commit b9a6d280745e190fd1f6e0252ab625214fb9eb33 · woovie.net/minecraft-helm-deployments

+10193

flux-system/gotk-components.yaml

··· 1 + --- 2 + # This manifest was generated by flux. DO NOT EDIT. 3 + # Flux Version: v2.7.3 4 + # Components: source-controller,kustomize-controller,helm-controller,notification-controller 5 + apiVersion: v1 6 + kind: Namespace 7 + metadata: 8 + labels: 9 + app.kubernetes.io/instance: flux-system 10 + app.kubernetes.io/part-of: flux 11 + app.kubernetes.io/version: v2.7.3 12 + pod-security.kubernetes.io/warn: restricted 13 + pod-security.kubernetes.io/warn-version: latest 14 + name: flux-system 15 + --- 16 + apiVersion: networking.k8s.io/v1 17 + kind: NetworkPolicy 18 + metadata: 19 + labels: 20 + app.kubernetes.io/instance: flux-system 21 + app.kubernetes.io/part-of: flux 22 + app.kubernetes.io/version: v2.7.3 23 + name: allow-egress 24 + namespace: flux-system 25 + spec: 26 + egress: 27 + - {} 28 + ingress: 29 + - from: 30 + - podSelector: {} 31 + podSelector: {} 32 + policyTypes: 33 + - Ingress 34 + - Egress 35 + --- 36 + apiVersion: networking.k8s.io/v1 37 + kind: NetworkPolicy 38 + metadata: 39 + labels: 40 + app.kubernetes.io/instance: flux-system 41 + app.kubernetes.io/part-of: flux 42 + app.kubernetes.io/version: v2.7.3 43 + name: allow-scraping 44 + namespace: flux-system 45 + spec: 46 + ingress: 47 + - from: 48 + - namespaceSelector: {} 49 + ports: 50 + - port: 8080 51 + protocol: TCP 52 + podSelector: {} 53 + policyTypes: 54 + - Ingress 55 + --- 56 + apiVersion: networking.k8s.io/v1 57 + kind: NetworkPolicy 58 + metadata: 59 + labels: 60 + app.kubernetes.io/instance: flux-system 61 + app.kubernetes.io/part-of: flux 62 + app.kubernetes.io/version: v2.7.3 63 + name: allow-webhooks 64 + namespace: flux-system 65 + spec: 66 + ingress: 67 + - from: 68 + - namespaceSelector: {} 69 + podSelector: 70 + matchLabels: 71 + app: notification-controller 72 + policyTypes: 73 + - Ingress 74 + --- 75 + apiVersion: v1 76 + kind: ResourceQuota 77 + metadata: 78 + labels: 79 + app.kubernetes.io/instance: flux-system 80 + app.kubernetes.io/part-of: flux 81 + app.kubernetes.io/version: v2.7.3 82 + name: critical-pods-flux-system 83 + namespace: flux-system 84 + spec: 85 + hard: 86 + pods: "1000" 87 + scopeSelector: 88 + matchExpressions: 89 + - operator: In 90 + scopeName: PriorityClass 91 + values: 92 + - system-node-critical 93 + - system-cluster-critical 94 + --- 95 + apiVersion: rbac.authorization.k8s.io/v1 96 + kind: ClusterRole 97 + metadata: 98 + labels: 99 + app.kubernetes.io/instance: flux-system 100 + app.kubernetes.io/part-of: flux 101 + app.kubernetes.io/version: v2.7.3 102 + name: crd-controller-flux-system 103 + rules: 104 + - apiGroups: 105 + - source.toolkit.fluxcd.io 106 + resources: 107 + - '*' 108 + verbs: 109 + - '*' 110 + - apiGroups: 111 + - kustomize.toolkit.fluxcd.io 112 + resources: 113 + - '*' 114 + verbs: 115 + - '*' 116 + - apiGroups: 117 + - helm.toolkit.fluxcd.io 118 + resources: 119 + - '*' 120 + verbs: 121 + - '*' 122 + - apiGroups: 123 + - notification.toolkit.fluxcd.io 124 + resources: 125 + - '*' 126 + verbs: 127 + - '*' 128 + - apiGroups: 129 + - image.toolkit.fluxcd.io 130 + resources: 131 + - '*' 132 + verbs: 133 + - '*' 134 + - apiGroups: 135 + - source.extensions.fluxcd.io 136 + resources: 137 + - '*' 138 + verbs: 139 + - '*' 140 + - apiGroups: 141 + - "" 142 + resources: 143 + - namespaces 144 + - secrets 145 + - configmaps 146 + - serviceaccounts 147 + verbs: 148 + - get 149 + - list 150 + - watch 151 + - apiGroups: 152 + - "" 153 + resources: 154 + - events 155 + verbs: 156 + - create 157 + - patch 158 + - apiGroups: 159 + - "" 160 + resources: 161 + - configmaps 162 + verbs: 163 + - get 164 + - list 165 + - watch 166 + - create 167 + - update 168 + - patch 169 + - delete 170 + - apiGroups: 171 + - "" 172 + resources: 173 + - configmaps/status 174 + verbs: 175 + - get 176 + - update 177 + - patch 178 + - apiGroups: 179 + - coordination.k8s.io 180 + resources: 181 + - leases 182 + verbs: 183 + - get 184 + - list 185 + - watch 186 + - create 187 + - update 188 + - patch 189 + - delete 190 + - apiGroups: 191 + - "" 192 + resources: 193 + - serviceaccounts/token 194 + verbs: 195 + - create 196 + - nonResourceURLs: 197 + - /livez/ping 198 + verbs: 199 + - head 200 + --- 201 + apiVersion: rbac.authorization.k8s.io/v1 202 + kind: ClusterRole 203 + metadata: 204 + labels: 205 + app.kubernetes.io/instance: flux-system 206 + app.kubernetes.io/part-of: flux 207 + app.kubernetes.io/version: v2.7.3 208 + rbac.authorization.k8s.io/aggregate-to-admin: "true" 209 + rbac.authorization.k8s.io/aggregate-to-edit: "true" 210 + name: flux-edit-flux-system 211 + rules: 212 + - apiGroups: 213 + - notification.toolkit.fluxcd.io 214 + - source.toolkit.fluxcd.io 215 + - helm.toolkit.fluxcd.io 216 + - image.toolkit.fluxcd.io 217 + - kustomize.toolkit.fluxcd.io 218 + resources: 219 + - '*' 220 + verbs: 221 + - create 222 + - delete 223 + - deletecollection 224 + - patch 225 + - update 226 + --- 227 + apiVersion: rbac.authorization.k8s.io/v1 228 + kind: ClusterRole 229 + metadata: 230 + labels: 231 + app.kubernetes.io/instance: flux-system 232 + app.kubernetes.io/part-of: flux 233 + app.kubernetes.io/version: v2.7.3 234 + rbac.authorization.k8s.io/aggregate-to-admin: "true" 235 + rbac.authorization.k8s.io/aggregate-to-edit: "true" 236 + rbac.authorization.k8s.io/aggregate-to-view: "true" 237 + name: flux-view-flux-system 238 + rules: 239 + - apiGroups: 240 + - notification.toolkit.fluxcd.io 241 + - source.toolkit.fluxcd.io 242 + - helm.toolkit.fluxcd.io 243 + - image.toolkit.fluxcd.io 244 + - kustomize.toolkit.fluxcd.io 245 + resources: 246 + - '*' 247 + verbs: 248 + - get 249 + - list 250 + - watch 251 + --- 252 + apiVersion: rbac.authorization.k8s.io/v1 253 + kind: ClusterRoleBinding 254 + metadata: 255 + labels: 256 + app.kubernetes.io/instance: flux-system 257 + app.kubernetes.io/part-of: flux 258 + app.kubernetes.io/version: v2.7.3 259 + name: cluster-reconciler-flux-system 260 + roleRef: 261 + apiGroup: rbac.authorization.k8s.io 262 + kind: ClusterRole 263 + name: cluster-admin 264 + subjects: 265 + - kind: ServiceAccount 266 + name: kustomize-controller 267 + namespace: flux-system 268 + - kind: ServiceAccount 269 + name: helm-controller 270 + namespace: flux-system 271 + --- 272 + apiVersion: rbac.authorization.k8s.io/v1 273 + kind: ClusterRoleBinding 274 + metadata: 275 + labels: 276 + app.kubernetes.io/instance: flux-system 277 + app.kubernetes.io/part-of: flux 278 + app.kubernetes.io/version: v2.7.3 279 + name: crd-controller-flux-system 280 + roleRef: 281 + apiGroup: rbac.authorization.k8s.io 282 + kind: ClusterRole 283 + name: crd-controller-flux-system 284 + subjects: 285 + - kind: ServiceAccount 286 + name: kustomize-controller 287 + namespace: flux-system 288 + - kind: ServiceAccount 289 + name: helm-controller 290 + namespace: flux-system 291 + - kind: ServiceAccount 292 + name: source-controller 293 + namespace: flux-system 294 + - kind: ServiceAccount 295 + name: notification-controller 296 + namespace: flux-system 297 + - kind: ServiceAccount 298 + name: image-reflector-controller 299 + namespace: flux-system 300 + - kind: ServiceAccount 301 + name: image-automation-controller 302 + namespace: flux-system 303 + - kind: ServiceAccount 304 + name: source-watcher 305 + namespace: flux-system 306 + --- 307 + apiVersion: apiextensions.k8s.io/v1 308 + kind: CustomResourceDefinition 309 + metadata: 310 + annotations: 311 + controller-gen.kubebuilder.io/version: v0.19.0 312 + labels: 313 + app.kubernetes.io/component: source-controller 314 + app.kubernetes.io/instance: flux-system 315 + app.kubernetes.io/part-of: flux 316 + app.kubernetes.io/version: v2.7.3 317 + name: buckets.source.toolkit.fluxcd.io 318 + spec: 319 + group: source.toolkit.fluxcd.io 320 + names: 321 + kind: Bucket 322 + listKind: BucketList 323 + plural: buckets 324 + singular: bucket 325 + scope: Namespaced 326 + versions: 327 + - additionalPrinterColumns: 328 + - jsonPath: .spec.endpoint 329 + name: Endpoint 330 + type: string 331 + - jsonPath: .metadata.creationTimestamp 332 + name: Age 333 + type: date 334 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 335 + name: Ready 336 + type: string 337 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 338 + name: Status 339 + type: string 340 + name: v1 341 + schema: 342 + openAPIV3Schema: 343 + description: Bucket is the Schema for the buckets API. 344 + properties: 345 + apiVersion: 346 + description: |- 347 + APIVersion defines the versioned schema of this representation of an object. 348 + Servers should convert recognized schemas to the latest internal value, and 349 + may reject unrecognized values. 350 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 351 + type: string 352 + kind: 353 + description: |- 354 + Kind is a string value representing the REST resource this object represents. 355 + Servers may infer this from the endpoint the client submits requests to. 356 + Cannot be updated. 357 + In CamelCase. 358 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 359 + type: string 360 + metadata: 361 + type: object 362 + spec: 363 + description: |- 364 + BucketSpec specifies the required configuration to produce an Artifact for 365 + an object storage bucket. 366 + properties: 367 + bucketName: 368 + description: BucketName is the name of the object storage bucket. 369 + type: string 370 + certSecretRef: 371 + description: |- 372 + CertSecretRef can be given the name of a Secret containing 373 + either or both of 374 + 375 + - a PEM-encoded client certificate (`tls.crt`) and private 376 + key (`tls.key`); 377 + - a PEM-encoded CA certificate (`ca.crt`) 378 + 379 + and whichever are supplied, will be used for connecting to the 380 + bucket. The client cert and key are useful if you are 381 + authenticating with a certificate; the CA cert is useful if 382 + you are using a self-signed server certificate. The Secret must 383 + be of type `Opaque` or `kubernetes.io/tls`. 384 + 385 + This field is only supported for the `generic` provider. 386 + properties: 387 + name: 388 + description: Name of the referent. 389 + type: string 390 + required: 391 + - name 392 + type: object 393 + endpoint: 394 + description: Endpoint is the object storage address the BucketName 395 + is located at. 396 + type: string 397 + ignore: 398 + description: |- 399 + Ignore overrides the set of excluded patterns in the .sourceignore format 400 + (which is the same as .gitignore). If not provided, a default will be used, 401 + consult the documentation for your version to find out what those are. 402 + type: string 403 + insecure: 404 + description: Insecure allows connecting to a non-TLS HTTP Endpoint. 405 + type: boolean 406 + interval: 407 + description: |- 408 + Interval at which the Bucket Endpoint is checked for updates. 409 + This interval is approximate and may be subject to jitter to ensure 410 + efficient use of resources. 