accessFrom:
3828 | description: |-
3829 | AccessFrom specifies an Access Control List for allowing cross-namespace
3830 | references to this object.
3831 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3832 | properties:
3833 | namespaceSelectors:
3834 | description: |-
3835 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3836 | Items in this list are evaluated using a logical OR operation.
3837 | items:
3838 | description: |-
3839 | NamespaceSelector selects the namespaces to which this ACL applies.
3840 | An empty map of MatchLabels matches all namespaces in a cluster.
3841 | properties:
3842 | matchLabels:
3843 | additionalProperties:
3844 | type: string
3845 | description: |-
3846 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3847 | map is equivalent to an element of matchExpressions, whose key field is "key", the
3848 | operator is "In", and the values array contains only "value". The requirements are ANDed.
3849 | type: object
3850 | type: object
3851 | type: array
3852 | required:
3853 | - namespaceSelectors
3854 | type: object
3855 | certSecretRef:
3856 | description: |-
3857 | CertSecretRef can be given the name of a Secret containing
3858 | either or both of
3859 |
3860 | - a PEM-encoded client certificate (`tls.crt`) and private
3861 | key (`tls.key`);
3862 | - a PEM-encoded CA certificate (`ca.crt`)
3863 |
3864 | and whichever are supplied, will be used for connecting to the
3865 | registry. The client cert and key are useful if you are
3866 | authenticating with a certificate; the CA cert is useful if
3867 | you are using a self-signed server certificate. The Secret must
3868 | be of type `Opaque` or `kubernetes.io/tls`.
3869 |
3870 | It takes precedence over the values specified in the Secret referred
3871 | to by `.spec.secretRef`.
3872 | properties:
3873 | name:
3874 | description: Name of the referent.
3875 | type: string
3876 | required:
3877 | - name
3878 | type: object
3879 | insecure:
3880 | description: |-
3881 | Insecure allows connecting to a non-TLS HTTP container registry.
3882 | This field is only taken into account if the .spec.type field is set to 'oci'.
3883 | type: boolean
3884 | interval:
3885 | description: |-
3886 | Interval at which the HelmRepository URL is checked for updates.
3887 | This interval is approximate and may be subject to jitter to ensure
3888 | efficient use of resources.
3889 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3890 | type: string
3891 | passCredentials:
3892 | description: |-
3893 | PassCredentials allows the credentials from the SecretRef to be passed
3894 | on to a host that does not match the host as defined in URL.
3895 | This may be required if the host of the advertised chart URLs in the
3896 | index differ from the defined URL.
3897 | Enabling this should be done with caution, as it can potentially result
3898 | in credentials getting stolen in a MITM-attack.
3899 | type: boolean
3900 | provider:
3901 | default: generic
3902 | description: |-
3903 | Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3904 | This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3905 | When not specified, defaults to 'generic'.
3906 | enum:
3907 | - generic
3908 | - aws
3909 | - azure
3910 | - gcp
3911 | type: string
3912 | secretRef:
3913 | description: |-
3914 | SecretRef specifies the Secret containing authentication credentials
3915 | for the HelmRepository.
3916 | For HTTP/S basic auth the secret must contain 'username' and 'password'
3917 | fields.
3918 | Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3919 | keys is deprecated. Please use `.spec.certSecretRef` instead.
3920 | properties:
3921 | name:
3922 | description: Name of the referent.
3923 | type: string
3924 | required:
3925 | - name
3926 | type: object
3927 | suspend:
3928 | description: |-
3929 | Suspend tells the controller to suspend the reconciliation of this
3930 | HelmRepository.
3931 | type: boolean
3932 | timeout:
3933 | description: |-
3934 | Timeout is used for the index fetch operation for an HTTPS helm repository,
3935 | and for remote OCI Repository operations like pulling for an OCI helm
3936 | chart by the associated HelmChart.
3937 | Its default value is 60s.
3938 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3939 | type: string
3940 | type:
3941 | description: |-
3942 | Type of the HelmRepository.
3943 | When this field is set to "oci", the URL field value must be prefixed with "oci://".
3944 | enum:
3945 | - default
3946 | - oci
3947 | type: string
3948 | url:
3949 | description: |-
3950 | URL of the Helm repository, a valid URL contains at least a protocol and
3951 | host.
3952 | pattern: ^(http|https|oci)://.*$
3953 | type: string
3954 | required:
3955 | - url
3956 | type: object
3957 | status:
3958 | default:
3959 | observedGeneration: -1
3960 | description: HelmRepositoryStatus records the observed state of the HelmRepository.
3961 | properties:
3962 | artifact:
3963 | description: Artifact represents the last successful HelmRepository
3964 | reconciliation.
3965 | properties:
3966 | digest:
3967 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3968 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3969 | type: string
3970 | lastUpdateTime:
3971 | description: |-
3972 | LastUpdateTime is the timestamp corresponding to the last update of the
3973 | Artifact.
