This is page 97 of 126. Use http://codebase.md/controlplaneio-fluxcd/flux-operator?lines=true&page={x} to view the full context.
# Directory Structure
```
├── .github
│ ├── actions
│ │ └── runner-cleanup
│ │ └── action.yml
│ ├── copilot-instructions.md
│ ├── dependabot.yaml
│ └── workflows
│ ├── actions-test.yaml
│ ├── e2e-olm.yaml
│ ├── preview.yaml
│ ├── push-manifests.yaml
│ ├── release.yaml
│ └── test.yaml
├── .gitignore
├── .golangci.yml
├── .goreleaser.yml
├── actions
│ └── setup
│ ├── action.yaml
│ └── README.md
├── AGENTS.md
├── api
│ └── v1
│ ├── common_types_test.go
│ ├── common_types.go
│ ├── fluxinstance_types.go
│ ├── fluxreport_types.go
│ ├── groupversion_info.go
│ ├── history_types_test.go
│ ├── history_types.go
│ ├── resourceset_types.go
│ ├── resourcesetinputprovider_types.go
│ ├── schedule_types.go
│ └── zz_generated.deepcopy.go
├── cmd
│ ├── cli
│ │ ├── build_instance.go
│ │ ├── build_resourceset_test.go
│ │ ├── build_resourceset.go
│ │ ├── build.go
│ │ ├── client.go
│ │ ├── completion_bash.go
│ │ ├── completion_fish.go
│ │ ├── completion_powershell.go
│ │ ├── completion_zsh.go
│ │ ├── completion.go
│ │ ├── create_secret_basicauth_test.go
│ │ ├── create_secret_basicauth.go
│ │ ├── create_secret_githubapp.go
│ │ ├── create_secret_proxy_test.go
│ │ ├── create_secret_proxy.go
│ │ ├── create_secret_registry_test.go
│ │ ├── create_secret_registry.go
│ │ ├── create_secret_sops_test.go
│ │ ├── create_secret_sops.go
│ │ ├── create_secret_ssh.go
│ │ ├── create_secret_tls.go
│ │ ├── create_secret.go
│ │ ├── create.go
│ │ ├── debug_web_cookie.go
│ │ ├── debug_web.go
│ │ ├── debug.go
│ │ ├── delete_inputprovider_test.go
│ │ ├── delete_inputprovider.go
│ │ ├── delete_instance_test.go
│ │ ├── delete_instance.go
│ │ ├── delete_resourceset_test.go
│ │ ├── delete_resourceset.go
│ │ ├── delete.go
│ │ ├── distro_decrypt_manifests_test.go
│ │ ├── distro_decrypt_manifests.go
│ │ ├── distro_decrypt_token_test.go
│ │ ├── distro_decrypt_token.go
│ │ ├── distro_decrypt.go
│ │ ├── distro_encrypt_manifests_test.go
│ │ ├── distro_encrypt_manifests.go
│ │ ├── distro_encrypt_token_test.go
│ │ ├── distro_encrypt_token.go
│ │ ├── distro_encrypt.go
│ │ ├── distro_keygen_enc_test.go
│ │ ├── distro_keygen_enc.go
│ │ ├── distro_keygen_sig_test.go
│ │ ├── distro_keygen_sig.go
│ │ ├── distro_keygen.go
│ │ ├── distro_revoke_license_key_test.go
│ │ ├── distro_revoke_license_key.go
│ │ ├── distro_revoke.go
│ │ ├── distro_sign_artifacts_test.go
│ │ ├── distro_sign_artifacts.go
│ │ ├── distro_sign_license_key_test.go
│ │ ├── distro_sign_license_key.go
│ │ ├── distro_sign_manifests_test.go
│ │ ├── distro_sign_manifests.go
│ │ ├── distro_sign.go
│ │ ├── distro_verify_artifacts_test.go
│ │ ├── distro_verify_artifacts.go
│ │ ├── distro_verify_license_key_test.go
│ │ ├── distro_verify_license_key.go
│ │ ├── distro_verify_manifests_test.go
│ │ ├── distro_verify_manifests.go
│ │ ├── distro_verify.go
│ │ ├── distro.go
│ │ ├── Dockerfile
│ │ ├── export_report_test.go
│ │ ├── export_report.go
│ │ ├── export_resource_test.go
│ │ ├── export_resource.go
│ │ ├── export.go
│ │ ├── get_inputprovider_test.go
│ │ ├── get_inputprovider.go
│ │ ├── get_instance.go
│ │ ├── get_resources.go
│ │ ├── get_resourceset_test.go
│ │ ├── get_resourceset.go
│ │ ├── get.go
│ │ ├── install.go
│ │ ├── main.go
│ │ ├── README.md
│ │ ├── reconcile_inputprovider.go
│ │ ├── reconcile_instance.go
│ │ ├── reconcile_resource.go
│ │ ├── reconcile_resources.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile.go
│ │ ├── resume_inputprovider.go
│ │ ├── resume_instance.go
│ │ ├── resume_resource.go
│ │ ├── resume_resourceset.go
│ │ ├── resume.go
│ │ ├── stats.go
│ │ ├── suite_test.go
│ │ ├── suspend_inputprovider.go
│ │ ├── suspend_instance.go
│ │ ├── suspend_resource.go
│ │ ├── suspend_resourceset.go
│ │ ├── suspend.go
│ │ ├── testdata
│ │ │ └── build_resourceset
│ │ │ ├── golden-labeled.yaml
│ │ │ ├── golden-named.yaml
│ │ │ ├── golden-permuted.yaml
│ │ │ ├── golden.yaml
│ │ │ ├── inputs.yaml
│ │ │ ├── rset-standalone.yaml
│ │ │ ├── rset-with-rsip-labeled.yaml
│ │ │ ├── rset-with-rsip-named.yaml
│ │ │ ├── rset-with-rsip-permuted.yaml
│ │ │ ├── rset-with-rsip.yaml
│ │ │ ├── rsip-labeled.yaml
│ │ │ ├── rsip-named.yaml
│ │ │ └── rsip.yaml
│ │ ├── trace_test.go
│ │ ├── trace_types.go
│ │ ├── trace.go
│ │ ├── tree_helmrelease.go
│ │ ├── tree_kustomization.go
│ │ ├── tree_resourceset_test.go
│ │ ├── tree_resourceset.go
│ │ ├── tree.go
│ │ ├── uninstall.go
│ │ ├── version_test.go
│ │ ├── version.go
│ │ ├── wait_inputprovider_test.go
│ │ ├── wait_inputprovider.go
│ │ ├── wait_instance_test.go
│ │ ├── wait_instance.go
│ │ ├── wait_resourceset_test.go
│ │ ├── wait_resourceset.go
│ │ └── wait.go
│ ├── mcp
│ │ ├── Dockerfile
│ │ ├── k8s
│ │ │ ├── actions_test.go
│ │ │ ├── actions.go
│ │ │ ├── client_test.go
│ │ │ ├── client.go
│ │ │ ├── config.go
│ │ │ ├── events_test.go
│ │ │ ├── events.go
│ │ │ ├── export_test.go
│ │ │ ├── export.go
│ │ │ ├── helm.go
│ │ │ ├── logs.go
│ │ │ ├── metrics.go
│ │ │ └── suite_test.go
│ │ ├── main.go
│ │ ├── prompter
│ │ │ ├── debug_helmrelease_test.go
│ │ │ ├── debug_helmrelease.go
│ │ │ ├── debug_kustomization_test.go
│ │ │ ├── debug_kustomization.go
│ │ │ ├── index.go
│ │ │ └── manager.go
│ │ ├── README.md
│ │ └── toolbox
│ │ ├── apply_manifest_test.go
│ │ ├── apply_manifest.go
│ │ ├── delete_resource_test.go
│ │ ├── delete_resource.go
│ │ ├── get_apis_test.go
│ │ ├── get_apis.go
│ │ ├── get_contexts_test.go
│ │ ├── get_contexts.go
│ │ ├── get_instance_test.go
│ │ ├── get_instance.go
│ │ ├── get_logs_test.go
│ │ ├── get_logs.go
│ │ ├── get_metrics_test.go
│ │ ├── get_metrics.go
│ │ ├── get_resource_test.go
│ │ ├── get_resource.go
│ │ ├── helpers.go
│ │ ├── indexer
│ │ │ └── main.go
│ │ ├── install_instance_test.go
│ │ ├── install_instance.go
│ │ ├── library
│ │ │ ├── bm25_test.go
│ │ │ ├── bm25.go
│ │ │ ├── index.go
│ │ │ ├── index.gob
│ │ │ ├── library.go
│ │ │ ├── search_test.go
│ │ │ ├── search.go
│ │ │ ├── tokenizer_test.go
│ │ │ └── tokenizer.go
│ │ ├── manager_test.go
│ │ ├── manager.go
│ │ ├── reconcile_helmrelease_test.go
│ │ ├── reconcile_helmrelease.go
│ │ ├── reconcile_kustomization_test.go
│ │ ├── reconcile_kustomization.go
│ │ ├── reconcile_resourceset_test.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile_source_test.go
│ │ ├── reconcile_source.go
│ │ ├── resume_reconciliation_test.go
│ │ ├── resume_reconciliation.go
│ │ ├── scopes_test.go
│ │ ├── scopes.go
│ │ ├── search_flux_docs_test.go
│ │ ├── search_flux_docs.go
│ │ ├── set_context_test.go
│ │ ├── set_context.go
│ │ ├── suspend_reconciliation_test.go
│ │ ├── suspend_reconciliation.go
│ │ └── testdata
│ │ ├── kubeconfig_golden.yaml
│ │ └── kubeconfig.yaml
│ └── operator
│ └── main.go
├── config
│ ├── crd
│ │ ├── bases
│ │ │ ├── fluxcd.controlplane.io_fluxinstances.yaml
│ │ │ ├── fluxcd.controlplane.io_fluxreports.yaml
│ │ │ ├── fluxcd.controlplane.io_resourcesetinputproviders.yaml
│ │ │ └── fluxcd.controlplane.io_resourcesets.yaml
│ │ ├── kustomization.yaml
│ │ └── kustomizeconfig.yaml
│ ├── data
│ │ ├── flux
│ │ │ ├── v2.2.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.5
│ │ │ ├── helm-controller.yaml
│ │ │ ├── image-automation-controller.yaml
│ │ │ ├── image-reflector-controller.yaml
│ │ │ ├── kustomize-controller.yaml
│ │ │ ├── notification-controller.yaml
│ │ │ ├── policies.yaml
│ │ │ ├── rbac.yaml
│ │ │ ├── source-controller.yaml
│ │ │ └── source-watcher.yaml
│ │ ├── flux-images
│ │ │ ├── v2.2.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.5
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ └── VERSION
│ │ └── flux-vex
│ │ ├── v2.2.json
│ │ ├── v2.3.json
│ │ ├── v2.4.json
│ │ ├── v2.5.json
│ │ ├── v2.6.json
│ │ └── v2.7.json
│ ├── default
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── rbac.yaml
│ ├── manager
│ │ ├── account.yaml
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── mcp
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── monitoring
│ │ ├── dashboards
│ │ │ ├── flux-k8s-api-performance.json
│ │ │ └── flux-performance.json
│ │ ├── flux-controllers.yaml
│ │ ├── flux-operator.yaml
│ │ └── kustomization.yaml
│ ├── olm
│ │ ├── build
│ │ │ └── Dockerfile
│ │ ├── bundle
│ │ │ ├── manifests
│ │ │ │ ├── flux-operator.clusterserviceversion.yaml
│ │ │ │ ├── flux-operator.service.yaml
│ │ │ │ ├── fluxinstances.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── fluxreports.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── resourcesetinputproviders.fluxcd.controlplane.io.crd.yaml
│ │ │ │ └── resourcesets.fluxcd.controlplane.io.crd.yaml
│ │ │ ├── metadata
│ │ │ │ └── annotations.yaml
│ │ │ └── tests
│ │ │ └── scorecard
│ │ │ └── config.yaml
│ │ ├── ci.yaml
│ │ └── test
│ │ ├── bundle.Dockerfile
│ │ ├── olm.yaml
│ │ └── opm.Dockerfile
│ ├── rbac
│ │ ├── fluxinstance_editor_role.yaml
│ │ ├── fluxinstance_viewer_role.yaml
│ │ ├── fluxreport_editor_role.yaml
│ │ ├── fluxreport_viewer_role.yaml
│ │ ├── kustomization.yaml
│ │ ├── leader_election_role_binding.yaml
│ │ ├── leader_election_role.yaml
│ │ ├── resourceset_editor_role.yaml
│ │ ├── resourceset_viewer_role.yaml
│ │ ├── role_binding.yaml
│ │ ├── role.yaml
│ │ └── service_account.yaml
│ ├── samples
│ │ ├── fluxcd_v1_fluxinstance.yaml
│ │ ├── fluxcd_v1_fluxreport.yaml
│ │ ├── fluxcd_v1_resourceset.yaml
│ │ ├── fluxcd_v1_resourcesetinputprovider.yaml
│ │ └── kustomization.yaml
│ └── terraform
│ ├── main.tf
│ ├── outputs.tf
│ ├── providers.tf
│ ├── README.md
│ ├── values
│ │ └── components.yaml
│ ├── variables.tf
│ └── versions.tf
├── CONTRIBUTING.md
├── Dockerfile
├── docs
│ ├── api
│ │ └── v1
│ │ ├── fluxinstance.md
│ │ ├── fluxreport.md
│ │ ├── resourceset.md
│ │ └── resourcesetinputprovider.md
│ ├── dev
│ │ └── README.md
│ ├── guides
│ │ ├── instance
│ │ │ ├── instance-controllers.md
│ │ │ ├── instance-customization.md
│ │ │ ├── instance-monitoring.md
│ │ │ ├── instance-sharding.md
│ │ │ └── instance-sync.md
│ │ ├── operator
│ │ │ ├── operator-install.md
│ │ │ └── operator-migration.md
│ │ └── resourcesets
│ │ ├── rset-app-definition.md
│ │ ├── rset-github-pull-requests.md
│ │ ├── rset-gitlab-environments.md
│ │ ├── rset-gitlab-merge-requests.md
│ │ ├── rset-image-automation.md
│ │ ├── rset-introduction.md
│ │ └── rset-time-based-delivery.md
│ ├── lkm
│ │ └── README.md
│ ├── logo
│ │ ├── flux-operator-banner.png
│ │ ├── flux-operator-banner.svg
│ │ ├── flux-operator-icon.png
│ │ ├── flux-operator-icon.svg
│ │ ├── flux-operator-logo.png
│ │ └── flux-operator-logo.svg
│ ├── mcp
│ │ ├── instructions.md
│ │ ├── mcp-config.md
│ │ ├── mcp-install.md
│ │ ├── mcp-prompting.md
│ │ ├── prompts.md
│ │ └── tools.md
│ └── web
│ ├── web-config-api.md
│ ├── web-ingress.md
│ ├── web-sso-dex.md
│ ├── web-sso-keycloak.md
│ ├── web-sso-openshift.md
│ ├── web-standalone.md
│ └── web-user-management.md
├── go.mod
├── go.sum
├── hack
│ ├── boilerplate.go.txt
│ ├── build-dist-manifests.sh
│ ├── build-olm-images.sh
│ ├── build-olm-manifests.sh
│ ├── install-operator-sdk.sh
│ ├── prep-release.sh
│ ├── vendor-flux-manifests.sh
│ └── web-ui-load-test.sh
├── internal
│ ├── builder
│ │ ├── build_test.go
│ │ ├── build.go
│ │ ├── components.go
│ │ ├── digest.go
│ │ ├── images_test.go
│ │ ├── images.go
│ │ ├── options.go
│ │ ├── preflight_test.go
│ │ ├── preflight.go
│ │ ├── profiles.go
│ │ ├── pull.go
│ │ ├── resourceset_test.go
│ │ ├── resourceset.go
│ │ ├── result.go
│ │ ├── semver_test.go
│ │ ├── semver.go
│ │ ├── templates.go
│ │ ├── testdata
│ │ │ ├── flux
│ │ │ │ ├── v2.2.0
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── v2.2.1
│ │ │ │ │ └── .gitkeep
│ │ │ │ └── v2.3.0
│ │ │ │ └── .gitkeep
│ │ │ ├── flux-images
│ │ │ │ └── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── resourceset
│ │ │ │ ├── dedup.golden.yaml
│ │ │ │ ├── dedup.yaml
│ │ │ │ ├── empty.yaml
│ │ │ │ ├── exclude.golden.yaml
│ │ │ │ ├── exclude.yaml
│ │ │ │ ├── invalid-output.yaml
│ │ │ │ ├── missing-inputs.yaml
│ │ │ │ ├── multi-doc-template.golden.yaml
│ │ │ │ ├── multi-doc-template.yaml
│ │ │ │ ├── nestedinputs.golden.yaml
│ │ │ │ ├── nestedinputs.yaml
│ │ │ │ ├── noinputs.golden.yaml
│ │ │ │ ├── noinputs.yaml
│ │ │ │ ├── slugify.golden.yaml
│ │ │ │ └── slugify.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0-golden
│ │ │ │ ├── default.kustomization.yaml
│ │ │ │ ├── patches.kustomization.yaml
│ │ │ │ ├── profiles.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── storage.kustomization.yaml
│ │ │ │ └── sync.kustomization.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0-golden
│ │ │ │ ├── shard1.kustomization.yaml
│ │ │ │ ├── shard2.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── size.large.kustomization.yaml
│ │ │ │ ├── size.medium.kustomization.yaml
│ │ │ │ └── size.small.kustomization.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.0-golden
│ │ │ └── source-watcher.kustomization.yaml
│ │ └── workload_identity.go
│ ├── controller
│ │ ├── common.go
│ │ ├── entitlement_controller_test.go
│ │ ├── entitlement_controller.go
│ │ ├── fluxinstance_artifact_controller_test.go
