This is page 99 of 126. Use http://codebase.md/controlplaneio-fluxcd/flux-operator?lines=true&page={x} to view the full context.
# Directory Structure
```
├── .github
│ ├── actions
│ │ └── runner-cleanup
│ │ └── action.yml
│ ├── copilot-instructions.md
│ ├── dependabot.yaml
│ └── workflows
│ ├── actions-test.yaml
│ ├── e2e-olm.yaml
│ ├── preview.yaml
│ ├── push-manifests.yaml
│ ├── release.yaml
│ └── test.yaml
├── .gitignore
├── .golangci.yml
├── .goreleaser.yml
├── actions
│ └── setup
│ ├── action.yaml
│ └── README.md
├── AGENTS.md
├── api
│ └── v1
│ ├── common_types_test.go
│ ├── common_types.go
│ ├── fluxinstance_types.go
│ ├── fluxreport_types.go
│ ├── groupversion_info.go
│ ├── history_types_test.go
│ ├── history_types.go
│ ├── resourceset_types.go
│ ├── resourcesetinputprovider_types.go
│ ├── schedule_types.go
│ └── zz_generated.deepcopy.go
├── cmd
│ ├── cli
│ │ ├── build_instance.go
│ │ ├── build_resourceset_test.go
│ │ ├── build_resourceset.go
│ │ ├── build.go
│ │ ├── client.go
│ │ ├── completion_bash.go
│ │ ├── completion_fish.go
│ │ ├── completion_powershell.go
│ │ ├── completion_zsh.go
│ │ ├── completion.go
│ │ ├── create_secret_basicauth_test.go
│ │ ├── create_secret_basicauth.go
│ │ ├── create_secret_githubapp.go
│ │ ├── create_secret_proxy_test.go
│ │ ├── create_secret_proxy.go
│ │ ├── create_secret_registry_test.go
│ │ ├── create_secret_registry.go
│ │ ├── create_secret_sops_test.go
│ │ ├── create_secret_sops.go
│ │ ├── create_secret_ssh.go
│ │ ├── create_secret_tls.go
│ │ ├── create_secret.go
│ │ ├── create.go
│ │ ├── debug_web_cookie.go
│ │ ├── debug_web.go
│ │ ├── debug.go
│ │ ├── delete_inputprovider_test.go
│ │ ├── delete_inputprovider.go
│ │ ├── delete_instance_test.go
│ │ ├── delete_instance.go
│ │ ├── delete_resourceset_test.go
│ │ ├── delete_resourceset.go
│ │ ├── delete.go
│ │ ├── distro_decrypt_manifests_test.go
│ │ ├── distro_decrypt_manifests.go
│ │ ├── distro_decrypt_token_test.go
│ │ ├── distro_decrypt_token.go
│ │ ├── distro_decrypt.go
│ │ ├── distro_encrypt_manifests_test.go
│ │ ├── distro_encrypt_manifests.go
│ │ ├── distro_encrypt_token_test.go
│ │ ├── distro_encrypt_token.go
│ │ ├── distro_encrypt.go
│ │ ├── distro_keygen_enc_test.go
│ │ ├── distro_keygen_enc.go
│ │ ├── distro_keygen_sig_test.go
│ │ ├── distro_keygen_sig.go
│ │ ├── distro_keygen.go
│ │ ├── distro_revoke_license_key_test.go
│ │ ├── distro_revoke_license_key.go
│ │ ├── distro_revoke.go
│ │ ├── distro_sign_artifacts_test.go
│ │ ├── distro_sign_artifacts.go
│ │ ├── distro_sign_license_key_test.go
│ │ ├── distro_sign_license_key.go
│ │ ├── distro_sign_manifests_test.go
│ │ ├── distro_sign_manifests.go
│ │ ├── distro_sign.go
│ │ ├── distro_verify_artifacts_test.go
│ │ ├── distro_verify_artifacts.go
│ │ ├── distro_verify_license_key_test.go
│ │ ├── distro_verify_license_key.go
│ │ ├── distro_verify_manifests_test.go
│ │ ├── distro_verify_manifests.go
│ │ ├── distro_verify.go
│ │ ├── distro.go
│ │ ├── Dockerfile
│ │ ├── export_report_test.go
│ │ ├── export_report.go
│ │ ├── export_resource_test.go
│ │ ├── export_resource.go
│ │ ├── export.go
│ │ ├── get_inputprovider_test.go
│ │ ├── get_inputprovider.go
│ │ ├── get_instance.go
│ │ ├── get_resources.go
│ │ ├── get_resourceset_test.go
│ │ ├── get_resourceset.go
│ │ ├── get.go
│ │ ├── install.go
│ │ ├── main.go
│ │ ├── README.md
│ │ ├── reconcile_inputprovider.go
│ │ ├── reconcile_instance.go
│ │ ├── reconcile_resource.go
│ │ ├── reconcile_resources.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile.go
│ │ ├── resume_inputprovider.go
│ │ ├── resume_instance.go
│ │ ├── resume_resource.go
│ │ ├── resume_resourceset.go
│ │ ├── resume.go
│ │ ├── stats.go
│ │ ├── suite_test.go
│ │ ├── suspend_inputprovider.go
│ │ ├── suspend_instance.go
│ │ ├── suspend_resource.go
│ │ ├── suspend_resourceset.go
│ │ ├── suspend.go
│ │ ├── testdata
│ │ │ └── build_resourceset
│ │ │ ├── golden-labeled.yaml
│ │ │ ├── golden-named.yaml
│ │ │ ├── golden-permuted.yaml
│ │ │ ├── golden.yaml
│ │ │ ├── inputs.yaml
│ │ │ ├── rset-standalone.yaml
│ │ │ ├── rset-with-rsip-labeled.yaml
│ │ │ ├── rset-with-rsip-named.yaml
│ │ │ ├── rset-with-rsip-permuted.yaml
│ │ │ ├── rset-with-rsip.yaml
│ │ │ ├── rsip-labeled.yaml
│ │ │ ├── rsip-named.yaml
│ │ │ └── rsip.yaml
│ │ ├── trace_test.go
│ │ ├── trace_types.go
│ │ ├── trace.go
│ │ ├── tree_helmrelease.go
│ │ ├── tree_kustomization.go
│ │ ├── tree_resourceset_test.go
│ │ ├── tree_resourceset.go
│ │ ├── tree.go
│ │ ├── uninstall.go
│ │ ├── version_test.go
│ │ ├── version.go
│ │ ├── wait_inputprovider_test.go
│ │ ├── wait_inputprovider.go
│ │ ├── wait_instance_test.go
│ │ ├── wait_instance.go
│ │ ├── wait_resourceset_test.go
│ │ ├── wait_resourceset.go
│ │ └── wait.go
│ ├── mcp
│ │ ├── Dockerfile
│ │ ├── k8s
│ │ │ ├── actions_test.go
│ │ │ ├── actions.go
│ │ │ ├── client_test.go
│ │ │ ├── client.go
│ │ │ ├── config.go
│ │ │ ├── events_test.go
│ │ │ ├── events.go
│ │ │ ├── export_test.go
│ │ │ ├── export.go
│ │ │ ├── helm.go
│ │ │ ├── logs.go
│ │ │ ├── metrics.go
│ │ │ └── suite_test.go
│ │ ├── main.go
│ │ ├── prompter
│ │ │ ├── debug_helmrelease_test.go
│ │ │ ├── debug_helmrelease.go
│ │ │ ├── debug_kustomization_test.go
│ │ │ ├── debug_kustomization.go
│ │ │ ├── index.go
│ │ │ └── manager.go
│ │ ├── README.md
│ │ └── toolbox
│ │ ├── apply_manifest_test.go
│ │ ├── apply_manifest.go
│ │ ├── delete_resource_test.go
│ │ ├── delete_resource.go
│ │ ├── get_apis_test.go
│ │ ├── get_apis.go
│ │ ├── get_contexts_test.go
│ │ ├── get_contexts.go
│ │ ├── get_instance_test.go
│ │ ├── get_instance.go
│ │ ├── get_logs_test.go
│ │ ├── get_logs.go
│ │ ├── get_metrics_test.go
│ │ ├── get_metrics.go
│ │ ├── get_resource_test.go
│ │ ├── get_resource.go
│ │ ├── helpers.go
│ │ ├── indexer
│ │ │ └── main.go
│ │ ├── install_instance_test.go
│ │ ├── install_instance.go
│ │ ├── library
│ │ │ ├── bm25_test.go
│ │ │ ├── bm25.go
│ │ │ ├── index.go
│ │ │ ├── index.gob
│ │ │ ├── library.go
│ │ │ ├── search_test.go
│ │ │ ├── search.go
│ │ │ ├── tokenizer_test.go
│ │ │ └── tokenizer.go
│ │ ├── manager_test.go
│ │ ├── manager.go
│ │ ├── reconcile_helmrelease_test.go
│ │ ├── reconcile_helmrelease.go
│ │ ├── reconcile_kustomization_test.go
│ │ ├── reconcile_kustomization.go
│ │ ├── reconcile_resourceset_test.go
│ │ ├── reconcile_resourceset.go
│ │ ├── reconcile_source_test.go
│ │ ├── reconcile_source.go
│ │ ├── resume_reconciliation_test.go
│ │ ├── resume_reconciliation.go
│ │ ├── scopes_test.go
│ │ ├── scopes.go
│ │ ├── search_flux_docs_test.go
│ │ ├── search_flux_docs.go
│ │ ├── set_context_test.go
│ │ ├── set_context.go
│ │ ├── suspend_reconciliation_test.go
│ │ ├── suspend_reconciliation.go
│ │ └── testdata
│ │ ├── kubeconfig_golden.yaml
│ │ └── kubeconfig.yaml
│ └── operator
│ └── main.go
├── config
│ ├── crd
│ │ ├── bases
│ │ │ ├── fluxcd.controlplane.io_fluxinstances.yaml
│ │ │ ├── fluxcd.controlplane.io_fluxreports.yaml
│ │ │ ├── fluxcd.controlplane.io_resourcesetinputproviders.yaml
│ │ │ └── fluxcd.controlplane.io_resourcesets.yaml
│ │ ├── kustomization.yaml
│ │ └── kustomizeconfig.yaml
│ ├── data
│ │ ├── flux
│ │ │ ├── v2.2.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.5
│ │ │ ├── helm-controller.yaml
│ │ │ ├── image-automation-controller.yaml
│ │ │ ├── image-reflector-controller.yaml
│ │ │ ├── kustomize-controller.yaml
│ │ │ ├── notification-controller.yaml
│ │ │ ├── policies.yaml
│ │ │ ├── rbac.yaml
│ │ │ ├── source-controller.yaml
│ │ │ └── source-watcher.yaml
│ │ ├── flux-images
│ │ │ ├── v2.2.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.2.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.4.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.5.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.6.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.1
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.2
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.3
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.4
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── v2.7.5
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless-fips.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ └── VERSION
│ │ └── flux-vex
│ │ ├── v2.2.json
│ │ ├── v2.3.json
│ │ ├── v2.4.json
│ │ ├── v2.5.json
│ │ ├── v2.6.json
│ │ └── v2.7.json
│ ├── default
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── rbac.yaml
│ ├── manager
│ │ ├── account.yaml
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── mcp
│ │ ├── deployment.yaml
│ │ ├── kustomization.yaml
│ │ └── service.yaml
│ ├── monitoring
│ │ ├── dashboards
│ │ │ ├── flux-k8s-api-performance.json
│ │ │ └── flux-performance.json
│ │ ├── flux-controllers.yaml
│ │ ├── flux-operator.yaml
│ │ └── kustomization.yaml
│ ├── olm
│ │ ├── build
│ │ │ └── Dockerfile
│ │ ├── bundle
│ │ │ ├── manifests
│ │ │ │ ├── flux-operator.clusterserviceversion.yaml
│ │ │ │ ├── flux-operator.service.yaml
│ │ │ │ ├── fluxinstances.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── fluxreports.fluxcd.controlplane.io.crd.yaml
│ │ │ │ ├── resourcesetinputproviders.fluxcd.controlplane.io.crd.yaml
│ │ │ │ └── resourcesets.fluxcd.controlplane.io.crd.yaml
│ │ │ ├── metadata
│ │ │ │ └── annotations.yaml
│ │ │ └── tests
│ │ │ └── scorecard
│ │ │ └── config.yaml
│ │ ├── ci.yaml
│ │ └── test
│ │ ├── bundle.Dockerfile
│ │ ├── olm.yaml
│ │ └── opm.Dockerfile
│ ├── rbac
│ │ ├── fluxinstance_editor_role.yaml
│ │ ├── fluxinstance_viewer_role.yaml
│ │ ├── fluxreport_editor_role.yaml
│ │ ├── fluxreport_viewer_role.yaml
│ │ ├── kustomization.yaml
│ │ ├── leader_election_role_binding.yaml
│ │ ├── leader_election_role.yaml
│ │ ├── resourceset_editor_role.yaml
│ │ ├── resourceset_viewer_role.yaml
│ │ ├── role_binding.yaml
│ │ ├── role.yaml
│ │ └── service_account.yaml
│ ├── samples
│ │ ├── fluxcd_v1_fluxinstance.yaml
│ │ ├── fluxcd_v1_fluxreport.yaml
│ │ ├── fluxcd_v1_resourceset.yaml
│ │ ├── fluxcd_v1_resourcesetinputprovider.yaml
│ │ └── kustomization.yaml
│ └── terraform
│ ├── main.tf
│ ├── outputs.tf
│ ├── providers.tf
│ ├── README.md
│ ├── values
│ │ └── components.yaml
│ ├── variables.tf
│ └── versions.tf
├── CONTRIBUTING.md
├── Dockerfile
├── docs
│ ├── api
│ │ └── v1
│ │ ├── fluxinstance.md
│ │ ├── fluxreport.md
│ │ ├── resourceset.md
│ │ └── resourcesetinputprovider.md
│ ├── dev
│ │ └── README.md
│ ├── guides
│ │ ├── instance
│ │ │ ├── instance-controllers.md
│ │ │ ├── instance-customization.md
│ │ │ ├── instance-monitoring.md
│ │ │ ├── instance-sharding.md
│ │ │ └── instance-sync.md
│ │ ├── operator
│ │ │ ├── operator-install.md
│ │ │ └── operator-migration.md
│ │ └── resourcesets
│ │ ├── rset-app-definition.md
│ │ ├── rset-github-pull-requests.md
│ │ ├── rset-gitlab-environments.md
│ │ ├── rset-gitlab-merge-requests.md
│ │ ├── rset-image-automation.md
│ │ ├── rset-introduction.md
│ │ └── rset-time-based-delivery.md
│ ├── lkm
│ │ └── README.md
│ ├── logo
│ │ ├── flux-operator-banner.png
│ │ ├── flux-operator-banner.svg
│ │ ├── flux-operator-icon.png
│ │ ├── flux-operator-icon.svg
│ │ ├── flux-operator-logo.png
│ │ └── flux-operator-logo.svg
│ ├── mcp
│ │ ├── instructions.md
│ │ ├── mcp-config.md
│ │ ├── mcp-install.md
│ │ ├── mcp-prompting.md
│ │ ├── prompts.md
│ │ └── tools.md
│ └── web
│ ├── web-config-api.md
│ ├── web-ingress.md
│ ├── web-sso-dex.md
│ ├── web-sso-keycloak.md
│ ├── web-sso-openshift.md
│ ├── web-standalone.md
│ └── web-user-management.md
├── go.mod
├── go.sum
├── hack
│ ├── boilerplate.go.txt
│ ├── build-dist-manifests.sh
│ ├── build-olm-images.sh
│ ├── build-olm-manifests.sh
│ ├── install-operator-sdk.sh
│ ├── prep-release.sh
│ ├── vendor-flux-manifests.sh
│ └── web-ui-load-test.sh
├── internal
│ ├── builder
│ │ ├── build_test.go
│ │ ├── build.go
│ │ ├── components.go
│ │ ├── digest.go
│ │ ├── images_test.go
│ │ ├── images.go
│ │ ├── options.go
│ │ ├── preflight_test.go
│ │ ├── preflight.go
│ │ ├── profiles.go
│ │ ├── pull.go
│ │ ├── resourceset_test.go
│ │ ├── resourceset.go
│ │ ├── result.go
│ │ ├── semver_test.go
│ │ ├── semver.go
│ │ ├── templates.go
│ │ ├── testdata
│ │ │ ├── flux
│ │ │ │ ├── v2.2.0
│ │ │ │ │ └── .gitkeep
│ │ │ │ ├── v2.2.1
│ │ │ │ │ └── .gitkeep
│ │ │ │ └── v2.3.0
│ │ │ │ └── .gitkeep
│ │ │ ├── flux-images
│ │ │ │ └── v2.3.0
│ │ │ │ ├── enterprise-alpine.yaml
│ │ │ │ ├── enterprise-distroless.yaml
│ │ │ │ └── upstream-alpine.yaml
│ │ │ ├── resourceset
│ │ │ │ ├── dedup.golden.yaml
│ │ │ │ ├── dedup.yaml
│ │ │ │ ├── empty.yaml
│ │ │ │ ├── exclude.golden.yaml
│ │ │ │ ├── exclude.yaml
│ │ │ │ ├── invalid-output.yaml
│ │ │ │ ├── missing-inputs.yaml
│ │ │ │ ├── multi-doc-template.golden.yaml
│ │ │ │ ├── multi-doc-template.yaml
│ │ │ │ ├── nestedinputs.golden.yaml
│ │ │ │ ├── nestedinputs.yaml
│ │ │ │ ├── noinputs.golden.yaml
│ │ │ │ ├── noinputs.yaml
│ │ │ │ ├── slugify.golden.yaml
│ │ │ │ └── slugify.yaml
│ │ │ ├── v2.3.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.3.0-golden
│ │ │ │ ├── default.kustomization.yaml
│ │ │ │ ├── patches.kustomization.yaml
│ │ │ │ ├── profiles.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── storage.kustomization.yaml
│ │ │ │ └── sync.kustomization.yaml
│ │ │ ├── v2.6.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ └── source-controller.yaml
│ │ │ ├── v2.6.0-golden
│ │ │ │ ├── shard1.kustomization.yaml
│ │ │ │ ├── shard2.kustomization.yaml
│ │ │ │ ├── sharding.kustomization.yaml
│ │ │ │ ├── size.large.kustomization.yaml
│ │ │ │ ├── size.medium.kustomization.yaml
│ │ │ │ └── size.small.kustomization.yaml
│ │ │ ├── v2.7.0
│ │ │ │ ├── helm-controller.yaml
│ │ │ │ ├── image-automation-controller.yaml
│ │ │ │ ├── image-reflector-controller.yaml
│ │ │ │ ├── kustomize-controller.yaml
│ │ │ │ ├── notification-controller.yaml
│ │ │ │ ├── policies.yaml
│ │ │ │ ├── rbac.yaml
│ │ │ │ ├── source-controller.yaml
│ │ │ │ └── source-watcher.yaml
│ │ │ └── v2.7.0-golden
│ │ │ └── source-watcher.kustomization.yaml
│ │ └── workload_identity.go
│ ├── controller
│ │ ├── common.go
│ │ ├── entitlement_controller_test.go
│ │ ├── entitlement_controller.go
│ │ ├── fluxinstance_artifact_controller_test.go
│ │ ├── fluxinstance_artifact_controller.go
│ │ ├── fluxinstance_artifact_manager_test.go
│ │ ├── fluxinstance_artifact_manager.go
│ │ ├── fluxinstance_controller_test.go
│ │ ├── fluxinstance_controller.go
│ │ ├── fluxinstance_manager.go
│ │ ├── fluxinstance_migrator.go
│ │ ├── fluxinstance_uninstaller.go
│ │ ├── fluxreport_controller_test.go
│ │ ├── fluxreport_controller.go
│ │ ├── resourceset_controller_test.go
│ │ ├── resourceset_controller.go
│ │ ├── resourceset_manager_test.go
│ │ ├── resourceset_manager.go
│ │ ├── resourcesetinputprovider_controller_git_test.go
│ │ ├── resourcesetinputprovider_controller_oci_test.go
│ │ ├── resourcesetinputprovider_controller_test.go
│ │ ├── resourcesetinputprovider_controller.go
│ │ ├── resourcesetinputprovider_manager.go
│ │ ├── suite_test.go
│ │ └── testdata
│ │ └── rsa-private-key.pem
│ ├── entitlement
│ │ ├── aws.go
│ │ ├── client_test.go
│ │ ├── client.go
│ │ ├── default_test.go
│ │ └── default.go
│ ├── filtering
│ │ ├── filters_test.go
│ │ └── filters.go
│ ├── gitprovider
│ │ ├── azuredevops_test.go
│ │ ├── azuredevops.go
│ │ ├── github_test.go
│ │ ├── github.go
│ │ ├── gitlab_test.go
│ │ ├── gitlab.go
│ │ ├── interface.go
│ │ ├── options.go
│ │ ├── result_test.go
│ │ └── result.go
│ ├── inputs
│ │ ├── combine_test.go
│ │ ├── combine.go
│ │ ├── flattener.go
│ │ ├── id.go
│ │ ├── json_test.go
│ │ ├── json.go
│ │ ├── keys_test.go
│ │ ├── keys.go
│ │ ├── permuter_test.go
│ │ ├── permuter.go
│ │ └── provider.go
│ ├── install
│ │ ├── autoupdate.go
│ │ ├── client.go
│ │ ├── credentials.go
│ │ ├── deploy.go
│ │ ├── download.go
│ │ ├── events.go
│ │ ├── installer.go
│ │ ├── options.go
│ │ └── uninstall.go
│ ├── inventory
│ │ ├── inventory_test.go
│ │ ├── inventory.go
│ │ ├── reader_test.go
│ │ ├── reader.go
│ │ └── testdata
│ │ ├── inventory1.yaml
│ │ └── inventory2.yaml
│ ├── lkm
│ │ ├── artifacts_attestation_test.go