3974 | format: date-time
3975 | type: string
3976 | metadata:
3977 | additionalProperties:
3978 | type: string
3979 | description: Metadata holds upstream information such as OCI annotations.
3980 | type: object
3981 | path:
3982 | description: |-
3983 | Path is the relative file path of the Artifact. It can be used to locate
3984 | the file in the root of the Artifact storage on the local file system of
3985 | the controller managing the Source.
3986 | type: string
3987 | revision:
3988 | description: |-
3989 | Revision is a human-readable identifier traceable in the origin source
3990 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3991 | type: string
3992 | size:
3993 | description: Size is the number of bytes in the file.
3994 | format: int64
3995 | type: integer
3996 | url:
3997 | description: |-
3998 | URL is the HTTP address of the Artifact as exposed by the controller
3999 | managing the Source. It can be used to retrieve the Artifact for
4000 | consumption, e.g. by another controller applying the Artifact contents.
4001 | type: string
4002 | required:
4003 | - lastUpdateTime
4004 | - path
4005 | - revision
4006 | - url
4007 | type: object
4008 | conditions:
4009 | description: Conditions holds the conditions for the HelmRepository.
4010 | items:
4011 | description: Condition contains details for one aspect of the current
4012 | state of this API Resource.
4013 | properties:
4014 | lastTransitionTime:
4015 | description: |-
4016 | lastTransitionTime is the last time the condition transitioned from one status to another.
4017 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4018 | format: date-time
4019 | type: string
4020 | message:
4021 | description: |-
4022 | message is a human readable message indicating details about the transition.
4023 | This may be an empty string.
4024 | maxLength: 32768
4025 | type: string
4026 | observedGeneration:
4027 | description: |-
4028 | observedGeneration represents the .metadata.generation that the condition was set based upon.
4029 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4030 | with respect to the current state of the instance.
4031 | format: int64
4032 | minimum: 0
4033 | type: integer
4034 | reason:
4035 | description: |-
4036 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
4037 | Producers of specific condition types may define expected values and meanings for this field,
4038 | and whether the values are considered a guaranteed API.
4039 | The value should be a CamelCase string.
4040 | This field may not be empty.
4041 | maxLength: 1024
4042 | minLength: 1
4043 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4044 | type: string
4045 | status:
4046 | description: status of the condition, one of True, False, Unknown.
4047 | enum:
4048 | - "True"
4049 | - "False"
4050 | - Unknown
4051 | type: string
4052 | type:
4053 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
4054 | maxLength: 316
4055 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4056 | type: string
4057 | required:
4058 | - lastTransitionTime
4059 | - message
4060 | - reason
4061 | - status
4062 | - type
4063 | type: object
4064 | type: array
4065 | lastHandledReconcileAt:
4066 | description: |-
4067 | LastHandledReconcileAt holds the value of the most recent
4068 | reconcile request value, so a change of the annotation value
4069 | can be detected.
4070 | type: string
4071 | observedGeneration:
4072 | description: |-
4073 | ObservedGeneration is the last observed generation of the HelmRepository
4074 | object.
4075 | format: int64
4076 | type: integer
4077 | url:
4078 | description: |-
4079 | URL is the dynamic fetch link for the latest Artifact.
4080 | It is provided on a "best effort" basis, and using the precise
4081 | HelmRepositoryStatus.Artifact data is recommended.
4082 | type: string
4083 | type: object
4084 | type: object
4085 | served: true
4086 | storage: false
4087 | subresources:
4088 | status: {}
4089 | ---
4090 | apiVersion: apiextensions.k8s.io/v1
4091 | kind: CustomResourceDefinition
4092 | metadata:
4093 | annotations:
4094 | controller-gen.kubebuilder.io/version: v0.16.1
4095 | labels:
4096 | app.kubernetes.io/component: source-controller
4097 | app.kubernetes.io/part-of: flux
4098 | name: ocirepositories.source.toolkit.fluxcd.io
4099 | spec:
4100 | group: source.toolkit.fluxcd.io
4101 | names:
4102 | kind: OCIRepository
4103 | listKind: OCIRepositoryList
4104 | plural: ocirepositories
4105 | shortNames:
4106 | - ocirepo
4107 | singular: ocirepository
4108 | scope: Namespaced
4109 | versions:
4110 | - additionalPrinterColumns:
4111 | - jsonPath: .spec.url
4112 | name: URL
4113 | type: string
4114 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
4115 | name: Ready
4116 | type: string
4117 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
4118 | name: Status
4119 | type: string
4120 | - jsonPath: .metadata.creationTimestamp
4121 | name: Age
4122 | type: date
4123 | name: v1
4124 | schema:
4125 | openAPIV3Schema:
4126 | description: OCIRepository is the Schema for the ocirepositories API
4127 | properties:
4128 | apiVersion:
4129 | description: |-
4130 | APIVersion defines the versioned schema of this representation of an object.