│ │ ├── fluxinstance_artifact_controller.go
│ │ ├── fluxinstance_artifact_manager_test.go
│ │ ├── fluxinstance_artifact_manager.go
│ │ ├── fluxinstance_controller_test.go
│ │ ├── fluxinstance_controller.go
│ │ ├── fluxinstance_manager.go
│ │ ├── fluxinstance_migrator.go
│ │ ├── fluxinstance_uninstaller.go
│ │ ├── fluxreport_controller_test.go
│ │ ├── fluxreport_controller.go
│ │ ├── resourceset_controller_test.go
│ │ ├── resourceset_controller.go
│ │ ├── resourceset_manager_test.go
│ │ ├── resourceset_manager.go
│ │ ├── resourcesetinputprovider_controller_git_test.go
│ │ ├── resourcesetinputprovider_controller_oci_test.go
│ │ ├── resourcesetinputprovider_controller_test.go
│ │ ├── resourcesetinputprovider_controller.go
│ │ ├── resourcesetinputprovider_manager.go
│ │ ├── suite_test.go
│ │ └── testdata
│ │ └── rsa-private-key.pem
│ ├── entitlement
│ │ ├── aws.go
│ │ ├── client_test.go
│ │ ├── client.go
│ │ ├── default_test.go
│ │ └── default.go
│ ├── filtering
│ │ ├── filters_test.go
│ │ └── filters.go
│ ├── gitprovider
│ │ ├── azuredevops_test.go
│ │ ├── azuredevops.go
│ │ ├── github_test.go
│ │ ├── github.go
│ │ ├── gitlab_test.go
│ │ ├── gitlab.go
│ │ ├── interface.go
│ │ ├── options.go
│ │ ├── result_test.go
│ │ └── result.go
│ ├── inputs
│ │ ├── combine_test.go
│ │ ├── combine.go
│ │ ├── flattener.go
│ │ ├── id.go
│ │ ├── json_test.go
│ │ ├── json.go
│ │ ├── keys_test.go
│ │ ├── keys.go
│ │ ├── permuter_test.go
│ │ ├── permuter.go
│ │ └── provider.go
│ ├── install
│ │ ├── autoupdate.go
│ │ ├── client.go
│ │ ├── credentials.go
│ │ ├── deploy.go
│ │ ├── download.go
│ │ ├── events.go
│ │ ├── installer.go
│ │ ├── options.go
│ │ └── uninstall.go
│ ├── inventory
│ │ ├── inventory_test.go
│ │ ├── inventory.go
│ │ ├── reader_test.go
│ │ ├── reader.go
│ │ └── testdata
│ │ ├── inventory1.yaml
│ │ └── inventory2.yaml
│ ├── lkm
│ │ ├── artifacts_attestation_test.go
│ │ ├── artifacts_attestation.go
│ │ ├── attestation_test.go
│ │ ├── attestation.go
│ │ ├── doc.go
│ │ ├── errors.go
│ │ ├── fetch_test.go
│ │ ├── fetch.go
│ │ ├── jwe_test.go
│ │ ├── jwe.go
│ │ ├── jwt_test.go
│ │ ├── jwt.go
│ │ ├── keygen_test.go
│ │ ├── keygen.go
│ │ ├── keyset_test.go
│ │ ├── keyset.go
│ │ ├── license_test.go
│ │ ├── license.go
│ │ ├── licensekey.go
│ │ ├── manifests_attestation_test.go
│ │ ├── manifests_attestation.go
│ │ ├── revocation_test.go
│ │ └── revocation.go
│ ├── notifier
│ │ └── notifier.go
│ ├── reporter
│ │ ├── cluster.go
│ │ ├── components.go
│ │ ├── crds.go
│ │ ├── distribution.go
│ │ ├── metrics_test.go
│ │ ├── metrics.go
│ │ ├── reconcilers.go
│ │ ├── reporter.go
│ │ └── sync.go
│ ├── schedule
│ │ ├── scheduler_test.go
│ │ └── scheduler.go
│ ├── tests
│ │ ├── fluxinstance
│ │ │ ├── health_check_test.go
│ │ │ └── suite_test.go
│ │ └── resourceset
│ │ ├── health_check_test.go
│ │ └── suite_test.go
│ ├── testutils
│ │ ├── log.go
│ │ └── time.go
│ └── web
│ ├── action_test.go
│ ├── action.go
│ ├── auth
│ │ ├── claims_test.go
│ │ ├── claims.go
│ │ ├── cookies_test.go
│ │ ├── cookies.go
│ │ ├── errors_test.go
│ │ ├── errors.go
│ │ ├── middlewares_test.go
│ │ ├── middlewares.go
│ │ ├── oauth2_test.go
│ │ ├── oauth2.go
│ │ └── oidc.go
│ ├── config
│ │ ├── authentication_types_test.go
│ │ ├── authentication_types.go
│ │ ├── config_types_test.go
│ │ ├── config_types.go
│ │ ├── groupversion_info.go
│ │ ├── loader_test.go
│ │ ├── loader.go
│ │ ├── user_actions_types_test.go
│ │ ├── user_actions_types.go
│ │ └── watcher.go
│ ├── events_test.go
│ ├── events.go
│ ├── favorites_test.go
│ ├── favorites.go
│ ├── fs.go
│ ├── handler.go
│ ├── inventory.go
│ ├── kubeclient
│ │ ├── client_test.go
│ │ ├── client.go
│ │ └── suite_test.go
│ ├── middlewares_test.go
│ ├── middlewares.go
│ ├── report_test.go
│ ├── report.go
│ ├── resource_test.go
│ ├── resource.go
│ ├── resources_test.go
│ ├── resources.go
│ ├── search_test.go
│ ├── search.go
│ ├── server_test.go
│ ├── server.go
│ ├── source.go
│ ├── suite_test.go
│ ├── user
│ │ ├── user_test.go
│ │ └── user.go
│ ├── workload_test.go
│ ├── workload.go
│ ├── workloads_test.go
│ └── workloads.go
├── LICENSE
├── Makefile
├── PROJECT
├── README.md
├── SECURITY.md
├── test
│ ├── e2e
│ │ ├── e2e_suite_test.go
│ │ ├── e2e_test.go
│ │ ├── instance_test.go
│ │ └── utils.go
│ └── olm
│ ├── e2e_suite_test.go
│ ├── e2e_test.go
│ ├── instance_test.go
│ └── scorecard_test.go
└── web
├── .gitignore
├── embed.go
├── eslint.config.js
├── index.html
├── package-lock.json
├── package.json
├── postcss.config.js
├── public
│ ├── favicon.svg
│ └── fonts
│ └── inter.woff2
├── README.md
├── src
│ ├── app.jsx
│ ├── app.test.jsx
│ ├── components
│ │ ├── auth
│ │ │ ├── LoginPage.jsx
│ │ │ └── LoginPage.test.jsx
│ │ ├── dashboards
│ │ │ ├── cluster
│ │ │ │ ├── ClusterPage.jsx
│ │ │ │ ├── ClusterPage.test.jsx
│ │ │ │ ├── ControllersPanel.jsx
│ │ │ │ ├── ControllersPanel.test.jsx
│ │ │ │ ├── InfoPanel.jsx
│ │ │ │ ├── InfoPanel.test.jsx
│ │ │ │ ├── OverallStatusPanel.jsx
│ │ │ │ ├── OverallStatusPanel.test.jsx
│ │ │ │ ├── ReconcilersPanel.jsx
│ │ │ │ ├── ReconcilersPanel.test.jsx
│ │ │ │ ├── SyncPanel.jsx
│ │ │ │ └── SyncPanel.test.jsx
│ │ │ ├── common
│ │ │ │ ├── panel.jsx
│ │ │ │ ├── panel.test.jsx
│ │ │ │ ├── yaml.jsx
│ │ │ │ └── yaml.test.jsx
│ │ │ └── resource
│ │ │ ├── ActionBar.jsx
│ │ │ ├── ActionBar.test.jsx
│ │ │ ├── ArtifactPanel.jsx
│ │ │ ├── ArtifactPanel.test.jsx
│ │ │ ├── ExportedInputsPanel.jsx
│ │ │ ├── ExportedInputsPanel.test.jsx
│ │ │ ├── GraphTabContent.jsx
│ │ │ ├── GraphTabContent.test.jsx
│ │ │ ├── HistoryTimeline.jsx
│ │ │ ├── HistoryTimeline.test.jsx
│ │ │ ├── InputsPanel.jsx
│ │ │ ├── InputsPanel.test.jsx
│ │ │ ├── InventoryPanel.jsx
│ │ │ ├── InventoryPanel.test.jsx
│ │ │ ├── ReconcilerPanel.jsx
│ │ │ ├── ReconcilerPanel.test.jsx
│ │ │ ├── ResourcePage.jsx
│ │ │ ├── ResourcePage.test.jsx
│ │ │ ├── SourcePanel.jsx
│ │ │ ├── SourcePanel.test.jsx
│ │ │ ├── WorkloadsTabContent.jsx
│ │ │ └── WorkloadsTabContent.test.jsx
│ │ ├── favorites
│ │ │ ├── FavoriteCard.jsx
│ │ │ ├── FavoriteCard.test.jsx
│ │ │ ├── FavoritesHeader.jsx
│ │ │ ├── FavoritesHeader.test.jsx
│ │ │ ├── FavoritesPage.jsx
│ │ │ ├── FavoritesPage.test.jsx
│ │ │ ├── FavoritesSearch.jsx
│ │ │ └── FavoritesSearch.test.jsx
│ │ ├── layout
│ │ │ ├── ConnectionStatus.jsx
│ │ │ ├── ConnectionStatus.test.jsx
│ │ │ ├── Footer.jsx
│ │ │ ├── Footer.test.jsx
│ │ │ ├── Header.jsx
│ │ │ ├── Header.test.jsx
│ │ │ ├── Icons.jsx
│ │ │ ├── NotFoundPage.jsx
│ │ │ ├── NotFoundPage.test.jsx
│ │ │ ├── ThemeToggle.jsx
│ │ │ ├── ThemeToggle.test.jsx
│ │ │ ├── UserMenu.jsx
│ │ │ └── UserMenu.test.jsx
│ │ └── search
│ │ ├── EventList.jsx
│ │ ├── EventList.test.jsx
│ │ ├── FilterForm.jsx
│ │ ├── FilterForm.test.jsx
│ │ ├── QuickSearch.jsx
│ │ ├── QuickSearch.test.jsx
│ │ ├── ResourceDetailsView.jsx
│ │ ├── ResourceDetailsView.test.jsx
│ │ ├── ResourceList.jsx
│ │ ├── ResourceList.test.jsx
│ │ ├── StatusChart.jsx
│ │ └── StatusChart.test.jsx
│ ├── index.css
│ ├── main.jsx
│ ├── mock
│ │ ├── action.js
│ │ ├── events.js
│ │ ├── events.test.js
│ │ ├── report.js
│ │ ├── resource.js
│ │ ├── resources.js
│ │ ├── resources.test.js
│ │ ├── workload.js
│ │ └── workload.test.js
│ └── utils
│ ├── constants.js
│ ├── cookies.js
│ ├── cookies.test.js
│ ├── favorites.js
│ ├── favorites.test.js
│ ├── fetch.js
│ ├── fetch.test.js
│ ├── hash.js
│ ├── hash.test.js
│ ├── meta.js
│ ├── meta.test.js
│ ├── navHistory.js
│ ├── navHistory.test.js
│ ├── routing.js
│ ├── routing.test.js
│ ├── scroll.js
│ ├── scroll.test.js
│ ├── status.js
│ ├── status.test.js
│ ├── theme.js
│ ├── theme.test.js
│ ├── time.js
│ ├── time.test.js
│ ├── version.js
│ └── version.test.js
├── tailwind.config.js
├── vite.config.js
└── vitest.setup.js
```
# Files
--------------------------------------------------------------------------------
/config/data/flux/v2.2.3/source-controller.yaml:
--------------------------------------------------------------------------------
```yaml
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.12.0
6 | labels:
7 | app.kubernetes.io/component: source-controller
8 | app.kubernetes.io/part-of: flux
9 | name: buckets.source.toolkit.fluxcd.io
10 | spec:
11 | group: source.toolkit.fluxcd.io
12 | names:
13 | kind: Bucket
14 | listKind: BucketList
15 | plural: buckets
16 | singular: bucket
17 | scope: Namespaced
18 | versions:
19 | - additionalPrinterColumns:
20 | - jsonPath: .spec.endpoint
21 | name: Endpoint
22 | type: string
23 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
24 | name: Ready
25 | type: string
26 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
27 | name: Status
28 | type: string
29 | - jsonPath: .metadata.creationTimestamp
30 | name: Age
31 | type: date
32 | name: v1beta1
33 | schema:
34 | openAPIV3Schema:
35 | description: Bucket is the Schema for the buckets API
36 | properties:
37 | apiVersion:
38 | description: 'APIVersion defines the versioned schema of this representation
39 | of an object. Servers should convert recognized schemas to the latest
40 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
41 | type: string
42 | kind:
43 | description: 'Kind is a string value representing the REST resource this
44 | object represents. Servers may infer this from the endpoint the client
45 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
46 | type: string
47 | metadata:
48 | type: object
49 | spec:
50 | description: BucketSpec defines the desired state of an S3 compatible
51 | bucket
52 | properties:
53 | accessFrom:
54 | description: AccessFrom defines an Access Control List for allowing
55 | cross-namespace references to this object.
56 | properties:
57 | namespaceSelectors:
58 | description: NamespaceSelectors is the list of namespace selectors
59 | to which this ACL applies. Items in this list are evaluated
60 | using a logical OR operation.
61 | items:
62 | description: NamespaceSelector selects the namespaces to which
63 | this ACL applies. An empty map of MatchLabels matches all
64 | namespaces in a cluster.
65 | properties:
66 | matchLabels:
67 | additionalProperties:
68 | type: string
69 | description: MatchLabels is a map of {key,value} pairs.
70 | A single {key,value} in the matchLabels map is equivalent
71 | to an element of matchExpressions, whose key field is
72 | "key", the operator is "In", and the values array contains
73 | only "value". The requirements are ANDed.
74 | type: object
75 | type: object
76 | type: array
77 | required:
78 | - namespaceSelectors
79 | type: object
80 | bucketName:
81 | description: The bucket name.
82 | type: string
83 | endpoint:
84 | description: The bucket endpoint address.
85 | type: string
86 | ignore:
87 | description: Ignore overrides the set of excluded patterns in the
88 | .sourceignore format (which is the same as .gitignore). If not provided,
89 | a default will be used, consult the documentation for your version
90 | to find out what those are.
91 | type: string
92 | insecure:
93 | description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
94 | type: boolean
95 | interval:
96 | description: The interval at which to check for bucket updates.
97 | type: string
98 | provider:
99 | default: generic
100 | description: The S3 compatible storage provider name, default ('generic').
101 | enum:
102 | - generic
103 | - aws
104 | - gcp
105 | type: string
106 | region:
107 | description: The bucket region.
108 | type: string
109 | secretRef:
110 | description: The name of the secret containing authentication credentials
111 | for the Bucket.
112 | properties:
113 | name:
114 | description: Name of the referent.
115 | type: string
116 | required:
117 | - name
118 | type: object
119 | suspend:
120 | description: This flag tells the controller to suspend the reconciliation
121 | of this source.
122 | type: boolean
123 | timeout:
124 | default: 60s
125 | description: The timeout for download operations, defaults to 60s.
126 | type: string
127 | required:
128 | - bucketName
129 | - endpoint
130 | - interval
131 | type: object
132 | status:
133 | default:
134 | observedGeneration: -1
135 | description: BucketStatus defines the observed state of a bucket
136 | properties:
137 | artifact:
138 | description: Artifact represents the output of the last successful
139 | Bucket sync.
140 | properties:
141 | checksum:
142 | description: Checksum is the SHA256 checksum of the artifact.
143 | type: string
144 | lastUpdateTime:
145 | description: LastUpdateTime is the timestamp corresponding to
146 | the last update of this artifact.
147 | format: date-time
148 | type: string
149 | path:
150 | description: Path is the relative file path of this artifact.
151 | type: string
152 | revision:
153 | description: Revision is a human readable identifier traceable
154 | in the origin source system. It can be a Git commit SHA, Git
155 | tag, a Helm index timestamp, a Helm chart version, etc.
156 | type: string
157 | url:
158 | description: URL is the HTTP address of this artifact.
159 | type: string
160 | required:
161 | - path
162 | - url
163 | type: object
164 | conditions:
165 | description: Conditions holds the conditions for the Bucket.