│ │ ├── artifacts_attestation.go
│ │ ├── attestation_test.go
│ │ ├── attestation.go
│ │ ├── doc.go
│ │ ├── errors.go
│ │ ├── fetch_test.go
│ │ ├── fetch.go
│ │ ├── jwe_test.go
│ │ ├── jwe.go
│ │ ├── jwt_test.go
│ │ ├── jwt.go
│ │ ├── keygen_test.go
│ │ ├── keygen.go
│ │ ├── keyset_test.go
│ │ ├── keyset.go
│ │ ├── license_test.go
│ │ ├── license.go
│ │ ├── licensekey.go
│ │ ├── manifests_attestation_test.go
│ │ ├── manifests_attestation.go
│ │ ├── revocation_test.go
│ │ └── revocation.go
│ ├── notifier
│ │ └── notifier.go
│ ├── reporter
│ │ ├── cluster.go
│ │ ├── components.go
│ │ ├── crds.go
│ │ ├── distribution.go
│ │ ├── metrics_test.go
│ │ ├── metrics.go
│ │ ├── reconcilers.go
│ │ ├── reporter.go
│ │ └── sync.go
│ ├── schedule
│ │ ├── scheduler_test.go
│ │ └── scheduler.go
│ ├── tests
│ │ ├── fluxinstance
│ │ │ ├── health_check_test.go
│ │ │ └── suite_test.go
│ │ └── resourceset
│ │ ├── health_check_test.go
│ │ └── suite_test.go
│ ├── testutils
│ │ ├── log.go
│ │ └── time.go
│ └── web
│ ├── action_test.go
│ ├── action.go
│ ├── auth
│ │ ├── claims_test.go
│ │ ├── claims.go
│ │ ├── cookies_test.go
│ │ ├── cookies.go
│ │ ├── errors_test.go
│ │ ├── errors.go
│ │ ├── middlewares_test.go
│ │ ├── middlewares.go
│ │ ├── oauth2_test.go
│ │ ├── oauth2.go
│ │ └── oidc.go
│ ├── config
│ │ ├── authentication_types_test.go
│ │ ├── authentication_types.go
│ │ ├── config_types_test.go
│ │ ├── config_types.go
│ │ ├── groupversion_info.go
│ │ ├── loader_test.go
│ │ ├── loader.go
│ │ ├── user_actions_types_test.go
│ │ ├── user_actions_types.go
│ │ └── watcher.go
│ ├── events_test.go
│ ├── events.go
│ ├── favorites_test.go
│ ├── favorites.go
│ ├── fs.go
│ ├── handler.go
│ ├── inventory.go
│ ├── kubeclient
│ │ ├── client_test.go
│ │ ├── client.go
│ │ └── suite_test.go
│ ├── middlewares_test.go
│ ├── middlewares.go
│ ├── report_test.go
│ ├── report.go
│ ├── resource_test.go
│ ├── resource.go
│ ├── resources_test.go
│ ├── resources.go
│ ├── search_test.go
│ ├── search.go
│ ├── server_test.go
│ ├── server.go
│ ├── source.go
│ ├── suite_test.go
│ ├── user
│ │ ├── user_test.go
│ │ └── user.go
│ ├── workload_test.go
│ ├── workload.go
│ ├── workloads_test.go
│ └── workloads.go
├── LICENSE
├── Makefile
├── PROJECT
├── README.md
├── SECURITY.md
├── test
│ ├── e2e
│ │ ├── e2e_suite_test.go
│ │ ├── e2e_test.go
│ │ ├── instance_test.go
│ │ └── utils.go
│ └── olm
│ ├── e2e_suite_test.go
│ ├── e2e_test.go
│ ├── instance_test.go
│ └── scorecard_test.go
└── web
├── .gitignore
├── embed.go
├── eslint.config.js
├── index.html
├── package-lock.json
├── package.json
├── postcss.config.js
├── public
│ ├── favicon.svg
│ └── fonts
│ └── inter.woff2
├── README.md
├── src
│ ├── app.jsx
│ ├── app.test.jsx
│ ├── components
│ │ ├── auth
│ │ │ ├── LoginPage.jsx
│ │ │ └── LoginPage.test.jsx
│ │ ├── dashboards
│ │ │ ├── cluster
│ │ │ │ ├── ClusterPage.jsx
│ │ │ │ ├── ClusterPage.test.jsx
│ │ │ │ ├── ControllersPanel.jsx
│ │ │ │ ├── ControllersPanel.test.jsx
│ │ │ │ ├── InfoPanel.jsx
│ │ │ │ ├── InfoPanel.test.jsx
│ │ │ │ ├── OverallStatusPanel.jsx
│ │ │ │ ├── OverallStatusPanel.test.jsx
│ │ │ │ ├── ReconcilersPanel.jsx
│ │ │ │ ├── ReconcilersPanel.test.jsx
│ │ │ │ ├── SyncPanel.jsx
│ │ │ │ └── SyncPanel.test.jsx
│ │ │ ├── common
│ │ │ │ ├── panel.jsx
│ │ │ │ ├── panel.test.jsx
│ │ │ │ ├── yaml.jsx
│ │ │ │ └── yaml.test.jsx
│ │ │ └── resource
│ │ │ ├── ActionBar.jsx
│ │ │ ├── ActionBar.test.jsx
│ │ │ ├── ArtifactPanel.jsx
│ │ │ ├── ArtifactPanel.test.jsx
│ │ │ ├── ExportedInputsPanel.jsx
│ │ │ ├── ExportedInputsPanel.test.jsx
│ │ │ ├── GraphTabContent.jsx
│ │ │ ├── GraphTabContent.test.jsx
│ │ │ ├── HistoryTimeline.jsx
│ │ │ ├── HistoryTimeline.test.jsx
│ │ │ ├── InputsPanel.jsx
│ │ │ ├── InputsPanel.test.jsx
│ │ │ ├── InventoryPanel.jsx
│ │ │ ├── InventoryPanel.test.jsx
│ │ │ ├── ReconcilerPanel.jsx
│ │ │ ├── ReconcilerPanel.test.jsx
│ │ │ ├── ResourcePage.jsx
│ │ │ ├── ResourcePage.test.jsx
│ │ │ ├── SourcePanel.jsx
│ │ │ ├── SourcePanel.test.jsx
│ │ │ ├── WorkloadsTabContent.jsx
│ │ │ └── WorkloadsTabContent.test.jsx
│ │ ├── favorites
│ │ │ ├── FavoriteCard.jsx
│ │ │ ├── FavoriteCard.test.jsx
│ │ │ ├── FavoritesHeader.jsx
│ │ │ ├── FavoritesHeader.test.jsx
│ │ │ ├── FavoritesPage.jsx
│ │ │ ├── FavoritesPage.test.jsx
│ │ │ ├── FavoritesSearch.jsx
│ │ │ └── FavoritesSearch.test.jsx
│ │ ├── layout
│ │ │ ├── ConnectionStatus.jsx
│ │ │ ├── ConnectionStatus.test.jsx
│ │ │ ├── Footer.jsx
│ │ │ ├── Footer.test.jsx
│ │ │ ├── Header.jsx
│ │ │ ├── Header.test.jsx
│ │ │ ├── Icons.jsx
│ │ │ ├── NotFoundPage.jsx
│ │ │ ├── NotFoundPage.test.jsx
│ │ │ ├── ThemeToggle.jsx
│ │ │ ├── ThemeToggle.test.jsx
│ │ │ ├── UserMenu.jsx
│ │ │ └── UserMenu.test.jsx
│ │ └── search
│ │ ├── EventList.jsx
│ │ ├── EventList.test.jsx
│ │ ├── FilterForm.jsx
│ │ ├── FilterForm.test.jsx
│ │ ├── QuickSearch.jsx
│ │ ├── QuickSearch.test.jsx
│ │ ├── ResourceDetailsView.jsx
│ │ ├── ResourceDetailsView.test.jsx
│ │ ├── ResourceList.jsx
│ │ ├── ResourceList.test.jsx
│ │ ├── StatusChart.jsx
│ │ └── StatusChart.test.jsx
│ ├── index.css
│ ├── main.jsx
│ ├── mock
│ │ ├── action.js
│ │ ├── events.js
│ │ ├── events.test.js
│ │ ├── report.js
│ │ ├── resource.js
│ │ ├── resources.js
│ │ ├── resources.test.js
│ │ ├── workload.js
│ │ └── workload.test.js
│ └── utils
│ ├── constants.js
│ ├── cookies.js
│ ├── cookies.test.js
│ ├── favorites.js
│ ├── favorites.test.js
│ ├── fetch.js
│ ├── fetch.test.js
│ ├── hash.js
│ ├── hash.test.js
│ ├── meta.js
│ ├── meta.test.js
│ ├── navHistory.js
│ ├── navHistory.test.js
│ ├── routing.js
│ ├── routing.test.js
│ ├── scroll.js
│ ├── scroll.test.js
│ ├── status.js
│ ├── status.test.js
│ ├── theme.js
│ ├── theme.test.js
│ ├── time.js
│ ├── time.test.js
│ ├── version.js
│ └── version.test.js
├── tailwind.config.js
├── vite.config.js
└── vitest.setup.js
```
# Files
--------------------------------------------------------------------------------
/config/data/flux/v2.7.1/source-controller.yaml:
--------------------------------------------------------------------------------
```yaml
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | annotations:
5 | controller-gen.kubebuilder.io/version: v0.19.0
6 | labels:
7 | app.kubernetes.io/component: source-controller
8 | app.kubernetes.io/part-of: flux
9 | name: buckets.source.toolkit.fluxcd.io
10 | spec:
11 | group: source.toolkit.fluxcd.io
12 | names:
13 | kind: Bucket
14 | listKind: BucketList
15 | plural: buckets
16 | singular: bucket
17 | scope: Namespaced
18 | versions:
19 | - additionalPrinterColumns:
20 | - jsonPath: .spec.endpoint
21 | name: Endpoint
22 | type: string
23 | - jsonPath: .metadata.creationTimestamp
24 | name: Age
25 | type: date
26 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
27 | name: Ready
28 | type: string
29 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
30 | name: Status
31 | type: string
32 | name: v1
33 | schema:
34 | openAPIV3Schema:
35 | description: Bucket is the Schema for the buckets API.
36 | properties:
37 | apiVersion:
38 | description: |-
39 | APIVersion defines the versioned schema of this representation of an object.
40 | Servers should convert recognized schemas to the latest internal value, and
41 | may reject unrecognized values.
42 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
43 | type: string
44 | kind:
45 | description: |-
46 | Kind is a string value representing the REST resource this object represents.
47 | Servers may infer this from the endpoint the client submits requests to.
48 | Cannot be updated.
49 | In CamelCase.
50 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
51 | type: string
52 | metadata:
53 | type: object
54 | spec:
55 | description: |-
56 | BucketSpec specifies the required configuration to produce an Artifact for
57 | an object storage bucket.
58 | properties:
59 | bucketName:
60 | description: BucketName is the name of the object storage bucket.
61 | type: string
62 | certSecretRef:
63 | description: |-
64 | CertSecretRef can be given the name of a Secret containing
65 | either or both of
66 |
67 | - a PEM-encoded client certificate (`tls.crt`) and private
68 | key (`tls.key`);
69 | - a PEM-encoded CA certificate (`ca.crt`)
70 |
71 | and whichever are supplied, will be used for connecting to the
72 | bucket. The client cert and key are useful if you are
73 | authenticating with a certificate; the CA cert is useful if
74 | you are using a self-signed server certificate. The Secret must
75 | be of type `Opaque` or `kubernetes.io/tls`.
76 |
77 | This field is only supported for the `generic` provider.
78 | properties:
79 | name:
80 | description: Name of the referent.
81 | type: string
82 | required:
83 | - name
84 | type: object
85 | endpoint:
86 | description: Endpoint is the object storage address the BucketName
87 | is located at.
88 | type: string
89 | ignore:
90 | description: |-
91 | Ignore overrides the set of excluded patterns in the .sourceignore format
92 | (which is the same as .gitignore). If not provided, a default will be used,
93 | consult the documentation for your version to find out what those are.
94 | type: string
95 | insecure:
96 | description: Insecure allows connecting to a non-TLS HTTP Endpoint.
97 | type: boolean
98 | interval:
99 | description: |-
100 | Interval at which the Bucket Endpoint is checked for updates.
101 | This interval is approximate and may be subject to jitter to ensure
102 | efficient use of resources.
103 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
104 | type: string
105 | prefix:
106 | description: Prefix to use for server-side filtering of files in the
107 | Bucket.
108 | type: string
109 | provider:
110 | default: generic
111 | description: |-
112 | Provider of the object storage bucket.
113 | Defaults to 'generic', which expects an S3 (API) compatible object
114 | storage.
115 | enum:
116 | - generic
117 | - aws
118 | - gcp
119 | - azure
120 | type: string
121 | proxySecretRef:
122 | description: |-
123 | ProxySecretRef specifies the Secret containing the proxy configuration
124 | to use while communicating with the Bucket server.
125 | properties:
126 | name:
127 | description: Name of the referent.
128 | type: string
129 | required:
130 | - name
131 | type: object
132 | region:
133 | description: Region of the Endpoint where the BucketName is located
134 | in.
135 | type: string
136 | secretRef:
137 | description: |-
138 | SecretRef specifies the Secret containing authentication credentials
139 | for the Bucket.
140 | properties:
141 | name:
142 | description: Name of the referent.
143 | type: string
144 | required:
145 | - name
146 | type: object
147 | serviceAccountName:
148 | description: |-
149 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
150 | the bucket. This field is only supported for the 'gcp' and 'aws' providers.
151 | For more information about workload identity:
152 | https://fluxcd.io/flux/components/source/buckets/#workload-identity
153 | type: string
154 | sts:
155 | description: |-
156 | STS specifies the required configuration to use a Security Token
157 | Service for fetching temporary credentials to authenticate in a
158 | Bucket provider.
159 |
160 | This field is only supported for the `aws` and `generic` providers.
161 | properties:
162 | certSecretRef:
163 | description: |-
164 | CertSecretRef can be given the name of a Secret containing
165 | either or both of
166 |
167 | - a PEM-encoded client certificate (`tls.crt`) and private
168 | key (`tls.key`);
169 | - a PEM-encoded CA certificate (`ca.crt`)
170 |
171 | and whichever are supplied, will be used for connecting to the
172 | STS endpoint. The client cert and key are useful if you are
173 | authenticating with a certificate; the CA cert is useful if
174 | you are using a self-signed server certificate. The Secret must
175 | be of type `Opaque` or `kubernetes.io/tls`.
176 |
177 | This field is only supported for the `ldap` provider.
178 | properties:
179 | name:
180 | description: Name of the referent.
181 | type: string
182 | required:
183 | - name
184 | type: object
185 | endpoint:
186 | description: |-
187 | Endpoint is the HTTP/S endpoint of the Security Token Service from
188 | where temporary credentials will be fetched.
189 | pattern: ^(http|https)://.*$
190 | type: string
191 | provider:
192 | description: Provider of the Security Token Service.
193 | enum:
194 | - aws
195 | - ldap
196 | type: string
197 | secretRef:
198 | description: |-
199 | SecretRef specifies the Secret containing authentication credentials
200 | for the STS endpoint. This Secret must contain the fields `username`
201 | and `password` and is supported only for the `ldap` provider.
202 | properties:
203 | name:
204 | description: Name of the referent.
205 | type: string
206 | required:
207 | - name
208 | type: object
209 | required:
210 | - endpoint
211 | - provider
212 | type: object
213 | suspend:
214 | description: |-
215 | Suspend tells the controller to suspend the reconciliation of this
216 | Bucket.
217 | type: boolean
218 | timeout:
219 | default: 60s
220 | description: Timeout for fetch operations, defaults to 60s.
221 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
222 | type: string
223 | required:
224 | - bucketName
225 | - endpoint
226 | - interval
227 | type: object
228 | x-kubernetes-validations:
229 | - message: STS configuration is only supported for the 'aws' and 'generic'
230 | Bucket providers
231 | rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
232 | - message: '''aws'' is the only supported STS provider for the ''aws''
233 | Bucket provider'
234 | rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
235 | == 'aws'
236 | - message: '''ldap'' is the only supported STS provider for the ''generic''
237 | Bucket provider'
238 | rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
239 | == 'ldap'
240 | - message: spec.sts.secretRef is not required for the 'aws' STS provider
241 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
242 | - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
243 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
244 | - message: ServiceAccountName is not supported for the 'generic' Bucket
245 | provider
246 | rule: self.provider != 'generic' || !has(self.serviceAccountName)
247 | - message: cannot set both .spec.secretRef and .spec.serviceAccountName
248 | rule: '!has(self.secretRef) || !has(self.serviceAccountName)'
249 | status:
250 | default:
251 | observedGeneration: -1
252 | description: BucketStatus records the observed state of a Bucket.
253 | properties:
254 | artifact:
255 | description: Artifact represents the last successful Bucket reconciliation.
256 | properties:
257 | digest:
258 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
259 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
260 | type: string
261 | lastUpdateTime:
262 | description: |-
263 | LastUpdateTime is the timestamp corresponding to the last update of the
264 | Artifact.
265 | format: date-time
266 | type: string
267 | metadata:
268 | additionalProperties:
269 | type: string
270 | description: Metadata holds upstream information such as OCI annotations.
271 | type: object
272 | path:
273 | description: |-
274 | Path is the relative file path of the Artifact. It can be used to locate
275 | the file in the root of the Artifact storage on the local file system of
276 | the controller managing the Source.
277 | type: string
278 | revision:
279 | description: |-
280 | Revision is a human-readable identifier traceable in the origin source
281 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
282 | type: string
283 | size:
284 | description: Size is the number of bytes in the file.
285 | format: int64
286 | type: integer
287 | url:
288 | description: |-
289 | URL is the HTTP address of the Artifact as exposed by the controller
290 | managing the Source. It can be used to retrieve the Artifact for
291 | consumption, e.g. by another controller applying the Artifact contents.