4131 | Servers should convert recognized schemas to the latest internal value, and
4132 | may reject unrecognized values.
4133 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4134 | type: string
4135 | kind:
4136 | description: |-
4137 | Kind is a string value representing the REST resource this object represents.
4138 | Servers may infer this from the endpoint the client submits requests to.
4139 | Cannot be updated.
4140 | In CamelCase.
4141 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4142 | type: string
4143 | metadata:
4144 | type: object
4145 | spec:
4146 | description: OCIRepositorySpec defines the desired state of OCIRepository
4147 | properties:
4148 | certSecretRef:
4149 | description: |-
4150 | CertSecretRef can be given the name of a Secret containing
4151 | either or both of
4152 |
4153 | - a PEM-encoded client certificate (`tls.crt`) and private
4154 | key (`tls.key`);
4155 | - a PEM-encoded CA certificate (`ca.crt`)
4156 |
4157 | and whichever are supplied, will be used for connecting to the
4158 | registry. The client cert and key are useful if you are
4159 | authenticating with a certificate; the CA cert is useful if
4160 | you are using a self-signed server certificate. The Secret must
4161 | be of type `Opaque` or `kubernetes.io/tls`.
4162 | properties:
4163 | name:
4164 | description: Name of the referent.
4165 | type: string
4166 | required:
4167 | - name
4168 | type: object
4169 | ignore:
4170 | description: |-
4171 | Ignore overrides the set of excluded patterns in the .sourceignore format
4172 | (which is the same as .gitignore). If not provided, a default will be used,
4173 | consult the documentation for your version to find out what those are.
4174 | type: string
4175 | insecure:
4176 | description: Insecure allows connecting to a non-TLS HTTP container
4177 | registry.
4178 | type: boolean
4179 | interval:
4180 | description: |-
4181 | Interval at which the OCIRepository URL is checked for updates.
4182 | This interval is approximate and may be subject to jitter to ensure
4183 | efficient use of resources.
4184 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
4185 | type: string
4186 | layerSelector:
4187 | description: |-
4188 | LayerSelector specifies which layer should be extracted from the OCI artifact.
4189 | When not specified, the first layer found in the artifact is selected.
4190 | properties:
4191 | mediaType:
4192 | description: |-
4193 | MediaType specifies the OCI media type of the layer
4194 | which should be extracted from the OCI Artifact. The
4195 | first layer matching this type is selected.
4196 | type: string
4197 | operation:
4198 | description: |-
4199 | Operation specifies how the selected layer should be processed.
4200 | By default, the layer compressed content is extracted to storage.
4201 | When the operation is set to 'copy', the layer compressed content
4202 | is persisted to storage as it is.
4203 | enum:
4204 | - extract
4205 | - copy
4206 | type: string
4207 | type: object
4208 | provider:
4209 | default: generic
4210 | description: |-
4211 | The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
4212 | When not specified, defaults to 'generic'.
4213 | enum:
4214 | - generic
4215 | - aws
4216 | - azure
4217 | - gcp
4218 | type: string
4219 | proxySecretRef:
4220 | description: |-
4221 | ProxySecretRef specifies the Secret containing the proxy configuration
4222 | to use while communicating with the container registry.
4223 | properties:
4224 | name:
4225 | description: Name of the referent.
4226 | type: string
4227 | required:
4228 | - name
4229 | type: object
4230 | ref:
4231 | description: |-
4232 | The OCI reference to pull and monitor for changes,
4233 | defaults to the latest tag.
4234 | properties:
4235 | digest:
4236 | description: |-
4237 | Digest is the image digest to pull, takes precedence over SemVer.
4238 | The value should be in the format 'sha256:<HASH>'.
4239 | type: string
4240 | semver:
4241 | description: |-
4242 | SemVer is the range of tags to pull selecting the latest within
4243 | the range, takes precedence over Tag.
4244 | type: string
4245 | semverFilter:
4246 | description: SemverFilter is a regex pattern to filter the tags
4247 | within the SemVer range.
4248 | type: string
4249 | tag:
4250 | description: Tag is the image tag to pull, defaults to latest.
4251 | type: string
4252 | type: object
4253 | secretRef:
4254 | description: |-
4255 | SecretRef contains the secret name containing the registry login
4256 | credentials to resolve image metadata.
4257 | The secret must be of type kubernetes.io/dockerconfigjson.
4258 | properties:
4259 | name:
4260 | description: Name of the referent.
4261 | type: string
4262 | required:
4263 | - name
4264 | type: object
4265 | serviceAccountName:
4266 | description: |-
4267 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
4268 | the image pull if the service account has attached pull secrets. For more information:
4269 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
4270 | type: string
4271 | suspend:
4272 | description: This flag tells the controller to suspend the reconciliation
4273 | of this source.