411 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 412 + type: string 413 + prefix: 414 + description: Prefix to use for server-side filtering of files in the 415 + Bucket. 416 + type: string 417 + provider: 418 + default: generic 419 + description: |- 420 + Provider of the object storage bucket. 421 + Defaults to 'generic', which expects an S3 (API) compatible object 422 + storage. 423 + enum: 424 + - generic 425 + - aws 426 + - gcp 427 + - azure 428 + type: string 429 + proxySecretRef: 430 + description: |- 431 + ProxySecretRef specifies the Secret containing the proxy configuration 432 + to use while communicating with the Bucket server. 433 + properties: 434 + name: 435 + description: Name of the referent. 436 + type: string 437 + required: 438 + - name 439 + type: object 440 + region: 441 + description: Region of the Endpoint where the BucketName is located 442 + in. 443 + type: string 444 + secretRef: 445 + description: |- 446 + SecretRef specifies the Secret containing authentication credentials 447 + for the Bucket. 448 + properties: 449 + name: 450 + description: Name of the referent. 451 + type: string 452 + required: 453 + - name 454 + type: object 455 + serviceAccountName: 456 + description: |- 457 + ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate 458 + the bucket. This field is only supported for the 'gcp' and 'aws' providers. 459 + For more information about workload identity: 460 + https://fluxcd.io/flux/components/source/buckets/#workload-identity 461 + type: string 462 + sts: 463 + description: |- 464 + STS specifies the required configuration to use a Security Token 465 + Service for fetching temporary credentials to authenticate in a 466 + Bucket provider. 467 + 468 + This field is only supported for the `aws` and `generic` providers. 469 + properties: 470 + certSecretRef: 471 + description: |- 472 + CertSecretRef can be given the name of a Secret containing 473 + either or both of 474 + 475 + - a PEM-encoded client certificate (`tls.crt`) and private 476 + key (`tls.key`); 477 + - a PEM-encoded CA certificate (`ca.crt`) 478 + 479 + and whichever are supplied, will be used for connecting to the 480 + STS endpoint. The client cert and key are useful if you are 481 + authenticating with a certificate; the CA cert is useful if 482 + you are using a self-signed server certificate. The Secret must 483 + be of type `Opaque` or `kubernetes.io/tls`. 484 + 485 + This field is only supported for the `ldap` provider. 486 + properties: 487 + name: 488 + description: Name of the referent. 489 + type: string 490 + required: 491 + - name 492 + type: object 493 + endpoint: 494 + description: |- 495 + Endpoint is the HTTP/S endpoint of the Security Token Service from 496 + where temporary credentials will be fetched. 497 + pattern: ^(http|https)://.*$ 498 + type: string 499 + provider: 500 + description: Provider of the Security Token Service. 501 + enum: 502 + - aws 503 + - ldap 504 + type: string 505 + secretRef: 506 + description: |- 507 + SecretRef specifies the Secret containing authentication credentials 508 + for the STS endpoint. This Secret must contain the fields `username` 509 + and `password` and is supported only for the `ldap` provider. 510 + properties: 511 + name: 512 + description: Name of the referent. 513 + type: string 514 + required: 515 + - name 516 + type: object 517 + required: 518 + - endpoint 519 + - provider 520 + type: object 521 + suspend: 522 + description: |- 523 + Suspend tells the controller to suspend the reconciliation of this 524 + Bucket. 525 + type: boolean 526 + timeout: 527 + default: 60s 528 + description: Timeout for fetch operations, defaults to 60s. 529 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 530 + type: string 531 + required: 532 + - bucketName 533 + - endpoint 534 + - interval 535 + type: object 536 + x-kubernetes-validations: 537 + - message: STS configuration is only supported for the 'aws' and 'generic' 538 + Bucket providers 539 + rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) 540 + - message: '''aws'' is the only supported STS provider for the ''aws'' 541 + Bucket provider' 542 + rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider 543 + == 'aws' 544 + - message: '''ldap'' is the only supported STS provider for the ''generic'' 545 + Bucket provider' 546 + rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider 547 + == 'ldap' 548 + - message: spec.sts.secretRef is not required for the 'aws' STS provider 549 + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' 550 + - message: spec.sts.certSecretRef is not required for the 'aws' STS provider 551 + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' 552 + - message: ServiceAccountName is not supported for the 'generic' Bucket 553 + provider 554 + rule: self.provider != 'generic' || !has(self.serviceAccountName) 555 + - message: cannot set both .spec.secretRef and .spec.serviceAccountName 556 + rule: '!has(self.secretRef) || !has(self.serviceAccountName)' 557 + status: 558 + default: 559 + observedGeneration: -1 560 + description: BucketStatus records the observed state of a Bucket. 561 + properties: 562 + artifact: 563 + description: Artifact represents the last successful Bucket reconciliation. 564 + properties: 565 + digest: 566 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 567 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 568 + type: string 569 + lastUpdateTime: 570 + description: |- 571 + LastUpdateTime is the timestamp corresponding to the last update of the 572 + Artifact. 