292 | type: string
293 | required:
294 | - digest
295 | - lastUpdateTime
296 | - path
297 | - revision
298 | - url
299 | type: object
300 | conditions:
301 | description: Conditions holds the conditions for the Bucket.
302 | items:
303 | description: Condition contains details for one aspect of the current
304 | state of this API Resource.
305 | properties:
306 | lastTransitionTime:
307 | description: |-
308 | lastTransitionTime is the last time the condition transitioned from one status to another.
309 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
310 | format: date-time
311 | type: string
312 | message:
313 | description: |-
314 | message is a human readable message indicating details about the transition.
315 | This may be an empty string.
316 | maxLength: 32768
317 | type: string
318 | observedGeneration:
319 | description: |-
320 | observedGeneration represents the .metadata.generation that the condition was set based upon.
321 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
322 | with respect to the current state of the instance.
323 | format: int64
324 | minimum: 0
325 | type: integer
326 | reason:
327 | description: |-
328 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
329 | Producers of specific condition types may define expected values and meanings for this field,
330 | and whether the values are considered a guaranteed API.
331 | The value should be a CamelCase string.
332 | This field may not be empty.
333 | maxLength: 1024
334 | minLength: 1
335 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
336 | type: string
337 | status:
338 | description: status of the condition, one of True, False, Unknown.
339 | enum:
340 | - "True"
341 | - "False"
342 | - Unknown
343 | type: string
344 | type:
345 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
346 | maxLength: 316
347 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
348 | type: string
349 | required:
350 | - lastTransitionTime
351 | - message
352 | - reason
353 | - status
354 | - type
355 | type: object
356 | type: array
357 | lastHandledReconcileAt:
358 | description: |-
359 | LastHandledReconcileAt holds the value of the most recent
360 | reconcile request value, so a change of the annotation value
361 | can be detected.
362 | type: string
363 | observedGeneration:
364 | description: ObservedGeneration is the last observed generation of
365 | the Bucket object.
366 | format: int64
367 | type: integer
368 | observedIgnore:
369 | description: |-
370 | ObservedIgnore is the observed exclusion patterns used for constructing
371 | the source artifact.
372 | type: string
373 | url:
374 | description: |-
375 | URL is the dynamic fetch link for the latest Artifact.
376 | It is provided on a "best effort" basis, and using the precise
377 | BucketStatus.Artifact data is recommended.
378 | type: string
379 | type: object
380 | type: object
381 | served: true
382 | storage: true
383 | subresources:
384 | status: {}
385 | - additionalPrinterColumns:
386 | - jsonPath: .spec.endpoint
387 | name: Endpoint
388 | type: string
389 | - jsonPath: .metadata.creationTimestamp
390 | name: Age
391 | type: date
392 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
393 | name: Ready
394 | type: string
395 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
396 | name: Status
397 | type: string
398 | deprecated: true
399 | deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
400 | name: v1beta2
401 | schema:
402 | openAPIV3Schema:
403 | description: Bucket is the Schema for the buckets API.
404 | properties:
405 | apiVersion:
406 | description: |-
407 | APIVersion defines the versioned schema of this representation of an object.
408 | Servers should convert recognized schemas to the latest internal value, and
409 | may reject unrecognized values.
410 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
411 | type: string
412 | kind:
413 | description: |-
414 | Kind is a string value representing the REST resource this object represents.
415 | Servers may infer this from the endpoint the client submits requests to.
416 | Cannot be updated.
417 | In CamelCase.
418 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
419 | type: string
420 | metadata:
421 | type: object
422 | spec:
423 | description: |-
424 | BucketSpec specifies the required configuration to produce an Artifact for
425 | an object storage bucket.
426 | properties:
427 | accessFrom:
428 | description: |-
429 | AccessFrom specifies an Access Control List for allowing cross-namespace
430 | references to this object.
431 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
432 | properties:
433 | namespaceSelectors:
434 | description: |-
435 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
436 | Items in this list are evaluated using a logical OR operation.
437 | items:
438 | description: |-
439 | NamespaceSelector selects the namespaces to which this ACL applies.
440 | An empty map of MatchLabels matches all namespaces in a cluster.
441 | properties:
442 | matchLabels:
443 | additionalProperties:
444 | type: string
445 | description: |-
446 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
447 | map is equivalent to an element of matchExpressions, whose key field is "key", the
448 | operator is "In", and the values array contains only "value". The requirements are ANDed.
449 | type: object
450 | type: object
451 | type: array
452 | required:
453 | - namespaceSelectors
454 | type: object
455 | bucketName:
456 | description: BucketName is the name of the object storage bucket.
457 | type: string
458 | certSecretRef:
459 | description: |-
460 | CertSecretRef can be given the name of a Secret containing
461 | either or both of
462 |
463 | - a PEM-encoded client certificate (`tls.crt`) and private
464 | key (`tls.key`);
465 | - a PEM-encoded CA certificate (`ca.crt`)
466 |
467 | and whichever are supplied, will be used for connecting to the
468 | bucket. The client cert and key are useful if you are
469 | authenticating with a certificate; the CA cert is useful if
470 | you are using a self-signed server certificate. The Secret must
471 | be of type `Opaque` or `kubernetes.io/tls`.
472 |
473 | This field is only supported for the `generic` provider.
474 | properties:
475 | name:
476 | description: Name of the referent.
477 | type: string
478 | required:
479 | - name
480 | type: object
481 | endpoint:
482 | description: Endpoint is the object storage address the BucketName
483 | is located at.
484 | type: string
485 | ignore:
486 | description: |-
487 | Ignore overrides the set of excluded patterns in the .sourceignore format
488 | (which is the same as .gitignore). If not provided, a default will be used,
489 | consult the documentation for your version to find out what those are.
490 | type: string
491 | insecure:
492 | description: Insecure allows connecting to a non-TLS HTTP Endpoint.
493 | type: boolean
494 | interval:
495 | description: |-
496 | Interval at which the Bucket Endpoint is checked for updates.
497 | This interval is approximate and may be subject to jitter to ensure
498 | efficient use of resources.
499 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
500 | type: string
501 | prefix:
502 | description: Prefix to use for server-side filtering of files in the
503 | Bucket.
504 | type: string
505 | provider:
506 | default: generic
507 | description: |-
508 | Provider of the object storage bucket.
509 | Defaults to 'generic', which expects an S3 (API) compatible object
510 | storage.
511 | enum:
512 | - generic
513 | - aws
514 | - gcp
515 | - azure
516 | type: string
517 | proxySecretRef:
518 | description: |-
519 | ProxySecretRef specifies the Secret containing the proxy configuration
520 | to use while communicating with the Bucket server.
521 | properties:
522 | name:
523 | description: Name of the referent.
524 | type: string
525 | required:
526 | - name
527 | type: object
528 | region:
529 | description: Region of the Endpoint where the BucketName is located
530 | in.
531 | type: string
532 | secretRef:
533 | description: |-
534 | SecretRef specifies the Secret containing authentication credentials
535 | for the Bucket.
536 | properties:
537 | name:
538 | description: Name of the referent.
539 | type: string
540 | required:
541 | - name
542 | type: object
543 | sts:
544 | description: |-
545 | STS specifies the required configuration to use a Security Token
546 | Service for fetching temporary credentials to authenticate in a
547 | Bucket provider.
548 |
549 | This field is only supported for the `aws` and `generic` providers.
550 | properties:
551 | certSecretRef:
552 | description: |-
553 | CertSecretRef can be given the name of a Secret containing
554 | either or both of
555 |
556 | - a PEM-encoded client certificate (`tls.crt`) and private
557 | key (`tls.key`);
558 | - a PEM-encoded CA certificate (`ca.crt`)
559 |
560 | and whichever are supplied, will be used for connecting to the
561 | STS endpoint. The client cert and key are useful if you are
562 | authenticating with a certificate; the CA cert is useful if
563 | you are using a self-signed server certificate. The Secret must
564 | be of type `Opaque` or `kubernetes.io/tls`.
565 |
566 | This field is only supported for the `ldap` provider.
567 | properties:
568 | name:
569 | description: Name of the referent.
570 | type: string
571 | required:
572 | - name
573 | type: object
574 | endpoint:
575 | description: |-
576 | Endpoint is the HTTP/S endpoint of the Security Token Service from
577 | where temporary credentials will be fetched.
578 | pattern: ^(http|https)://.*$
579 | type: string
580 | provider:
581 | description: Provider of the Security Token Service.
582 | enum:
583 | - aws
584 | - ldap
585 | type: string
586 | secretRef:
587 | description: |-
588 | SecretRef specifies the Secret containing authentication credentials
589 | for the STS endpoint. This Secret must contain the fields `username`
590 | and `password` and is supported only for the `ldap` provider.
591 | properties:
592 | name:
593 | description: Name of the referent.
594 | type: string
595 | required:
596 | - name
597 | type: object
598 | required:
599 | - endpoint
600 | - provider
601 | type: object
602 | suspend:
603 | description: |-
604 | Suspend tells the controller to suspend the reconciliation of this
605 | Bucket.
606 | type: boolean
607 | timeout:
608 | default: 60s
609 | description: Timeout for fetch operations, defaults to 60s.
610 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
611 | type: string
612 | required:
613 | - bucketName
614 | - endpoint
615 | - interval
616 | type: object
617 | x-kubernetes-validations:
618 | - message: STS configuration is only supported for the 'aws' and 'generic'
619 | Bucket providers
620 | rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
621 | - message: '''aws'' is the only supported STS provider for the ''aws''
622 | Bucket provider'
623 | rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
624 | == 'aws'
625 | - message: '''ldap'' is the only supported STS provider for the ''generic''
626 | Bucket provider'
627 | rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
628 | == 'ldap'
629 | - message: spec.sts.secretRef is not required for the 'aws' STS provider
630 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
631 | - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
632 | rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
633 | status:
634 | default:
635 | observedGeneration: -1
636 | description: BucketStatus records the observed state of a Bucket.
637 | properties:
638 | artifact:
639 | description: Artifact represents the last successful Bucket reconciliation.
640 | properties:
641 | digest:
642 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
643 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
644 | type: string
645 | lastUpdateTime:
646 | description: |-
647 | LastUpdateTime is the timestamp corresponding to the last update of the
648 | Artifact.
649 | format: date-time
650 | type: string
651 | metadata:
652 | additionalProperties:
653 | type: string
654 | description: Metadata holds upstream information such as OCI annotations.
655 | type: object
656 | path:
657 | description: |-
658 | Path is the relative file path of the Artifact. It can be used to locate
659 | the file in the root of the Artifact storage on the local file system of
660 | the controller managing the Source.
661 | type: string
662 | revision:
663 | description: |-
664 | Revision is a human-readable identifier traceable in the origin source
665 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
666 | type: string
667 | size:
668 | description: Size is the number of bytes in the file.
669 | format: int64
670 | type: integer
671 | url:
672 | description: |-
673 | URL is the HTTP address of the Artifact as exposed by the controller
674 | managing the Source. It can be used to retrieve the Artifact for
675 | consumption, e.g. by another controller applying the Artifact contents.
676 | type: string
677 | required:
678 | - digest
679 | - lastUpdateTime
680 | - path
681 | - revision
682 | - url
683 | type: object
684 | conditions:
685 | description: Conditions holds the conditions for the Bucket.
686 | items:
687 | description: Condition contains details for one aspect of the current
688 | state of this API Resource.
689 | properties:
690 | lastTransitionTime:
691 | description: |-
692 | lastTransitionTime is the last time the condition transitioned from one status to another.
693 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
694 | format: date-time
695 | type: string
696 | message:
697 | description: |-
698 | message is a human readable message indicating details about the transition.
699 | This may be an empty string.
700 | maxLength: 32768
701 | type: string
702 | observedGeneration:
703 | description: |-
704 | observedGeneration represents the .metadata.generation that the condition was set based upon.
705 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
706 | with respect to the current state of the instance.
707 | format: int64
708 | minimum: 0
709 | type: integer
710 | reason:
711 | description: |-
712 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
713 | Producers of specific condition types may define expected values and meanings for this field,
714 | and whether the values are considered a guaranteed API.
715 | The value should be a CamelCase string.
716 | This field may not be empty.
717 | maxLength: 1024
718 | minLength: 1
719 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
720 | type: string
721 | status:
722 | description: status of the condition, one of True, False, Unknown.
723 | enum:
724 | - "True"
725 | - "False"
726 | - Unknown
727 | type: string
728 | type:
729 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
730 | maxLength: 316
731 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
732 | type: string
733 | required:
734 | - lastTransitionTime
735 | - message
736 | - reason
737 | - status
738 | - type
739 | type: object
740 | type: array
741 | lastHandledReconcileAt:
742 | description: |-
743 | LastHandledReconcileAt holds the value of the most recent
744 | reconcile request value, so a change of the annotation value
745 | can be detected.
746 | type: string
747 | observedGeneration:
748 | description: ObservedGeneration is the last observed generation of
749 | the Bucket object.
750 | format: int64
751 | type: integer
752 | observedIgnore:
753 | description: |-
754 | ObservedIgnore is the observed exclusion patterns used for constructing
755 | the source artifact.
756 | type: string
757 | url:
758 | description: |-
759 | URL is the dynamic fetch link for the latest Artifact.
760 | It is provided on a "best effort" basis, and using the precise
761 | BucketStatus.Artifact data is recommended.
762 | type: string
763 | type: object
764 | type: object
765 | served: true
766 | storage: false
767 | subresources:
768 | status: {}
769 | ---
770 | apiVersion: apiextensions.k8s.io/v1
771 | kind: CustomResourceDefinition
772 | metadata:
773 | annotations:
774 | controller-gen.kubebuilder.io/version: v0.19.0
775 | labels:
776 | app.kubernetes.io/component: source-controller
777 | app.kubernetes.io/part-of: flux
778 | name: externalartifacts.source.toolkit.fluxcd.io
779 | spec:
780 | group: source.toolkit.fluxcd.io
781 | names:
782 | kind: ExternalArtifact
783 | listKind: ExternalArtifactList
784 | plural: externalartifacts
785 | singular: externalartifact
786 | scope: Namespaced
787 | versions:
788 | - additionalPrinterColumns:
789 | - jsonPath: .metadata.creationTimestamp
790 | name: Age
791 | type: date
792 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
793 | name: Ready
794 | type: string
795 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
796 | name: Status
797 | type: string
798 | - jsonPath: .spec.sourceRef.name
799 | name: Source
800 | type: string
801 | name: v1
802 | schema:
803 | openAPIV3Schema:
804 | description: ExternalArtifact is the Schema for the external artifacts API
805 | properties:
806 | apiVersion:
807 | description: |-
808 | APIVersion defines the versioned schema of this representation of an object.
809 | Servers should convert recognized schemas to the latest internal value, and
810 | may reject unrecognized values.
811 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
812 | type: string
813 | kind:
814 | description: |-
815 | Kind is a string value representing the REST resource this object represents.
816 | Servers may infer this from the endpoint the client submits requests to.
817 | Cannot be updated.
818 | In CamelCase.
819 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
820 | type: string
821 | metadata:
822 | type: object
823 | spec:
824 | description: ExternalArtifactSpec defines the desired state of ExternalArtifact
825 | properties:
826 | sourceRef:
827 | description: |-
828 | SourceRef points to the Kubernetes custom resource for
829 | which the artifact is generated.
830 | properties:
831 | apiVersion:
832 | description: API version of the referent, if not specified the
833 | Kubernetes preferred version will be used.
834 | type: string
835 | kind:
836 | description: Kind of the referent.
837 | type: string
838 | name:
839 | description: Name of the referent.
840 | type: string
841 | namespace:
842 | description: Namespace of the referent, when not specified it
843 | acts as LocalObjectReference.
844 | type: string
845 | required:
846 | - kind
847 | - name
848 | type: object
849 | type: object
850 | status:
851 | description: ExternalArtifactStatus defines the observed state of ExternalArtifact
852 | properties:
853 | artifact:
854 | description: Artifact represents the output of an ExternalArtifact
855 | reconciliation.
856 | properties:
857 | digest:
858 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
859 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
860 | type: string
861 | lastUpdateTime:
862 | description: |-
863 | LastUpdateTime is the timestamp corresponding to the last update of the
864 | Artifact.
865 | format: date-time
866 | type: string
867 | metadata:
868 | additionalProperties:
869 | type: string
870 | description: Metadata holds upstream information such as OCI annotations.
871 | type: object
872 | path:
873 | description: |-
874 | Path is the relative file path of the Artifact. It can be used to locate
875 | the file in the root of the Artifact storage on the local file system of
876 | the controller managing the Source.
877 | type: string
878 | revision:
879 | description: |-
880 | Revision is a human-readable identifier traceable in the origin source
881 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
882 | type: string
883 | size:
884 | description: Size is the number of bytes in the file.
885 | format: int64
886 | type: integer
887 | url:
888 | description: |-
889 | URL is the HTTP address of the Artifact as exposed by the controller
890 | managing the Source. It can be used to retrieve the Artifact for
891 | consumption, e.g. by another controller applying the Artifact contents.
892 | type: string
893 | required:
894 | - digest
895 | - lastUpdateTime
896 | - path
897 | - revision
898 | - url
899 | type: object
900 | conditions:
901 | description: Conditions holds the conditions for the ExternalArtifact.
902 | items:
903 | description: Condition contains details for one aspect of the current
904 | state of this API Resource.
905 | properties:
906 | lastTransitionTime:
907 | description: |-
908 | lastTransitionTime is the last time the condition transitioned from one status to another.
909 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
910 | format: date-time
911 | type: string
912 | message:
913 | description: |-
914 | message is a human readable message indicating details about the transition.
915 | This may be an empty string.
916 | maxLength: 32768
917 | type: string
918 | observedGeneration:
919 | description: |-
920 | observedGeneration represents the .metadata.generation that the condition was set based upon.
921 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
922 | with respect to the current state of the instance.
923 | format: int64
924 | minimum: 0
925 | type: integer
926 | reason:
927 | description: |-
928 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
929 | Producers of specific condition types may define expected values and meanings for this field,
930 | and whether the values are considered a guaranteed API.
931 | The value should be a CamelCase string.
932 | This field may not be empty.
933 | maxLength: 1024
934 | minLength: 1
935 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
936 | type: string
937 | status:
938 | description: status of the condition, one of True, False, Unknown.
939 | enum:
940 | - "True"
941 | - "False"
942 | - Unknown
943 | type: string
944 | type:
945 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
946 | maxLength: 316
947 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
948 | type: string
949 | required:
950 | - lastTransitionTime
951 | - message
952 | - reason
953 | - status
954 | - type
955 | type: object
956 | type: array
957 | type: object
958 | type: object
959 | served: true
960 | storage: true
961 | subresources:
962 | status: {}
963 | ---
964 | apiVersion: apiextensions.k8s.io/v1
965 | kind: CustomResourceDefinition
966 | metadata:
967 | annotations:
968 | controller-gen.kubebuilder.io/version: v0.19.0
969 | labels:
970 | app.kubernetes.io/component: source-controller
971 | app.kubernetes.io/part-of: flux
972 | name: gitrepositories.source.toolkit.fluxcd.io
973 | spec:
974 | group: source.toolkit.fluxcd.io
975 | names:
976 | kind: GitRepository
977 | listKind: GitRepositoryList
978 | plural: gitrepositories
979 | shortNames:
980 | - gitrepo
981 | singular: gitrepository
982 | scope: Namespaced
983 | versions:
984 | - additionalPrinterColumns:
985 | - jsonPath: .spec.url
986 | name: URL
987 | type: string
988 | - jsonPath: .metadata.creationTimestamp
989 | name: Age
990 | type: date
991 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
992 | name: Ready
993 | type: string
994 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
995 | name: Status
996 | type: string
997 | name: v1
998 | schema:
999 | openAPIV3Schema:
1000 | description: GitRepository is the Schema for the gitrepositories API.