4274 | type: boolean
4275 | timeout:
4276 | default: 60s
4277 | description: The timeout for remote OCI Repository operations like
4278 | pulling, defaults to 60s.
4279 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
4280 | type: string
4281 | url:
4282 | description: |-
4283 | URL is a reference to an OCI artifact repository hosted
4284 | on a remote container registry.
4285 | pattern: ^oci://.*$
4286 | type: string
4287 | verify:
4288 | description: |-
4289 | Verify contains the secret name containing the trusted public keys
4290 | used to verify the signature and specifies which provider to use to check
4291 | whether OCI image is authentic.
4292 | properties:
4293 | matchOIDCIdentity:
4294 | description: |-
4295 | MatchOIDCIdentity specifies the identity matching criteria to use
4296 | while verifying an OCI artifact which was signed using Cosign keyless
4297 | signing. The artifact's identity is deemed to be verified if any of the
4298 | specified matchers match against the identity.
4299 | items:
4300 | description: |-
4301 | OIDCIdentityMatch specifies options for verifying the certificate identity,
4302 | i.e. the issuer and the subject of the certificate.
4303 | properties:
4304 | issuer:
4305 | description: |-
4306 | Issuer specifies the regex pattern to match against to verify
4307 | the OIDC issuer in the Fulcio certificate. The pattern must be a
4308 | valid Go regular expression.
4309 | type: string
4310 | subject:
4311 | description: |-
4312 | Subject specifies the regex pattern to match against to verify
4313 | the identity subject in the Fulcio certificate. The pattern must
4314 | be a valid Go regular expression.
4315 | type: string
4316 | required:
4317 | - issuer
4318 | - subject
4319 | type: object
4320 | type: array
4321 | provider:
4322 | default: cosign
4323 | description: Provider specifies the technology used to sign the
4324 | OCI Artifact.
4325 | enum:
4326 | - cosign
4327 | - notation
4328 | type: string
4329 | secretRef:
4330 | description: |-
4331 | SecretRef specifies the Kubernetes Secret containing the
4332 | trusted public keys.
4333 | properties:
4334 | name:
4335 | description: Name of the referent.
4336 | type: string
4337 | required:
4338 | - name
4339 | type: object
4340 | required:
4341 | - provider
4342 | type: object
4343 | required:
4344 | - interval
4345 | - url
4346 | type: object
4347 | status:
4348 | default:
4349 | observedGeneration: -1
4350 | description: OCIRepositoryStatus defines the observed state of OCIRepository
4351 | properties:
4352 | artifact:
4353 | description: Artifact represents the output of the last successful
4354 | OCI Repository sync.
4355 | properties:
4356 | digest:
4357 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
4358 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
4359 | type: string
4360 | lastUpdateTime:
4361 | description: |-
4362 | LastUpdateTime is the timestamp corresponding to the last update of the
4363 | Artifact.
4364 | format: date-time
4365 | type: string
4366 | metadata:
4367 | additionalProperties:
4368 | type: string
4369 | description: Metadata holds upstream information such as OCI annotations.
4370 | type: object
4371 | path:
4372 | description: |-
4373 | Path is the relative file path of the Artifact. It can be used to locate
4374 | the file in the root of the Artifact storage on the local file system of
4375 | the controller managing the Source.
4376 | type: string
4377 | revision:
4378 | description: |-
4379 | Revision is a human-readable identifier traceable in the origin source
4380 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
4381 | type: string
4382 | size:
4383 | description: Size is the number of bytes in the file.
4384 | format: int64
4385 | type: integer
4386 | url:
4387 | description: |-
4388 | URL is the HTTP address of the Artifact as exposed by the controller
4389 | managing the Source. It can be used to retrieve the Artifact for
4390 | consumption, e.g. by another controller applying the Artifact contents.
4391 | type: string
4392 | required:
4393 | - lastUpdateTime
4394 | - path
4395 | - revision
4396 | - url
4397 | type: object
4398 | conditions:
4399 | description: Conditions holds the conditions for the OCIRepository.
4400 | items:
4401 | description: Condition contains details for one aspect of the current
4402 | state of this API Resource.
4403 | properties:
4404 | lastTransitionTime:
4405 | description: |-
4406 | lastTransitionTime is the last time the condition transitioned from one status to another.
4407 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4408 | format: date-time
4409 | type: string
4410 | message:
4411 | description: |-
4412 | message is a human readable message indicating details about the transition.
4413 | This may be an empty string.
4414 | maxLength: 32768
4415 | type: string
4416 | observedGeneration:
4417 | description: |-
4418 | observedGeneration represents the .metadata.generation that the condition was set based upon.
4419 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4420 | with respect to the current state of the instance.
4421 | format: int64
4422 | minimum: 0
4423 | type: integer
4424 | reason:
4425 | description: |-
4426 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
4427 | Producers of specific condition types may define expected values and meanings for this field,
4428 | and whether the values are considered a guaranteed API.