166 | items:
167 | description: "Condition contains details for one aspect of the current
168 | state of this API Resource. --- This struct is intended for direct
169 | use as an array at the field path .status.conditions. For example,
170 | \n type FooStatus struct{ // Represents the observations of a
171 | foo's current state. // Known .status.conditions.type are: \"Available\",
172 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
173 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
174 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
175 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
176 | properties:
177 | lastTransitionTime:
178 | description: lastTransitionTime is the last time the condition
179 | transitioned from one status to another. This should be when
180 | the underlying condition changed. If that is not known, then
181 | using the time when the API field changed is acceptable.
182 | format: date-time
183 | type: string
184 | message:
185 | description: message is a human readable message indicating
186 | details about the transition. This may be an empty string.
187 | maxLength: 32768
188 | type: string
189 | observedGeneration:
190 | description: observedGeneration represents the .metadata.generation
191 | that the condition was set based upon. For instance, if .metadata.generation
192 | is currently 12, but the .status.conditions[x].observedGeneration
193 | is 9, the condition is out of date with respect to the current
194 | state of the instance.
195 | format: int64
196 | minimum: 0
197 | type: integer
198 | reason:
199 | description: reason contains a programmatic identifier indicating
200 | the reason for the condition's last transition. Producers
201 | of specific condition types may define expected values and
202 | meanings for this field, and whether the values are considered
203 | a guaranteed API. The value should be a CamelCase string.
204 | This field may not be empty.
205 | maxLength: 1024
206 | minLength: 1
207 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
208 | type: string
209 | status:
210 | description: status of the condition, one of True, False, Unknown.
211 | enum:
212 | - "True"
213 | - "False"
214 | - Unknown
215 | type: string
216 | type:
217 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
218 | --- Many .condition.type values are consistent across resources
219 | like Available, but because arbitrary conditions can be useful
220 | (see .node.status.conditions), the ability to deconflict is
221 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
222 | maxLength: 316
223 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
224 | type: string
225 | required:
226 | - lastTransitionTime
227 | - message
228 | - reason
229 | - status
230 | - type
231 | type: object
232 | type: array
233 | lastHandledReconcileAt:
234 | description: LastHandledReconcileAt holds the value of the most recent
235 | reconcile request value, so a change of the annotation value can
236 | be detected.
237 | type: string
238 | observedGeneration:
239 | description: ObservedGeneration is the last observed generation.
240 | format: int64
241 | type: integer
242 | url:
243 | description: URL is the download link for the artifact output of the
244 | last Bucket sync.
245 | type: string
246 | type: object
247 | type: object
248 | served: true
249 | storage: false
250 | subresources:
251 | status: {}
252 | - additionalPrinterColumns:
253 | - jsonPath: .spec.endpoint
254 | name: Endpoint
255 | type: string
256 | - jsonPath: .metadata.creationTimestamp
257 | name: Age
258 | type: date
259 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
260 | name: Ready
261 | type: string
262 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
263 | name: Status
264 | type: string
265 | name: v1beta2
266 | schema:
267 | openAPIV3Schema:
268 | description: Bucket is the Schema for the buckets API.
269 | properties:
270 | apiVersion:
271 | description: 'APIVersion defines the versioned schema of this representation
272 | of an object. Servers should convert recognized schemas to the latest
273 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
274 | type: string
275 | kind:
276 | description: 'Kind is a string value representing the REST resource this
277 | object represents. Servers may infer this from the endpoint the client
278 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
279 | type: string
280 | metadata:
281 | type: object
282 | spec:
283 | description: BucketSpec specifies the required configuration to produce
284 | an Artifact for an object storage bucket.
285 | properties:
286 | accessFrom:
287 | description: 'AccessFrom specifies an Access Control List for allowing
288 | cross-namespace references to this object. NOTE: Not implemented,
289 | provisional as of https://github.com/fluxcd/flux2/pull/2092'
290 | properties:
291 | namespaceSelectors:
292 | description: NamespaceSelectors is the list of namespace selectors
293 | to which this ACL applies. Items in this list are evaluated
294 | using a logical OR operation.
295 | items:
296 | description: NamespaceSelector selects the namespaces to which
297 | this ACL applies. An empty map of MatchLabels matches all
298 | namespaces in a cluster.
299 | properties:
300 | matchLabels:
301 | additionalProperties:
302 | type: string
303 | description: MatchLabels is a map of {key,value} pairs.
304 | A single {key,value} in the matchLabels map is equivalent
305 | to an element of matchExpressions, whose key field is
306 | "key", the operator is "In", and the values array contains
307 | only "value". The requirements are ANDed.
308 | type: object
309 | type: object
310 | type: array
311 | required:
312 | - namespaceSelectors
313 | type: object
314 | bucketName:
315 | description: BucketName is the name of the object storage bucket.
316 | type: string
317 | endpoint:
318 | description: Endpoint is the object storage address the BucketName
319 | is located at.
320 | type: string
321 | ignore:
322 | description: Ignore overrides the set of excluded patterns in the
323 | .sourceignore format (which is the same as .gitignore). If not provided,
324 | a default will be used, consult the documentation for your version
325 | to find out what those are.
326 | type: string
327 | insecure:
328 | description: Insecure allows connecting to a non-TLS HTTP Endpoint.
329 | type: boolean
330 | interval:
331 | description: Interval at which the Bucket Endpoint is checked for
332 | updates. This interval is approximate and may be subject to jitter
333 | to ensure efficient use of resources.
334 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
335 | type: string
336 | prefix:
337 | description: Prefix to use for server-side filtering of files in the
338 | Bucket.
339 | type: string
340 | provider:
341 | default: generic
342 | description: Provider of the object storage bucket. Defaults to 'generic',
343 | which expects an S3 (API) compatible object storage.
344 | enum:
345 | - generic
346 | - aws
347 | - gcp
348 | - azure
349 | type: string
350 | region:
351 | description: Region of the Endpoint where the BucketName is located
352 | in.
353 | type: string
354 | secretRef:
355 | description: SecretRef specifies the Secret containing authentication
356 | credentials for the Bucket.
357 | properties:
358 | name:
359 | description: Name of the referent.
360 | type: string
361 | required:
362 | - name
363 | type: object
364 | suspend:
365 | description: Suspend tells the controller to suspend the reconciliation
366 | of this Bucket.
367 | type: boolean
368 | timeout:
369 | default: 60s
370 | description: Timeout for fetch operations, defaults to 60s.
371 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
372 | type: string
373 | required:
374 | - bucketName
375 | - endpoint
376 | - interval
377 | type: object
378 | status:
379 | default:
380 | observedGeneration: -1
381 | description: BucketStatus records the observed state of a Bucket.
382 | properties:
383 | artifact:
384 | description: Artifact represents the last successful Bucket reconciliation.
385 | properties:
386 | digest:
387 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
388 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
389 | type: string
390 | lastUpdateTime:
391 | description: LastUpdateTime is the timestamp corresponding to
392 | the last update of the Artifact.
393 | format: date-time
394 | type: string
395 | metadata:
396 | additionalProperties:
397 | type: string
398 | description: Metadata holds upstream information such as OCI annotations.
399 | type: object
400 | path:
401 | description: Path is the relative file path of the Artifact. It
402 | can be used to locate the file in the root of the Artifact storage
403 | on the local file system of the controller managing the Source.
404 | type: string
405 | revision:
406 | description: Revision is a human-readable identifier traceable
407 | in the origin source system. It can be a Git commit SHA, Git
408 | tag, a Helm chart version, etc.
409 | type: string
410 | size:
411 | description: Size is the number of bytes in the file.
412 | format: int64
413 | type: integer
414 | url:
415 | description: URL is the HTTP address of the Artifact as exposed
416 | by the controller managing the Source. It can be used to retrieve
417 | the Artifact for consumption, e.g. by another controller applying
418 | the Artifact contents.
419 | type: string
420 | required:
421 | - lastUpdateTime
422 | - path
423 | - revision
424 | - url
425 | type: object
426 | conditions:
427 | description: Conditions holds the conditions for the Bucket.
428 | items:
429 | description: "Condition contains details for one aspect of the current
430 | state of this API Resource. --- This struct is intended for direct
431 | use as an array at the field path .status.conditions. For example,
432 | \n type FooStatus struct{ // Represents the observations of a
433 | foo's current state. // Known .status.conditions.type are: \"Available\",
434 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
435 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
436 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
437 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
438 | properties:
439 | lastTransitionTime:
440 | description: lastTransitionTime is the last time the condition
441 | transitioned from one status to another. This should be when
442 | the underlying condition changed. If that is not known, then
443 | using the time when the API field changed is acceptable.
444 | format: date-time
445 | type: string
446 | message:
447 | description: message is a human readable message indicating
448 | details about the transition. This may be an empty string.
449 | maxLength: 32768
450 | type: string
451 | observedGeneration:
452 | description: observedGeneration represents the .metadata.generation
453 | that the condition was set based upon. For instance, if .metadata.generation
454 | is currently 12, but the .status.conditions[x].observedGeneration
455 | is 9, the condition is out of date with respect to the current
456 | state of the instance.
457 | format: int64
458 | minimum: 0
459 | type: integer
460 | reason:
461 | description: reason contains a programmatic identifier indicating
462 | the reason for the condition's last transition. Producers
463 | of specific condition types may define expected values and
464 | meanings for this field, and whether the values are considered
465 | a guaranteed API. The value should be a CamelCase string.
466 | This field may not be empty.
467 | maxLength: 1024
468 | minLength: 1
469 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
470 | type: string
471 | status:
472 | description: status of the condition, one of True, False, Unknown.
473 | enum:
474 | - "True"
475 | - "False"
476 | - Unknown
477 | type: string
478 | type:
479 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
480 | --- Many .condition.type values are consistent across resources
481 | like Available, but because arbitrary conditions can be useful
482 | (see .node.status.conditions), the ability to deconflict is
483 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
484 | maxLength: 316
485 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
486 | type: string
487 | required:
488 | - lastTransitionTime
489 | - message
490 | - reason
491 | - status
492 | - type
493 | type: object
494 | type: array
495 | lastHandledReconcileAt:
496 | description: LastHandledReconcileAt holds the value of the most recent
497 | reconcile request value, so a change of the annotation value can
498 | be detected.
499 | type: string
500 | observedGeneration:
501 | description: ObservedGeneration is the last observed generation of
502 | the Bucket object.
503 | format: int64
504 | type: integer
505 | observedIgnore:
506 | description: ObservedIgnore is the observed exclusion patterns used
507 | for constructing the source artifact.
508 | type: string
509 | url:
510 | description: URL is the dynamic fetch link for the latest Artifact.
511 | It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
512 | data is recommended.
513 | type: string
514 | type: object
515 | type: object
516 | served: true
517 | storage: true
518 | subresources:
519 | status: {}
520 | ---
521 | apiVersion: apiextensions.k8s.io/v1
522 | kind: CustomResourceDefinition
523 | metadata:
524 | annotations:
525 | controller-gen.kubebuilder.io/version: v0.12.0
526 | labels:
527 | app.kubernetes.io/component: source-controller
528 | name: gitrepositories.source.toolkit.fluxcd.io
529 | spec:
530 | group: source.toolkit.fluxcd.io
531 | names:
532 | kind: GitRepository
533 | listKind: GitRepositoryList
534 | plural: gitrepositories
535 | shortNames:
536 | - gitrepo
537 | singular: gitrepository
538 | scope: Namespaced
539 | versions:
540 | - additionalPrinterColumns:
541 | - jsonPath: .spec.url
542 | name: URL
543 | type: string
544 | - jsonPath: .metadata.creationTimestamp
545 | name: Age
546 | type: date
547 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
548 | name: Ready
549 | type: string
550 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
551 | name: Status
552 | type: string
553 | name: v1
554 | schema:
555 | openAPIV3Schema:
556 | description: GitRepository is the Schema for the gitrepositories API.
557 | properties:
558 | apiVersion:
559 | description: 'APIVersion defines the versioned schema of this representation
560 | of an object. Servers should convert recognized schemas to the latest
561 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
562 | type: string
563 | kind:
564 | description: 'Kind is a string value representing the REST resource this
565 | object represents. Servers may infer this from the endpoint the client
566 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
567 | type: string
568 | metadata:
569 | type: object
570 | spec:
571 | description: GitRepositorySpec specifies the required configuration to
572 | produce an Artifact for a Git repository.
573 | properties:
574 | ignore:
575 | description: Ignore overrides the set of excluded patterns in the
576 | .sourceignore format (which is the same as .gitignore). If not provided,
577 | a default will be used, consult the documentation for your version
578 | to find out what those are.
579 | type: string
580 | include:
581 | description: Include specifies a list of GitRepository resources which
582 | Artifacts should be included in the Artifact produced for this GitRepository.
583 | items:
584 | description: GitRepositoryInclude specifies a local reference to
585 | a GitRepository which Artifact (sub-)contents must be included,
586 | and where they should be placed.
587 | properties:
588 | fromPath:
589 | description: FromPath specifies the path to copy contents from,
590 | defaults to the root of the Artifact.
591 | type: string
592 | repository:
593 | description: GitRepositoryRef specifies the GitRepository which
594 | Artifact contents must be included.
595 | properties:
596 | name:
597 | description: Name of the referent.
598 | type: string
599 | required:
600 | - name
601 | type: object
602 | toPath:
603 | description: ToPath specifies the path to copy contents to,
604 | defaults to the name of the GitRepositoryRef.
605 | type: string
606 | required:
607 | - repository
608 | type: object
609 | type: array
610 | interval:
611 | description: Interval at which the GitRepository URL is checked for
612 | updates. This interval is approximate and may be subject to jitter
613 | to ensure efficient use of resources.
614 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
615 | type: string
616 | proxySecretRef:
617 | description: ProxySecretRef specifies the Secret containing the proxy
618 | configuration to use while communicating with the Git server.
619 | properties:
620 | name:
621 | description: Name of the referent.
622 | type: string
623 | required:
624 | - name
625 | type: object
626 | recurseSubmodules:
627 | description: RecurseSubmodules enables the initialization of all submodules
628 | within the GitRepository as cloned from the URL, using their default
629 | settings.
630 | type: boolean
631 | ref:
632 | description: Reference specifies the Git reference to resolve and
633 | monitor for changes, defaults to the 'master' branch.
634 | properties:
635 | branch:
636 | description: Branch to check out, defaults to 'master' if no other
637 | field is defined.
638 | type: string
639 | commit:
640 | description: "Commit SHA to check out, takes precedence over all
641 | reference fields. \n This can be combined with Branch to shallow
642 | clone the branch, in which the commit is expected to exist."
643 | type: string
644 | name:
645 | description: "Name of the reference to check out; takes precedence
646 | over Branch, Tag and SemVer. \n It must be a valid Git reference:
647 | https://git-scm.com/docs/git-check-ref-format#_description Examples:
648 | \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
649 | \"refs/merge-requests/1/head\""
650 | type: string
651 | semver:
652 | description: SemVer tag expression to check out, takes precedence
653 | over Tag.
654 | type: string
655 | tag:
656 | description: Tag to check out, takes precedence over Branch.
657 | type: string
658 | type: object
659 | secretRef:
660 | description: SecretRef specifies the Secret containing authentication
661 | credentials for the GitRepository. For HTTPS repositories the Secret
662 | must contain 'username' and 'password' fields for basic auth or
663 | 'bearerToken' field for token auth. For SSH repositories the Secret
664 | must contain 'identity' and 'known_hosts' fields.
665 | properties:
666 | name:
667 | description: Name of the referent.
668 | type: string
669 | required:
670 | - name
671 | type: object
672 | suspend:
673 | description: Suspend tells the controller to suspend the reconciliation
674 | of this GitRepository.
675 | type: boolean
676 | timeout:
677 | default: 60s
678 | description: Timeout for Git operations like cloning, defaults to
679 | 60s.
680 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
681 | type: string
682 | url:
683 | description: URL specifies the Git repository URL, it can be an HTTP/S
684 | or SSH address.
685 | pattern: ^(http|https|ssh)://.*$
686 | type: string
687 | verify:
688 | description: Verification specifies the configuration to verify the
689 | Git commit signature(s).
690 | properties:
691 | mode:
692 | default: HEAD
693 | description: "Mode specifies which Git object(s) should be verified.
694 | \n The variants \"head\" and \"HEAD\" both imply the same thing,
695 | i.e. verify the commit that the HEAD of the Git repository points
696 | to. The variant \"head\" solely exists to ensure backwards compatibility."
697 | enum:
698 | - head
699 | - HEAD
700 | - Tag
701 | - TagAndHEAD
702 | type: string
703 | secretRef:
704 | description: SecretRef specifies the Secret containing the public
705 | keys of trusted Git authors.
706 | properties:
707 | name:
708 | description: Name of the referent.
709 | type: string
710 | required:
711 | - name
712 | type: object
713 | required:
714 | - secretRef
715 | type: object
716 | required:
717 | - interval
718 | - url
719 | type: object
720 | status:
721 | default:
722 | observedGeneration: -1
723 | description: GitRepositoryStatus records the observed state of a Git repository.
724 | properties:
725 | artifact:
726 | description: Artifact represents the last successful GitRepository
727 | reconciliation.
728 | properties:
729 | digest:
730 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
731 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
732 | type: string
733 | lastUpdateTime:
734 | description: LastUpdateTime is the timestamp corresponding to
735 | the last update of the Artifact.
736 | format: date-time
737 | type: string
738 | metadata:
739 | additionalProperties:
740 | type: string
741 | description: Metadata holds upstream information such as OCI annotations.