1001 | properties:
1002 | apiVersion:
1003 | description: |-
1004 | APIVersion defines the versioned schema of this representation of an object.
1005 | Servers should convert recognized schemas to the latest internal value, and
1006 | may reject unrecognized values.
1007 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1008 | type: string
1009 | kind:
1010 | description: |-
1011 | Kind is a string value representing the REST resource this object represents.
1012 | Servers may infer this from the endpoint the client submits requests to.
1013 | Cannot be updated.
1014 | In CamelCase.
1015 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1016 | type: string
1017 | metadata:
1018 | type: object
1019 | spec:
1020 | description: |-
1021 | GitRepositorySpec specifies the required configuration to produce an
1022 | Artifact for a Git repository.
1023 | properties:
1024 | ignore:
1025 | description: |-
1026 | Ignore overrides the set of excluded patterns in the .sourceignore format
1027 | (which is the same as .gitignore). If not provided, a default will be used,
1028 | consult the documentation for your version to find out what those are.
1029 | type: string
1030 | include:
1031 | description: |-
1032 | Include specifies a list of GitRepository resources which Artifacts
1033 | should be included in the Artifact produced for this GitRepository.
1034 | items:
1035 | description: |-
1036 | GitRepositoryInclude specifies a local reference to a GitRepository which
1037 | Artifact (sub-)contents must be included, and where they should be placed.
1038 | properties:
1039 | fromPath:
1040 | description: |-
1041 | FromPath specifies the path to copy contents from, defaults to the root
1042 | of the Artifact.
1043 | type: string
1044 | repository:
1045 | description: |-
1046 | GitRepositoryRef specifies the GitRepository which Artifact contents
1047 | must be included.
1048 | properties:
1049 | name:
1050 | description: Name of the referent.
1051 | type: string
1052 | required:
1053 | - name
1054 | type: object
1055 | toPath:
1056 | description: |-
1057 | ToPath specifies the path to copy contents to, defaults to the name of
1058 | the GitRepositoryRef.
1059 | type: string
1060 | required:
1061 | - repository
1062 | type: object
1063 | type: array
1064 | interval:
1065 | description: |-
1066 | Interval at which the GitRepository URL is checked for updates.
1067 | This interval is approximate and may be subject to jitter to ensure
1068 | efficient use of resources.
1069 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1070 | type: string
1071 | provider:
1072 | description: |-
1073 | Provider used for authentication, can be 'azure', 'github', 'generic'.
1074 | When not specified, defaults to 'generic'.
1075 | enum:
1076 | - generic
1077 | - azure
1078 | - github
1079 | type: string
1080 | proxySecretRef:
1081 | description: |-
1082 | ProxySecretRef specifies the Secret containing the proxy configuration
1083 | to use while communicating with the Git server.
1084 | properties:
1085 | name:
1086 | description: Name of the referent.
1087 | type: string
1088 | required:
1089 | - name
1090 | type: object
1091 | recurseSubmodules:
1092 | description: |-
1093 | RecurseSubmodules enables the initialization of all submodules within
1094 | the GitRepository as cloned from the URL, using their default settings.
1095 | type: boolean
1096 | ref:
1097 | description: |-
1098 | Reference specifies the Git reference to resolve and monitor for
1099 | changes, defaults to the 'master' branch.
1100 | properties:
1101 | branch:
1102 | description: Branch to check out, defaults to 'master' if no other
1103 | field is defined.
1104 | type: string
1105 | commit:
1106 | description: |-
1107 | Commit SHA to check out, takes precedence over all reference fields.
1108 |
1109 | This can be combined with Branch to shallow clone the branch, in which
1110 | the commit is expected to exist.
1111 | type: string
1112 | name:
1113 | description: |-
1114 | Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1115 |
1116 | It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1117 | Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1118 | type: string
1119 | semver:
1120 | description: SemVer tag expression to check out, takes precedence
1121 | over Tag.
1122 | type: string
1123 | tag:
1124 | description: Tag to check out, takes precedence over Branch.
1125 | type: string
1126 | type: object
1127 | secretRef:
1128 | description: |-
1129 | SecretRef specifies the Secret containing authentication credentials for
1130 | the GitRepository.
1131 | For HTTPS repositories the Secret must contain 'username' and 'password'
1132 | fields for basic auth or 'bearerToken' field for token auth.
1133 | For SSH repositories the Secret must contain 'identity'
1134 | and 'known_hosts' fields.
1135 | properties:
1136 | name:
1137 | description: Name of the referent.
1138 | type: string
1139 | required:
1140 | - name
1141 | type: object
1142 | serviceAccountName:
1143 | description: |-
1144 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to
1145 | authenticate to the GitRepository. This field is only supported for 'azure' provider.
1146 | type: string
1147 | sparseCheckout:
1148 | description: |-
1149 | SparseCheckout specifies a list of directories to checkout when cloning
1150 | the repository. If specified, only these directories are included in the
1151 | Artifact produced for this GitRepository.
1152 | items:
1153 | type: string
1154 | type: array
1155 | suspend:
1156 | description: |-
1157 | Suspend tells the controller to suspend the reconciliation of this
1158 | GitRepository.
1159 | type: boolean
1160 | timeout:
1161 | default: 60s
1162 | description: Timeout for Git operations like cloning, defaults to
1163 | 60s.
1164 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1165 | type: string
1166 | url:
1167 | description: URL specifies the Git repository URL, it can be an HTTP/S
1168 | or SSH address.
1169 | pattern: ^(http|https|ssh)://.*$
1170 | type: string
1171 | verify:
1172 | description: |-
1173 | Verification specifies the configuration to verify the Git commit
1174 | signature(s).
1175 | properties:
1176 | mode:
1177 | default: HEAD
1178 | description: |-
1179 | Mode specifies which Git object(s) should be verified.
1180 |
1181 | The variants "head" and "HEAD" both imply the same thing, i.e. verify
1182 | the commit that the HEAD of the Git repository points to. The variant
1183 | "head" solely exists to ensure backwards compatibility.
1184 | enum:
1185 | - head
1186 | - HEAD
1187 | - Tag
1188 | - TagAndHEAD
1189 | type: string
1190 | secretRef:
1191 | description: |-
1192 | SecretRef specifies the Secret containing the public keys of trusted Git
1193 | authors.
1194 | properties:
1195 | name:
1196 | description: Name of the referent.
1197 | type: string
1198 | required:
1199 | - name
1200 | type: object
1201 | required:
1202 | - secretRef
1203 | type: object
1204 | required:
1205 | - interval
1206 | - url
1207 | type: object
1208 | x-kubernetes-validations:
1209 | - message: serviceAccountName can only be set when provider is 'azure'
1210 | rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider
1211 | == ''azure'')'
1212 | status:
1213 | default:
1214 | observedGeneration: -1
1215 | description: GitRepositoryStatus records the observed state of a Git repository.
1216 | properties:
1217 | artifact:
1218 | description: Artifact represents the last successful GitRepository
1219 | reconciliation.
1220 | properties:
1221 | digest:
1222 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1223 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1224 | type: string
1225 | lastUpdateTime:
1226 | description: |-
1227 | LastUpdateTime is the timestamp corresponding to the last update of the
1228 | Artifact.
1229 | format: date-time
1230 | type: string
1231 | metadata:
1232 | additionalProperties:
1233 | type: string
1234 | description: Metadata holds upstream information such as OCI annotations.
1235 | type: object
1236 | path:
1237 | description: |-
1238 | Path is the relative file path of the Artifact. It can be used to locate
1239 | the file in the root of the Artifact storage on the local file system of
1240 | the controller managing the Source.
1241 | type: string
1242 | revision:
1243 | description: |-
1244 | Revision is a human-readable identifier traceable in the origin source
1245 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1246 | type: string
1247 | size:
1248 | description: Size is the number of bytes in the file.
1249 | format: int64
1250 | type: integer
1251 | url:
1252 | description: |-
1253 | URL is the HTTP address of the Artifact as exposed by the controller
1254 | managing the Source. It can be used to retrieve the Artifact for
1255 | consumption, e.g. by another controller applying the Artifact contents.
1256 | type: string
1257 | required:
1258 | - digest
1259 | - lastUpdateTime
1260 | - path
1261 | - revision
1262 | - url
1263 | type: object
1264 | conditions:
1265 | description: Conditions holds the conditions for the GitRepository.
1266 | items:
1267 | description: Condition contains details for one aspect of the current
1268 | state of this API Resource.
1269 | properties:
1270 | lastTransitionTime:
1271 | description: |-
1272 | lastTransitionTime is the last time the condition transitioned from one status to another.
1273 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1274 | format: date-time
1275 | type: string
1276 | message:
1277 | description: |-
1278 | message is a human readable message indicating details about the transition.
1279 | This may be an empty string.
1280 | maxLength: 32768
1281 | type: string
1282 | observedGeneration:
1283 | description: |-
1284 | observedGeneration represents the .metadata.generation that the condition was set based upon.
1285 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1286 | with respect to the current state of the instance.
1287 | format: int64
1288 | minimum: 0
1289 | type: integer
1290 | reason:
1291 | description: |-
1292 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
1293 | Producers of specific condition types may define expected values and meanings for this field,
1294 | and whether the values are considered a guaranteed API.
1295 | The value should be a CamelCase string.
1296 | This field may not be empty.
1297 | maxLength: 1024
1298 | minLength: 1
1299 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1300 | type: string
1301 | status:
1302 | description: status of the condition, one of True, False, Unknown.
1303 | enum:
1304 | - "True"
1305 | - "False"
1306 | - Unknown
1307 | type: string
1308 | type:
1309 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1310 | maxLength: 316
1311 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1312 | type: string
1313 | required:
1314 | - lastTransitionTime
1315 | - message
1316 | - reason
1317 | - status
1318 | - type
1319 | type: object
1320 | type: array
1321 | includedArtifacts:
1322 | description: |-
1323 | IncludedArtifacts contains a list of the last successfully included
1324 | Artifacts as instructed by GitRepositorySpec.Include.
1325 | items:
1326 | description: Artifact represents the output of a Source reconciliation.
1327 | properties:
1328 | digest:
1329 | description: Digest is the digest of the file in the form of
1330 | '<algorithm>:<checksum>'.
1331 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1332 | type: string
1333 | lastUpdateTime:
1334 | description: |-
1335 | LastUpdateTime is the timestamp corresponding to the last update of the
1336 | Artifact.
1337 | format: date-time
1338 | type: string
1339 | metadata:
1340 | additionalProperties:
1341 | type: string
1342 | description: Metadata holds upstream information such as OCI
1343 | annotations.
1344 | type: object
1345 | path:
1346 | description: |-
1347 | Path is the relative file path of the Artifact. It can be used to locate
1348 | the file in the root of the Artifact storage on the local file system of
1349 | the controller managing the Source.
1350 | type: string
1351 | revision:
1352 | description: |-
1353 | Revision is a human-readable identifier traceable in the origin source
1354 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1355 | type: string
1356 | size:
1357 | description: Size is the number of bytes in the file.
1358 | format: int64
1359 | type: integer
1360 | url:
1361 | description: |-
1362 | URL is the HTTP address of the Artifact as exposed by the controller
1363 | managing the Source. It can be used to retrieve the Artifact for
1364 | consumption, e.g. by another controller applying the Artifact contents.
1365 | type: string
1366 | required:
1367 | - digest
1368 | - lastUpdateTime
1369 | - path
1370 | - revision
1371 | - url
1372 | type: object
1373 | type: array
1374 | lastHandledReconcileAt:
1375 | description: |-
1376 | LastHandledReconcileAt holds the value of the most recent
1377 | reconcile request value, so a change of the annotation value
1378 | can be detected.
1379 | type: string
1380 | observedGeneration:
1381 | description: |-
1382 | ObservedGeneration is the last observed generation of the GitRepository
1383 | object.
1384 | format: int64
1385 | type: integer
1386 | observedIgnore:
1387 | description: |-
1388 | ObservedIgnore is the observed exclusion patterns used for constructing
1389 | the source artifact.
1390 | type: string
1391 | observedInclude:
1392 | description: |-
1393 | ObservedInclude is the observed list of GitRepository resources used to
1394 | produce the current Artifact.
1395 | items:
1396 | description: |-
1397 | GitRepositoryInclude specifies a local reference to a GitRepository which
1398 | Artifact (sub-)contents must be included, and where they should be placed.
1399 | properties:
1400 | fromPath:
1401 | description: |-
1402 | FromPath specifies the path to copy contents from, defaults to the root
1403 | of the Artifact.
1404 | type: string
1405 | repository:
1406 | description: |-
1407 | GitRepositoryRef specifies the GitRepository which Artifact contents
1408 | must be included.
1409 | properties:
1410 | name:
1411 | description: Name of the referent.
1412 | type: string
1413 | required:
1414 | - name
1415 | type: object
1416 | toPath:
1417 | description: |-
1418 | ToPath specifies the path to copy contents to, defaults to the name of
1419 | the GitRepositoryRef.
1420 | type: string
1421 | required:
1422 | - repository
1423 | type: object
1424 | type: array
1425 | observedRecurseSubmodules:
1426 | description: |-
1427 | ObservedRecurseSubmodules is the observed resource submodules
1428 | configuration used to produce the current Artifact.
1429 | type: boolean
1430 | observedSparseCheckout:
1431 | description: |-
1432 | ObservedSparseCheckout is the observed list of directories used to
1433 | produce the current Artifact.
1434 | items:
1435 | type: string
1436 | type: array
1437 | sourceVerificationMode:
1438 | description: |-
1439 | SourceVerificationMode is the last used verification mode indicating
1440 | which Git object(s) have been verified.
1441 | type: string
1442 | type: object
1443 | type: object
1444 | served: true
1445 | storage: true
1446 | subresources:
1447 | status: {}
1448 | - additionalPrinterColumns:
1449 | - jsonPath: .spec.url
1450 | name: URL
1451 | type: string
1452 | - jsonPath: .metadata.creationTimestamp
1453 | name: Age
1454 | type: date
1455 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1456 | name: Ready
1457 | type: string
1458 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1459 | name: Status
1460 | type: string
1461 | deprecated: true
1462 | deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
1463 | name: v1beta2
1464 | schema:
1465 | openAPIV3Schema:
1466 | description: GitRepository is the Schema for the gitrepositories API.
1467 | properties:
1468 | apiVersion:
1469 | description: |-
1470 | APIVersion defines the versioned schema of this representation of an object.
1471 | Servers should convert recognized schemas to the latest internal value, and
1472 | may reject unrecognized values.
1473 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1474 | type: string
1475 | kind:
1476 | description: |-
1477 | Kind is a string value representing the REST resource this object represents.
1478 | Servers may infer this from the endpoint the client submits requests to.
1479 | Cannot be updated.
1480 | In CamelCase.
1481 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1482 | type: string
1483 | metadata:
1484 | type: object
1485 | spec:
1486 | description: |-
1487 | GitRepositorySpec specifies the required configuration to produce an
1488 | Artifact for a Git repository.
1489 | properties:
1490 | accessFrom:
1491 | description: |-
1492 | AccessFrom specifies an Access Control List for allowing cross-namespace
1493 | references to this object.
1494 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
1495 | properties:
1496 | namespaceSelectors:
1497 | description: |-
1498 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1499 | Items in this list are evaluated using a logical OR operation.
1500 | items:
1501 | description: |-
1502 | NamespaceSelector selects the namespaces to which this ACL applies.
1503 | An empty map of MatchLabels matches all namespaces in a cluster.
1504 | properties:
1505 | matchLabels:
1506 | additionalProperties:
1507 | type: string
1508 | description: |-
1509 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1510 | map is equivalent to an element of matchExpressions, whose key field is "key", the
1511 | operator is "In", and the values array contains only "value". The requirements are ANDed.
1512 | type: object
1513 | type: object
1514 | type: array
1515 | required:
1516 | - namespaceSelectors
1517 | type: object
1518 | gitImplementation:
1519 | default: go-git
1520 | description: |-
1521 | GitImplementation specifies which Git client library implementation to
1522 | use. Defaults to 'go-git', valid values are ('go-git', 'libgit2').
1523 | Deprecated: gitImplementation is deprecated now that 'go-git' is the
1524 | only supported implementation.
1525 | enum:
1526 | - go-git
1527 | - libgit2
1528 | type: string
1529 | ignore:
1530 | description: |-
1531 | Ignore overrides the set of excluded patterns in the .sourceignore format
1532 | (which is the same as .gitignore). If not provided, a default will be used,
1533 | consult the documentation for your version to find out what those are.
1534 | type: string
1535 | include:
1536 | description: |-
1537 | Include specifies a list of GitRepository resources which Artifacts
1538 | should be included in the Artifact produced for this GitRepository.
1539 | items:
1540 | description: |-
1541 | GitRepositoryInclude specifies a local reference to a GitRepository which
1542 | Artifact (sub-)contents must be included, and where they should be placed.
1543 | properties:
1544 | fromPath:
1545 | description: |-
1546 | FromPath specifies the path to copy contents from, defaults to the root
1547 | of the Artifact.
1548 | type: string
1549 | repository:
1550 | description: |-
1551 | GitRepositoryRef specifies the GitRepository which Artifact contents
1552 | must be included.
1553 | properties:
1554 | name:
1555 | description: Name of the referent.
1556 | type: string
1557 | required:
1558 | - name
1559 | type: object
1560 | toPath:
1561 | description: |-
1562 | ToPath specifies the path to copy contents to, defaults to the name of
1563 | the GitRepositoryRef.
1564 | type: string
1565 | required:
1566 | - repository
1567 | type: object
1568 | type: array
1569 | interval:
1570 | description: Interval at which to check the GitRepository for updates.
1571 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1572 | type: string
1573 | recurseSubmodules:
1574 | description: |-
1575 | RecurseSubmodules enables the initialization of all submodules within
1576 | the GitRepository as cloned from the URL, using their default settings.
1577 | type: boolean
1578 | ref:
1579 | description: |-
1580 | Reference specifies the Git reference to resolve and monitor for
1581 | changes, defaults to the 'master' branch.
1582 | properties:
1583 | branch:
1584 | description: Branch to check out, defaults to 'master' if no other
1585 | field is defined.
1586 | type: string
1587 | commit:
1588 | description: |-
1589 | Commit SHA to check out, takes precedence over all reference fields.
1590 |
1591 | This can be combined with Branch to shallow clone the branch, in which
1592 | the commit is expected to exist.
1593 | type: string
1594 | name:
1595 | description: |-
1596 | Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1597 |
1598 | It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1599 | Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1600 | type: string
1601 | semver:
1602 | description: SemVer tag expression to check out, takes precedence
1603 | over Tag.
1604 | type: string
1605 | tag:
1606 | description: Tag to check out, takes precedence over Branch.
1607 | type: string
1608 | type: object
1609 | secretRef:
1610 | description: |-
1611 | SecretRef specifies the Secret containing authentication credentials for
1612 | the GitRepository.
1613 | For HTTPS repositories the Secret must contain 'username' and 'password'
1614 | fields for basic auth or 'bearerToken' field for token auth.
1615 | For SSH repositories the Secret must contain 'identity'
1616 | and 'known_hosts' fields.
1617 | properties:
1618 | name:
1619 | description: Name of the referent.
1620 | type: string
1621 | required:
1622 | - name
1623 | type: object
1624 | suspend:
1625 | description: |-
1626 | Suspend tells the controller to suspend the reconciliation of this
1627 | GitRepository.
1628 | type: boolean
1629 | timeout:
1630 | default: 60s
1631 | description: Timeout for Git operations like cloning, defaults to
1632 | 60s.
1633 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1634 | type: string
1635 | url:
1636 | description: URL specifies the Git repository URL, it can be an HTTP/S
1637 | or SSH address.
1638 | pattern: ^(http|https|ssh)://.*$
1639 | type: string
1640 | verify:
1641 | description: |-
1642 | Verification specifies the configuration to verify the Git commit
1643 | signature(s).