4429 | The value should be a CamelCase string.
4430 | This field may not be empty.
4431 | maxLength: 1024
4432 | minLength: 1
4433 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4434 | type: string
4435 | status:
4436 | description: status of the condition, one of True, False, Unknown.
4437 | enum:
4438 | - "True"
4439 | - "False"
4440 | - Unknown
4441 | type: string
4442 | type:
4443 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
4444 | maxLength: 316
4445 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4446 | type: string
4447 | required:
4448 | - lastTransitionTime
4449 | - message
4450 | - reason
4451 | - status
4452 | - type
4453 | type: object
4454 | type: array
4455 | lastHandledReconcileAt:
4456 | description: |-
4457 | LastHandledReconcileAt holds the value of the most recent
4458 | reconcile request value, so a change of the annotation value
4459 | can be detected.
4460 | type: string
4461 | observedGeneration:
4462 | description: ObservedGeneration is the last observed generation.
4463 | format: int64
4464 | type: integer
4465 | observedIgnore:
4466 | description: |-
4467 | ObservedIgnore is the observed exclusion patterns used for constructing
4468 | the source artifact.
4469 | type: string
4470 | observedLayerSelector:
4471 | description: |-
4472 | ObservedLayerSelector is the observed layer selector used for constructing
4473 | the source artifact.
4474 | properties:
4475 | mediaType:
4476 | description: |-
4477 | MediaType specifies the OCI media type of the layer
4478 | which should be extracted from the OCI Artifact. The
4479 | first layer matching this type is selected.
4480 | type: string
4481 | operation:
4482 | description: |-
4483 | Operation specifies how the selected layer should be processed.
4484 | By default, the layer compressed content is extracted to storage.
4485 | When the operation is set to 'copy', the layer compressed content
4486 | is persisted to storage as it is.
4487 | enum:
4488 | - extract
4489 | - copy
4490 | type: string
4491 | type: object
4492 | url:
4493 | description: URL is the download link for the artifact output of the
4494 | last OCI Repository sync.
4495 | type: string
4496 | type: object
4497 | type: object
4498 | served: true
4499 | storage: true
4500 | subresources:
4501 | status: {}
4502 | - additionalPrinterColumns:
4503 | - jsonPath: .spec.url
4504 | name: URL
4505 | type: string
4506 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
4507 | name: Ready
4508 | type: string
4509 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
4510 | name: Status
4511 | type: string
4512 | - jsonPath: .metadata.creationTimestamp
4513 | name: Age
4514 | type: date
4515 | deprecated: true
4516 | deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1
4517 | name: v1beta2
4518 | schema:
4519 | openAPIV3Schema:
4520 | description: OCIRepository is the Schema for the ocirepositories API
4521 | properties:
4522 | apiVersion:
4523 | description: |-
4524 | APIVersion defines the versioned schema of this representation of an object.
4525 | Servers should convert recognized schemas to the latest internal value, and
4526 | may reject unrecognized values.
4527 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4528 | type: string
4529 | kind:
4530 | description: |-
4531 | Kind is a string value representing the REST resource this object represents.
4532 | Servers may infer this from the endpoint the client submits requests to.
4533 | Cannot be updated.
4534 | In CamelCase.
4535 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4536 | type: string
4537 | metadata:
4538 | type: object
4539 | spec:
4540 | description: OCIRepositorySpec defines the desired state of OCIRepository
4541 | properties:
4542 | certSecretRef:
4543 | description: |-
4544 | CertSecretRef can be given the name of a Secret containing
4545 | either or both of
4546 |
4547 | - a PEM-encoded client certificate (`tls.crt`) and private
4548 | key (`tls.key`);
4549 | - a PEM-encoded CA certificate (`ca.crt`)
4550 |
4551 | and whichever are supplied, will be used for connecting to the
4552 | registry. The client cert and key are useful if you are
4553 | authenticating with a certificate; the CA cert is useful if
4554 | you are using a self-signed server certificate. The Secret must
4555 | be of type `Opaque` or `kubernetes.io/tls`.
4556 |
4557 | Note: Support for the `caFile`, `certFile` and `keyFile` keys have
4558 | been deprecated.
4559 | properties:
4560 | name:
4561 | description: Name of the referent.
4562 | type: string
4563 | required:
4564 | - name
4565 | type: object
4566 | ignore:
4567 | description: |-
4568 | Ignore overrides the set of excluded patterns in the .sourceignore format
4569 | (which is the same as .gitignore). If not provided, a default will be used,
4570 | consult the documentation for your version to find out what those are.
4571 | type: string
4572 | insecure:
4573 | description: Insecure allows connecting to a non-TLS HTTP container
4574 | registry.