742 | type: object
743 | path:
744 | description: Path is the relative file path of the Artifact. It
745 | can be used to locate the file in the root of the Artifact storage
746 | on the local file system of the controller managing the Source.
747 | type: string
748 | revision:
749 | description: Revision is a human-readable identifier traceable
750 | in the origin source system. It can be a Git commit SHA, Git
751 | tag, a Helm chart version, etc.
752 | type: string
753 | size:
754 | description: Size is the number of bytes in the file.
755 | format: int64
756 | type: integer
757 | url:
758 | description: URL is the HTTP address of the Artifact as exposed
759 | by the controller managing the Source. It can be used to retrieve
760 | the Artifact for consumption, e.g. by another controller applying
761 | the Artifact contents.
762 | type: string
763 | required:
764 | - lastUpdateTime
765 | - path
766 | - revision
767 | - url
768 | type: object
769 | conditions:
770 | description: Conditions holds the conditions for the GitRepository.
771 | items:
772 | description: "Condition contains details for one aspect of the current
773 | state of this API Resource. --- This struct is intended for direct
774 | use as an array at the field path .status.conditions. For example,
775 | \n type FooStatus struct{ // Represents the observations of a
776 | foo's current state. // Known .status.conditions.type are: \"Available\",
777 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
778 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
779 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
780 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
781 | properties:
782 | lastTransitionTime:
783 | description: lastTransitionTime is the last time the condition
784 | transitioned from one status to another. This should be when
785 | the underlying condition changed. If that is not known, then
786 | using the time when the API field changed is acceptable.
787 | format: date-time
788 | type: string
789 | message:
790 | description: message is a human readable message indicating
791 | details about the transition. This may be an empty string.
792 | maxLength: 32768
793 | type: string
794 | observedGeneration:
795 | description: observedGeneration represents the .metadata.generation
796 | that the condition was set based upon. For instance, if .metadata.generation
797 | is currently 12, but the .status.conditions[x].observedGeneration
798 | is 9, the condition is out of date with respect to the current
799 | state of the instance.
800 | format: int64
801 | minimum: 0
802 | type: integer
803 | reason:
804 | description: reason contains a programmatic identifier indicating
805 | the reason for the condition's last transition. Producers
806 | of specific condition types may define expected values and
807 | meanings for this field, and whether the values are considered
808 | a guaranteed API. The value should be a CamelCase string.
809 | This field may not be empty.
810 | maxLength: 1024
811 | minLength: 1
812 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
813 | type: string
814 | status:
815 | description: status of the condition, one of True, False, Unknown.
816 | enum:
817 | - "True"
818 | - "False"
819 | - Unknown
820 | type: string
821 | type:
822 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
823 | --- Many .condition.type values are consistent across resources
824 | like Available, but because arbitrary conditions can be useful
825 | (see .node.status.conditions), the ability to deconflict is
826 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
827 | maxLength: 316
828 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
829 | type: string
830 | required:
831 | - lastTransitionTime
832 | - message
833 | - reason
834 | - status
835 | - type
836 | type: object
837 | type: array
838 | includedArtifacts:
839 | description: IncludedArtifacts contains a list of the last successfully
840 | included Artifacts as instructed by GitRepositorySpec.Include.
841 | items:
842 | description: Artifact represents the output of a Source reconciliation.
843 | properties:
844 | digest:
845 | description: Digest is the digest of the file in the form of
846 | '<algorithm>:<checksum>'.
847 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
848 | type: string
849 | lastUpdateTime:
850 | description: LastUpdateTime is the timestamp corresponding to
851 | the last update of the Artifact.
852 | format: date-time
853 | type: string
854 | metadata:
855 | additionalProperties:
856 | type: string
857 | description: Metadata holds upstream information such as OCI
858 | annotations.
859 | type: object
860 | path:
861 | description: Path is the relative file path of the Artifact.
862 | It can be used to locate the file in the root of the Artifact
863 | storage on the local file system of the controller managing
864 | the Source.
865 | type: string
866 | revision:
867 | description: Revision is a human-readable identifier traceable
868 | in the origin source system. It can be a Git commit SHA, Git
869 | tag, a Helm chart version, etc.
870 | type: string
871 | size:
872 | description: Size is the number of bytes in the file.
873 | format: int64
874 | type: integer
875 | url:
876 | description: URL is the HTTP address of the Artifact as exposed
877 | by the controller managing the Source. It can be used to retrieve
878 | the Artifact for consumption, e.g. by another controller applying
879 | the Artifact contents.
880 | type: string
881 | required:
882 | - lastUpdateTime
883 | - path
884 | - revision
885 | - url
886 | type: object
887 | type: array
888 | lastHandledReconcileAt:
889 | description: LastHandledReconcileAt holds the value of the most recent
890 | reconcile request value, so a change of the annotation value can
891 | be detected.
892 | type: string
893 | observedGeneration:
894 | description: ObservedGeneration is the last observed generation of
895 | the GitRepository object.
896 | format: int64
897 | type: integer
898 | observedIgnore:
899 | description: ObservedIgnore is the observed exclusion patterns used
900 | for constructing the source artifact.
901 | type: string
902 | observedInclude:
903 | description: ObservedInclude is the observed list of GitRepository
904 | resources used to produce the current Artifact.
905 | items:
906 | description: GitRepositoryInclude specifies a local reference to
907 | a GitRepository which Artifact (sub-)contents must be included,
908 | and where they should be placed.
909 | properties:
910 | fromPath:
911 | description: FromPath specifies the path to copy contents from,
912 | defaults to the root of the Artifact.
913 | type: string
914 | repository:
915 | description: GitRepositoryRef specifies the GitRepository which
916 | Artifact contents must be included.
917 | properties:
918 | name:
919 | description: Name of the referent.
920 | type: string
921 | required:
922 | - name
923 | type: object
924 | toPath:
925 | description: ToPath specifies the path to copy contents to,
926 | defaults to the name of the GitRepositoryRef.
927 | type: string
928 | required:
929 | - repository
930 | type: object
931 | type: array
932 | observedRecurseSubmodules:
933 | description: ObservedRecurseSubmodules is the observed resource submodules
934 | configuration used to produce the current Artifact.
935 | type: boolean
936 | sourceVerificationMode:
937 | description: SourceVerificationMode is the last used verification
938 | mode indicating which Git object(s) have been verified.
939 | type: string
940 | type: object
941 | type: object
942 | served: true
943 | storage: true
944 | subresources:
945 | status: {}
946 | - additionalPrinterColumns:
947 | - jsonPath: .spec.url
948 | name: URL
949 | type: string
950 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
951 | name: Ready
952 | type: string
953 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
954 | name: Status
955 | type: string
956 | - jsonPath: .metadata.creationTimestamp
957 | name: Age
958 | type: date
959 | deprecated: true
960 | deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
961 | name: v1beta1
962 | schema:
963 | openAPIV3Schema:
964 | description: GitRepository is the Schema for the gitrepositories API
965 | properties:
966 | apiVersion:
967 | description: 'APIVersion defines the versioned schema of this representation
968 | of an object. Servers should convert recognized schemas to the latest
969 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
970 | type: string
971 | kind:
972 | description: 'Kind is a string value representing the REST resource this
973 | object represents. Servers may infer this from the endpoint the client
974 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
975 | type: string
976 | metadata:
977 | type: object
978 | spec:
979 | description: GitRepositorySpec defines the desired state of a Git repository.
980 | properties:
981 | accessFrom:
982 | description: AccessFrom defines an Access Control List for allowing
983 | cross-namespace references to this object.
984 | properties:
985 | namespaceSelectors:
986 | description: NamespaceSelectors is the list of namespace selectors
987 | to which this ACL applies. Items in this list are evaluated
988 | using a logical OR operation.
989 | items:
990 | description: NamespaceSelector selects the namespaces to which
991 | this ACL applies. An empty map of MatchLabels matches all
992 | namespaces in a cluster.
993 | properties:
994 | matchLabels:
995 | additionalProperties:
996 | type: string
997 | description: MatchLabels is a map of {key,value} pairs.
998 | A single {key,value} in the matchLabels map is equivalent
999 | to an element of matchExpressions, whose key field is
1000 | "key", the operator is "In", and the values array contains
1001 | only "value". The requirements are ANDed.
1002 | type: object
1003 | type: object
1004 | type: array
1005 | required:
1006 | - namespaceSelectors
1007 | type: object
1008 | gitImplementation:
1009 | default: go-git
1010 | description: Determines which git client library to use. Defaults
1011 | to go-git, valid values are ('go-git', 'libgit2').
1012 | enum:
1013 | - go-git
1014 | - libgit2
1015 | type: string
1016 | ignore:
1017 | description: Ignore overrides the set of excluded patterns in the
1018 | .sourceignore format (which is the same as .gitignore). If not provided,
1019 | a default will be used, consult the documentation for your version
1020 | to find out what those are.
1021 | type: string
1022 | include:
1023 | description: Extra git repositories to map into the repository
1024 | items:
1025 | description: GitRepositoryInclude defines a source with a from and
1026 | to path.
1027 | properties:
1028 | fromPath:
1029 | description: The path to copy contents from, defaults to the
1030 | root directory.
1031 | type: string
1032 | repository:
1033 | description: Reference to a GitRepository to include.
1034 | properties:
1035 | name:
1036 | description: Name of the referent.
1037 | type: string
1038 | required:
1039 | - name
1040 | type: object
1041 | toPath:
1042 | description: The path to copy contents to, defaults to the name
1043 | of the source ref.
1044 | type: string
1045 | required:
1046 | - repository
1047 | type: object
1048 | type: array
1049 | interval:
1050 | description: The interval at which to check for repository updates.
1051 | type: string
1052 | recurseSubmodules:
1053 | description: When enabled, after the clone is created, initializes
1054 | all submodules within, using their default settings. This option
1055 | is available only when using the 'go-git' GitImplementation.
1056 | type: boolean
1057 | ref:
1058 | description: The Git reference to checkout and monitor for changes,
1059 | defaults to master branch.
1060 | properties:
1061 | branch:
1062 | description: The Git branch to checkout, defaults to master.
1063 | type: string
1064 | commit:
1065 | description: The Git commit SHA to checkout, if specified Tag
1066 | filters will be ignored.
1067 | type: string
1068 | semver:
1069 | description: The Git tag semver expression, takes precedence over
1070 | Tag.
1071 | type: string
1072 | tag:
1073 | description: The Git tag to checkout, takes precedence over Branch.
1074 | type: string
1075 | type: object
1076 | secretRef:
1077 | description: The secret name containing the Git credentials. For HTTPS
1078 | repositories the secret must contain username and password fields.
1079 | For SSH repositories the secret must contain identity and known_hosts
1080 | fields.
1081 | properties:
1082 | name:
1083 | description: Name of the referent.
1084 | type: string
1085 | required:
1086 | - name
1087 | type: object
1088 | suspend:
1089 | description: This flag tells the controller to suspend the reconciliation
1090 | of this source.
1091 | type: boolean
1092 | timeout:
1093 | default: 60s
1094 | description: The timeout for remote Git operations like cloning, defaults
1095 | to 60s.
1096 | type: string
1097 | url:
1098 | description: The repository URL, can be a HTTP/S or SSH address.
1099 | pattern: ^(http|https|ssh)://.*$
1100 | type: string
1101 | verify:
1102 | description: Verify OpenPGP signature for the Git commit HEAD points
1103 | to.
1104 | properties:
1105 | mode:
1106 | description: Mode describes what git object should be verified,
1107 | currently ('head').
1108 | enum:
1109 | - head
1110 | type: string
1111 | secretRef:
1112 | description: The secret name containing the public keys of all
1113 | trusted Git authors.
1114 | properties:
1115 | name:
1116 | description: Name of the referent.
1117 | type: string
1118 | required:
1119 | - name
1120 | type: object
1121 | required:
1122 | - mode
1123 | type: object
1124 | required:
1125 | - interval
1126 | - url
1127 | type: object
1128 | status:
1129 | default:
1130 | observedGeneration: -1
1131 | description: GitRepositoryStatus defines the observed state of a Git repository.
1132 | properties:
1133 | artifact:
1134 | description: Artifact represents the output of the last successful
1135 | repository sync.
1136 | properties:
1137 | checksum:
1138 | description: Checksum is the SHA256 checksum of the artifact.
1139 | type: string
1140 | lastUpdateTime:
1141 | description: LastUpdateTime is the timestamp corresponding to
1142 | the last update of this artifact.
1143 | format: date-time
1144 | type: string
1145 | path:
1146 | description: Path is the relative file path of this artifact.
1147 | type: string
1148 | revision:
1149 | description: Revision is a human readable identifier traceable
1150 | in the origin source system. It can be a Git commit SHA, Git
1151 | tag, a Helm index timestamp, a Helm chart version, etc.
1152 | type: string
1153 | url:
1154 | description: URL is the HTTP address of this artifact.
1155 | type: string
1156 | required:
1157 | - path
1158 | - url
1159 | type: object
1160 | conditions:
1161 | description: Conditions holds the conditions for the GitRepository.
1162 | items:
1163 | description: "Condition contains details for one aspect of the current
1164 | state of this API Resource. --- This struct is intended for direct
1165 | use as an array at the field path .status.conditions. For example,
1166 | \n type FooStatus struct{ // Represents the observations of a
1167 | foo's current state. // Known .status.conditions.type are: \"Available\",
1168 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1169 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
1170 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1171 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1172 | properties:
1173 | lastTransitionTime:
1174 | description: lastTransitionTime is the last time the condition
1175 | transitioned from one status to another. This should be when
1176 | the underlying condition changed. If that is not known, then
1177 | using the time when the API field changed is acceptable.
1178 | format: date-time
1179 | type: string
1180 | message:
1181 | description: message is a human readable message indicating
1182 | details about the transition. This may be an empty string.
1183 | maxLength: 32768
1184 | type: string
1185 | observedGeneration:
1186 | description: observedGeneration represents the .metadata.generation
1187 | that the condition was set based upon. For instance, if .metadata.generation
1188 | is currently 12, but the .status.conditions[x].observedGeneration
1189 | is 9, the condition is out of date with respect to the current
1190 | state of the instance.
1191 | format: int64
1192 | minimum: 0
1193 | type: integer
1194 | reason:
1195 | description: reason contains a programmatic identifier indicating
1196 | the reason for the condition's last transition. Producers
1197 | of specific condition types may define expected values and
1198 | meanings for this field, and whether the values are considered
1199 | a guaranteed API. The value should be a CamelCase string.
1200 | This field may not be empty.
1201 | maxLength: 1024
1202 | minLength: 1
1203 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1204 | type: string
1205 | status:
1206 | description: status of the condition, one of True, False, Unknown.
1207 | enum:
1208 | - "True"
1209 | - "False"
1210 | - Unknown
1211 | type: string
1212 | type:
1213 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1214 | --- Many .condition.type values are consistent across resources
1215 | like Available, but because arbitrary conditions can be useful
1216 | (see .node.status.conditions), the ability to deconflict is
1217 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1218 | maxLength: 316
1219 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1220 | type: string
1221 | required:
1222 | - lastTransitionTime
1223 | - message
1224 | - reason
1225 | - status
1226 | - type
1227 | type: object
1228 | type: array
1229 | includedArtifacts:
1230 | description: IncludedArtifacts represents the included artifacts from
1231 | the last successful repository sync.
1232 | items:
1233 | description: Artifact represents the output of a source synchronisation.
1234 | properties:
1235 | checksum:
1236 | description: Checksum is the SHA256 checksum of the artifact.
1237 | type: string
1238 | lastUpdateTime:
1239 | description: LastUpdateTime is the timestamp corresponding to
1240 | the last update of this artifact.
1241 | format: date-time
1242 | type: string
1243 | path:
1244 | description: Path is the relative file path of this artifact.
1245 | type: string
1246 | revision:
1247 | description: Revision is a human readable identifier traceable
1248 | in the origin source system. It can be a Git commit SHA, Git
1249 | tag, a Helm index timestamp, a Helm chart version, etc.
1250 | type: string
1251 | url:
1252 | description: URL is the HTTP address of this artifact.
1253 | type: string
1254 | required:
1255 | - path
1256 | - url
1257 | type: object
1258 | type: array
1259 | lastHandledReconcileAt:
1260 | description: LastHandledReconcileAt holds the value of the most recent
1261 | reconcile request value, so a change of the annotation value can
1262 | be detected.
1263 | type: string
1264 | observedGeneration:
1265 | description: ObservedGeneration is the last observed generation.
1266 | format: int64
1267 | type: integer
1268 | url:
1269 | description: URL is the download link for the artifact output of the
1270 | last repository sync.
1271 | type: string
1272 | type: object
1273 | type: object
1274 | served: true
1275 | storage: false
1276 | subresources:
1277 | status: {}
1278 | - additionalPrinterColumns:
1279 | - jsonPath: .spec.url
1280 | name: URL
1281 | type: string
1282 | - jsonPath: .metadata.creationTimestamp
1283 | name: Age
1284 | type: date
1285 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1286 | name: Ready
1287 | type: string
1288 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1289 | name: Status
1290 | type: string
1291 | deprecated: true
1292 | deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
1293 | name: v1beta2
1294 | schema:
1295 | openAPIV3Schema:
1296 | description: GitRepository is the Schema for the gitrepositories API.