1644 | properties:
1645 | mode:
1646 | description: Mode specifies what Git object should be verified,
1647 | currently ('head').
1648 | enum:
1649 | - head
1650 | type: string
1651 | secretRef:
1652 | description: |-
1653 | SecretRef specifies the Secret containing the public keys of trusted Git
1654 | authors.
1655 | properties:
1656 | name:
1657 | description: Name of the referent.
1658 | type: string
1659 | required:
1660 | - name
1661 | type: object
1662 | required:
1663 | - mode
1664 | - secretRef
1665 | type: object
1666 | required:
1667 | - interval
1668 | - url
1669 | type: object
1670 | status:
1671 | default:
1672 | observedGeneration: -1
1673 | description: GitRepositoryStatus records the observed state of a Git repository.
1674 | properties:
1675 | artifact:
1676 | description: Artifact represents the last successful GitRepository
1677 | reconciliation.
1678 | properties:
1679 | digest:
1680 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1681 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1682 | type: string
1683 | lastUpdateTime:
1684 | description: |-
1685 | LastUpdateTime is the timestamp corresponding to the last update of the
1686 | Artifact.
1687 | format: date-time
1688 | type: string
1689 | metadata:
1690 | additionalProperties:
1691 | type: string
1692 | description: Metadata holds upstream information such as OCI annotations.
1693 | type: object
1694 | path:
1695 | description: |-
1696 | Path is the relative file path of the Artifact. It can be used to locate
1697 | the file in the root of the Artifact storage on the local file system of
1698 | the controller managing the Source.
1699 | type: string
1700 | revision:
1701 | description: |-
1702 | Revision is a human-readable identifier traceable in the origin source
1703 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1704 | type: string
1705 | size:
1706 | description: Size is the number of bytes in the file.
1707 | format: int64
1708 | type: integer
1709 | url:
1710 | description: |-
1711 | URL is the HTTP address of the Artifact as exposed by the controller
1712 | managing the Source. It can be used to retrieve the Artifact for
1713 | consumption, e.g. by another controller applying the Artifact contents.
1714 | type: string
1715 | required:
1716 | - digest
1717 | - lastUpdateTime
1718 | - path
1719 | - revision
1720 | - url
1721 | type: object
1722 | conditions:
1723 | description: Conditions holds the conditions for the GitRepository.
1724 | items:
1725 | description: Condition contains details for one aspect of the current
1726 | state of this API Resource.
1727 | properties:
1728 | lastTransitionTime:
1729 | description: |-
1730 | lastTransitionTime is the last time the condition transitioned from one status to another.
1731 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1732 | format: date-time
1733 | type: string
1734 | message:
1735 | description: |-
1736 | message is a human readable message indicating details about the transition.
1737 | This may be an empty string.
1738 | maxLength: 32768
1739 | type: string
1740 | observedGeneration:
1741 | description: |-
1742 | observedGeneration represents the .metadata.generation that the condition was set based upon.
1743 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1744 | with respect to the current state of the instance.
1745 | format: int64
1746 | minimum: 0
1747 | type: integer
1748 | reason:
1749 | description: |-
1750 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
1751 | Producers of specific condition types may define expected values and meanings for this field,
1752 | and whether the values are considered a guaranteed API.
1753 | The value should be a CamelCase string.
1754 | This field may not be empty.
1755 | maxLength: 1024
1756 | minLength: 1
1757 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1758 | type: string
1759 | status:
1760 | description: status of the condition, one of True, False, Unknown.
1761 | enum:
1762 | - "True"
1763 | - "False"
1764 | - Unknown
1765 | type: string
1766 | type:
1767 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
1768 | maxLength: 316
1769 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1770 | type: string
1771 | required:
1772 | - lastTransitionTime
1773 | - message
1774 | - reason
1775 | - status
1776 | - type
1777 | type: object
1778 | type: array
1779 | contentConfigChecksum:
1780 | description: |-
1781 | ContentConfigChecksum is a checksum of all the configurations related to
1782 | the content of the source artifact:
1783 | - .spec.ignore
1784 | - .spec.recurseSubmodules
1785 | - .spec.included and the checksum of the included artifacts
1786 | observed in .status.observedGeneration version of the object. This can
1787 | be used to determine if the content of the included repository has
1788 | changed.
1789 | It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
1790 |
1791 | Deprecated: Replaced with explicit fields for observed artifact content
1792 | config in the status.
1793 | type: string
1794 | includedArtifacts:
1795 | description: |-
1796 | IncludedArtifacts contains a list of the last successfully included
1797 | Artifacts as instructed by GitRepositorySpec.Include.
1798 | items:
1799 | description: Artifact represents the output of a Source reconciliation.
1800 | properties:
1801 | digest:
1802 | description: Digest is the digest of the file in the form of
1803 | '<algorithm>:<checksum>'.
1804 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1805 | type: string
1806 | lastUpdateTime:
1807 | description: |-
1808 | LastUpdateTime is the timestamp corresponding to the last update of the
1809 | Artifact.
1810 | format: date-time
1811 | type: string
1812 | metadata:
1813 | additionalProperties:
1814 | type: string
1815 | description: Metadata holds upstream information such as OCI
1816 | annotations.
1817 | type: object
1818 | path:
1819 | description: |-
1820 | Path is the relative file path of the Artifact. It can be used to locate
1821 | the file in the root of the Artifact storage on the local file system of
1822 | the controller managing the Source.
1823 | type: string
1824 | revision:
1825 | description: |-
1826 | Revision is a human-readable identifier traceable in the origin source
1827 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1828 | type: string
1829 | size:
1830 | description: Size is the number of bytes in the file.
1831 | format: int64
1832 | type: integer
1833 | url:
1834 | description: |-
1835 | URL is the HTTP address of the Artifact as exposed by the controller
1836 | managing the Source. It can be used to retrieve the Artifact for
1837 | consumption, e.g. by another controller applying the Artifact contents.
1838 | type: string
1839 | required:
1840 | - digest
1841 | - lastUpdateTime
1842 | - path
1843 | - revision
1844 | - url
1845 | type: object
1846 | type: array
1847 | lastHandledReconcileAt:
1848 | description: |-
1849 | LastHandledReconcileAt holds the value of the most recent
1850 | reconcile request value, so a change of the annotation value
1851 | can be detected.
1852 | type: string
1853 | observedGeneration:
1854 | description: |-
1855 | ObservedGeneration is the last observed generation of the GitRepository
1856 | object.
1857 | format: int64
1858 | type: integer
1859 | observedIgnore:
1860 | description: |-
1861 | ObservedIgnore is the observed exclusion patterns used for constructing
1862 | the source artifact.
1863 | type: string
1864 | observedInclude:
1865 | description: |-
1866 | ObservedInclude is the observed list of GitRepository resources used to
1867 | to produce the current Artifact.
1868 | items:
1869 | description: |-
1870 | GitRepositoryInclude specifies a local reference to a GitRepository which
1871 | Artifact (sub-)contents must be included, and where they should be placed.
1872 | properties:
1873 | fromPath:
1874 | description: |-
1875 | FromPath specifies the path to copy contents from, defaults to the root
1876 | of the Artifact.
1877 | type: string
1878 | repository:
1879 | description: |-
1880 | GitRepositoryRef specifies the GitRepository which Artifact contents
1881 | must be included.
1882 | properties:
1883 | name:
1884 | description: Name of the referent.
1885 | type: string
1886 | required:
1887 | - name
1888 | type: object
1889 | toPath:
1890 | description: |-
1891 | ToPath specifies the path to copy contents to, defaults to the name of
1892 | the GitRepositoryRef.
1893 | type: string
1894 | required:
1895 | - repository
1896 | type: object
1897 | type: array
1898 | observedRecurseSubmodules:
1899 | description: |-
1900 | ObservedRecurseSubmodules is the observed resource submodules
1901 | configuration used to produce the current Artifact.
1902 | type: boolean
1903 | url:
1904 | description: |-
1905 | URL is the dynamic fetch link for the latest Artifact.
1906 | It is provided on a "best effort" basis, and using the precise
1907 | GitRepositoryStatus.Artifact data is recommended.
1908 | type: string
1909 | type: object
1910 | type: object
1911 | served: true
1912 | storage: false
1913 | subresources:
1914 | status: {}
1915 | ---
1916 | apiVersion: apiextensions.k8s.io/v1
1917 | kind: CustomResourceDefinition
1918 | metadata:
1919 | annotations:
1920 | controller-gen.kubebuilder.io/version: v0.19.0
1921 | labels:
1922 | app.kubernetes.io/component: source-controller
1923 | app.kubernetes.io/part-of: flux
1924 | name: helmcharts.source.toolkit.fluxcd.io
1925 | spec:
1926 | group: source.toolkit.fluxcd.io
1927 | names:
1928 | kind: HelmChart
1929 | listKind: HelmChartList
1930 | plural: helmcharts
1931 | shortNames:
1932 | - hc
1933 | singular: helmchart
1934 | scope: Namespaced
1935 | versions:
1936 | - additionalPrinterColumns:
1937 | - jsonPath: .spec.chart
1938 | name: Chart
1939 | type: string
1940 | - jsonPath: .spec.version
1941 | name: Version
1942 | type: string
1943 | - jsonPath: .spec.sourceRef.kind
1944 | name: Source Kind
1945 | type: string
1946 | - jsonPath: .spec.sourceRef.name
1947 | name: Source Name
1948 | type: string
1949 | - jsonPath: .metadata.creationTimestamp
1950 | name: Age
1951 | type: date
1952 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
1953 | name: Ready
1954 | type: string
1955 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
1956 | name: Status
1957 | type: string
1958 | name: v1
1959 | schema:
1960 | openAPIV3Schema:
1961 | description: HelmChart is the Schema for the helmcharts API.
1962 | properties:
1963 | apiVersion:
1964 | description: |-
1965 | APIVersion defines the versioned schema of this representation of an object.
1966 | Servers should convert recognized schemas to the latest internal value, and
1967 | may reject unrecognized values.
1968 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1969 | type: string
1970 | kind:
1971 | description: |-
1972 | Kind is a string value representing the REST resource this object represents.
1973 | Servers may infer this from the endpoint the client submits requests to.
1974 | Cannot be updated.
1975 | In CamelCase.
1976 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1977 | type: string
1978 | metadata:
1979 | type: object
1980 | spec:
1981 | description: HelmChartSpec specifies the desired state of a Helm chart.
1982 | properties:
1983 | chart:
1984 | description: |-
1985 | Chart is the name or path the Helm chart is available at in the
1986 | SourceRef.
1987 | type: string
1988 | ignoreMissingValuesFiles:
1989 | description: |-
1990 | IgnoreMissingValuesFiles controls whether to silently ignore missing values
1991 | files rather than failing.
1992 | type: boolean
1993 | interval:
1994 | description: |-
1995 | Interval at which the HelmChart SourceRef is checked for updates.
1996 | This interval is approximate and may be subject to jitter to ensure
1997 | efficient use of resources.
1998 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1999 | type: string
2000 | reconcileStrategy:
2001 | default: ChartVersion
2002 | description: |-
2003 | ReconcileStrategy determines what enables the creation of a new artifact.
2004 | Valid values are ('ChartVersion', 'Revision').
2005 | See the documentation of the values for an explanation on their behavior.
2006 | Defaults to ChartVersion when omitted.
2007 | enum:
2008 | - ChartVersion
2009 | - Revision
2010 | type: string
2011 | sourceRef:
2012 | description: SourceRef is the reference to the Source the chart is
2013 | available at.
2014 | properties:
2015 | apiVersion:
2016 | description: APIVersion of the referent.
2017 | type: string
2018 | kind:
2019 | description: |-
2020 | Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2021 | 'Bucket').
2022 | enum:
2023 | - HelmRepository
2024 | - GitRepository
2025 | - Bucket
2026 | type: string
2027 | name:
2028 | description: Name of the referent.
2029 | type: string
2030 | required:
2031 | - kind
2032 | - name
2033 | type: object
2034 | suspend:
2035 | description: |-
2036 | Suspend tells the controller to suspend the reconciliation of this
2037 | source.
2038 | type: boolean
2039 | valuesFiles:
2040 | description: |-
2041 | ValuesFiles is an alternative list of values files to use as the chart
2042 | values (values.yaml is not included by default), expected to be a
2043 | relative path in the SourceRef.
2044 | Values files are merged in the order of this list with the last file
2045 | overriding the first. Ignored when omitted.
2046 | items:
2047 | type: string
2048 | type: array
2049 | verify:
2050 | description: |-
2051 | Verify contains the secret name containing the trusted public keys
2052 | used to verify the signature and specifies which provider to use to check
2053 | whether OCI image is authentic.
2054 | This field is only supported when using HelmRepository source with spec.type 'oci'.
2055 | Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
2056 | properties:
2057 | matchOIDCIdentity:
2058 | description: |-
2059 | MatchOIDCIdentity specifies the identity matching criteria to use
2060 | while verifying an OCI artifact which was signed using Cosign keyless
2061 | signing. The artifact's identity is deemed to be verified if any of the
2062 | specified matchers match against the identity.
2063 | items:
2064 | description: |-
2065 | OIDCIdentityMatch specifies options for verifying the certificate identity,
2066 | i.e. the issuer and the subject of the certificate.
2067 | properties:
2068 | issuer:
2069 | description: |-
2070 | Issuer specifies the regex pattern to match against to verify
2071 | the OIDC issuer in the Fulcio certificate. The pattern must be a
2072 | valid Go regular expression.
2073 | type: string
2074 | subject:
2075 | description: |-
2076 | Subject specifies the regex pattern to match against to verify
2077 | the identity subject in the Fulcio certificate. The pattern must
2078 | be a valid Go regular expression.
2079 | type: string
2080 | required:
2081 | - issuer
2082 | - subject
2083 | type: object
2084 | type: array
2085 | provider:
2086 | default: cosign
2087 | description: Provider specifies the technology used to sign the
2088 | OCI Artifact.
2089 | enum:
2090 | - cosign
2091 | - notation
2092 | type: string
2093 | secretRef:
2094 | description: |-
2095 | SecretRef specifies the Kubernetes Secret containing the
2096 | trusted public keys.
2097 | properties:
2098 | name:
2099 | description: Name of the referent.
2100 | type: string
2101 | required:
2102 | - name
2103 | type: object
2104 | required:
2105 | - provider
2106 | type: object
2107 | version:
2108 | default: '*'
2109 | description: |-
2110 | Version is the chart version semver expression, ignored for charts from
2111 | GitRepository and Bucket sources. Defaults to latest when omitted.
2112 | type: string
2113 | required:
2114 | - chart
2115 | - interval
2116 | - sourceRef
2117 | type: object
2118 | status:
2119 | default:
2120 | observedGeneration: -1
2121 | description: HelmChartStatus records the observed state of the HelmChart.
2122 | properties:
2123 | artifact:
2124 | description: Artifact represents the output of the last successful
2125 | reconciliation.
2126 | properties:
2127 | digest:
2128 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2129 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2130 | type: string
2131 | lastUpdateTime:
2132 | description: |-
2133 | LastUpdateTime is the timestamp corresponding to the last update of the
2134 | Artifact.
2135 | format: date-time
2136 | type: string
2137 | metadata:
2138 | additionalProperties:
2139 | type: string
2140 | description: Metadata holds upstream information such as OCI annotations.
2141 | type: object
2142 | path:
2143 | description: |-
2144 | Path is the relative file path of the Artifact. It can be used to locate
2145 | the file in the root of the Artifact storage on the local file system of
2146 | the controller managing the Source.
2147 | type: string
2148 | revision:
2149 | description: |-
2150 | Revision is a human-readable identifier traceable in the origin source
2151 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2152 | type: string
2153 | size:
2154 | description: Size is the number of bytes in the file.
2155 | format: int64
2156 | type: integer
2157 | url:
2158 | description: |-
2159 | URL is the HTTP address of the Artifact as exposed by the controller
2160 | managing the Source. It can be used to retrieve the Artifact for
2161 | consumption, e.g. by another controller applying the Artifact contents.
2162 | type: string
2163 | required:
2164 | - digest
2165 | - lastUpdateTime
2166 | - path
2167 | - revision
2168 | - url
2169 | type: object
2170 | conditions:
2171 | description: Conditions holds the conditions for the HelmChart.
2172 | items:
2173 | description: Condition contains details for one aspect of the current
2174 | state of this API Resource.
2175 | properties:
2176 | lastTransitionTime:
2177 | description: |-
2178 | lastTransitionTime is the last time the condition transitioned from one status to another.
2179 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2180 | format: date-time
2181 | type: string
2182 | message:
2183 | description: |-
2184 | message is a human readable message indicating details about the transition.
2185 | This may be an empty string.
2186 | maxLength: 32768
2187 | type: string
2188 | observedGeneration:
2189 | description: |-
2190 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2191 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2192 | with respect to the current state of the instance.
2193 | format: int64
2194 | minimum: 0
2195 | type: integer
2196 | reason:
2197 | description: |-
2198 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2199 | Producers of specific condition types may define expected values and meanings for this field,
2200 | and whether the values are considered a guaranteed API.
2201 | The value should be a CamelCase string.
2202 | This field may not be empty.
2203 | maxLength: 1024
2204 | minLength: 1
2205 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2206 | type: string
2207 | status:
2208 | description: status of the condition, one of True, False, Unknown.
2209 | enum:
2210 | - "True"
2211 | - "False"
2212 | - Unknown
2213 | type: string
2214 | type:
2215 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2216 | maxLength: 316
2217 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2218 | type: string
2219 | required:
2220 | - lastTransitionTime
2221 | - message
2222 | - reason
2223 | - status
2224 | - type
2225 | type: object
2226 | type: array
2227 | lastHandledReconcileAt:
2228 | description: |-
2229 | LastHandledReconcileAt holds the value of the most recent
2230 | reconcile request value, so a change of the annotation value
2231 | can be detected.
2232 | type: string
2233 | observedChartName:
2234 | description: |-
2235 | ObservedChartName is the last observed chart name as specified by the
2236 | resolved chart reference.
2237 | type: string
2238 | observedGeneration:
2239 | description: |-
2240 | ObservedGeneration is the last observed generation of the HelmChart
2241 | object.
2242 | format: int64
2243 | type: integer
2244 | observedSourceArtifactRevision:
2245 | description: |-
2246 | ObservedSourceArtifactRevision is the last observed Artifact.Revision
2247 | of the HelmChartSpec.SourceRef.
2248 | type: string
2249 | observedValuesFiles:
2250 | description: |-
2251 | ObservedValuesFiles are the observed value files of the last successful
2252 | reconciliation.
2253 | It matches the chart in the last successfully reconciled artifact.
2254 | items:
2255 | type: string
2256 | type: array
2257 | url:
2258 | description: |-
2259 | URL is the dynamic fetch link for the latest Artifact.
2260 | It is provided on a "best effort" basis, and using the precise
2261 | BucketStatus.Artifact data is recommended.
2262 | type: string
2263 | type: object
2264 | type: object
2265 | served: true
2266 | storage: true
2267 | subresources:
2268 | status: {}
2269 | - additionalPrinterColumns:
2270 | - jsonPath: .spec.chart
2271 | name: Chart
2272 | type: string
2273 | - jsonPath: .spec.version
2274 | name: Version
2275 | type: string
2276 | - jsonPath: .spec.sourceRef.kind
2277 | name: Source Kind
2278 | type: string
2279 | - jsonPath: .spec.sourceRef.name
2280 | name: Source Name
2281 | type: string
2282 | - jsonPath: .metadata.creationTimestamp
2283 | name: Age
2284 | type: date
2285 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2286 | name: Ready
2287 | type: string
2288 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2289 | name: Status
2290 | type: string
2291 | deprecated: true
2292 | deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1
2293 | name: v1beta2
2294 | schema:
2295 | openAPIV3Schema:
2296 | description: HelmChart is the Schema for the helmcharts API.
2297 | properties:
2298 | apiVersion:
2299 | description: |-
2300 | APIVersion defines the versioned schema of this representation of an object.