4575 | type: boolean
4576 | interval:
4577 | description: |-
4578 | Interval at which the OCIRepository URL is checked for updates.
4579 | This interval is approximate and may be subject to jitter to ensure
4580 | efficient use of resources.
4581 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
4582 | type: string
4583 | layerSelector:
4584 | description: |-
4585 | LayerSelector specifies which layer should be extracted from the OCI artifact.
4586 | When not specified, the first layer found in the artifact is selected.
4587 | properties:
4588 | mediaType:
4589 | description: |-
4590 | MediaType specifies the OCI media type of the layer
4591 | which should be extracted from the OCI Artifact. The
4592 | first layer matching this type is selected.
4593 | type: string
4594 | operation:
4595 | description: |-
4596 | Operation specifies how the selected layer should be processed.
4597 | By default, the layer compressed content is extracted to storage.
4598 | When the operation is set to 'copy', the layer compressed content
4599 | is persisted to storage as it is.
4600 | enum:
4601 | - extract
4602 | - copy
4603 | type: string
4604 | type: object
4605 | provider:
4606 | default: generic
4607 | description: |-
4608 | The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
4609 | When not specified, defaults to 'generic'.
4610 | enum:
4611 | - generic
4612 | - aws
4613 | - azure
4614 | - gcp
4615 | type: string
4616 | proxySecretRef:
4617 | description: |-
4618 | ProxySecretRef specifies the Secret containing the proxy configuration
4619 | to use while communicating with the container registry.
4620 | properties:
4621 | name:
4622 | description: Name of the referent.
4623 | type: string
4624 | required:
4625 | - name
4626 | type: object
4627 | ref:
4628 | description: |-
4629 | The OCI reference to pull and monitor for changes,
4630 | defaults to the latest tag.
4631 | properties:
4632 | digest:
4633 | description: |-
4634 | Digest is the image digest to pull, takes precedence over SemVer.
4635 | The value should be in the format 'sha256:<HASH>'.
4636 | type: string
4637 | semver:
4638 | description: |-
4639 | SemVer is the range of tags to pull selecting the latest within
4640 | the range, takes precedence over Tag.
4641 | type: string
4642 | semverFilter:
4643 | description: SemverFilter is a regex pattern to filter the tags
4644 | within the SemVer range.
4645 | type: string
4646 | tag:
4647 | description: Tag is the image tag to pull, defaults to latest.
4648 | type: string
4649 | type: object
4650 | secretRef:
4651 | description: |-
4652 | SecretRef contains the secret name containing the registry login
4653 | credentials to resolve image metadata.
4654 | The secret must be of type kubernetes.io/dockerconfigjson.
4655 | properties:
4656 | name:
4657 | description: Name of the referent.
4658 | type: string
4659 | required:
4660 | - name
4661 | type: object
4662 | serviceAccountName:
4663 | description: |-
4664 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
4665 | the image pull if the service account has attached pull secrets. For more information:
4666 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
4667 | type: string
4668 | suspend:
4669 | description: This flag tells the controller to suspend the reconciliation
4670 | of this source.
4671 | type: boolean
4672 | timeout:
4673 | default: 60s
4674 | description: The timeout for remote OCI Repository operations like
4675 | pulling, defaults to 60s.
4676 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
4677 | type: string
4678 | url:
4679 | description: |-
4680 | URL is a reference to an OCI artifact repository hosted
4681 | on a remote container registry.
4682 | pattern: ^oci://.*$
4683 | type: string
4684 | verify:
4685 | description: |-
4686 | Verify contains the secret name containing the trusted public keys
4687 | used to verify the signature and specifies which provider to use to check
4688 | whether OCI image is authentic.
4689 | properties:
4690 | matchOIDCIdentity:
4691 | description: |-
4692 | MatchOIDCIdentity specifies the identity matching criteria to use
4693 | while verifying an OCI artifact which was signed using Cosign keyless
4694 | signing. The artifact's identity is deemed to be verified if any of the
4695 | specified matchers match against the identity.
4696 | items:
4697 | description: |-
4698 | OIDCIdentityMatch specifies options for verifying the certificate identity,
4699 | i.e. the issuer and the subject of the certificate.
4700 | properties:
4701 | issuer:
4702 | description: |-
4703 | Issuer specifies the regex pattern to match against to verify
4704 | the OIDC issuer in the Fulcio certificate. The pattern must be a
4705 | valid Go regular expression.
4706 | type: string
4707 | subject:
4708 | description: |-
4709 | Subject specifies the regex pattern to match against to verify
4710 | the identity subject in the Fulcio certificate. The pattern must
4711 | be a valid Go regular expression.
4712 | type: string
4713 | required:
4714 | - issuer
4715 | - subject
4716 | type: object
4717 | type: array
4718 | provider:
4719 | default: cosign
4720 | description: Provider specifies the technology used to sign the
4721 | OCI Artifact.