573 + format: date-time 574 + type: string 575 + metadata: 576 + additionalProperties: 577 + type: string 578 + description: Metadata holds upstream information such as OCI annotations. 579 + type: object 580 + path: 581 + description: |- 582 + Path is the relative file path of the Artifact. It can be used to locate 583 + the file in the root of the Artifact storage on the local file system of 584 + the controller managing the Source. 585 + type: string 586 + revision: 587 + description: |- 588 + Revision is a human-readable identifier traceable in the origin source 589 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 590 + type: string 591 + size: 592 + description: Size is the number of bytes in the file. 593 + format: int64 594 + type: integer 595 + url: 596 + description: |- 597 + URL is the HTTP address of the Artifact as exposed by the controller 598 + managing the Source. It can be used to retrieve the Artifact for 599 + consumption, e.g. by another controller applying the Artifact contents. 600 + type: string 601 + required: 602 + - digest 603 + - lastUpdateTime 604 + - path 605 + - revision 606 + - url 607 + type: object 608 + conditions: 609 + description: Conditions holds the conditions for the Bucket. 610 + items: 611 + description: Condition contains details for one aspect of the current 612 + state of this API Resource. 613 + properties: 614 + lastTransitionTime: 615 + description: |- 616 + lastTransitionTime is the last time the condition transitioned from one status to another. 617 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 618 + format: date-time 619 + type: string 620 + message: 621 + description: |- 622 + message is a human readable message indicating details about the transition. 623 + This may be an empty string. 624 + maxLength: 32768 625 + type: string 626 + observedGeneration: 627 + description: |- 628 + observedGeneration represents the .metadata.generation that the condition was set based upon. 629 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 630 + with respect to the current state of the instance. 631 + format: int64 632 + minimum: 0 633 + type: integer 634 + reason: 635 + description: |- 636 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 637 + Producers of specific condition types may define expected values and meanings for this field, 638 + and whether the values are considered a guaranteed API. 639 + The value should be a CamelCase string. 640 + This field may not be empty. 641 + maxLength: 1024 642 + minLength: 1 643 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 644 + type: string 645 + status: 646 + description: status of the condition, one of True, False, Unknown. 647 + enum: 648 + - "True" 649 + - "False" 650 + - Unknown 651 + type: string 652 + type: 653 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 654 + maxLength: 316 655 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 656 + type: string 657 + required: 658 + - lastTransitionTime 659 + - message 660 + - reason 661 + - status 662 + - type 663 + type: object 664 + type: array 665 + lastHandledReconcileAt: 666 + description: |- 667 + LastHandledReconcileAt holds the value of the most recent 668 + reconcile request value, so a change of the annotation value 669 + can be detected. 670 + type: string 671 + observedGeneration: 672 + description: ObservedGeneration is the last observed generation of 673 + the Bucket object. 674 + format: int64 675 + type: integer 676 + observedIgnore: 677 + description: |- 678 + ObservedIgnore is the observed exclusion patterns used for constructing 679 + the source artifact. 680 + type: string 681 + url: 682 + description: |- 683 + URL is the dynamic fetch link for the latest Artifact. 684 + It is provided on a "best effort" basis, and using the precise 685 + BucketStatus.Artifact data is recommended. 686 + type: string 687 + type: object 688 + type: object 689 + served: true 690 + storage: true 691 + subresources: 692 + status: {} 693 + - additionalPrinterColumns: 694 + - jsonPath: .spec.endpoint 695 + name: Endpoint 696 + type: string 697 + - jsonPath: .metadata.creationTimestamp 698 + name: Age 699 + type: date 700 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 701 + name: Ready 702 + type: string 703 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 704 + name: Status 705 + type: string 706 + deprecated: true 707 + deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1 708 + name: v1beta2 709 + schema: 710 + openAPIV3Schema: 711 + description: Bucket is the Schema for the buckets API. 712 + properties: 713 + apiVersion: 714 + description: |- 715 + APIVersion defines the versioned schema of this representation of an object. 716 + Servers should convert recognized schemas to the latest internal value, and 717 + may reject unrecognized values. 718 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 719 + type: string 720 + kind: 721 + description: |- 722 + Kind is a string value representing the REST resource this object represents. 723 + Servers may infer this from the endpoint the client submits requests to. 724 + Cannot be updated. 725 + In CamelCase. 726 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 727 + type: string 728 + metadata: 729 + type: object 730 + spec: 731 + description: |- 732 + BucketSpec specifies the required configuration to produce an Artifact for 733 + an object storage bucket. 