2301 | Servers should convert recognized schemas to the latest internal value, and
2302 | may reject unrecognized values.
2303 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2304 | type: string
2305 | kind:
2306 | description: |-
2307 | Kind is a string value representing the REST resource this object represents.
2308 | Servers may infer this from the endpoint the client submits requests to.
2309 | Cannot be updated.
2310 | In CamelCase.
2311 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2312 | type: string
2313 | metadata:
2314 | type: object
2315 | spec:
2316 | description: HelmChartSpec specifies the desired state of a Helm chart.
2317 | properties:
2318 | accessFrom:
2319 | description: |-
2320 | AccessFrom specifies an Access Control List for allowing cross-namespace
2321 | references to this object.
2322 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
2323 | properties:
2324 | namespaceSelectors:
2325 | description: |-
2326 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2327 | Items in this list are evaluated using a logical OR operation.
2328 | items:
2329 | description: |-
2330 | NamespaceSelector selects the namespaces to which this ACL applies.
2331 | An empty map of MatchLabels matches all namespaces in a cluster.
2332 | properties:
2333 | matchLabels:
2334 | additionalProperties:
2335 | type: string
2336 | description: |-
2337 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2338 | map is equivalent to an element of matchExpressions, whose key field is "key", the
2339 | operator is "In", and the values array contains only "value". The requirements are ANDed.
2340 | type: object
2341 | type: object
2342 | type: array
2343 | required:
2344 | - namespaceSelectors
2345 | type: object
2346 | chart:
2347 | description: |-
2348 | Chart is the name or path the Helm chart is available at in the
2349 | SourceRef.
2350 | type: string
2351 | ignoreMissingValuesFiles:
2352 | description: |-
2353 | IgnoreMissingValuesFiles controls whether to silently ignore missing values
2354 | files rather than failing.
2355 | type: boolean
2356 | interval:
2357 | description: |-
2358 | Interval at which the HelmChart SourceRef is checked for updates.
2359 | This interval is approximate and may be subject to jitter to ensure
2360 | efficient use of resources.
2361 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2362 | type: string
2363 | reconcileStrategy:
2364 | default: ChartVersion
2365 | description: |-
2366 | ReconcileStrategy determines what enables the creation of a new artifact.
2367 | Valid values are ('ChartVersion', 'Revision').
2368 | See the documentation of the values for an explanation on their behavior.
2369 | Defaults to ChartVersion when omitted.
2370 | enum:
2371 | - ChartVersion
2372 | - Revision
2373 | type: string
2374 | sourceRef:
2375 | description: SourceRef is the reference to the Source the chart is
2376 | available at.
2377 | properties:
2378 | apiVersion:
2379 | description: APIVersion of the referent.
2380 | type: string
2381 | kind:
2382 | description: |-
2383 | Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2384 | 'Bucket').
2385 | enum:
2386 | - HelmRepository
2387 | - GitRepository
2388 | - Bucket
2389 | type: string
2390 | name:
2391 | description: Name of the referent.
2392 | type: string
2393 | required:
2394 | - kind
2395 | - name
2396 | type: object
2397 | suspend:
2398 | description: |-
2399 | Suspend tells the controller to suspend the reconciliation of this
2400 | source.
2401 | type: boolean
2402 | valuesFile:
2403 | description: |-
2404 | ValuesFile is an alternative values file to use as the default chart
2405 | values, expected to be a relative path in the SourceRef. Deprecated in
2406 | favor of ValuesFiles, for backwards compatibility the file specified here
2407 | is merged before the ValuesFiles items. Ignored when omitted.
2408 | type: string
2409 | valuesFiles:
2410 | description: |-
2411 | ValuesFiles is an alternative list of values files to use as the chart
2412 | values (values.yaml is not included by default), expected to be a
2413 | relative path in the SourceRef.
2414 | Values files are merged in the order of this list with the last file
2415 | overriding the first. Ignored when omitted.
2416 | items:
2417 | type: string
2418 | type: array
2419 | verify:
2420 | description: |-
2421 | Verify contains the secret name containing the trusted public keys
2422 | used to verify the signature and specifies which provider to use to check
2423 | whether OCI image is authentic.
2424 | This field is only supported when using HelmRepository source with spec.type 'oci'.
2425 | Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
2426 | properties:
2427 | matchOIDCIdentity:
2428 | description: |-
2429 | MatchOIDCIdentity specifies the identity matching criteria to use
2430 | while verifying an OCI artifact which was signed using Cosign keyless
2431 | signing. The artifact's identity is deemed to be verified if any of the
2432 | specified matchers match against the identity.
2433 | items:
2434 | description: |-
2435 | OIDCIdentityMatch specifies options for verifying the certificate identity,
2436 | i.e. the issuer and the subject of the certificate.
2437 | properties:
2438 | issuer:
2439 | description: |-
2440 | Issuer specifies the regex pattern to match against to verify
2441 | the OIDC issuer in the Fulcio certificate. The pattern must be a
2442 | valid Go regular expression.
2443 | type: string
2444 | subject:
2445 | description: |-
2446 | Subject specifies the regex pattern to match against to verify
2447 | the identity subject in the Fulcio certificate. The pattern must
2448 | be a valid Go regular expression.
2449 | type: string
2450 | required:
2451 | - issuer
2452 | - subject
2453 | type: object
2454 | type: array
2455 | provider:
2456 | default: cosign
2457 | description: Provider specifies the technology used to sign the
2458 | OCI Artifact.
2459 | enum:
2460 | - cosign
2461 | - notation
2462 | type: string
2463 | secretRef:
2464 | description: |-
2465 | SecretRef specifies the Kubernetes Secret containing the
2466 | trusted public keys.
2467 | properties:
2468 | name:
2469 | description: Name of the referent.
2470 | type: string
2471 | required:
2472 | - name
2473 | type: object
2474 | required:
2475 | - provider
2476 | type: object
2477 | version:
2478 | default: '*'
2479 | description: |-
2480 | Version is the chart version semver expression, ignored for charts from
2481 | GitRepository and Bucket sources. Defaults to latest when omitted.
2482 | type: string
2483 | required:
2484 | - chart
2485 | - interval
2486 | - sourceRef
2487 | type: object
2488 | status:
2489 | default:
2490 | observedGeneration: -1
2491 | description: HelmChartStatus records the observed state of the HelmChart.
2492 | properties:
2493 | artifact:
2494 | description: Artifact represents the output of the last successful
2495 | reconciliation.
2496 | properties:
2497 | digest:
2498 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2499 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2500 | type: string
2501 | lastUpdateTime:
2502 | description: |-
2503 | LastUpdateTime is the timestamp corresponding to the last update of the
2504 | Artifact.
2505 | format: date-time
2506 | type: string
2507 | metadata:
2508 | additionalProperties:
2509 | type: string
2510 | description: Metadata holds upstream information such as OCI annotations.
2511 | type: object
2512 | path:
2513 | description: |-
2514 | Path is the relative file path of the Artifact. It can be used to locate
2515 | the file in the root of the Artifact storage on the local file system of
2516 | the controller managing the Source.
2517 | type: string
2518 | revision:
2519 | description: |-
2520 | Revision is a human-readable identifier traceable in the origin source
2521 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2522 | type: string
2523 | size:
2524 | description: Size is the number of bytes in the file.
2525 | format: int64
2526 | type: integer
2527 | url:
2528 | description: |-
2529 | URL is the HTTP address of the Artifact as exposed by the controller
2530 | managing the Source. It can be used to retrieve the Artifact for
2531 | consumption, e.g. by another controller applying the Artifact contents.
2532 | type: string
2533 | required:
2534 | - digest
2535 | - lastUpdateTime
2536 | - path
2537 | - revision
2538 | - url
2539 | type: object
2540 | conditions:
2541 | description: Conditions holds the conditions for the HelmChart.
2542 | items:
2543 | description: Condition contains details for one aspect of the current
2544 | state of this API Resource.
2545 | properties:
2546 | lastTransitionTime:
2547 | description: |-
2548 | lastTransitionTime is the last time the condition transitioned from one status to another.
2549 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2550 | format: date-time
2551 | type: string
2552 | message:
2553 | description: |-
2554 | message is a human readable message indicating details about the transition.
2555 | This may be an empty string.
2556 | maxLength: 32768
2557 | type: string
2558 | observedGeneration:
2559 | description: |-
2560 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2561 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2562 | with respect to the current state of the instance.
2563 | format: int64
2564 | minimum: 0
2565 | type: integer
2566 | reason:
2567 | description: |-
2568 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2569 | Producers of specific condition types may define expected values and meanings for this field,
2570 | and whether the values are considered a guaranteed API.
2571 | The value should be a CamelCase string.
2572 | This field may not be empty.
2573 | maxLength: 1024
2574 | minLength: 1
2575 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2576 | type: string
2577 | status:
2578 | description: status of the condition, one of True, False, Unknown.
2579 | enum:
2580 | - "True"
2581 | - "False"
2582 | - Unknown
2583 | type: string
2584 | type:
2585 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2586 | maxLength: 316
2587 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2588 | type: string
2589 | required:
2590 | - lastTransitionTime
2591 | - message
2592 | - reason
2593 | - status
2594 | - type
2595 | type: object
2596 | type: array
2597 | lastHandledReconcileAt:
2598 | description: |-
2599 | LastHandledReconcileAt holds the value of the most recent
2600 | reconcile request value, so a change of the annotation value
2601 | can be detected.
2602 | type: string
2603 | observedChartName:
2604 | description: |-
2605 | ObservedChartName is the last observed chart name as specified by the
2606 | resolved chart reference.
2607 | type: string
2608 | observedGeneration:
2609 | description: |-
2610 | ObservedGeneration is the last observed generation of the HelmChart
2611 | object.
2612 | format: int64
2613 | type: integer
2614 | observedSourceArtifactRevision:
2615 | description: |-
2616 | ObservedSourceArtifactRevision is the last observed Artifact.Revision
2617 | of the HelmChartSpec.SourceRef.
2618 | type: string
2619 | observedValuesFiles:
2620 | description: |-
2621 | ObservedValuesFiles are the observed value files of the last successful
2622 | reconciliation.
2623 | It matches the chart in the last successfully reconciled artifact.
2624 | items:
2625 | type: string
2626 | type: array
2627 | url:
2628 | description: |-
2629 | URL is the dynamic fetch link for the latest Artifact.
2630 | It is provided on a "best effort" basis, and using the precise
2631 | BucketStatus.Artifact data is recommended.
2632 | type: string
2633 | type: object
2634 | type: object
2635 | served: true
2636 | storage: false
2637 | subresources:
2638 | status: {}
2639 | ---
2640 | apiVersion: apiextensions.k8s.io/v1
2641 | kind: CustomResourceDefinition
2642 | metadata:
2643 | annotations:
2644 | controller-gen.kubebuilder.io/version: v0.19.0
2645 | labels:
2646 | app.kubernetes.io/component: source-controller
2647 | app.kubernetes.io/part-of: flux
2648 | name: helmrepositories.source.toolkit.fluxcd.io
2649 | spec:
2650 | group: source.toolkit.fluxcd.io
2651 | names:
2652 | kind: HelmRepository
2653 | listKind: HelmRepositoryList
2654 | plural: helmrepositories
2655 | shortNames:
2656 | - helmrepo
2657 | singular: helmrepository
2658 | scope: Namespaced
2659 | versions:
2660 | - additionalPrinterColumns:
2661 | - jsonPath: .spec.url
2662 | name: URL
2663 | type: string
2664 | - jsonPath: .metadata.creationTimestamp
2665 | name: Age
2666 | type: date
2667 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2668 | name: Ready
2669 | type: string
2670 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2671 | name: Status
2672 | type: string
2673 | name: v1
2674 | schema:
2675 | openAPIV3Schema:
2676 | description: HelmRepository is the Schema for the helmrepositories API.
2677 | properties:
2678 | apiVersion:
2679 | description: |-
2680 | APIVersion defines the versioned schema of this representation of an object.
2681 | Servers should convert recognized schemas to the latest internal value, and
2682 | may reject unrecognized values.
2683 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2684 | type: string
2685 | kind:
2686 | description: |-
2687 | Kind is a string value representing the REST resource this object represents.
2688 | Servers may infer this from the endpoint the client submits requests to.
2689 | Cannot be updated.
2690 | In CamelCase.
2691 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2692 | type: string
2693 | metadata:
2694 | type: object
2695 | spec:
2696 | description: |-
2697 | HelmRepositorySpec specifies the required configuration to produce an
2698 | Artifact for a Helm repository index YAML.
2699 | properties:
2700 | accessFrom:
2701 | description: |-
2702 | AccessFrom specifies an Access Control List for allowing cross-namespace
2703 | references to this object.
2704 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
2705 | properties:
2706 | namespaceSelectors:
2707 | description: |-
2708 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2709 | Items in this list are evaluated using a logical OR operation.
2710 | items:
2711 | description: |-
2712 | NamespaceSelector selects the namespaces to which this ACL applies.
2713 | An empty map of MatchLabels matches all namespaces in a cluster.
2714 | properties:
2715 | matchLabels:
2716 | additionalProperties:
2717 | type: string
2718 | description: |-
2719 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2720 | map is equivalent to an element of matchExpressions, whose key field is "key", the
2721 | operator is "In", and the values array contains only "value". The requirements are ANDed.
2722 | type: object
2723 | type: object
2724 | type: array
2725 | required:
2726 | - namespaceSelectors
2727 | type: object
2728 | certSecretRef:
2729 | description: |-
2730 | CertSecretRef can be given the name of a Secret containing
2731 | either or both of
2732 |
2733 | - a PEM-encoded client certificate (`tls.crt`) and private
2734 | key (`tls.key`);
2735 | - a PEM-encoded CA certificate (`ca.crt`)
2736 |
2737 | and whichever are supplied, will be used for connecting to the
2738 | registry. The client cert and key are useful if you are
2739 | authenticating with a certificate; the CA cert is useful if
2740 | you are using a self-signed server certificate. The Secret must
2741 | be of type `Opaque` or `kubernetes.io/tls`.
2742 |
2743 | It takes precedence over the values specified in the Secret referred
2744 | to by `.spec.secretRef`.
2745 | properties:
2746 | name:
2747 | description: Name of the referent.
2748 | type: string
2749 | required:
2750 | - name
2751 | type: object
2752 | insecure:
2753 | description: |-
2754 | Insecure allows connecting to a non-TLS HTTP container registry.
2755 | This field is only taken into account if the .spec.type field is set to 'oci'.
2756 | type: boolean
2757 | interval:
2758 | description: |-
2759 | Interval at which the HelmRepository URL is checked for updates.
2760 | This interval is approximate and may be subject to jitter to ensure
2761 | efficient use of resources.
2762 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2763 | type: string
2764 | passCredentials:
2765 | description: |-
2766 | PassCredentials allows the credentials from the SecretRef to be passed
2767 | on to a host that does not match the host as defined in URL.
2768 | This may be required if the host of the advertised chart URLs in the
2769 | index differ from the defined URL.
2770 | Enabling this should be done with caution, as it can potentially result
2771 | in credentials getting stolen in a MITM-attack.
2772 | type: boolean
2773 | provider:
2774 | default: generic
2775 | description: |-
2776 | Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
2777 | This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
2778 | When not specified, defaults to 'generic'.
2779 | enum:
2780 | - generic
2781 | - aws
2782 | - azure
2783 | - gcp
2784 | type: string
2785 | secretRef:
2786 | description: |-
2787 | SecretRef specifies the Secret containing authentication credentials
2788 | for the HelmRepository.
2789 | For HTTP/S basic auth the secret must contain 'username' and 'password'
2790 | fields.
2791 | Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
2792 | keys is deprecated. Please use `.spec.certSecretRef` instead.
2793 | properties:
2794 | name:
2795 | description: Name of the referent.
2796 | type: string
2797 | required:
2798 | - name
2799 | type: object
2800 | suspend:
2801 | description: |-
2802 | Suspend tells the controller to suspend the reconciliation of this
2803 | HelmRepository.
2804 | type: boolean
2805 | timeout:
2806 | description: |-
2807 | Timeout is used for the index fetch operation for an HTTPS helm repository,
2808 | and for remote OCI Repository operations like pulling for an OCI helm
2809 | chart by the associated HelmChart.
2810 | Its default value is 60s.
2811 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
2812 | type: string
2813 | type:
2814 | description: |-
2815 | Type of the HelmRepository.
2816 | When this field is set to "oci", the URL field value must be prefixed with "oci://".
2817 | enum:
2818 | - default
2819 | - oci
2820 | type: string
2821 | url:
2822 | description: |-
2823 | URL of the Helm repository, a valid URL contains at least a protocol and
2824 | host.
2825 | pattern: ^(http|https|oci)://.*$
2826 | type: string
2827 | required:
2828 | - url
2829 | type: object
2830 | status:
2831 | default:
2832 | observedGeneration: -1
2833 | description: HelmRepositoryStatus records the observed state of the HelmRepository.
2834 | properties:
2835 | artifact:
2836 | description: Artifact represents the last successful HelmRepository
2837 | reconciliation.
2838 | properties:
2839 | digest:
2840 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2841 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2842 | type: string
2843 | lastUpdateTime:
2844 | description: |-
2845 | LastUpdateTime is the timestamp corresponding to the last update of the
2846 | Artifact.
2847 | format: date-time
2848 | type: string
2849 | metadata:
2850 | additionalProperties:
2851 | type: string
2852 | description: Metadata holds upstream information such as OCI annotations.
2853 | type: object
2854 | path:
2855 | description: |-
2856 | Path is the relative file path of the Artifact. It can be used to locate
2857 | the file in the root of the Artifact storage on the local file system of
2858 | the controller managing the Source.
2859 | type: string
2860 | revision:
2861 | description: |-
2862 | Revision is a human-readable identifier traceable in the origin source
2863 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2864 | type: string
2865 | size:
2866 | description: Size is the number of bytes in the file.
2867 | format: int64
2868 | type: integer
2869 | url:
2870 | description: |-
2871 | URL is the HTTP address of the Artifact as exposed by the controller
2872 | managing the Source. It can be used to retrieve the Artifact for
2873 | consumption, e.g. by another controller applying the Artifact contents.
2874 | type: string
2875 | required:
2876 | - digest
2877 | - lastUpdateTime
2878 | - path
2879 | - revision
2880 | - url
2881 | type: object
2882 | conditions:
2883 | description: Conditions holds the conditions for the HelmRepository.
2884 | items:
2885 | description: Condition contains details for one aspect of the current
2886 | state of this API Resource.
2887 | properties:
2888 | lastTransitionTime:
2889 | description: |-
2890 | lastTransitionTime is the last time the condition transitioned from one status to another.
2891 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2892 | format: date-time
2893 | type: string
2894 | message:
2895 | description: |-
2896 | message is a human readable message indicating details about the transition.
2897 | This may be an empty string.
2898 | maxLength: 32768
2899 | type: string
2900 | observedGeneration:
2901 | description: |-
2902 | observedGeneration represents the .metadata.generation that the condition was set based upon.
2903 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2904 | with respect to the current state of the instance.
2905 | format: int64
2906 | minimum: 0
2907 | type: integer
2908 | reason:
2909 | description: |-
2910 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
2911 | Producers of specific condition types may define expected values and meanings for this field,
2912 | and whether the values are considered a guaranteed API.
2913 | The value should be a CamelCase string.
2914 | This field may not be empty.
2915 | maxLength: 1024
2916 | minLength: 1
2917 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2918 | type: string
2919 | status:
2920 | description: status of the condition, one of True, False, Unknown.
2921 | enum:
2922 | - "True"
2923 | - "False"
2924 | - Unknown
2925 | type: string
2926 | type:
2927 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
2928 | maxLength: 316
2929 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2930 | type: string
2931 | required:
2932 | - lastTransitionTime
2933 | - message
2934 | - reason
2935 | - status
2936 | - type
2937 | type: object
2938 | type: array
2939 | lastHandledReconcileAt:
2940 | description: |-
2941 | LastHandledReconcileAt holds the value of the most recent
2942 | reconcile request value, so a change of the annotation value
2943 | can be detected.