4722 | enum:
4723 | - cosign
4724 | - notation
4725 | type: string
4726 | secretRef:
4727 | description: |-
4728 | SecretRef specifies the Kubernetes Secret containing the
4729 | trusted public keys.
4730 | properties:
4731 | name:
4732 | description: Name of the referent.
4733 | type: string
4734 | required:
4735 | - name
4736 | type: object
4737 | required:
4738 | - provider
4739 | type: object
4740 | required:
4741 | - interval
4742 | - url
4743 | type: object
4744 | status:
4745 | default:
4746 | observedGeneration: -1
4747 | description: OCIRepositoryStatus defines the observed state of OCIRepository
4748 | properties:
4749 | artifact:
4750 | description: Artifact represents the output of the last successful
4751 | OCI Repository sync.
4752 | properties:
4753 | digest:
4754 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
4755 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
4756 | type: string
4757 | lastUpdateTime:
4758 | description: |-
4759 | LastUpdateTime is the timestamp corresponding to the last update of the
4760 | Artifact.
4761 | format: date-time
4762 | type: string
4763 | metadata:
4764 | additionalProperties:
4765 | type: string
4766 | description: Metadata holds upstream information such as OCI annotations.
4767 | type: object
4768 | path:
4769 | description: |-
4770 | Path is the relative file path of the Artifact. It can be used to locate
4771 | the file in the root of the Artifact storage on the local file system of
4772 | the controller managing the Source.
4773 | type: string
4774 | revision:
4775 | description: |-
4776 | Revision is a human-readable identifier traceable in the origin source
4777 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
4778 | type: string
4779 | size:
4780 | description: Size is the number of bytes in the file.
4781 | format: int64
4782 | type: integer
4783 | url:
4784 | description: |-
4785 | URL is the HTTP address of the Artifact as exposed by the controller
4786 | managing the Source. It can be used to retrieve the Artifact for
4787 | consumption, e.g. by another controller applying the Artifact contents.
4788 | type: string
4789 | required:
4790 | - lastUpdateTime
4791 | - path
4792 | - revision
4793 | - url
4794 | type: object
4795 | conditions:
4796 | description: Conditions holds the conditions for the OCIRepository.
4797 | items:
4798 | description: Condition contains details for one aspect of the current
4799 | state of this API Resource.
4800 | properties:
4801 | lastTransitionTime:
4802 | description: |-
4803 | lastTransitionTime is the last time the condition transitioned from one status to another.
4804 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4805 | format: date-time
4806 | type: string
4807 | message:
4808 | description: |-
4809 | message is a human readable message indicating details about the transition.
4810 | This may be an empty string.
4811 | maxLength: 32768
4812 | type: string
4813 | observedGeneration:
4814 | description: |-
4815 | observedGeneration represents the .metadata.generation that the condition was set based upon.
4816 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4817 | with respect to the current state of the instance.
4818 | format: int64
4819 | minimum: 0
4820 | type: integer
4821 | reason:
4822 | description: |-
4823 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
4824 | Producers of specific condition types may define expected values and meanings for this field,
4825 | and whether the values are considered a guaranteed API.
4826 | The value should be a CamelCase string.
4827 | This field may not be empty.
4828 | maxLength: 1024
4829 | minLength: 1
4830 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4831 | type: string
4832 | status:
4833 | description: status of the condition, one of True, False, Unknown.
4834 | enum:
4835 | - "True"
4836 | - "False"
4837 | - Unknown
4838 | type: string
4839 | type:
4840 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
4841 | maxLength: 316
4842 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4843 | type: string
4844 | required:
4845 | - lastTransitionTime
4846 | - message
4847 | - reason
4848 | - status
4849 | - type
4850 | type: object
4851 | type: array
4852 | contentConfigChecksum:
4853 | description: |-
4854 | ContentConfigChecksum is a checksum of all the configurations related to
4855 | the content of the source artifact:
4856 | - .spec.ignore
4857 | - .spec.layerSelector
4858 | observed in .status.observedGeneration version of the object. This can
4859 | be used to determine if the content configuration has changed and the
4860 | artifact needs to be rebuilt.
4861 | It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
4862 |
4863 | Deprecated: Replaced with explicit fields for observed artifact content
4864 | config in the status.
4865 | type: string
4866 | lastHandledReconcileAt:
4867 | description: |-
4868 | LastHandledReconcileAt holds the value of the most recent
4869 | reconcile request value, so a change of the annotation value
4870 | can be detected.
4871 | type: string
4872 | observedGeneration:
4873 | description: ObservedGeneration is the last observed generation.
4874 | format: int64
4875 | type: integer
4876 | observedIgnore:
4877 | description: |-
4878 | ObservedIgnore is the observed exclusion patterns used for constructing
4879 | the source artifact.
4880 | type: string
4881 | observedLayerSelector:
4882 | description: |-
4883 | ObservedLayerSelector is the observed layer selector used for constructing
4884 | the source artifact.