1297 | properties:
1298 | apiVersion:
1299 | description: 'APIVersion defines the versioned schema of this representation
1300 | of an object. Servers should convert recognized schemas to the latest
1301 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1302 | type: string
1303 | kind:
1304 | description: 'Kind is a string value representing the REST resource this
1305 | object represents. Servers may infer this from the endpoint the client
1306 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1307 | type: string
1308 | metadata:
1309 | type: object
1310 | spec:
1311 | description: GitRepositorySpec specifies the required configuration to
1312 | produce an Artifact for a Git repository.
1313 | properties:
1314 | accessFrom:
1315 | description: 'AccessFrom specifies an Access Control List for allowing
1316 | cross-namespace references to this object. NOTE: Not implemented,
1317 | provisional as of https://github.com/fluxcd/flux2/pull/2092'
1318 | properties:
1319 | namespaceSelectors:
1320 | description: NamespaceSelectors is the list of namespace selectors
1321 | to which this ACL applies. Items in this list are evaluated
1322 | using a logical OR operation.
1323 | items:
1324 | description: NamespaceSelector selects the namespaces to which
1325 | this ACL applies. An empty map of MatchLabels matches all
1326 | namespaces in a cluster.
1327 | properties:
1328 | matchLabels:
1329 | additionalProperties:
1330 | type: string
1331 | description: MatchLabels is a map of {key,value} pairs.
1332 | A single {key,value} in the matchLabels map is equivalent
1333 | to an element of matchExpressions, whose key field is
1334 | "key", the operator is "In", and the values array contains
1335 | only "value". The requirements are ANDed.
1336 | type: object
1337 | type: object
1338 | type: array
1339 | required:
1340 | - namespaceSelectors
1341 | type: object
1342 | gitImplementation:
1343 | default: go-git
1344 | description: 'GitImplementation specifies which Git client library
1345 | implementation to use. Defaults to ''go-git'', valid values are
1346 | (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated
1347 | now that ''go-git'' is the only supported implementation.'
1348 | enum:
1349 | - go-git
1350 | - libgit2
1351 | type: string
1352 | ignore:
1353 | description: Ignore overrides the set of excluded patterns in the
1354 | .sourceignore format (which is the same as .gitignore). If not provided,
1355 | a default will be used, consult the documentation for your version
1356 | to find out what those are.
1357 | type: string
1358 | include:
1359 | description: Include specifies a list of GitRepository resources which
1360 | Artifacts should be included in the Artifact produced for this GitRepository.
1361 | items:
1362 | description: GitRepositoryInclude specifies a local reference to
1363 | a GitRepository which Artifact (sub-)contents must be included,
1364 | and where they should be placed.
1365 | properties:
1366 | fromPath:
1367 | description: FromPath specifies the path to copy contents from,
1368 | defaults to the root of the Artifact.
1369 | type: string
1370 | repository:
1371 | description: GitRepositoryRef specifies the GitRepository which
1372 | Artifact contents must be included.
1373 | properties:
1374 | name:
1375 | description: Name of the referent.
1376 | type: string
1377 | required:
1378 | - name
1379 | type: object
1380 | toPath:
1381 | description: ToPath specifies the path to copy contents to,
1382 | defaults to the name of the GitRepositoryRef.
1383 | type: string
1384 | required:
1385 | - repository
1386 | type: object
1387 | type: array
1388 | interval:
1389 | description: Interval at which to check the GitRepository for updates.
1390 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1391 | type: string
1392 | recurseSubmodules:
1393 | description: RecurseSubmodules enables the initialization of all submodules
1394 | within the GitRepository as cloned from the URL, using their default
1395 | settings.
1396 | type: boolean
1397 | ref:
1398 | description: Reference specifies the Git reference to resolve and
1399 | monitor for changes, defaults to the 'master' branch.
1400 | properties:
1401 | branch:
1402 | description: Branch to check out, defaults to 'master' if no other
1403 | field is defined.
1404 | type: string
1405 | commit:
1406 | description: "Commit SHA to check out, takes precedence over all
1407 | reference fields. \n This can be combined with Branch to shallow
1408 | clone the branch, in which the commit is expected to exist."
1409 | type: string
1410 | name:
1411 | description: "Name of the reference to check out; takes precedence
1412 | over Branch, Tag and SemVer. \n It must be a valid Git reference:
1413 | https://git-scm.com/docs/git-check-ref-format#_description Examples:
1414 | \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
1415 | \"refs/merge-requests/1/head\""
1416 | type: string
1417 | semver:
1418 | description: SemVer tag expression to check out, takes precedence
1419 | over Tag.
1420 | type: string
1421 | tag:
1422 | description: Tag to check out, takes precedence over Branch.
1423 | type: string
1424 | type: object
1425 | secretRef:
1426 | description: SecretRef specifies the Secret containing authentication
1427 | credentials for the GitRepository. For HTTPS repositories the Secret
1428 | must contain 'username' and 'password' fields for basic auth or
1429 | 'bearerToken' field for token auth. For SSH repositories the Secret
1430 | must contain 'identity' and 'known_hosts' fields.
1431 | properties:
1432 | name:
1433 | description: Name of the referent.
1434 | type: string
1435 | required:
1436 | - name
1437 | type: object
1438 | suspend:
1439 | description: Suspend tells the controller to suspend the reconciliation
1440 | of this GitRepository.
1441 | type: boolean
1442 | timeout:
1443 | default: 60s
1444 | description: Timeout for Git operations like cloning, defaults to
1445 | 60s.
1446 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1447 | type: string
1448 | url:
1449 | description: URL specifies the Git repository URL, it can be an HTTP/S
1450 | or SSH address.
1451 | pattern: ^(http|https|ssh)://.*$
1452 | type: string
1453 | verify:
1454 | description: Verification specifies the configuration to verify the
1455 | Git commit signature(s).
1456 | properties:
1457 | mode:
1458 | description: Mode specifies what Git object should be verified,
1459 | currently ('head').
1460 | enum:
1461 | - head
1462 | type: string
1463 | secretRef:
1464 | description: SecretRef specifies the Secret containing the public
1465 | keys of trusted Git authors.
1466 | properties:
1467 | name:
1468 | description: Name of the referent.
1469 | type: string
1470 | required:
1471 | - name
1472 | type: object
1473 | required:
1474 | - mode
1475 | - secretRef
1476 | type: object
1477 | required:
1478 | - interval
1479 | - url
1480 | type: object
1481 | status:
1482 | default:
1483 | observedGeneration: -1
1484 | description: GitRepositoryStatus records the observed state of a Git repository.
1485 | properties:
1486 | artifact:
1487 | description: Artifact represents the last successful GitRepository
1488 | reconciliation.
1489 | properties:
1490 | digest:
1491 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1492 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1493 | type: string
1494 | lastUpdateTime:
1495 | description: LastUpdateTime is the timestamp corresponding to
1496 | the last update of the Artifact.
1497 | format: date-time
1498 | type: string
1499 | metadata:
1500 | additionalProperties:
1501 | type: string
1502 | description: Metadata holds upstream information such as OCI annotations.
1503 | type: object
1504 | path:
1505 | description: Path is the relative file path of the Artifact. It
1506 | can be used to locate the file in the root of the Artifact storage
1507 | on the local file system of the controller managing the Source.
1508 | type: string
1509 | revision:
1510 | description: Revision is a human-readable identifier traceable
1511 | in the origin source system. It can be a Git commit SHA, Git
1512 | tag, a Helm chart version, etc.
1513 | type: string
1514 | size:
1515 | description: Size is the number of bytes in the file.
1516 | format: int64
1517 | type: integer
1518 | url:
1519 | description: URL is the HTTP address of the Artifact as exposed
1520 | by the controller managing the Source. It can be used to retrieve
1521 | the Artifact for consumption, e.g. by another controller applying
1522 | the Artifact contents.
1523 | type: string
1524 | required:
1525 | - lastUpdateTime
1526 | - path
1527 | - revision
1528 | - url
1529 | type: object
1530 | conditions:
1531 | description: Conditions holds the conditions for the GitRepository.
1532 | items:
1533 | description: "Condition contains details for one aspect of the current
1534 | state of this API Resource. --- This struct is intended for direct
1535 | use as an array at the field path .status.conditions. For example,
1536 | \n type FooStatus struct{ // Represents the observations of a
1537 | foo's current state. // Known .status.conditions.type are: \"Available\",
1538 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1539 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
1540 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1541 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1542 | properties:
1543 | lastTransitionTime:
1544 | description: lastTransitionTime is the last time the condition
1545 | transitioned from one status to another. This should be when
1546 | the underlying condition changed. If that is not known, then
1547 | using the time when the API field changed is acceptable.
1548 | format: date-time
1549 | type: string
1550 | message:
1551 | description: message is a human readable message indicating
1552 | details about the transition. This may be an empty string.
1553 | maxLength: 32768
1554 | type: string
1555 | observedGeneration:
1556 | description: observedGeneration represents the .metadata.generation
1557 | that the condition was set based upon. For instance, if .metadata.generation
1558 | is currently 12, but the .status.conditions[x].observedGeneration
1559 | is 9, the condition is out of date with respect to the current
1560 | state of the instance.
1561 | format: int64
1562 | minimum: 0
1563 | type: integer
1564 | reason:
1565 | description: reason contains a programmatic identifier indicating
1566 | the reason for the condition's last transition. Producers
1567 | of specific condition types may define expected values and
1568 | meanings for this field, and whether the values are considered
1569 | a guaranteed API. The value should be a CamelCase string.
1570 | This field may not be empty.
1571 | maxLength: 1024
1572 | minLength: 1
1573 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1574 | type: string
1575 | status:
1576 | description: status of the condition, one of True, False, Unknown.
1577 | enum:
1578 | - "True"
1579 | - "False"
1580 | - Unknown
1581 | type: string
1582 | type:
1583 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1584 | --- Many .condition.type values are consistent across resources
1585 | like Available, but because arbitrary conditions can be useful
1586 | (see .node.status.conditions), the ability to deconflict is
1587 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1588 | maxLength: 316
1589 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1590 | type: string
1591 | required:
1592 | - lastTransitionTime
1593 | - message
1594 | - reason
1595 | - status
1596 | - type
1597 | type: object
1598 | type: array
1599 | contentConfigChecksum:
1600 | description: "ContentConfigChecksum is a checksum of all the configurations
1601 | related to the content of the source artifact: - .spec.ignore -
1602 | .spec.recurseSubmodules - .spec.included and the checksum of the
1603 | included artifacts observed in .status.observedGeneration version
1604 | of the object. This can be used to determine if the content of the
1605 | included repository has changed. It has the format of `<algo>:<checksum>`,
1606 | for example: `sha256:<checksum>`. \n Deprecated: Replaced with explicit
1607 | fields for observed artifact content config in the status."
1608 | type: string
1609 | includedArtifacts:
1610 | description: IncludedArtifacts contains a list of the last successfully
1611 | included Artifacts as instructed by GitRepositorySpec.Include.
1612 | items:
1613 | description: Artifact represents the output of a Source reconciliation.
1614 | properties:
1615 | digest:
1616 | description: Digest is the digest of the file in the form of
1617 | '<algorithm>:<checksum>'.
1618 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1619 | type: string
1620 | lastUpdateTime:
1621 | description: LastUpdateTime is the timestamp corresponding to
1622 | the last update of the Artifact.
1623 | format: date-time
1624 | type: string
1625 | metadata:
1626 | additionalProperties:
1627 | type: string
1628 | description: Metadata holds upstream information such as OCI
1629 | annotations.
1630 | type: object
1631 | path:
1632 | description: Path is the relative file path of the Artifact.
1633 | It can be used to locate the file in the root of the Artifact
1634 | storage on the local file system of the controller managing
1635 | the Source.
1636 | type: string
1637 | revision:
1638 | description: Revision is a human-readable identifier traceable
1639 | in the origin source system. It can be a Git commit SHA, Git
1640 | tag, a Helm chart version, etc.
1641 | type: string
1642 | size:
1643 | description: Size is the number of bytes in the file.
1644 | format: int64
1645 | type: integer
1646 | url:
1647 | description: URL is the HTTP address of the Artifact as exposed
1648 | by the controller managing the Source. It can be used to retrieve
1649 | the Artifact for consumption, e.g. by another controller applying
1650 | the Artifact contents.
1651 | type: string
1652 | required:
1653 | - lastUpdateTime
1654 | - path
1655 | - revision
1656 | - url
1657 | type: object
1658 | type: array
1659 | lastHandledReconcileAt:
1660 | description: LastHandledReconcileAt holds the value of the most recent
1661 | reconcile request value, so a change of the annotation value can
1662 | be detected.
1663 | type: string
1664 | observedGeneration:
1665 | description: ObservedGeneration is the last observed generation of
1666 | the GitRepository object.
1667 | format: int64
1668 | type: integer
1669 | observedIgnore:
1670 | description: ObservedIgnore is the observed exclusion patterns used
1671 | for constructing the source artifact.
1672 | type: string
1673 | observedInclude:
1674 | description: ObservedInclude is the observed list of GitRepository
1675 | resources used to to produce the current Artifact.
1676 | items:
1677 | description: GitRepositoryInclude specifies a local reference to
1678 | a GitRepository which Artifact (sub-)contents must be included,
1679 | and where they should be placed.
1680 | properties:
1681 | fromPath:
1682 | description: FromPath specifies the path to copy contents from,
1683 | defaults to the root of the Artifact.
1684 | type: string
1685 | repository:
1686 | description: GitRepositoryRef specifies the GitRepository which
1687 | Artifact contents must be included.
1688 | properties:
1689 | name:
1690 | description: Name of the referent.
1691 | type: string
1692 | required:
1693 | - name
1694 | type: object
1695 | toPath:
1696 | description: ToPath specifies the path to copy contents to,
1697 | defaults to the name of the GitRepositoryRef.
1698 | type: string
1699 | required:
1700 | - repository
1701 | type: object
1702 | type: array
1703 | observedRecurseSubmodules:
1704 | description: ObservedRecurseSubmodules is the observed resource submodules
1705 | configuration used to produce the current Artifact.
1706 | type: boolean
1707 | url:
1708 | description: URL is the dynamic fetch link for the latest Artifact.
1709 | It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
1710 | data is recommended.
1711 | type: string
1712 | type: object
1713 | type: object
1714 | served: true
1715 | storage: false
1716 | subresources:
1717 | status: {}
1718 | ---
1719 | apiVersion: apiextensions.k8s.io/v1
1720 | kind: CustomResourceDefinition
1721 | metadata:
1722 | annotations:
1723 | controller-gen.kubebuilder.io/version: v0.12.0
1724 | labels:
1725 | app.kubernetes.io/component: source-controller
1726 | name: helmcharts.source.toolkit.fluxcd.io
1727 | spec:
1728 | group: source.toolkit.fluxcd.io
1729 | names:
1730 | kind: HelmChart
1731 | listKind: HelmChartList
1732 | plural: helmcharts
1733 | shortNames:
1734 | - hc
1735 | singular: helmchart
1736 | scope: Namespaced
1737 | versions:
1738 | - additionalPrinterColumns:
1739 | - jsonPath: .spec.chart
1740 | name: Chart
1741 | type: string
1742 | - jsonPath: .spec.version
1743 | name: Version
1744 | type: string
1745 | - jsonPath: .spec.sourceRef.kind
1746 | name: Source Kind
1747 | type: string
1748 | - jsonPath: .spec.sourceRef.name
1749 | name: Source Name
1750 | type: string
1751 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1752 | name: Ready
1753 | type: string
1754 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1755 | name: Status
1756 | type: string
1757 | - jsonPath: .metadata.creationTimestamp
1758 | name: Age
1759 | type: date
1760 | name: v1beta1
1761 | schema:
1762 | openAPIV3Schema:
1763 | description: HelmChart is the Schema for the helmcharts API
1764 | properties:
1765 | apiVersion:
1766 | description: 'APIVersion defines the versioned schema of this representation
1767 | of an object. Servers should convert recognized schemas to the latest
1768 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1769 | type: string
1770 | kind:
1771 | description: 'Kind is a string value representing the REST resource this
1772 | object represents. Servers may infer this from the endpoint the client
1773 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1774 | type: string
1775 | metadata:
1776 | type: object
1777 | spec:
1778 | description: HelmChartSpec defines the desired state of a Helm chart.
1779 | properties:
1780 | accessFrom:
1781 | description: AccessFrom defines an Access Control List for allowing
1782 | cross-namespace references to this object.
1783 | properties:
1784 | namespaceSelectors:
1785 | description: NamespaceSelectors is the list of namespace selectors
1786 | to which this ACL applies. Items in this list are evaluated
1787 | using a logical OR operation.
1788 | items:
1789 | description: NamespaceSelector selects the namespaces to which
1790 | this ACL applies. An empty map of MatchLabels matches all
1791 | namespaces in a cluster.
1792 | properties:
1793 | matchLabels:
1794 | additionalProperties:
1795 | type: string
1796 | description: MatchLabels is a map of {key,value} pairs.
1797 | A single {key,value} in the matchLabels map is equivalent
1798 | to an element of matchExpressions, whose key field is
1799 | "key", the operator is "In", and the values array contains
1800 | only "value". The requirements are ANDed.
1801 | type: object
1802 | type: object
1803 | type: array
1804 | required:
1805 | - namespaceSelectors
1806 | type: object
1807 | chart:
1808 | description: The name or path the Helm chart is available at in the
1809 | SourceRef.