2944 | type: string
2945 | observedGeneration:
2946 | description: |-
2947 | ObservedGeneration is the last observed generation of the HelmRepository
2948 | object.
2949 | format: int64
2950 | type: integer
2951 | url:
2952 | description: |-
2953 | URL is the dynamic fetch link for the latest Artifact.
2954 | It is provided on a "best effort" basis, and using the precise
2955 | HelmRepositoryStatus.Artifact data is recommended.
2956 | type: string
2957 | type: object
2958 | type: object
2959 | served: true
2960 | storage: true
2961 | subresources:
2962 | status: {}
2963 | - additionalPrinterColumns:
2964 | - jsonPath: .spec.url
2965 | name: URL
2966 | type: string
2967 | - jsonPath: .metadata.creationTimestamp
2968 | name: Age
2969 | type: date
2970 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
2971 | name: Ready
2972 | type: string
2973 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
2974 | name: Status
2975 | type: string
2976 | deprecated: true
2977 | deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1
2978 | name: v1beta2
2979 | schema:
2980 | openAPIV3Schema:
2981 | description: HelmRepository is the Schema for the helmrepositories API.
2982 | properties:
2983 | apiVersion:
2984 | description: |-
2985 | APIVersion defines the versioned schema of this representation of an object.
2986 | Servers should convert recognized schemas to the latest internal value, and
2987 | may reject unrecognized values.
2988 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2989 | type: string
2990 | kind:
2991 | description: |-
2992 | Kind is a string value representing the REST resource this object represents.
2993 | Servers may infer this from the endpoint the client submits requests to.
2994 | Cannot be updated.
2995 | In CamelCase.
2996 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2997 | type: string
2998 | metadata:
2999 | type: object
3000 | spec:
3001 | description: |-
3002 | HelmRepositorySpec specifies the required configuration to produce an
3003 | Artifact for a Helm repository index YAML.
3004 | properties:
3005 | accessFrom:
3006 | description: |-
3007 | AccessFrom specifies an Access Control List for allowing cross-namespace
3008 | references to this object.
3009 | NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3010 | properties:
3011 | namespaceSelectors:
3012 | description: |-
3013 | NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3014 | Items in this list are evaluated using a logical OR operation.
3015 | items:
3016 | description: |-
3017 | NamespaceSelector selects the namespaces to which this ACL applies.
3018 | An empty map of MatchLabels matches all namespaces in a cluster.
3019 | properties:
3020 | matchLabels:
3021 | additionalProperties:
3022 | type: string
3023 | description: |-
3024 | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3025 | map is equivalent to an element of matchExpressions, whose key field is "key", the
3026 | operator is "In", and the values array contains only "value". The requirements are ANDed.
3027 | type: object
3028 | type: object
3029 | type: array
3030 | required:
3031 | - namespaceSelectors
3032 | type: object
3033 | certSecretRef:
3034 | description: |-
3035 | CertSecretRef can be given the name of a Secret containing
3036 | either or both of
3037 |
3038 | - a PEM-encoded client certificate (`tls.crt`) and private
3039 | key (`tls.key`);
3040 | - a PEM-encoded CA certificate (`ca.crt`)
3041 |
3042 | and whichever are supplied, will be used for connecting to the
3043 | registry. The client cert and key are useful if you are
3044 | authenticating with a certificate; the CA cert is useful if
3045 | you are using a self-signed server certificate. The Secret must
3046 | be of type `Opaque` or `kubernetes.io/tls`.
3047 |
3048 | It takes precedence over the values specified in the Secret referred
3049 | to by `.spec.secretRef`.
3050 | properties:
3051 | name:
3052 | description: Name of the referent.
3053 | type: string
3054 | required:
3055 | - name
3056 | type: object
3057 | insecure:
3058 | description: |-
3059 | Insecure allows connecting to a non-TLS HTTP container registry.
3060 | This field is only taken into account if the .spec.type field is set to 'oci'.
3061 | type: boolean
3062 | interval:
3063 | description: |-
3064 | Interval at which the HelmRepository URL is checked for updates.
3065 | This interval is approximate and may be subject to jitter to ensure
3066 | efficient use of resources.
3067 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3068 | type: string
3069 | passCredentials:
3070 | description: |-
3071 | PassCredentials allows the credentials from the SecretRef to be passed
3072 | on to a host that does not match the host as defined in URL.
3073 | This may be required if the host of the advertised chart URLs in the
3074 | index differ from the defined URL.
3075 | Enabling this should be done with caution, as it can potentially result
3076 | in credentials getting stolen in a MITM-attack.
3077 | type: boolean
3078 | provider:
3079 | default: generic
3080 | description: |-
3081 | Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3082 | This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3083 | When not specified, defaults to 'generic'.
3084 | enum:
3085 | - generic
3086 | - aws
3087 | - azure
3088 | - gcp
3089 | type: string
3090 | secretRef:
3091 | description: |-
3092 | SecretRef specifies the Secret containing authentication credentials
3093 | for the HelmRepository.
3094 | For HTTP/S basic auth the secret must contain 'username' and 'password'
3095 | fields.
3096 | Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3097 | keys is deprecated. Please use `.spec.certSecretRef` instead.
3098 | properties:
3099 | name:
3100 | description: Name of the referent.
3101 | type: string
3102 | required:
3103 | - name
3104 | type: object
3105 | suspend:
3106 | description: |-
3107 | Suspend tells the controller to suspend the reconciliation of this
3108 | HelmRepository.
3109 | type: boolean
3110 | timeout:
3111 | description: |-
3112 | Timeout is used for the index fetch operation for an HTTPS helm repository,
3113 | and for remote OCI Repository operations like pulling for an OCI helm
3114 | chart by the associated HelmChart.
3115 | Its default value is 60s.
3116 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3117 | type: string
3118 | type:
3119 | description: |-
3120 | Type of the HelmRepository.
3121 | When this field is set to "oci", the URL field value must be prefixed with "oci://".
3122 | enum:
3123 | - default
3124 | - oci
3125 | type: string
3126 | url:
3127 | description: |-
3128 | URL of the Helm repository, a valid URL contains at least a protocol and
3129 | host.
3130 | pattern: ^(http|https|oci)://.*$
3131 | type: string
3132 | required:
3133 | - url
3134 | type: object
3135 | status:
3136 | default:
3137 | observedGeneration: -1
3138 | description: HelmRepositoryStatus records the observed state of the HelmRepository.
3139 | properties:
3140 | artifact:
3141 | description: Artifact represents the last successful HelmRepository
3142 | reconciliation.
3143 | properties:
3144 | digest:
3145 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3146 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3147 | type: string
3148 | lastUpdateTime:
3149 | description: |-
3150 | LastUpdateTime is the timestamp corresponding to the last update of the
3151 | Artifact.
3152 | format: date-time
3153 | type: string
3154 | metadata:
3155 | additionalProperties:
3156 | type: string
3157 | description: Metadata holds upstream information such as OCI annotations.
3158 | type: object
3159 | path:
3160 | description: |-
3161 | Path is the relative file path of the Artifact. It can be used to locate
3162 | the file in the root of the Artifact storage on the local file system of
3163 | the controller managing the Source.
3164 | type: string
3165 | revision:
3166 | description: |-
3167 | Revision is a human-readable identifier traceable in the origin source
3168 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3169 | type: string
3170 | size:
3171 | description: Size is the number of bytes in the file.
3172 | format: int64
3173 | type: integer
3174 | url:
3175 | description: |-
3176 | URL is the HTTP address of the Artifact as exposed by the controller
3177 | managing the Source. It can be used to retrieve the Artifact for
3178 | consumption, e.g. by another controller applying the Artifact contents.
3179 | type: string
3180 | required:
3181 | - digest
3182 | - lastUpdateTime
3183 | - path
3184 | - revision
3185 | - url
3186 | type: object
3187 | conditions:
3188 | description: Conditions holds the conditions for the HelmRepository.
3189 | items:
3190 | description: Condition contains details for one aspect of the current
3191 | state of this API Resource.
3192 | properties:
3193 | lastTransitionTime:
3194 | description: |-
3195 | lastTransitionTime is the last time the condition transitioned from one status to another.
3196 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3197 | format: date-time
3198 | type: string
3199 | message:
3200 | description: |-
3201 | message is a human readable message indicating details about the transition.
3202 | This may be an empty string.
3203 | maxLength: 32768
3204 | type: string
3205 | observedGeneration:
3206 | description: |-
3207 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3208 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3209 | with respect to the current state of the instance.
3210 | format: int64
3211 | minimum: 0
3212 | type: integer
3213 | reason:
3214 | description: |-
3215 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
3216 | Producers of specific condition types may define expected values and meanings for this field,
3217 | and whether the values are considered a guaranteed API.
3218 | The value should be a CamelCase string.
3219 | This field may not be empty.
3220 | maxLength: 1024
3221 | minLength: 1
3222 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3223 | type: string
3224 | status:
3225 | description: status of the condition, one of True, False, Unknown.
3226 | enum:
3227 | - "True"
3228 | - "False"
3229 | - Unknown
3230 | type: string
3231 | type:
3232 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3233 | maxLength: 316
3234 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3235 | type: string
3236 | required:
3237 | - lastTransitionTime
3238 | - message
3239 | - reason
3240 | - status
3241 | - type
3242 | type: object
3243 | type: array
3244 | lastHandledReconcileAt:
3245 | description: |-
3246 | LastHandledReconcileAt holds the value of the most recent
3247 | reconcile request value, so a change of the annotation value
3248 | can be detected.
3249 | type: string
3250 | observedGeneration:
3251 | description: |-
3252 | ObservedGeneration is the last observed generation of the HelmRepository
3253 | object.
3254 | format: int64
3255 | type: integer
3256 | url:
3257 | description: |-
3258 | URL is the dynamic fetch link for the latest Artifact.
3259 | It is provided on a "best effort" basis, and using the precise
3260 | HelmRepositoryStatus.Artifact data is recommended.
3261 | type: string
3262 | type: object
3263 | type: object
3264 | served: true
3265 | storage: false
3266 | subresources:
3267 | status: {}
3268 | ---
3269 | apiVersion: apiextensions.k8s.io/v1
3270 | kind: CustomResourceDefinition
3271 | metadata:
3272 | annotations:
3273 | controller-gen.kubebuilder.io/version: v0.19.0
3274 | labels:
3275 | app.kubernetes.io/component: source-controller
3276 | app.kubernetes.io/part-of: flux
3277 | name: ocirepositories.source.toolkit.fluxcd.io
3278 | spec:
3279 | group: source.toolkit.fluxcd.io
3280 | names:
3281 | kind: OCIRepository
3282 | listKind: OCIRepositoryList
3283 | plural: ocirepositories
3284 | shortNames:
3285 | - ocirepo
3286 | singular: ocirepository
3287 | scope: Namespaced
3288 | versions:
3289 | - additionalPrinterColumns:
3290 | - jsonPath: .spec.url
3291 | name: URL
3292 | type: string
3293 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
3294 | name: Ready
3295 | type: string
3296 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
3297 | name: Status
3298 | type: string
3299 | - jsonPath: .metadata.creationTimestamp
3300 | name: Age
3301 | type: date
3302 | name: v1
3303 | schema:
3304 | openAPIV3Schema:
3305 | description: OCIRepository is the Schema for the ocirepositories API
3306 | properties:
3307 | apiVersion:
3308 | description: |-
3309 | APIVersion defines the versioned schema of this representation of an object.
3310 | Servers should convert recognized schemas to the latest internal value, and
3311 | may reject unrecognized values.
3312 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3313 | type: string
3314 | kind:
3315 | description: |-
3316 | Kind is a string value representing the REST resource this object represents.
3317 | Servers may infer this from the endpoint the client submits requests to.
3318 | Cannot be updated.
3319 | In CamelCase.
3320 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3321 | type: string
3322 | metadata:
3323 | type: object
3324 | spec:
3325 | description: OCIRepositorySpec defines the desired state of OCIRepository
3326 | properties:
3327 | certSecretRef:
3328 | description: |-
3329 | CertSecretRef can be given the name of a Secret containing
3330 | either or both of
3331 |
3332 | - a PEM-encoded client certificate (`tls.crt`) and private
3333 | key (`tls.key`);
3334 | - a PEM-encoded CA certificate (`ca.crt`)
3335 |
3336 | and whichever are supplied, will be used for connecting to the
3337 | registry. The client cert and key are useful if you are
3338 | authenticating with a certificate; the CA cert is useful if
3339 | you are using a self-signed server certificate. The Secret must
3340 | be of type `Opaque` or `kubernetes.io/tls`.
3341 | properties:
3342 | name:
3343 | description: Name of the referent.
3344 | type: string
3345 | required:
3346 | - name
3347 | type: object
3348 | ignore:
3349 | description: |-
3350 | Ignore overrides the set of excluded patterns in the .sourceignore format
3351 | (which is the same as .gitignore). If not provided, a default will be used,
3352 | consult the documentation for your version to find out what those are.
3353 | type: string
3354 | insecure:
3355 | description: Insecure allows connecting to a non-TLS HTTP container
3356 | registry.
3357 | type: boolean
3358 | interval:
3359 | description: |-
3360 | Interval at which the OCIRepository URL is checked for updates.
3361 | This interval is approximate and may be subject to jitter to ensure
3362 | efficient use of resources.
3363 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3364 | type: string
3365 | layerSelector:
3366 | description: |-
3367 | LayerSelector specifies which layer should be extracted from the OCI artifact.
3368 | When not specified, the first layer found in the artifact is selected.
3369 | properties:
3370 | mediaType:
3371 | description: |-
3372 | MediaType specifies the OCI media type of the layer
3373 | which should be extracted from the OCI Artifact. The
3374 | first layer matching this type is selected.
3375 | type: string
3376 | operation:
3377 | description: |-
3378 | Operation specifies how the selected layer should be processed.
3379 | By default, the layer compressed content is extracted to storage.
3380 | When the operation is set to 'copy', the layer compressed content
3381 | is persisted to storage as it is.
3382 | enum:
3383 | - extract
3384 | - copy
3385 | type: string
3386 | type: object
3387 | provider:
3388 | default: generic
3389 | description: |-
3390 | The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3391 | When not specified, defaults to 'generic'.
3392 | enum:
3393 | - generic
3394 | - aws
3395 | - azure
3396 | - gcp
3397 | type: string
3398 | proxySecretRef:
3399 | description: |-
3400 | ProxySecretRef specifies the Secret containing the proxy configuration
3401 | to use while communicating with the container registry.
3402 | properties:
3403 | name:
3404 | description: Name of the referent.
3405 | type: string
3406 | required:
3407 | - name
3408 | type: object
3409 | ref:
3410 | description: |-
3411 | The OCI reference to pull and monitor for changes,
3412 | defaults to the latest tag.
3413 | properties:
3414 | digest:
3415 | description: |-
3416 | Digest is the image digest to pull, takes precedence over SemVer.
3417 | The value should be in the format 'sha256:<HASH>'.
3418 | type: string
3419 | semver:
3420 | description: |-
3421 | SemVer is the range of tags to pull selecting the latest within
3422 | the range, takes precedence over Tag.
3423 | type: string
3424 | semverFilter:
3425 | description: SemverFilter is a regex pattern to filter the tags
3426 | within the SemVer range.
3427 | type: string
3428 | tag:
3429 | description: Tag is the image tag to pull, defaults to latest.
3430 | type: string
3431 | type: object
3432 | secretRef:
3433 | description: |-
3434 | SecretRef contains the secret name containing the registry login
3435 | credentials to resolve image metadata.
3436 | The secret must be of type kubernetes.io/dockerconfigjson.
3437 | properties:
3438 | name:
3439 | description: Name of the referent.
3440 | type: string
3441 | required:
3442 | - name
3443 | type: object
3444 | serviceAccountName:
3445 | description: |-
3446 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
3447 | the image pull if the service account has attached pull secrets. For more information:
3448 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
3449 | type: string
3450 | suspend:
3451 | description: This flag tells the controller to suspend the reconciliation
3452 | of this source.
3453 | type: boolean
3454 | timeout:
3455 | default: 60s
3456 | description: The timeout for remote OCI Repository operations like
3457 | pulling, defaults to 60s.
3458 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3459 | type: string
3460 | url:
3461 | description: |-
3462 | URL is a reference to an OCI artifact repository hosted
3463 | on a remote container registry.
3464 | pattern: ^oci://.*$
3465 | type: string
3466 | verify:
3467 | description: |-
3468 | Verify contains the secret name containing the trusted public keys
3469 | used to verify the signature and specifies which provider to use to check
3470 | whether OCI image is authentic.
3471 | properties:
3472 | matchOIDCIdentity:
3473 | description: |-
3474 | MatchOIDCIdentity specifies the identity matching criteria to use
3475 | while verifying an OCI artifact which was signed using Cosign keyless
3476 | signing. The artifact's identity is deemed to be verified if any of the
3477 | specified matchers match against the identity.
3478 | items:
3479 | description: |-
3480 | OIDCIdentityMatch specifies options for verifying the certificate identity,
3481 | i.e. the issuer and the subject of the certificate.
3482 | properties:
3483 | issuer:
3484 | description: |-
3485 | Issuer specifies the regex pattern to match against to verify
3486 | the OIDC issuer in the Fulcio certificate. The pattern must be a
3487 | valid Go regular expression.
3488 | type: string
3489 | subject:
3490 | description: |-
3491 | Subject specifies the regex pattern to match against to verify
3492 | the identity subject in the Fulcio certificate. The pattern must
3493 | be a valid Go regular expression.
3494 | type: string
3495 | required:
3496 | - issuer
3497 | - subject
3498 | type: object
3499 | type: array
3500 | provider:
3501 | default: cosign
3502 | description: Provider specifies the technology used to sign the
3503 | OCI Artifact.
3504 | enum:
3505 | - cosign
3506 | - notation
3507 | type: string
3508 | secretRef:
3509 | description: |-
3510 | SecretRef specifies the Kubernetes Secret containing the
3511 | trusted public keys.
3512 | properties:
3513 | name:
3514 | description: Name of the referent.
3515 | type: string
3516 | required:
3517 | - name
3518 | type: object
3519 | required:
3520 | - provider
3521 | type: object
3522 | required:
3523 | - interval
3524 | - url
3525 | type: object
3526 | status:
3527 | default:
3528 | observedGeneration: -1
3529 | description: OCIRepositoryStatus defines the observed state of OCIRepository
3530 | properties:
3531 | artifact:
3532 | description: Artifact represents the output of the last successful
3533 | OCI Repository sync.
3534 | properties:
3535 | digest:
3536 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3537 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3538 | type: string
3539 | lastUpdateTime:
3540 | description: |-
3541 | LastUpdateTime is the timestamp corresponding to the last update of the
3542 | Artifact.
3543 | format: date-time
3544 | type: string
3545 | metadata:
3546 | additionalProperties:
3547 | type: string
3548 | description: Metadata holds upstream information such as OCI annotations.
3549 | type: object
3550 | path:
3551 | description: |-
3552 | Path is the relative file path of the Artifact. It can be used to locate
3553 | the file in the root of the Artifact storage on the local file system of
3554 | the controller managing the Source.
3555 | type: string
3556 | revision:
3557 | description: |-
3558 | Revision is a human-readable identifier traceable in the origin source
3559 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3560 | type: string
3561 | size:
3562 | description: Size is the number of bytes in the file.
3563 | format: int64
3564 | type: integer
3565 | url:
3566 | description: |-
3567 | URL is the HTTP address of the Artifact as exposed by the controller
3568 | managing the Source. It can be used to retrieve the Artifact for
3569 | consumption, e.g. by another controller applying the Artifact contents.