4885 | properties:
4886 | mediaType:
4887 | description: |-
4888 | MediaType specifies the OCI media type of the layer
4889 | which should be extracted from the OCI Artifact. The
4890 | first layer matching this type is selected.
4891 | type: string
4892 | operation:
4893 | description: |-
4894 | Operation specifies how the selected layer should be processed.
4895 | By default, the layer compressed content is extracted to storage.
4896 | When the operation is set to 'copy', the layer compressed content
4897 | is persisted to storage as it is.
4898 | enum:
4899 | - extract
4900 | - copy
4901 | type: string
4902 | type: object
4903 | url:
4904 | description: URL is the download link for the artifact output of the
4905 | last OCI Repository sync.
4906 | type: string
4907 | type: object
4908 | type: object
4909 | served: true
4910 | storage: false
4911 | subresources:
4912 | status: {}
4913 | ---
4914 | apiVersion: v1
4915 | kind: ServiceAccount
4916 | metadata:
4917 | labels:
4918 | app.kubernetes.io/component: source-controller
4919 | app.kubernetes.io/part-of: flux
4920 | name: source-controller
4921 | ---
4922 | apiVersion: v1
4923 | kind: Service
4924 | metadata:
4925 | labels:
4926 | app.kubernetes.io/component: source-controller
4927 | app.kubernetes.io/part-of: flux
4928 | control-plane: controller
4929 | name: source-controller
4930 | spec:
4931 | ports:
4932 | - name: http
4933 | port: 80
4934 | protocol: TCP
4935 | targetPort: http
4936 | selector:
4937 | app: source-controller
4938 | type: ClusterIP
4939 | ---
4940 | apiVersion: apps/v1
4941 | kind: Deployment
4942 | metadata:
4943 | labels:
4944 | app.kubernetes.io/component: source-controller
4945 | app.kubernetes.io/part-of: flux
4946 | control-plane: controller
4947 | name: source-controller
4948 | spec:
4949 | replicas: 1
4950 | selector:
4951 | matchLabels:
4952 | app: source-controller
4953 | strategy:
4954 | type: Recreate
4955 | template:
4956 | metadata:
4957 | annotations:
4958 | prometheus.io/port: "8080"
4959 | prometheus.io/scrape: "true"
4960 | labels:
4961 | app: source-controller
4962 | spec:
4963 | containers:
4964 | - args:
4965 | - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
4966 | - --watch-all-namespaces
4967 | - --log-level=info
4968 | - --log-encoding=json
4969 | - --enable-leader-election
4970 | - --storage-path=/data
4971 | - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
4972 | env:
4973 | - name: RUNTIME_NAMESPACE
4974 | valueFrom:
4975 | fieldRef:
4976 | fieldPath: metadata.namespace
4977 | - name: TUF_ROOT
4978 | value: /tmp/.sigstore
4979 | - name: GOMAXPROCS
4980 | valueFrom:
4981 | resourceFieldRef:
4982 | containerName: manager
4983 | resource: limits.cpu
4984 | - name: GOMEMLIMIT
4985 | valueFrom:
4986 | resourceFieldRef:
4987 | containerName: manager
4988 | resource: limits.memory
4989 | image: fluxcd/source-controller:v1.6.2
4990 | imagePullPolicy: IfNotPresent
4991 | livenessProbe:
4992 | httpGet:
4993 | path: /healthz
4994 | port: healthz
4995 | name: manager
4996 | ports:
4997 | - containerPort: 9090
4998 | name: http
4999 | protocol: TCP
5000 | - containerPort: 8080
5001 | name: http-prom
5002 | protocol: TCP
5003 | - containerPort: 9440
5004 | name: healthz
5005 | protocol: TCP
5006 | readinessProbe:
5007 | httpGet:
5008 | path: /
5009 | port: http
5010 | resources:
5011 | limits:
5012 | cpu: 1000m
5013 | memory: 1Gi
5014 | requests:
5015 | cpu: 50m
5016 | memory: 64Mi
5017 | securityContext:
5018 | allowPrivilegeEscalation: false
5019 | capabilities:
5020 | drop:
5021 | - ALL
5022 | readOnlyRootFilesystem: true
5023 | runAsNonRoot: true
5024 | seccompProfile:
5025 | type: RuntimeDefault
5026 | volumeMounts:
5027 | - mountPath: /data
5028 | name: data
5029 | - mountPath: /tmp
5030 | name: tmp
5031 | priorityClassName: system-cluster-critical
5032 | securityContext:
5033 | fsGroup: 1337
5034 | serviceAccountName: source-controller
5035 | terminationGracePeriodSeconds: 10
5036 | volumes:
5037 | - emptyDir: {}
5038 | name: data
5039 | - emptyDir: {}
5040 | name: tmp
5041 |
```