734 + properties: 735 + accessFrom: 736 + description: |- 737 + AccessFrom specifies an Access Control List for allowing cross-namespace 738 + references to this object. 739 + NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 740 + properties: 741 + namespaceSelectors: 742 + description: |- 743 + NamespaceSelectors is the list of namespace selectors to which this ACL applies. 744 + Items in this list are evaluated using a logical OR operation. 745 + items: 746 + description: |- 747 + NamespaceSelector selects the namespaces to which this ACL applies. 748 + An empty map of MatchLabels matches all namespaces in a cluster. 749 + properties: 750 + matchLabels: 751 + additionalProperties: 752 + type: string 753 + description: |- 754 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 755 + map is equivalent to an element of matchExpressions, whose key field is "key", the 756 + operator is "In", and the values array contains only "value". The requirements are ANDed. 757 + type: object 758 + type: object 759 + type: array 760 + required: 761 + - namespaceSelectors 762 + type: object 763 + bucketName: 764 + description: BucketName is the name of the object storage bucket. 765 + type: string 766 + certSecretRef: 767 + description: |- 768 + CertSecretRef can be given the name of a Secret containing 769 + either or both of 770 + 771 + - a PEM-encoded client certificate (`tls.crt`) and private 772 + key (`tls.key`); 773 + - a PEM-encoded CA certificate (`ca.crt`) 774 + 775 + and whichever are supplied, will be used for connecting to the 776 + bucket. The client cert and key are useful if you are 777 + authenticating with a certificate; the CA cert is useful if 778 + you are using a self-signed server certificate. The Secret must 779 + be of type `Opaque` or `kubernetes.io/tls`. 780 + 781 + This field is only supported for the `generic` provider. 782 + properties: 783 + name: 784 + description: Name of the referent. 785 + type: string 786 + required: 787 + - name 788 + type: object 789 + endpoint: 790 + description: Endpoint is the object storage address the BucketName 791 + is located at. 792 + type: string 793 + ignore: 794 + description: |- 795 + Ignore overrides the set of excluded patterns in the .sourceignore format 796 + (which is the same as .gitignore). If not provided, a default will be used, 797 + consult the documentation for your version to find out what those are. 798 + type: string 799 + insecure: 800 + description: Insecure allows connecting to a non-TLS HTTP Endpoint. 801 + type: boolean 802 + interval: 803 + description: |- 804 + Interval at which the Bucket Endpoint is checked for updates. 805 + This interval is approximate and may be subject to jitter to ensure 806 + efficient use of resources. 807 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 808 + type: string 809 + prefix: 810 + description: Prefix to use for server-side filtering of files in the 811 + Bucket. 812 + type: string 813 + provider: 814 + default: generic 815 + description: |- 816 + Provider of the object storage bucket. 817 + Defaults to 'generic', which expects an S3 (API) compatible object 818 + storage. 819 + enum: 820 + - generic 821 + - aws 822 + - gcp 823 + - azure 824 + type: string 825 + proxySecretRef: 826 + description: |- 827 + ProxySecretRef specifies the Secret containing the proxy configuration 828 + to use while communicating with the Bucket server. 829 + properties: 830 + name: 831 + description: Name of the referent. 832 + type: string 833 + required: 834 + - name 835 + type: object 836 + region: 837 + description: Region of the Endpoint where the BucketName is located 838 + in. 839 + type: string 840 + secretRef: 841 + description: |- 842 + SecretRef specifies the Secret containing authentication credentials 843 + for the Bucket. 844 + properties: 845 + name: 846 + description: Name of the referent. 847 + type: string 848 + required: 849 + - name 850 + type: object 851 + sts: 852 + description: |- 853 + STS specifies the required configuration to use a Security Token 854 + Service for fetching temporary credentials to authenticate in a 855 + Bucket provider. 856 + 857 + This field is only supported for the `aws` and `generic` providers. 858 + properties: 859 + certSecretRef: 860 + description: |- 861 + CertSecretRef can be given the name of a Secret containing 862 + either or both of 863 + 864 + - a PEM-encoded client certificate (`tls.crt`) and private 865 + key (`tls.key`); 866 + - a PEM-encoded CA certificate (`ca.crt`) 867 + 868 + and whichever are supplied, will be used for connecting to the 869 + STS endpoint. The client cert and key are useful if you are 870 + authenticating with a certificate; the CA cert is useful if 871 + you are using a self-signed server certificate. The Secret must 872 + be of type `Opaque` or `kubernetes.io/tls`. 873 + 874 + This field is only supported for the `ldap` provider. 875 + properties: 876 + name: 877 + description: Name of the referent. 878 + type: string 879 + required: 880 + - name 881 + type: object 882 + endpoint: 883 + description: |- 884 + Endpoint is the HTTP/S endpoint of the Security Token Service from 885 + where temporary credentials will be fetched. 886 + pattern: ^(http|https)://.*$ 887 + type: string 888 + provider: 889 + description: Provider of the Security Token Service. 890 + enum: 891 + - aws 892 + - ldap 893 + type: string 894 + secretRef: 895 + description: |- 896 + SecretRef specifies the Secret containing authentication credentials 897 + for the STS endpoint. This Secret must contain the fields `username` 898 + and `password` and is supported only for the `ldap` provider. 