1810 | type: string
1811 | interval:
1812 | description: The interval at which to check the Source for updates.
1813 | type: string
1814 | reconcileStrategy:
1815 | default: ChartVersion
1816 | description: Determines what enables the creation of a new artifact.
1817 | Valid values are ('ChartVersion', 'Revision'). See the documentation
1818 | of the values for an explanation on their behavior. Defaults to
1819 | ChartVersion when omitted.
1820 | enum:
1821 | - ChartVersion
1822 | - Revision
1823 | type: string
1824 | sourceRef:
1825 | description: The reference to the Source the chart is available at.
1826 | properties:
1827 | apiVersion:
1828 | description: APIVersion of the referent.
1829 | type: string
1830 | kind:
1831 | description: Kind of the referent, valid values are ('HelmRepository',
1832 | 'GitRepository', 'Bucket').
1833 | enum:
1834 | - HelmRepository
1835 | - GitRepository
1836 | - Bucket
1837 | type: string
1838 | name:
1839 | description: Name of the referent.
1840 | type: string
1841 | required:
1842 | - kind
1843 | - name
1844 | type: object
1845 | suspend:
1846 | description: This flag tells the controller to suspend the reconciliation
1847 | of this source.
1848 | type: boolean
1849 | valuesFile:
1850 | description: Alternative values file to use as the default chart values,
1851 | expected to be a relative path in the SourceRef. Deprecated in favor
1852 | of ValuesFiles, for backwards compatibility the file defined here
1853 | is merged before the ValuesFiles items. Ignored when omitted.
1854 | type: string
1855 | valuesFiles:
1856 | description: Alternative list of values files to use as the chart
1857 | values (values.yaml is not included by default), expected to be
1858 | a relative path in the SourceRef. Values files are merged in the
1859 | order of this list with the last file overriding the first. Ignored
1860 | when omitted.
1861 | items:
1862 | type: string
1863 | type: array
1864 | version:
1865 | default: '*'
1866 | description: The chart version semver expression, ignored for charts
1867 | from GitRepository and Bucket sources. Defaults to latest when omitted.
1868 | type: string
1869 | required:
1870 | - chart
1871 | - interval
1872 | - sourceRef
1873 | type: object
1874 | status:
1875 | default:
1876 | observedGeneration: -1
1877 | description: HelmChartStatus defines the observed state of the HelmChart.
1878 | properties:
1879 | artifact:
1880 | description: Artifact represents the output of the last successful
1881 | chart sync.
1882 | properties:
1883 | checksum:
1884 | description: Checksum is the SHA256 checksum of the artifact.
1885 | type: string
1886 | lastUpdateTime:
1887 | description: LastUpdateTime is the timestamp corresponding to
1888 | the last update of this artifact.
1889 | format: date-time
1890 | type: string
1891 | path:
1892 | description: Path is the relative file path of this artifact.
1893 | type: string
1894 | revision:
1895 | description: Revision is a human readable identifier traceable
1896 | in the origin source system. It can be a Git commit SHA, Git
1897 | tag, a Helm index timestamp, a Helm chart version, etc.
1898 | type: string
1899 | url:
1900 | description: URL is the HTTP address of this artifact.
1901 | type: string
1902 | required:
1903 | - path
1904 | - url
1905 | type: object
1906 | conditions:
1907 | description: Conditions holds the conditions for the HelmChart.
1908 | items:
1909 | description: "Condition contains details for one aspect of the current
1910 | state of this API Resource. --- This struct is intended for direct
1911 | use as an array at the field path .status.conditions. For example,
1912 | \n type FooStatus struct{ // Represents the observations of a
1913 | foo's current state. // Known .status.conditions.type are: \"Available\",
1914 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1915 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
1916 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1917 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1918 | properties:
1919 | lastTransitionTime:
1920 | description: lastTransitionTime is the last time the condition
1921 | transitioned from one status to another. This should be when
1922 | the underlying condition changed. If that is not known, then
1923 | using the time when the API field changed is acceptable.
1924 | format: date-time
1925 | type: string
1926 | message:
1927 | description: message is a human readable message indicating
1928 | details about the transition. This may be an empty string.
1929 | maxLength: 32768
1930 | type: string
1931 | observedGeneration:
1932 | description: observedGeneration represents the .metadata.generation
1933 | that the condition was set based upon. For instance, if .metadata.generation
1934 | is currently 12, but the .status.conditions[x].observedGeneration
1935 | is 9, the condition is out of date with respect to the current
1936 | state of the instance.
1937 | format: int64
1938 | minimum: 0
1939 | type: integer
1940 | reason:
1941 | description: reason contains a programmatic identifier indicating
1942 | the reason for the condition's last transition. Producers
1943 | of specific condition types may define expected values and
1944 | meanings for this field, and whether the values are considered
1945 | a guaranteed API. The value should be a CamelCase string.
1946 | This field may not be empty.
1947 | maxLength: 1024
1948 | minLength: 1
1949 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1950 | type: string
1951 | status:
1952 | description: status of the condition, one of True, False, Unknown.
1953 | enum:
1954 | - "True"
1955 | - "False"
1956 | - Unknown
1957 | type: string
1958 | type:
1959 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1960 | --- Many .condition.type values are consistent across resources
1961 | like Available, but because arbitrary conditions can be useful
1962 | (see .node.status.conditions), the ability to deconflict is
1963 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1964 | maxLength: 316
1965 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1966 | type: string
1967 | required:
1968 | - lastTransitionTime
1969 | - message
1970 | - reason
1971 | - status
1972 | - type
1973 | type: object
1974 | type: array
1975 | lastHandledReconcileAt:
1976 | description: LastHandledReconcileAt holds the value of the most recent
1977 | reconcile request value, so a change of the annotation value can
1978 | be detected.
1979 | type: string
1980 | observedGeneration:
1981 | description: ObservedGeneration is the last observed generation.
1982 | format: int64
1983 | type: integer
1984 | url:
1985 | description: URL is the download link for the last chart pulled.
1986 | type: string
1987 | type: object
1988 | type: object
1989 | served: true
1990 | storage: false
1991 | subresources:
1992 | status: {}
1993 | - additionalPrinterColumns:
1994 | - jsonPath: .spec.chart
1995 | name: Chart
1996 | type: string
1997 | - jsonPath: .spec.version
1998 | name: Version
1999 | type: string
2000 | - jsonPath: .spec.sourceRef.kind
2001 | name: Source Kind
2002 | type: string
2003 | - jsonPath: .spec.sourceRef.name
2004 | name: Source Name
2005 | type: string
2006 | - jsonPath: .metadata.creationTimestamp
2007 | name: Age
2008 | type: date
2009 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2010 | name: Ready
2011 | type: string
2012 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2013 | name: Status
2014 | type: string
2015 | name: v1beta2
2016 | schema:
2017 | openAPIV3Schema:
2018 | description: HelmChart is the Schema for the helmcharts API.
2019 | properties:
2020 | apiVersion:
2021 | description: 'APIVersion defines the versioned schema of this representation
2022 | of an object. Servers should convert recognized schemas to the latest
2023 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2024 | type: string
2025 | kind:
2026 | description: 'Kind is a string value representing the REST resource this
2027 | object represents. Servers may infer this from the endpoint the client
2028 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2029 | type: string
2030 | metadata:
2031 | type: object
2032 | spec:
2033 | description: HelmChartSpec specifies the desired state of a Helm chart.
2034 | properties:
2035 | accessFrom:
2036 | description: 'AccessFrom specifies an Access Control List for allowing
2037 | cross-namespace references to this object. NOTE: Not implemented,
2038 | provisional as of https://github.com/fluxcd/flux2/pull/2092'
2039 | properties:
2040 | namespaceSelectors:
2041 | description: NamespaceSelectors is the list of namespace selectors
2042 | to which this ACL applies. Items in this list are evaluated
2043 | using a logical OR operation.
2044 | items:
2045 | description: NamespaceSelector selects the namespaces to which
2046 | this ACL applies. An empty map of MatchLabels matches all
2047 | namespaces in a cluster.
2048 | properties:
2049 | matchLabels:
2050 | additionalProperties:
2051 | type: string
2052 | description: MatchLabels is a map of {key,value} pairs.
2053 | A single {key,value} in the matchLabels map is equivalent
2054 | to an element of matchExpressions, whose key field is
2055 | "key", the operator is "In", and the values array contains
2056 | only "value". The requirements are ANDed.
2057 | type: object
2058 | type: object
2059 | type: array
2060 | required:
2061 | - namespaceSelectors
2062 | type: object
2063 | chart:
2064 | description: Chart is the name or path the Helm chart is available
2065 | at in the SourceRef.
2066 | type: string
2067 | interval:
2068 | description: Interval at which the HelmChart SourceRef is checked
2069 | for updates. This interval is approximate and may be subject to
2070 | jitter to ensure efficient use of resources.
2071 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2072 | type: string
2073 | reconcileStrategy:
2074 | default: ChartVersion
2075 | description: ReconcileStrategy determines what enables the creation
2076 | of a new artifact. Valid values are ('ChartVersion', 'Revision').
2077 | See the documentation of the values for an explanation on their
2078 | behavior. Defaults to ChartVersion when omitted.
2079 | enum:
2080 | - ChartVersion
2081 | - Revision
2082 | type: string
2083 | sourceRef:
2084 | description: SourceRef is the reference to the Source the chart is
2085 | available at.
2086 | properties:
2087 | apiVersion:
2088 | description: APIVersion of the referent.
2089 | type: string
2090 | kind:
2091 | description: Kind of the referent, valid values are ('HelmRepository',
2092 | 'GitRepository', 'Bucket').
2093 | enum:
2094 | - HelmRepository
2095 | - GitRepository
2096 | - Bucket
2097 | type: string
2098 | name:
2099 | description: Name of the referent.
2100 | type: string
2101 | required:
2102 | - kind
2103 | - name
2104 | type: object
2105 | suspend:
2106 | description: Suspend tells the controller to suspend the reconciliation
2107 | of this source.
2108 | type: boolean
2109 | valuesFile:
2110 | description: ValuesFile is an alternative values file to use as the
2111 | default chart values, expected to be a relative path in the SourceRef.
2112 | Deprecated in favor of ValuesFiles, for backwards compatibility
2113 | the file specified here is merged before the ValuesFiles items.
2114 | Ignored when omitted.
2115 | type: string
2116 | valuesFiles:
2117 | description: ValuesFiles is an alternative list of values files to
2118 | use as the chart values (values.yaml is not included by default),
2119 | expected to be a relative path in the SourceRef. Values files are
2120 | merged in the order of this list with the last file overriding the
2121 | first. Ignored when omitted.
2122 | items:
2123 | type: string
2124 | type: array
2125 | verify:
2126 | description: Verify contains the secret name containing the trusted
2127 | public keys used to verify the signature and specifies which provider
2128 | to use to check whether OCI image is authentic. This field is only
2129 | supported when using HelmRepository source with spec.type 'oci'.
2130 | Chart dependencies, which are not bundled in the umbrella chart
2131 | artifact, are not verified.
2132 | properties:
2133 | matchOIDCIdentity:
2134 | description: MatchOIDCIdentity specifies the identity matching
2135 | criteria to use while verifying an OCI artifact which was signed
2136 | using Cosign keyless signing. The artifact's identity is deemed
2137 | to be verified if any of the specified matchers match against
2138 | the identity.
2139 | items:
2140 | description: OIDCIdentityMatch specifies options for verifying
2141 | the certificate identity, i.e. the issuer and the subject
2142 | of the certificate.
2143 | properties:
2144 | issuer:
2145 | description: Issuer specifies the regex pattern to match
2146 | against to verify the OIDC issuer in the Fulcio certificate.
2147 | The pattern must be a valid Go regular expression.
2148 | type: string
2149 | subject:
2150 | description: Subject specifies the regex pattern to match
2151 | against to verify the identity subject in the Fulcio certificate.
2152 | The pattern must be a valid Go regular expression.
2153 | type: string
2154 | required:
2155 | - issuer
2156 | - subject
2157 | type: object
2158 | type: array
2159 | provider:
2160 | default: cosign
2161 | description: Provider specifies the technology used to sign the
2162 | OCI Artifact.
2163 | enum:
2164 | - cosign
2165 | type: string
2166 | secretRef:
2167 | description: SecretRef specifies the Kubernetes Secret containing
2168 | the trusted public keys.
2169 | properties:
2170 | name:
2171 | description: Name of the referent.
2172 | type: string
2173 | required:
2174 | - name
2175 | type: object
2176 | required:
2177 | - provider
2178 | type: object
2179 | version:
2180 | default: '*'
2181 | description: Version is the chart version semver expression, ignored
2182 | for charts from GitRepository and Bucket sources. Defaults to latest
2183 | when omitted.
2184 | type: string
2185 | required:
2186 | - chart
2187 | - interval
2188 | - sourceRef
2189 | type: object
2190 | status:
2191 | default:
2192 | observedGeneration: -1
2193 | description: HelmChartStatus records the observed state of the HelmChart.
2194 | properties:
2195 | artifact:
2196 | description: Artifact represents the output of the last successful
2197 | reconciliation.
2198 | properties:
2199 | digest:
2200 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2201 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2202 | type: string
2203 | lastUpdateTime:
2204 | description: LastUpdateTime is the timestamp corresponding to
2205 | the last update of the Artifact.
2206 | format: date-time
2207 | type: string
2208 | metadata:
2209 | additionalProperties:
2210 | type: string
2211 | description: Metadata holds upstream information such as OCI annotations.
2212 | type: object
2213 | path:
2214 | description: Path is the relative file path of the Artifact. It
2215 | can be used to locate the file in the root of the Artifact storage
2216 | on the local file system of the controller managing the Source.
2217 | type: string
2218 | revision:
2219 | description: Revision is a human-readable identifier traceable
2220 | in the origin source system. It can be a Git commit SHA, Git
2221 | tag, a Helm chart version, etc.
2222 | type: string
2223 | size:
2224 | description: Size is the number of bytes in the file.
2225 | format: int64
2226 | type: integer
2227 | url:
2228 | description: URL is the HTTP address of the Artifact as exposed
2229 | by the controller managing the Source. It can be used to retrieve
2230 | the Artifact for consumption, e.g. by another controller applying
2231 | the Artifact contents.
2232 | type: string
2233 | required:
2234 | - lastUpdateTime
2235 | - path
2236 | - revision
2237 | - url
2238 | type: object
2239 | conditions:
2240 | description: Conditions holds the conditions for the HelmChart.
2241 | items:
2242 | description: "Condition contains details for one aspect of the current
2243 | state of this API Resource. --- This struct is intended for direct
2244 | use as an array at the field path .status.conditions. For example,
2245 | \n type FooStatus struct{ // Represents the observations of a
2246 | foo's current state. // Known .status.conditions.type are: \"Available\",
2247 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2248 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
2249 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2250 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
2251 | properties:
2252 | lastTransitionTime:
2253 | description: lastTransitionTime is the last time the condition
2254 | transitioned from one status to another. This should be when
2255 | the underlying condition changed. If that is not known, then
2256 | using the time when the API field changed is acceptable.
2257 | format: date-time
2258 | type: string
2259 | message:
2260 | description: message is a human readable message indicating
2261 | details about the transition. This may be an empty string.
2262 | maxLength: 32768
2263 | type: string
2264 | observedGeneration:
2265 | description: observedGeneration represents the .metadata.generation
2266 | that the condition was set based upon. For instance, if .metadata.generation
2267 | is currently 12, but the .status.conditions[x].observedGeneration
2268 | is 9, the condition is out of date with respect to the current
2269 | state of the instance.
2270 | format: int64
2271 | minimum: 0
2272 | type: integer
2273 | reason:
2274 | description: reason contains a programmatic identifier indicating
2275 | the reason for the condition's last transition. Producers
2276 | of specific condition types may define expected values and
2277 | meanings for this field, and whether the values are considered
2278 | a guaranteed API. The value should be a CamelCase string.
2279 | This field may not be empty.
2280 | maxLength: 1024
2281 | minLength: 1
2282 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2283 | type: string
2284 | status:
2285 | description: status of the condition, one of True, False, Unknown.
2286 | enum:
2287 | - "True"
2288 | - "False"
2289 | - Unknown
2290 | type: string
2291 | type:
2292 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2293 | --- Many .condition.type values are consistent across resources
2294 | like Available, but because arbitrary conditions can be useful
2295 | (see .node.status.conditions), the ability to deconflict is
2296 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2297 | maxLength: 316
2298 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2299 | type: string
2300 | required:
2301 | - lastTransitionTime
2302 | - message
2303 | - reason
2304 | - status
2305 | - type
2306 | type: object
2307 | type: array
2308 | lastHandledReconcileAt:
2309 | description: LastHandledReconcileAt holds the value of the most recent
2310 | reconcile request value, so a change of the annotation value can
2311 | be detected.
2312 | type: string
2313 | observedChartName:
2314 | description: ObservedChartName is the last observed chart name as
2315 | specified by the resolved chart reference.
2316 | type: string
2317 | observedGeneration:
2318 | description: ObservedGeneration is the last observed generation of
2319 | the HelmChart object.
2320 | format: int64
2321 | type: integer
2322 | observedSourceArtifactRevision:
2323 | description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
2324 | of the HelmChartSpec.SourceRef.