3570 | type: string
3571 | required:
3572 | - digest
3573 | - lastUpdateTime
3574 | - path
3575 | - revision
3576 | - url
3577 | type: object
3578 | conditions:
3579 | description: Conditions holds the conditions for the OCIRepository.
3580 | items:
3581 | description: Condition contains details for one aspect of the current
3582 | state of this API Resource.
3583 | properties:
3584 | lastTransitionTime:
3585 | description: |-
3586 | lastTransitionTime is the last time the condition transitioned from one status to another.
3587 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3588 | format: date-time
3589 | type: string
3590 | message:
3591 | description: |-
3592 | message is a human readable message indicating details about the transition.
3593 | This may be an empty string.
3594 | maxLength: 32768
3595 | type: string
3596 | observedGeneration:
3597 | description: |-
3598 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3599 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3600 | with respect to the current state of the instance.
3601 | format: int64
3602 | minimum: 0
3603 | type: integer
3604 | reason:
3605 | description: |-
3606 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
3607 | Producers of specific condition types may define expected values and meanings for this field,
3608 | and whether the values are considered a guaranteed API.
3609 | The value should be a CamelCase string.
3610 | This field may not be empty.
3611 | maxLength: 1024
3612 | minLength: 1
3613 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3614 | type: string
3615 | status:
3616 | description: status of the condition, one of True, False, Unknown.
3617 | enum:
3618 | - "True"
3619 | - "False"
3620 | - Unknown
3621 | type: string
3622 | type:
3623 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
3624 | maxLength: 316
3625 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3626 | type: string
3627 | required:
3628 | - lastTransitionTime
3629 | - message
3630 | - reason
3631 | - status
3632 | - type
3633 | type: object
3634 | type: array
3635 | lastHandledReconcileAt:
3636 | description: |-
3637 | LastHandledReconcileAt holds the value of the most recent
3638 | reconcile request value, so a change of the annotation value
3639 | can be detected.
3640 | type: string
3641 | observedGeneration:
3642 | description: ObservedGeneration is the last observed generation.
3643 | format: int64
3644 | type: integer
3645 | observedIgnore:
3646 | description: |-
3647 | ObservedIgnore is the observed exclusion patterns used for constructing
3648 | the source artifact.
3649 | type: string
3650 | observedLayerSelector:
3651 | description: |-
3652 | ObservedLayerSelector is the observed layer selector used for constructing
3653 | the source artifact.
3654 | properties:
3655 | mediaType:
3656 | description: |-
3657 | MediaType specifies the OCI media type of the layer
3658 | which should be extracted from the OCI Artifact. The
3659 | first layer matching this type is selected.
3660 | type: string
3661 | operation:
3662 | description: |-
3663 | Operation specifies how the selected layer should be processed.
3664 | By default, the layer compressed content is extracted to storage.
3665 | When the operation is set to 'copy', the layer compressed content
3666 | is persisted to storage as it is.
3667 | enum:
3668 | - extract
3669 | - copy
3670 | type: string
3671 | type: object
3672 | url:
3673 | description: URL is the download link for the artifact output of the
3674 | last OCI Repository sync.
3675 | type: string
3676 | type: object
3677 | type: object
3678 | served: true
3679 | storage: true
3680 | subresources:
3681 | status: {}
3682 | - additionalPrinterColumns:
3683 | - jsonPath: .spec.url
3684 | name: URL
3685 | type: string
3686 | - jsonPath: .status.conditions[?(@.type=="Ready")].status
3687 | name: Ready
3688 | type: string
3689 | - jsonPath: .status.conditions[?(@.type=="Ready")].message
3690 | name: Status
3691 | type: string
3692 | - jsonPath: .metadata.creationTimestamp
3693 | name: Age
3694 | type: date
3695 | deprecated: true
3696 | deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1
3697 | name: v1beta2
3698 | schema:
3699 | openAPIV3Schema:
3700 | description: OCIRepository is the Schema for the ocirepositories API
3701 | properties:
3702 | apiVersion:
3703 | description: |-
3704 | APIVersion defines the versioned schema of this representation of an object.
3705 | Servers should convert recognized schemas to the latest internal value, and
3706 | may reject unrecognized values.
3707 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3708 | type: string
3709 | kind:
3710 | description: |-
3711 | Kind is a string value representing the REST resource this object represents.
3712 | Servers may infer this from the endpoint the client submits requests to.
3713 | Cannot be updated.
3714 | In CamelCase.
3715 | More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3716 | type: string
3717 | metadata:
3718 | type: object
3719 | spec:
3720 | description: OCIRepositorySpec defines the desired state of OCIRepository
3721 | properties:
3722 | certSecretRef:
3723 | description: |-
3724 | CertSecretRef can be given the name of a Secret containing
3725 | either or both of
3726 |
3727 | - a PEM-encoded client certificate (`tls.crt`) and private
3728 | key (`tls.key`);
3729 | - a PEM-encoded CA certificate (`ca.crt`)
3730 |
3731 | and whichever are supplied, will be used for connecting to the
3732 | registry. The client cert and key are useful if you are
3733 | authenticating with a certificate; the CA cert is useful if
3734 | you are using a self-signed server certificate. The Secret must
3735 | be of type `Opaque` or `kubernetes.io/tls`.
3736 |
3737 | Note: Support for the `caFile`, `certFile` and `keyFile` keys have
3738 | been deprecated.
3739 | properties:
3740 | name:
3741 | description: Name of the referent.
3742 | type: string
3743 | required:
3744 | - name
3745 | type: object
3746 | ignore:
3747 | description: |-
3748 | Ignore overrides the set of excluded patterns in the .sourceignore format
3749 | (which is the same as .gitignore). If not provided, a default will be used,
3750 | consult the documentation for your version to find out what those are.
3751 | type: string
3752 | insecure:
3753 | description: Insecure allows connecting to a non-TLS HTTP container
3754 | registry.
3755 | type: boolean
3756 | interval:
3757 | description: |-
3758 | Interval at which the OCIRepository URL is checked for updates.
3759 | This interval is approximate and may be subject to jitter to ensure
3760 | efficient use of resources.
3761 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3762 | type: string
3763 | layerSelector:
3764 | description: |-
3765 | LayerSelector specifies which layer should be extracted from the OCI artifact.
3766 | When not specified, the first layer found in the artifact is selected.
3767 | properties:
3768 | mediaType:
3769 | description: |-
3770 | MediaType specifies the OCI media type of the layer
3771 | which should be extracted from the OCI Artifact. The
3772 | first layer matching this type is selected.
3773 | type: string
3774 | operation:
3775 | description: |-
3776 | Operation specifies how the selected layer should be processed.
3777 | By default, the layer compressed content is extracted to storage.
3778 | When the operation is set to 'copy', the layer compressed content
3779 | is persisted to storage as it is.
3780 | enum:
3781 | - extract
3782 | - copy
3783 | type: string
3784 | type: object
3785 | provider:
3786 | default: generic
3787 | description: |-
3788 | The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3789 | When not specified, defaults to 'generic'.
3790 | enum:
3791 | - generic
3792 | - aws
3793 | - azure
3794 | - gcp
3795 | type: string
3796 | proxySecretRef:
3797 | description: |-
3798 | ProxySecretRef specifies the Secret containing the proxy configuration
3799 | to use while communicating with the container registry.
3800 | properties:
3801 | name:
3802 | description: Name of the referent.
3803 | type: string
3804 | required:
3805 | - name
3806 | type: object
3807 | ref:
3808 | description: |-
3809 | The OCI reference to pull and monitor for changes,
3810 | defaults to the latest tag.
3811 | properties:
3812 | digest:
3813 | description: |-
3814 | Digest is the image digest to pull, takes precedence over SemVer.
3815 | The value should be in the format 'sha256:<HASH>'.
3816 | type: string
3817 | semver:
3818 | description: |-
3819 | SemVer is the range of tags to pull selecting the latest within
3820 | the range, takes precedence over Tag.
3821 | type: string
3822 | semverFilter:
3823 | description: SemverFilter is a regex pattern to filter the tags
3824 | within the SemVer range.
3825 | type: string
3826 | tag:
3827 | description: Tag is the image tag to pull, defaults to latest.
3828 | type: string
3829 | type: object
3830 | secretRef:
3831 | description: |-
3832 | SecretRef contains the secret name containing the registry login
3833 | credentials to resolve image metadata.
3834 | The secret must be of type kubernetes.io/dockerconfigjson.
3835 | properties:
3836 | name:
3837 | description: Name of the referent.
3838 | type: string
3839 | required:
3840 | - name
3841 | type: object
3842 | serviceAccountName:
3843 | description: |-
3844 | ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
3845 | the image pull if the service account has attached pull secrets. For more information:
3846 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
3847 | type: string
3848 | suspend:
3849 | description: This flag tells the controller to suspend the reconciliation
3850 | of this source.
3851 | type: boolean
3852 | timeout:
3853 | default: 60s
3854 | description: The timeout for remote OCI Repository operations like
3855 | pulling, defaults to 60s.
3856 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3857 | type: string
3858 | url:
3859 | description: |-
3860 | URL is a reference to an OCI artifact repository hosted
3861 | on a remote container registry.
3862 | pattern: ^oci://.*$
3863 | type: string
3864 | verify:
3865 | description: |-
3866 | Verify contains the secret name containing the trusted public keys
3867 | used to verify the signature and specifies which provider to use to check
3868 | whether OCI image is authentic.
3869 | properties:
3870 | matchOIDCIdentity:
3871 | description: |-
3872 | MatchOIDCIdentity specifies the identity matching criteria to use
3873 | while verifying an OCI artifact which was signed using Cosign keyless
3874 | signing. The artifact's identity is deemed to be verified if any of the
3875 | specified matchers match against the identity.
3876 | items:
3877 | description: |-
3878 | OIDCIdentityMatch specifies options for verifying the certificate identity,
3879 | i.e. the issuer and the subject of the certificate.
3880 | properties:
3881 | issuer:
3882 | description: |-
3883 | Issuer specifies the regex pattern to match against to verify
3884 | the OIDC issuer in the Fulcio certificate. The pattern must be a
3885 | valid Go regular expression.
3886 | type: string
3887 | subject:
3888 | description: |-
3889 | Subject specifies the regex pattern to match against to verify
3890 | the identity subject in the Fulcio certificate. The pattern must
3891 | be a valid Go regular expression.
3892 | type: string
3893 | required:
3894 | - issuer
3895 | - subject
3896 | type: object
3897 | type: array
3898 | provider:
3899 | default: cosign
3900 | description: Provider specifies the technology used to sign the
3901 | OCI Artifact.
3902 | enum:
3903 | - cosign
3904 | - notation
3905 | type: string
3906 | secretRef:
3907 | description: |-
3908 | SecretRef specifies the Kubernetes Secret containing the
3909 | trusted public keys.
3910 | properties:
3911 | name:
3912 | description: Name of the referent.
3913 | type: string
3914 | required:
3915 | - name
3916 | type: object
3917 | required:
3918 | - provider
3919 | type: object
3920 | required:
3921 | - interval
3922 | - url
3923 | type: object
3924 | status:
3925 | default:
3926 | observedGeneration: -1
3927 | description: OCIRepositoryStatus defines the observed state of OCIRepository
3928 | properties:
3929 | artifact:
3930 | description: Artifact represents the output of the last successful
3931 | OCI Repository sync.
3932 | properties:
3933 | digest:
3934 | description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3935 | pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3936 | type: string
3937 | lastUpdateTime:
3938 | description: |-
3939 | LastUpdateTime is the timestamp corresponding to the last update of the
3940 | Artifact.
3941 | format: date-time
3942 | type: string
3943 | metadata:
3944 | additionalProperties:
3945 | type: string
3946 | description: Metadata holds upstream information such as OCI annotations.
3947 | type: object
3948 | path:
3949 | description: |-
3950 | Path is the relative file path of the Artifact. It can be used to locate
3951 | the file in the root of the Artifact storage on the local file system of
3952 | the controller managing the Source.
3953 | type: string
3954 | revision:
3955 | description: |-
3956 | Revision is a human-readable identifier traceable in the origin source
3957 | system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3958 | type: string
3959 | size:
3960 | description: Size is the number of bytes in the file.
3961 | format: int64
3962 | type: integer
3963 | url:
3964 | description: |-
3965 | URL is the HTTP address of the Artifact as exposed by the controller
3966 | managing the Source. It can be used to retrieve the Artifact for
3967 | consumption, e.g. by another controller applying the Artifact contents.
3968 | type: string
3969 | required:
3970 | - digest
3971 | - lastUpdateTime
3972 | - path
3973 | - revision
3974 | - url
3975 | type: object
3976 | conditions:
3977 | description: Conditions holds the conditions for the OCIRepository.
3978 | items:
3979 | description: Condition contains details for one aspect of the current
3980 | state of this API Resource.
3981 | properties:
3982 | lastTransitionTime:
3983 | description: |-
3984 | lastTransitionTime is the last time the condition transitioned from one status to another.
3985 | This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3986 | format: date-time
3987 | type: string
3988 | message:
3989 | description: |-
3990 | message is a human readable message indicating details about the transition.
3991 | This may be an empty string.
3992 | maxLength: 32768
3993 | type: string
3994 | observedGeneration:
3995 | description: |-
3996 | observedGeneration represents the .metadata.generation that the condition was set based upon.
3997 | For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3998 | with respect to the current state of the instance.
3999 | format: int64
4000 | minimum: 0
4001 | type: integer
4002 | reason:
4003 | description: |-
4004 | reason contains a programmatic identifier indicating the reason for the condition's last transition.
4005 | Producers of specific condition types may define expected values and meanings for this field,
4006 | and whether the values are considered a guaranteed API.
4007 | The value should be a CamelCase string.
4008 | This field may not be empty.
4009 | maxLength: 1024
4010 | minLength: 1
4011 | pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4012 | type: string
4013 | status:
4014 | description: status of the condition, one of True, False, Unknown.
4015 | enum:
4016 | - "True"
4017 | - "False"
4018 | - Unknown
4019 | type: string
4020 | type:
4021 | description: type of condition in CamelCase or in foo.example.com/CamelCase.
4022 | maxLength: 316
4023 | pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4024 | type: string
4025 | required:
4026 | - lastTransitionTime
4027 | - message
4028 | - reason
4029 | - status
4030 | - type
4031 | type: object
4032 | type: array
4033 | contentConfigChecksum:
4034 | description: |-
4035 | ContentConfigChecksum is a checksum of all the configurations related to
4036 | the content of the source artifact:
4037 | - .spec.ignore
4038 | - .spec.layerSelector
4039 | observed in .status.observedGeneration version of the object. This can
4040 | be used to determine if the content configuration has changed and the
4041 | artifact needs to be rebuilt.
4042 | It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
4043 |
4044 | Deprecated: Replaced with explicit fields for observed artifact content
4045 | config in the status.
4046 | type: string
4047 | lastHandledReconcileAt:
4048 | description: |-
4049 | LastHandledReconcileAt holds the value of the most recent
4050 | reconcile request value, so a change of the annotation value
4051 | can be detected.
4052 | type: string
4053 | observedGeneration:
4054 | description: ObservedGeneration is the last observed generation.
4055 | format: int64
4056 | type: integer
4057 | observedIgnore:
4058 | description: |-
4059 | ObservedIgnore is the observed exclusion patterns used for constructing
4060 | the source artifact.
4061 | type: string
4062 | observedLayerSelector:
4063 | description: |-
4064 | ObservedLayerSelector is the observed layer selector used for constructing
4065 | the source artifact.
4066 | properties:
4067 | mediaType:
4068 | description: |-
4069 | MediaType specifies the OCI media type of the layer
4070 | which should be extracted from the OCI Artifact. The
4071 | first layer matching this type is selected.
4072 | type: string
4073 | operation:
4074 | description: |-
4075 | Operation specifies how the selected layer should be processed.
4076 | By default, the layer compressed content is extracted to storage.
4077 | When the operation is set to 'copy', the layer compressed content
4078 | is persisted to storage as it is.
4079 | enum:
4080 | - extract
4081 | - copy
4082 | type: string
4083 | type: object
4084 | url:
4085 | description: URL is the download link for the artifact output of the
4086 | last OCI Repository sync.
4087 | type: string
4088 | type: object
4089 | type: object
4090 | served: true
4091 | storage: false
4092 | subresources:
4093 | status: {}
4094 | ---
4095 | apiVersion: v1
4096 | kind: ServiceAccount
4097 | metadata:
4098 | labels:
4099 | app.kubernetes.io/component: source-controller
4100 | app.kubernetes.io/part-of: flux
4101 | name: source-controller
4102 | ---
4103 | apiVersion: v1
4104 | kind: Service
4105 | metadata:
4106 | labels:
4107 | app.kubernetes.io/component: source-controller
4108 | app.kubernetes.io/part-of: flux
4109 | control-plane: controller
4110 | name: source-controller
4111 | spec:
4112 | ports:
4113 | - name: http
4114 | port: 80
4115 | protocol: TCP
4116 | targetPort: http
4117 | selector:
4118 | app: source-controller
4119 | type: ClusterIP
4120 | ---
4121 | apiVersion: apps/v1
4122 | kind: Deployment
4123 | metadata:
4124 | labels:
4125 | app.kubernetes.io/component: source-controller
4126 | app.kubernetes.io/part-of: flux
4127 | control-plane: controller
4128 | name: source-controller
4129 | spec:
4130 | replicas: 1
4131 | selector:
4132 | matchLabels:
4133 | app: source-controller
4134 | strategy:
4135 | type: Recreate
4136 | template:
4137 | metadata:
4138 | annotations:
4139 | prometheus.io/port: "8080"
4140 | prometheus.io/scrape: "true"
4141 | labels:
4142 | app: source-controller
4143 | app.kubernetes.io/component: source-controller
4144 | app.kubernetes.io/part-of: flux
4145 | spec:
4146 | containers:
4147 | - args:
4148 | - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
4149 | - --watch-all-namespaces
4150 | - --log-level=info
4151 | - --log-encoding=json
4152 | - --enable-leader-election
4153 | - --storage-path=/data
4154 | - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
4155 | env:
4156 | - name: RUNTIME_NAMESPACE
4157 | valueFrom:
4158 | fieldRef:
4159 | fieldPath: metadata.namespace
4160 | - name: TUF_ROOT
4161 | value: /tmp/.sigstore
4162 | - name: GOMEMLIMIT
4163 | valueFrom:
4164 | resourceFieldRef:
4165 | containerName: manager
4166 | resource: limits.memory
4167 | image: fluxcd/source-controller:v1.7.1
4168 | imagePullPolicy: IfNotPresent
4169 | livenessProbe:
4170 | httpGet:
4171 | path: /healthz
4172 | port: healthz
4173 | name: manager
4174 | ports:
4175 | - containerPort: 9090
4176 | name: http
4177 | protocol: TCP
4178 | - containerPort: 8080
4179 | name: http-prom
4180 | protocol: TCP
4181 | - containerPort: 9440
4182 | name: healthz
4183 | protocol: TCP
4184 | readinessProbe:
4185 | httpGet:
4186 | path: /
4187 | port: http
4188 | resources:
4189 | limits:
4190 | cpu: 1000m
4191 | memory: 1Gi
4192 | requests:
4193 | cpu: 50m
4194 | memory: 64Mi
4195 | securityContext:
4196 | allowPrivilegeEscalation: false
4197 | capabilities:
4198 | drop:
4199 | - ALL
4200 | readOnlyRootFilesystem: true
4201 | runAsNonRoot: true
4202 | seccompProfile:
4203 | type: RuntimeDefault
4204 | volumeMounts:
4205 | - mountPath: /data
4206 | name: data
4207 | - mountPath: /tmp
4208 | name: tmp
4209 | priorityClassName: system-cluster-critical
4210 | securityContext:
4211 | fsGroup: 1337
4212 | serviceAccountName: source-controller
4213 | terminationGracePeriodSeconds: 10
4214 | volumes:
4215 | - emptyDir: {}
4216 | name: data
4217 | - emptyDir: {}
4218 | name: tmp
4219 |
```