899 + properties: 900 + name: 901 + description: Name of the referent. 902 + type: string 903 + required: 904 + - name 905 + type: object 906 + required: 907 + - endpoint 908 + - provider 909 + type: object 910 + suspend: 911 + description: |- 912 + Suspend tells the controller to suspend the reconciliation of this 913 + Bucket. 914 + type: boolean 915 + timeout: 916 + default: 60s 917 + description: Timeout for fetch operations, defaults to 60s. 918 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 919 + type: string 920 + required: 921 + - bucketName 922 + - endpoint 923 + - interval 924 + type: object 925 + x-kubernetes-validations: 926 + - message: STS configuration is only supported for the 'aws' and 'generic' 927 + Bucket providers 928 + rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) 929 + - message: '''aws'' is the only supported STS provider for the ''aws'' 930 + Bucket provider' 931 + rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider 932 + == 'aws' 933 + - message: '''ldap'' is the only supported STS provider for the ''generic'' 934 + Bucket provider' 935 + rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider 936 + == 'ldap' 937 + - message: spec.sts.secretRef is not required for the 'aws' STS provider 938 + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' 939 + - message: spec.sts.certSecretRef is not required for the 'aws' STS provider 940 + rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' 941 + status: 942 + default: 943 + observedGeneration: -1 944 + description: BucketStatus records the observed state of a Bucket. 945 + properties: 946 + artifact: 947 + description: Artifact represents the last successful Bucket reconciliation. 948 + properties: 949 + digest: 950 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 951 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 952 + type: string 953 + lastUpdateTime: 954 + description: |- 955 + LastUpdateTime is the timestamp corresponding to the last update of the 956 + Artifact. 957 + format: date-time 958 + type: string 959 + metadata: 960 + additionalProperties: 961 + type: string 962 + description: Metadata holds upstream information such as OCI annotations. 963 + type: object 964 + path: 965 + description: |- 966 + Path is the relative file path of the Artifact. It can be used to locate 967 + the file in the root of the Artifact storage on the local file system of 968 + the controller managing the Source. 969 + type: string 970 + revision: 971 + description: |- 972 + Revision is a human-readable identifier traceable in the origin source 973 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 974 + type: string 975 + size: 976 + description: Size is the number of bytes in the file. 977 + format: int64 978 + type: integer 979 + url: 980 + description: |- 981 + URL is the HTTP address of the Artifact as exposed by the controller 982 + managing the Source. It can be used to retrieve the Artifact for 983 + consumption, e.g. by another controller applying the Artifact contents. 984 + type: string 985 + required: 986 + - digest 987 + - lastUpdateTime 988 + - path 989 + - revision 990 + - url 991 + type: object 992 + conditions: 993 + description: Conditions holds the conditions for the Bucket. 994 + items: 995 + description: Condition contains details for one aspect of the current 996 + state of this API Resource. 997 + properties: 998 + lastTransitionTime: 999 + description: |- 1000 + lastTransitionTime is the last time the condition transitioned from one status to another. 1001 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 1002 + format: date-time 1003 + type: string 1004 + message: 1005 + description: |- 1006 + message is a human readable message indicating details about the transition. 1007 + This may be an empty string. 1008 + maxLength: 32768 1009 + type: string 1010 + observedGeneration: 1011 + description: |- 1012 + observedGeneration represents the .metadata.generation that the condition was set based upon. 1013 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 1014 + with respect to the current state of the instance. 1015 + format: int64 1016 + minimum: 0 1017 + type: integer 1018 + reason: 1019 + description: |- 1020 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 1021 + Producers of specific condition types may define expected values and meanings for this field, 1022 + and whether the values are considered a guaranteed API. 1023 + The value should be a CamelCase string. 1024 + This field may not be empty. 1025 + maxLength: 1024 1026 + minLength: 1 1027 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1028 + type: string 1029 + status: 1030 + description: status of the condition, one of True, False, Unknown. 1031 + enum: 1032 + - "True" 1033 + - "False" 1034 + - Unknown 1035 + type: string 1036 + type: 1037 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 1038 + maxLength: 316 1039 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1040 + type: string 1041 + required: 1042 + - lastTransitionTime 1043 + - message 1044 + - reason 1045 + - status 1046 + - type 1047 + type: object 1048 + type: array 1049 + lastHandledReconcileAt: 1050 + description: |- 1051 + LastHandledReconcileAt holds the value of the most recent 1052 + reconcile request value, so a change of the annotation value 1053 + can be detected. 