2325 | type: string
2326 | url:
2327 | description: URL is the dynamic fetch link for the latest Artifact.
2328 | It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
2329 | data is recommended.
2330 | type: string
2331 | type: object
2332 | type: object
2333 | served: true
2334 | storage: true
2335 | subresources:
2336 | status: {}
2337 | ---
2338 | apiVersion: apiextensions.k8s.io/v1
2339 | kind: CustomResourceDefinition
2340 | metadata:
2341 | annotations:
2342 | controller-gen.kubebuilder.io/version: v0.12.0
2343 | labels:
2344 | app.kubernetes.io/component: source-controller
2345 | name: helmrepositories.source.toolkit.fluxcd.io
2346 | spec:
2347 | group: source.toolkit.fluxcd.io
2348 | names:
2349 | kind: HelmRepository
2350 | listKind: HelmRepositoryList
2351 | plural: helmrepositories
2352 | shortNames:
2353 | - helmrepo
2354 | singular: helmrepository
2355 | scope: Namespaced
2356 | versions:
2357 | - additionalPrinterColumns:
2358 | - jsonPath: .spec.url
2359 | name: URL
2360 | type: string
2361 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2362 | name: Ready
2363 | type: string
2364 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2365 | name: Status
2366 | type: string
2367 | - jsonPath: .metadata.creationTimestamp
2368 | name: Age
2369 | type: date
2370 | name: v1beta1
2371 | schema:
2372 | openAPIV3Schema:
2373 | description: HelmRepository is the Schema for the helmrepositories API
2374 | properties:
2375 | apiVersion:
2376 | description: 'APIVersion defines the versioned schema of this representation
2377 | of an object. Servers should convert recognized schemas to the latest
2378 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2379 | type: string
2380 | kind:
2381 | description: 'Kind is a string value representing the REST resource this
2382 | object represents. Servers may infer this from the endpoint the client
2383 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2384 | type: string
2385 | metadata:
2386 | type: object
2387 | spec:
2388 | description: HelmRepositorySpec defines the reference to a Helm repository.
2389 | properties:
2390 | accessFrom:
2391 | description: AccessFrom defines an Access Control List for allowing
2392 | cross-namespace references to this object.
2393 | properties:
2394 | namespaceSelectors:
2395 | description: NamespaceSelectors is the list of namespace selectors
2396 | to which this ACL applies. Items in this list are evaluated
2397 | using a logical OR operation.
2398 | items:
2399 | description: NamespaceSelector selects the namespaces to which
2400 | this ACL applies. An empty map of MatchLabels matches all
2401 | namespaces in a cluster.
2402 | properties:
2403 | matchLabels:
2404 | additionalProperties:
2405 | type: string
2406 | description: MatchLabels is a map of {key,value} pairs.
2407 | A single {key,value} in the matchLabels map is equivalent
2408 | to an element of matchExpressions, whose key field is
2409 | "key", the operator is "In", and the values array contains
2410 | only "value". The requirements are ANDed.
2411 | type: object
2412 | type: object
2413 | type: array
2414 | required:
2415 | - namespaceSelectors
2416 | type: object
2417 | interval:
2418 | description: The interval at which to check the upstream for updates.
2419 | type: string
2420 | passCredentials:
2421 | description: PassCredentials allows the credentials from the SecretRef
2422 | to be passed on to a host that does not match the host as defined
2423 | in URL. This may be required if the host of the advertised chart
2424 | URLs in the index differ from the defined URL. Enabling this should
2425 | be done with caution, as it can potentially result in credentials
2426 | getting stolen in a MITM-attack.
2427 | type: boolean
2428 | secretRef:
2429 | description: The name of the secret containing authentication credentials
2430 | for the Helm repository. For HTTP/S basic auth the secret must contain
2431 | username and password fields. For TLS the secret must contain a
2432 | certFile and keyFile, and/or caFile fields.
2433 | properties:
2434 | name:
2435 | description: Name of the referent.
2436 | type: string
2437 | required:
2438 | - name
2439 | type: object
2440 | suspend:
2441 | description: This flag tells the controller to suspend the reconciliation
2442 | of this source.
2443 | type: boolean
2444 | timeout:
2445 | default: 60s
2446 | description: The timeout of index downloading, defaults to 60s.
2447 | type: string
2448 | url:
2449 | description: The Helm repository URL, a valid URL contains at least
2450 | a protocol and host.
2451 | type: string
2452 | required:
2453 | - interval
2454 | - url
2455 | type: object
2456 | status:
2457 | default:
2458 | observedGeneration: -1
2459 | description: HelmRepositoryStatus defines the observed state of the HelmRepository.
2460 | properties:
2461 | artifact:
2462 | description: Artifact represents the output of the last successful
2463 | repository sync.
2464 | properties:
2465 | checksum:
2466 | description: Checksum is the SHA256 checksum of the artifact.
2467 | type: string
2468 | lastUpdateTime:
2469 | description: LastUpdateTime is the timestamp corresponding to
2470 | the last update of this artifact.
2471 | format: date-time
2472 | type: string
2473 | path:
2474 | description: Path is the relative file path of this artifact.
2475 | type: string
2476 | revision:
2477 | description: Revision is a human readable identifier traceable
2478 | in the origin source system. It can be a Git commit SHA, Git
2479 | tag, a Helm index timestamp, a Helm chart version, etc.
2480 | type: string
2481 | url:
2482 | description: URL is the HTTP address of this artifact.
2483 | type: string
2484 | required:
2485 | - path
2486 | - url
2487 | type: object
2488 | conditions:
2489 | description: Conditions holds the conditions for the HelmRepository.
2490 | items:
2491 | description: "Condition contains details for one aspect of the current
2492 | state of this API Resource. --- This struct is intended for direct
2493 | use as an array at the field path .status.conditions. For example,
2494 | \n type FooStatus struct{ // Represents the observations of a
2495 | foo's current state. // Known .status.conditions.type are: \"Available\",
2496 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2497 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
2498 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2499 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
2500 | properties:
2501 | lastTransitionTime:
2502 | description: lastTransitionTime is the last time the condition
2503 | transitioned from one status to another. This should be when
2504 | the underlying condition changed. If that is not known, then
2505 | using the time when the API field changed is acceptable.
2506 | format: date-time
2507 | type: string
2508 | message:
2509 | description: message is a human readable message indicating
2510 | details about the transition. This may be an empty string.
2511 | maxLength: 32768
2512 | type: string
2513 | observedGeneration:
2514 | description: observedGeneration represents the .metadata.generation
2515 | that the condition was set based upon. For instance, if .metadata.generation
2516 | is currently 12, but the .status.conditions[x].observedGeneration
2517 | is 9, the condition is out of date with respect to the current
2518 | state of the instance.
2519 | format: int64
2520 | minimum: 0
2521 | type: integer
2522 | reason:
2523 | description: reason contains a programmatic identifier indicating
2524 | the reason for the condition's last transition. Producers
2525 | of specific condition types may define expected values and
2526 | meanings for this field, and whether the values are considered
2527 | a guaranteed API. The value should be a CamelCase string.
2528 | This field may not be empty.
2529 | maxLength: 1024
2530 | minLength: 1
2531 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2532 | type: string
2533 | status:
2534 | description: status of the condition, one of True, False, Unknown.
2535 | enum:
2536 | - "True"
2537 | - "False"
2538 | - Unknown
2539 | type: string
2540 | type:
2541 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2542 | --- Many .condition.type values are consistent across resources
2543 | like Available, but because arbitrary conditions can be useful
2544 | (see .node.status.conditions), the ability to deconflict is
2545 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2546 | maxLength: 316
2547 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2548 | type: string
2549 | required:
2550 | - lastTransitionTime
2551 | - message
2552 | - reason
2553 | - status
2554 | - type
2555 | type: object
2556 | type: array
2557 | lastHandledReconcileAt:
2558 | description: LastHandledReconcileAt holds the value of the most recent
2559 | reconcile request value, so a change of the annotation value can
2560 | be detected.
2561 | type: string
2562 | observedGeneration:
2563 | description: ObservedGeneration is the last observed generation.
2564 | format: int64
2565 | type: integer
2566 | url:
2567 | description: URL is the download link for the last index fetched.
2568 | type: string
2569 | type: object
2570 | type: object
2571 | served: true
2572 | storage: false
2573 | subresources:
2574 | status: {}
2575 | - additionalPrinterColumns:
2576 | - jsonPath: .spec.url
2577 | name: URL
2578 | type: string
2579 | - jsonPath: .metadata.creationTimestamp
2580 | name: Age
2581 | type: date
2582 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2583 | name: Ready
2584 | type: string
2585 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2586 | name: Status
2587 | type: string
2588 | name: v1beta2
2589 | schema:
2590 | openAPIV3Schema:
2591 | description: HelmRepository is the Schema for the helmrepositories API.
2592 | properties:
2593 | apiVersion:
2594 | description: 'APIVersion defines the versioned schema of this representation
2595 | of an object. Servers should convert recognized schemas to the latest
2596 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2597 | type: string
2598 | kind:
2599 | description: 'Kind is a string value representing the REST resource this
2600 | object represents. Servers may infer this from the endpoint the client
2601 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2602 | type: string
2603 | metadata:
2604 | type: object
2605 | spec:
2606 | description: HelmRepositorySpec specifies the required configuration to
2607 | produce an Artifact for a Helm repository index YAML.
2608 | properties:
2609 | accessFrom:
2610 | description: 'AccessFrom specifies an Access Control List for allowing
2611 | cross-namespace references to this object. NOTE: Not implemented,
2612 | provisional as of https://github.com/fluxcd/flux2/pull/2092'
2613 | properties:
2614 | namespaceSelectors:
2615 | description: NamespaceSelectors is the list of namespace selectors
2616 | to which this ACL applies. Items in this list are evaluated
2617 | using a logical OR operation.
2618 | items:
2619 | description: NamespaceSelector selects the namespaces to which
2620 | this ACL applies. An empty map of MatchLabels matches all
2621 | namespaces in a cluster.
2622 | properties:
2623 | matchLabels:
2624 | additionalProperties:
2625 | type: string
2626 | description: MatchLabels is a map of {key,value} pairs.
2627 | A single {key,value} in the matchLabels map is equivalent
2628 | to an element of matchExpressions, whose key field is
2629 | "key", the operator is "In", and the values array contains
2630 | only "value". The requirements are ANDed.
2631 | type: object
2632 | type: object
2633 | type: array
2634 | required:
2635 | - namespaceSelectors
2636 | type: object
2637 | certSecretRef:
2638 | description: "CertSecretRef can be given the name of a Secret containing
2639 | either or both of \n - a PEM-encoded client certificate (`tls.crt`)
2640 | and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
2641 | \n and whichever are supplied, will be used for connecting to the
2642 | registry. The client cert and key are useful if you are authenticating
2643 | with a certificate; the CA cert is useful if you are using a self-signed
2644 | server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
2645 | \n It takes precedence over the values specified in the Secret referred
2646 | to by `.spec.secretRef`."
2647 | properties:
2648 | name:
2649 | description: Name of the referent.
2650 | type: string
2651 | required:
2652 | - name
2653 | type: object
2654 | insecure:
2655 | description: Insecure allows connecting to a non-TLS HTTP container
2656 | registry. This field is only taken into account if the .spec.type
2657 | field is set to 'oci'.
2658 | type: boolean
2659 | interval:
2660 | description: Interval at which the HelmRepository URL is checked for
2661 | updates. This interval is approximate and may be subject to jitter
2662 | to ensure efficient use of resources.
2663 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2664 | type: string
2665 | passCredentials:
2666 | description: PassCredentials allows the credentials from the SecretRef
2667 | to be passed on to a host that does not match the host as defined
2668 | in URL. This may be required if the host of the advertised chart
2669 | URLs in the index differ from the defined URL. Enabling this should
2670 | be done with caution, as it can potentially result in credentials
2671 | getting stolen in a MITM-attack.
2672 | type: boolean
2673 | provider:
2674 | default: generic
2675 | description: Provider used for authentication, can be 'aws', 'azure',
2676 | 'gcp' or 'generic'. This field is optional, and only taken into
2677 | account if the .spec.type field is set to 'oci'. When not specified,
2678 | defaults to 'generic'.
2679 | enum:
2680 | - generic
2681 | - aws
2682 | - azure
2683 | - gcp
2684 | type: string
2685 | secretRef:
2686 | description: SecretRef specifies the Secret containing authentication
2687 | credentials for the HelmRepository. For HTTP/S basic auth the secret
2688 | must contain 'username' and 'password' fields. Support for TLS auth
2689 | using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
2690 | Please use `.spec.certSecretRef` instead.
2691 | properties:
2692 | name:
2693 | description: Name of the referent.
2694 | type: string
2695 | required:
2696 | - name
2697 | type: object
2698 | suspend:
2699 | description: Suspend tells the controller to suspend the reconciliation
2700 | of this HelmRepository.
2701 | type: boolean
2702 | timeout:
2703 | description: Timeout is used for the index fetch operation for an
2704 | HTTPS helm repository, and for remote OCI Repository operations
2705 | like pulling for an OCI helm chart by the associated HelmChart.
2706 | Its default value is 60s.
2707 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
2708 | type: string
2709 | type:
2710 | description: Type of the HelmRepository. When this field is set to "oci",
2711 | the URL field value must be prefixed with "oci://".
2712 | enum:
2713 | - default
2714 | - oci
2715 | type: string
2716 | url:
2717 | description: URL of the Helm repository, a valid URL contains at least
2718 | a protocol and host.
2719 | pattern: ^(http|https|oci)://.*$
2720 | type: string
2721 | required:
2722 | - url
2723 | type: object
2724 | status:
2725 | default:
2726 | observedGeneration: -1
2727 | description: HelmRepositoryStatus records the observed state of the HelmRepository.
2728 | properties:
2729 | artifact:
2730 | description: Artifact represents the last successful HelmRepository
2731 | reconciliation.
2732 | properties:
2733 | digest:
2734 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2735 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2736 | type: string
2737 | lastUpdateTime:
2738 | description: LastUpdateTime is the timestamp corresponding to
2739 | the last update of the Artifact.
2740 | format: date-time
2741 | type: string
2742 | metadata:
2743 | additionalProperties:
2744 | type: string
2745 | description: Metadata holds upstream information such as OCI annotations.
2746 | type: object
2747 | path:
2748 | description: Path is the relative file path of the Artifact. It
2749 | can be used to locate the file in the root of the Artifact storage
2750 | on the local file system of the controller managing the Source.
2751 | type: string
2752 | revision:
2753 | description: Revision is a human-readable identifier traceable
2754 | in the origin source system. It can be a Git commit SHA, Git
2755 | tag, a Helm chart version, etc.
2756 | type: string
2757 | size:
2758 | description: Size is the number of bytes in the file.
2759 | format: int64
2760 | type: integer
2761 | url:
2762 | description: URL is the HTTP address of the Artifact as exposed
2763 | by the controller managing the Source. It can be used to retrieve
2764 | the Artifact for consumption, e.g. by another controller applying
2765 | the Artifact contents.
2766 | type: string
2767 | required:
2768 | - lastUpdateTime
2769 | - path
2770 | - revision
2771 | - url
2772 | type: object
2773 | conditions:
2774 | description: Conditions holds the conditions for the HelmRepository.
2775 | items:
2776 | description: "Condition contains details for one aspect of the current
2777 | state of this API Resource. --- This struct is intended for direct
2778 | use as an array at the field path .status.conditions. For example,
2779 | \n type FooStatus struct{ // Represents the observations of a
2780 | foo's current state. // Known .status.conditions.type are: \"Available\",
2781 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2782 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
2783 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2784 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
2785 | properties:
2786 | lastTransitionTime:
2787 | description: lastTransitionTime is the last time the condition
2788 | transitioned from one status to another. This should be when
2789 | the underlying condition changed. If that is not known, then
2790 | using the time when the API field changed is acceptable.
2791 | format: date-time
2792 | type: string
2793 | message:
2794 | description: message is a human readable message indicating
2795 | details about the transition. This may be an empty string.
2796 | maxLength: 32768
2797 | type: string
2798 | observedGeneration:
2799 | description: observedGeneration represents the .metadata.generation
2800 | that the condition was set based upon. For instance, if .metadata.generation
2801 | is currently 12, but the .status.conditions[x].observedGeneration
2802 | is 9, the condition is out of date with respect to the current
2803 | state of the instance.
2804 | format: int64
2805 | minimum: 0
2806 | type: integer
2807 | reason:
2808 | description: reason contains a programmatic identifier indicating
2809 | the reason for the condition's last transition. Producers
2810 | of specific condition types may define expected values and
2811 | meanings for this field, and whether the values are considered
2812 | a guaranteed API. The value should be a CamelCase string.
2813 | This field may not be empty.
2814 | maxLength: 1024
2815 | minLength: 1
2816 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2817 | type: string
2818 | status:
2819 | description: status of the condition, one of True, False, Unknown.
2820 | enum:
2821 | - "True"
2822 | - "False"
2823 | - Unknown
2824 | type: string
2825 | type:
2826 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2827 | --- Many .condition.type values are consistent across resources
2828 | like Available, but because arbitrary conditions can be useful
2829 | (see .node.status.conditions), the ability to deconflict is
2830 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2831 | maxLength: 316
2832 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2833 | type: string
2834 | required:
2835 | - lastTransitionTime
2836 | - message
2837 | - reason
2838 | - status
2839 | - type
2840 | type: object
2841 | type: array
2842 | lastHandledReconcileAt:
2843 | description: LastHandledReconcileAt holds the value of the most recent
2844 | reconcile request value, so a change of the annotation value can
2845 | be detected.
2846 | type: string
2847 | observedGeneration:
2848 | description: ObservedGeneration is the last observed generation of
2849 | the HelmRepository object.
2850 | format: int64
2851 | type: integer
2852 | url:
2853 | description: URL is the dynamic fetch link for the latest Artifact.
2854 | It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
2855 | data is recommended.
2856 | type: string
2857 | type: object
2858 | type: object
2859 | served: true
2860 | storage: true
2861 | subresources:
2862 | status: {}
2863 | ---
2864 | apiVersion: apiextensions.k8s.io/v1
2865 | kind: CustomResourceDefinition
2866 | metadata:
2867 | annotations:
2868 | controller-gen.kubebuilder.io/version: v0.12.0
2869 | labels:
2870 | app.kubernetes.io/component: source-controller
2871 | name: ocirepositories.source.toolkit.fluxcd.io
2872 | spec:
2873 | group: source.toolkit.fluxcd.io
2874 | names:
2875 | kind: OCIRepository
2876 | listKind: OCIRepositoryList
2877 | plural: ocirepositories
2878 | shortNames:
2879 | - ocirepo
2880 | singular: ocirepository
2881 | scope: Namespaced
2882 | versions:
2883 | - additionalPrinterColumns:
2884 | - jsonPath: .spec.url
2885 | name: URL
2886 | type: string
2887 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2888 | name: Ready
2889 | type: string
2890 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2891 | name: Status
2892 | type: string
2893 | - jsonPath: .metadata.creationTimestamp
2894 | name: Age
2895 | type: date
2896 | name: v1beta2
2897 | schema:
2898 | openAPIV3Schema:
2899 | description: OCIRepository is the Schema for the ocirepositories API
2900 | properties:
2901 | apiVersion:
2902 | description: 'APIVersion defines the versioned schema of this representation
2903 | of an object. Servers should convert recognized schemas to the latest
2904 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2905 | type: string
2906 | kind:
2907 | description: 'Kind is a string value representing the REST resource this
2908 | object represents. Servers may infer this from the endpoint the client
2909 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2910 | type: string
2911 | metadata:
2912 | type: object
2913 | spec:
2914 | description: OCIRepositorySpec defines the desired state of OCIRepository
2915 | properties:
2916 | certSecretRef:
2917 | description: "CertSecretRef can be given the name of a Secret containing
2918 | either or both of \n - a PEM-encoded client certificate (`tls.crt`)
2919 | and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
2920 | \n and whichever are supplied, will be used for connecting to the
2921 | registry. The client cert and key are useful if you are authenticating
2922 | with a certificate; the CA cert is useful if you are using a self-signed
2923 | server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
2924 | \n Note: Support for the `caFile`, `certFile` and `keyFile` keys
2925 | have been deprecated."
2926 | properties:
2927 | name:
2928 | description: Name of the referent.
2929 | type: string
2930 | required:
2931 | - name
2932 | type: object
2933 | ignore:
2934 | description: Ignore overrides the set of excluded patterns in the
2935 | .sourceignore format (which is the same as .gitignore). If not provided,
2936 | a default will be used, consult the documentation for your version
2937 | to find out what those are.
2938 | type: string
2939 | insecure:
2940 | description: Insecure allows connecting to a non-TLS HTTP container
2941 | registry.
2942 | type: boolean
2943 | interval:
2944 | description: Interval at which the OCIRepository URL is checked for
2945 | updates. This interval is approximate and may be subject to jitter
2946 | to ensure efficient use of resources.
2947 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2948 | type: string
2949 | layerSelector:
2950 | description: LayerSelector specifies which layer should be extracted
2951 | from the OCI artifact. When not specified, the first layer found
2952 | in the artifact is selected.
2953 | properties:
2954 | mediaType:
2955 | description: MediaType specifies the OCI media type of the layer
2956 | which should be extracted from the OCI Artifact. The first layer
2957 | matching this type is selected.
2958 | type: string
2959 | operation:
2960 | description: Operation specifies how the selected layer should
2961 | be processed. By default, the layer compressed content is extracted
2962 | to storage. When the operation is set to 'copy', the layer compressed
2963 | content is persisted to storage as it is.
2964 | enum:
2965 | - extract
2966 | - copy
2967 | type: string
2968 | type: object
2969 | provider:
2970 | default: generic
2971 | description: The provider used for authentication, can be 'aws', 'azure',
2972 | 'gcp' or 'generic'. When not specified, defaults to 'generic'.
2973 | enum:
2974 | - generic
2975 | - aws
2976 | - azure
2977 | - gcp
2978 | type: string
2979 | ref:
2980 | description: The OCI reference to pull and monitor for changes, defaults
2981 | to the latest tag.
2982 | properties:
2983 | digest:
2984 | description: Digest is the image digest to pull, takes precedence
2985 | over SemVer. The value should be in the format 'sha256:<HASH>'.
2986 | type: string
2987 | semver:
2988 | description: SemVer is the range of tags to pull selecting the
2989 | latest within the range, takes precedence over Tag.
2990 | type: string
2991 | tag:
2992 | description: Tag is the image tag to pull, defaults to latest.
2993 | type: string
2994 | type: object
2995 | secretRef:
2996 | description: SecretRef contains the secret name containing the registry
2997 | login credentials to resolve image metadata. The secret must be
2998 | of type kubernetes.io/dockerconfigjson.
2999 | properties:
3000 | name:
3001 | description: Name of the referent.
3002 | type: string
3003 | required:
3004 | - name
3005 | type: object
3006 | serviceAccountName:
3007 | description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
3008 | used to authenticate the image pull if the service account has attached
3009 | pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
3010 | type: string
3011 | suspend:
3012 | description: This flag tells the controller to suspend the reconciliation
3013 | of this source.
3014 | type: boolean
3015 | timeout:
3016 | default: 60s
3017 | description: The timeout for remote OCI Repository operations like
3018 | pulling, defaults to 60s.
3019 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3020 | type: string
3021 | url:
3022 | description: URL is a reference to an OCI artifact repository hosted
3023 | on a remote container registry.
3024 | pattern: ^oci://.*$
3025 | type: string
3026 | verify:
3027 | description: Verify contains the secret name containing the trusted
3028 | public keys used to verify the signature and specifies which provider
3029 | to use to check whether OCI image is authentic.
3030 | properties:
3031 | matchOIDCIdentity:
3032 | description: MatchOIDCIdentity specifies the identity matching
3033 | criteria to use while verifying an OCI artifact which was signed
3034 | using Cosign keyless signing. The artifact's identity is deemed
3035 | to be verified if any of the specified matchers match against
3036 | the identity.
3037 | items:
3038 | description: OIDCIdentityMatch specifies options for verifying
3039 | the certificate identity, i.e. the issuer and the subject
3040 | of the certificate.
3041 | properties:
3042 | issuer:
3043 | description: Issuer specifies the regex pattern to match
3044 | against to verify the OIDC issuer in the Fulcio certificate.
3045 | The pattern must be a valid Go regular expression.
3046 | type: string
3047 | subject:
3048 | description: Subject specifies the regex pattern to match
3049 | against to verify the identity subject in the Fulcio certificate.
3050 | The pattern must be a valid Go regular expression.
3051 | type: string
3052 | required:
3053 | - issuer
3054 | - subject
3055 | type: object
3056 | type: array
3057 | provider:
3058 | default: cosign
3059 | description: Provider specifies the technology used to sign the
3060 | OCI Artifact.
3061 | enum:
3062 | - cosign
3063 | type: string
3064 | secretRef:
3065 | description: SecretRef specifies the Kubernetes Secret containing
3066 | the trusted public keys.
3067 | properties:
3068 | name:
3069 | description: Name of the referent.
3070 | type: string
3071 | required:
3072 | - name
3073 | type: object
3074 | required:
3075 | - provider
3076 | type: object
3077 | required:
3078 | - interval
3079 | - url
3080 | type: object
3081 | status:
3082 | default:
3083 | observedGeneration: -1
3084 | description: OCIRepositoryStatus defines the observed state of OCIRepository
3085 | properties:
3086 | artifact:
3087 | description: Artifact represents the output of the last successful
3088 | OCI Repository sync.
3089 | properties:
3090 | digest:
3091 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3092 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3093 | type: string
3094 | lastUpdateTime:
3095 | description: LastUpdateTime is the timestamp corresponding to
3096 | the last update of the Artifact.
3097 | format: date-time
3098 | type: string
3099 | metadata:
3100 | additionalProperties:
3101 | type: string
3102 | description: Metadata holds upstream information such as OCI annotations.
3103 | type: object
3104 | path:
3105 | description: Path is the relative file path of the Artifact. It
3106 | can be used to locate the file in the root of the Artifact storage
3107 | on the local file system of the controller managing the Source.
3108 | type: string
3109 | revision:
3110 | description: Revision is a human-readable identifier traceable
3111 | in the origin source system. It can be a Git commit SHA, Git
3112 | tag, a Helm chart version, etc.
3113 | type: string
3114 | size:
3115 | description: Size is the number of bytes in the file.
3116 | format: int64
3117 | type: integer
3118 | url:
3119 | description: URL is the HTTP address of the Artifact as exposed
3120 | by the controller managing the Source. It can be used to retrieve
3121 | the Artifact for consumption, e.g. by another controller applying
3122 | the Artifact contents.
3123 | type: string
3124 | required:
3125 | - lastUpdateTime
3126 | - path
3127 | - revision
3128 | - url
3129 | type: object
3130 | conditions:
3131 | description: Conditions holds the conditions for the OCIRepository.
3132 | items:
3133 | description: "Condition contains details for one aspect of the current
3134 | state of this API Resource. --- This struct is intended for direct
3135 | use as an array at the field path .status.conditions. For example,
3136 | \n type FooStatus struct{ // Represents the observations of a
3137 | foo's current state. // Known .status.conditions.type are: \"Available\",
3138 | \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
3139 | // +listType=map // +listMapKey=type Conditions []metav1.Condition
3140 | `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
3141 | protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
3142 | properties:
3143 | lastTransitionTime:
3144 | description: lastTransitionTime is the last time the condition
3145 | transitioned from one status to another. This should be when
3146 | the underlying condition changed. If that is not known, then
3147 | using the time when the API field changed is acceptable.
3148 | format: date-time
3149 | type: string
3150 | message:
3151 | description: message is a human readable message indicating
3152 | details about the transition. This may be an empty string.
3153 | maxLength: 32768
3154 | type: string
3155 | observedGeneration:
3156 | description: observedGeneration represents the .metadata.generation
3157 | that the condition was set based upon. For instance, if .metadata.generation
3158 | is currently 12, but the .status.conditions[x].observedGeneration
3159 | is 9, the condition is out of date with respect to the current
3160 | state of the instance.
3161 | format: int64
3162 | minimum: 0
3163 | type: integer
3164 | reason:
3165 | description: reason contains a programmatic identifier indicating
3166 | the reason for the condition's last transition. Producers
3167 | of specific condition types may define expected values and
3168 | meanings for this field, and whether the values are considered
3169 | a guaranteed API. The value should be a CamelCase string.
3170 | This field may not be empty.
3171 | maxLength: 1024
3172 | minLength: 1
3173 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3174 | type: string
3175 | status:
3176 | description: status of the condition, one of True, False, Unknown.
3177 | enum:
3178 | - "True"
3179 | - "False"
3180 | - Unknown
3181 | type: string
3182 | type:
3183 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3184 | --- Many .condition.type values are consistent across resources
3185 | like Available, but because arbitrary conditions can be useful
3186 | (see .node.status.conditions), the ability to deconflict is
3187 | important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
3188 | maxLength: 316
3189 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3190 | type: string
3191 | required:
3192 | - lastTransitionTime
3193 | - message
3194 | - reason
3195 | - status
3196 | - type
3197 | type: object
3198 | type: array
3199 | contentConfigChecksum:
3200 | description: "ContentConfigChecksum is a checksum of all the configurations
3201 | related to the content of the source artifact: - .spec.ignore -
3202 | .spec.layerSelector observed in .status.observedGeneration version
3203 | of the object. This can be used to determine if the content configuration
3204 | has changed and the artifact needs to be rebuilt. It has the format
3205 | of `<algo>:<checksum>`, for example: `sha256:<checksum>`. \n Deprecated:
3206 | Replaced with explicit fields for observed artifact content config
3207 | in the status."
3208 | type: string
3209 | lastHandledReconcileAt:
3210 | description: LastHandledReconcileAt holds the value of the most recent
3211 | reconcile request value, so a change of the annotation value can
3212 | be detected.
3213 | type: string
3214 | observedGeneration:
3215 | description: ObservedGeneration is the last observed generation.
3216 | format: int64
3217 | type: integer
3218 | observedIgnore:
3219 | description: ObservedIgnore is the observed exclusion patterns used
3220 | for constructing the source artifact.
3221 | type: string
3222 | observedLayerSelector:
3223 | description: ObservedLayerSelector is the observed layer selector
3224 | used for constructing the source artifact.
3225 | properties:
3226 | mediaType:
3227 | description: MediaType specifies the OCI media type of the layer
3228 | which should be extracted from the OCI Artifact. The first layer
3229 | matching this type is selected.
3230 | type: string
3231 | operation:
3232 | description: Operation specifies how the selected layer should
3233 | be processed. By default, the layer compressed content is extracted
3234 | to storage. When the operation is set to 'copy', the layer compressed
3235 | content is persisted to storage as it is.
3236 | enum:
3237 | - extract
3238 | - copy
3239 | type: string
3240 | type: object
3241 | url:
3242 | description: URL is the download link for the artifact output of the
3243 | last OCI Repository sync.
3244 | type: string
3245 | type: object
3246 | type: object
3247 | served: true
3248 | storage: true
3249 | subresources:
3250 | status: {}
3251 | ---
3252 | apiVersion: v1
3253 | kind: ServiceAccount
3254 | metadata:
3255 | labels:
3256 | app.kubernetes.io/component: source-controller
3257 | name: source-controller
3258 | ---
3259 | apiVersion: v1
3260 | kind: Service
3261 | metadata:
3262 | labels:
3263 | app.kubernetes.io/component: source-controller
3264 | control-plane: controller
3265 | name: source-controller
3266 | spec:
3267 | ports:
3268 | - name: http
3269 | port: 80
3270 | protocol: TCP
3271 | targetPort: http
3272 | selector:
3273 | app: source-controller
3274 | type: ClusterIP
3275 | ---
3276 | apiVersion: apps/v1
3277 | kind: Deployment
3278 | metadata:
3279 | labels:
3280 | app.kubernetes.io/component: source-controller
3281 | control-plane: controller
3282 | name: source-controller
3283 | spec:
3284 | replicas: 1
3285 | selector:
3286 | matchLabels:
3287 | app: source-controller
3288 | strategy:
3289 | type: Recreate
3290 | template:
3291 | metadata:
3292 | annotations:
3293 | prometheus.io/port: "8080"
3294 | prometheus.io/scrape: "true"
3295 | labels:
3296 | app: source-controller
3297 | spec:
3298 | containers:
3299 | - args:
3300 | - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
3301 | - --watch-all-namespaces
3302 | - --log-level=info
3303 | - --log-encoding=json
3304 | - --enable-leader-election
3305 | - --storage-path=/data
3306 | - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
3307 | env:
3308 | - name: RUNTIME_NAMESPACE
3309 | valueFrom:
3310 | fieldRef:
3311 | fieldPath: metadata.namespace
3312 | - name: TUF_ROOT
3313 | value: /tmp/.sigstore
3314 | image: fluxcd/source-controller:v1.2.5
3315 | imagePullPolicy: IfNotPresent
3316 | livenessProbe:
3317 | httpGet:
3318 | path: /healthz
3319 | port: healthz
3320 | name: manager
3321 | ports:
3322 | - containerPort: 9090
3323 | name: http
3324 | protocol: TCP
3325 | - containerPort: 8080
3326 | name: http-prom
3327 | protocol: TCP
3328 | - containerPort: 9440
3329 | name: healthz
3330 | protocol: TCP
3331 | readinessProbe:
3332 | httpGet:
3333 | path: /
3334 | port: http
3335 | resources:
3336 | limits:
3337 | cpu: 1000m
3338 | memory: 1Gi
3339 | requests:
3340 | cpu: 50m
3341 | memory: 64Mi
3342 | securityContext:
3343 | allowPrivilegeEscalation: false
3344 | capabilities:
3345 | drop:
3346 | - ALL
3347 | readOnlyRootFilesystem: true
3348 | runAsNonRoot: true
3349 | seccompProfile:
3350 | type: RuntimeDefault
3351 | volumeMounts:
3352 | - mountPath: /data
3353 | name: data
3354 | - mountPath: /tmp
3355 | name: tmp
3356 | priorityClassName: system-cluster-critical
3357 | securityContext:
3358 | fsGroup: 1337
3359 | serviceAccountName: source-controller
3360 | terminationGracePeriodSeconds: 10
3361 | volumes:
3362 | - emptyDir: {}
3363 | name: data
3364 | - emptyDir: {}
3365 | name: tmp
3366 |
```