1054 + type: string 1055 + observedGeneration: 1056 + description: ObservedGeneration is the last observed generation of 1057 + the Bucket object. 1058 + format: int64 1059 + type: integer 1060 + observedIgnore: 1061 + description: |- 1062 + ObservedIgnore is the observed exclusion patterns used for constructing 1063 + the source artifact. 1064 + type: string 1065 + url: 1066 + description: |- 1067 + URL is the dynamic fetch link for the latest Artifact. 1068 + It is provided on a "best effort" basis, and using the precise 1069 + BucketStatus.Artifact data is recommended. 1070 + type: string 1071 + type: object 1072 + type: object 1073 + served: true 1074 + storage: false 1075 + subresources: 1076 + status: {} 1077 + --- 1078 + apiVersion: apiextensions.k8s.io/v1 1079 + kind: CustomResourceDefinition 1080 + metadata: 1081 + annotations: 1082 + controller-gen.kubebuilder.io/version: v0.19.0 1083 + labels: 1084 + app.kubernetes.io/component: source-controller 1085 + app.kubernetes.io/instance: flux-system 1086 + app.kubernetes.io/part-of: flux 1087 + app.kubernetes.io/version: v2.7.3 1088 + name: externalartifacts.source.toolkit.fluxcd.io 1089 + spec: 1090 + group: source.toolkit.fluxcd.io 1091 + names: 1092 + kind: ExternalArtifact 1093 + listKind: ExternalArtifactList 1094 + plural: externalartifacts 1095 + singular: externalartifact 1096 + scope: Namespaced 1097 + versions: 1098 + - additionalPrinterColumns: 1099 + - jsonPath: .metadata.creationTimestamp 1100 + name: Age 1101 + type: date 1102 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 1103 + name: Ready 1104 + type: string 1105 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 1106 + name: Status 1107 + type: string 1108 + - jsonPath: .spec.sourceRef.name 1109 + name: Source 1110 + type: string 1111 + name: v1 1112 + schema: 1113 + openAPIV3Schema: 1114 + description: ExternalArtifact is the Schema for the external artifacts API 1115 + properties: 1116 + apiVersion: 1117 + description: |- 1118 + APIVersion defines the versioned schema of this representation of an object. 1119 + Servers should convert recognized schemas to the latest internal value, and 1120 + may reject unrecognized values. 1121 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1122 + type: string 1123 + kind: 1124 + description: |- 1125 + Kind is a string value representing the REST resource this object represents. 1126 + Servers may infer this from the endpoint the client submits requests to. 1127 + Cannot be updated. 1128 + In CamelCase. 1129 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1130 + type: string 1131 + metadata: 1132 + type: object 1133 + spec: 1134 + description: ExternalArtifactSpec defines the desired state of ExternalArtifact 1135 + properties: 1136 + sourceRef: 1137 + description: |- 1138 + SourceRef points to the Kubernetes custom resource for 1139 + which the artifact is generated. 1140 + properties: 1141 + apiVersion: 1142 + description: API version of the referent, if not specified the 1143 + Kubernetes preferred version will be used. 1144 + type: string 1145 + kind: 1146 + description: Kind of the referent. 1147 + type: string 1148 + name: 1149 + description: Name of the referent. 1150 + type: string 1151 + namespace: 1152 + description: Namespace of the referent, when not specified it 1153 + acts as LocalObjectReference. 1154 + type: string 1155 + required: 1156 + - kind 1157 + - name 1158 + type: object 1159 + type: object 1160 + status: 1161 + description: ExternalArtifactStatus defines the observed state of ExternalArtifact 1162 + properties: 1163 + artifact: 1164 + description: Artifact represents the output of an ExternalArtifact 1165 + reconciliation. 1166 + properties: 1167 + digest: 1168 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 1169 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 1170 + type: string 1171 + lastUpdateTime: 1172 + description: |- 1173 + LastUpdateTime is the timestamp corresponding to the last update of the 1174 + Artifact. 1175 + format: date-time 1176 + type: string 1177 + metadata: 1178 + additionalProperties: 1179 + type: string 1180 + description: Metadata holds upstream information such as OCI annotations. 1181 + type: object 1182 + path: 1183 + description: |- 1184 + Path is the relative file path of the Artifact. It can be used to locate 1185 + the file in the root of the Artifact storage on the local file system of 1186 + the controller managing the Source. 1187 + type: string 1188 + revision: 1189 + description: |- 1190 + Revision is a human-readable identifier traceable in the origin source 1191 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 1192 + type: string 1193 + size: 1194 + description: Size is the number of bytes in the file. 1195 + format: int64 1196 + type: integer 1197 + url: 1198 + description: |- 1199 + URL is the HTTP address of the Artifact as exposed by the controller 1200 + managing the Source. It can be used to retrieve the Artifact for 1201 + consumption, e.g. by another controller applying the Artifact contents. 1202 + type: string 1203 + required: 1204 + - digest 1205 + - lastUpdateTime 1206 + - path 1207 + - revision 1208 + - url 1209 + type: object 1210 + conditions: 1211 + description: Conditions holds the conditions for the ExternalArtifact. 1212 + items: 1213 + description: Condition contains details for one aspect of the current 1214 + state of this API Resource. 1215 + properties: 1216 + lastTransitionTime: 1217 + description: |- 1218 + lastTransitionTime is the last time the condition transitioned from one status to another. 1219 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 1220 + format: date-time 1221 + type: string 1222 + message: 1223 + description: |- 1224 + message is a human readable message indicating details about the transition. 1225 + This may be an empty string. 1226 + maxLength: 32768 1227 + type: string 1228 + observedGeneration: 1229 + description: |- 1230 + observedGeneration represents the .metadata.generation that the condition was set based upon. 1231 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 1232 + with respect to the current state of the instance. 1233 + format: int64 1234 + minimum: 0 1235 + type: integer 1236 + reason: 1237 + description: |- 1238 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 1239 + Producers of specific condition types may define expected values and meanings for this field, 1240 + and whether the values are considered a guaranteed API. 1241 + The value should be a CamelCase string. 1242 + This field may not be empty. 1243 + maxLength: 1024 1244 + minLength: 1 1245 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1246 + type: string 1247 + status: 1248 + description: status of the condition, one of True, False, Unknown. 1249 + enum: 1250 + - "True" 1251 + - "False" 1252 + - Unknown 1253 + type: string 1254 + type: 1255 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 1256 + maxLength: 316 1257 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1258 + type: string 1259 + required: 1260 + - lastTransitionTime 1261 + - message 1262 + - reason 1263 + - status 1264 + - type 1265 + type: object 1266 + type: array 1267 + type: object 1268 + type: object 1269 + served: true 1270 + storage: true 1271 + subresources: 1272 + status: {} 1273 + --- 1274 + apiVersion: apiextensions.k8s.io/v1 1275 + kind: CustomResourceDefinition 1276 + metadata: 1277 + annotations: 1278 + controller-gen.kubebuilder.io/version: v0.19.0 1279 + labels: 1280 + app.kubernetes.io/component: source-controller 1281 + app.kubernetes.io/instance: flux-system 1282 + app.kubernetes.io/part-of: flux 1283 + app.kubernetes.io/version: v2.7.3 1284 + name: gitrepositories.source.toolkit.fluxcd.io 1285 + spec: 1286 + group: source.toolkit.fluxcd.io 1287 + names: 1288 + kind: GitRepository 1289 + listKind: GitRepositoryList 1290 + plural: gitrepositories 1291 + shortNames: 1292 + - gitrepo 1293 + singular: gitrepository 1294 + scope: Namespaced 1295 + versions: 1296 + - additionalPrinterColumns: 1297 + - jsonPath: .spec.url 1298 + name: URL 1299 + type: string 1300 + - jsonPath: .metadata.creationTimestamp 1301 + name: Age 1302 + type: date 1303 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 1304 + name: Ready 1305 + type: string 1306 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 1307 + name: Status 1308 + type: string 1309 + name: v1 1310 + schema: 1311 + openAPIV3Schema: 1312 + description: GitRepository is the Schema for the gitrepositories API. 1313 + properties: 1314 + apiVersion: 1315 + description: |- 1316 + APIVersion defines the versioned schema of this representation of an object. 1317 + Servers should convert recognized schemas to the latest internal value, and 1318 + may reject unrecognized values. 1319 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1320 + type: string 1321 + kind: 1322 + description: |- 1323 + Kind is a string value representing the REST resource this object represents. 1324 + Servers may infer this from the endpoint the client submits requests to. 1325 + Cannot be updated. 1326 + In CamelCase. 1327 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1328 + type: string 1329 + metadata: 1330 + type: object 1331 + spec: 1332 + description: |- 1333 + GitRepositorySpec specifies the required configuration to produce an 1334 + Artifact for a Git repository. 1335 + properties: 1336 + ignore: 1337 + description: |- 1338 + Ignore overrides the set of excluded patterns in the .sourceignore format 1339 + (which is the same as .gitignore). If not provided, a default will be used, 1340 + consult the documentation for your version to find out what those are. 1341 + type: string 1342 + include: 1343 + description: |- 1344 + Include specifies a list of GitRepository resources which Artifacts 1345 + should be included in the Artifact produced for this GitRepository. 1346 + items: 1347 + description: |- 1348 + GitRepositoryInclude specifies a local reference to a GitRepository which 1349 + Artifact (sub-)contents must be included, and where they should be placed. 1350 + properties: 1351 + fromPath: 1352 + description: |- 1353 + FromPath specifies the path to copy contents from, defaults to the root 1354 + of the Artifact. 1355 + type: string 1356 + repository: 1357 + description: |- 1358 + GitRepositoryRef specifies the GitRepository which Artifact contents 1359 + must be included. 1360 + properties: 1361 + name: 1362 + description: Name of the referent. 1363 + type: string 1364 + required: 1365 + - name 1366 + type: object 1367 + toPath: 1368 + description: |- 1369 + ToPath specifies the path to copy contents to, defaults to the name of 1370 + the GitRepositoryRef. 1371 + type: string 1372 + required: 1373 + - repository 1374 + type: object 1375 + type: array 1376 + interval: 1377 + description: |- 1378 + Interval at which the GitRepository URL is checked for updates. 1379 + This interval is approximate and may be subject to jitter to ensure 1380 + efficient use of resources. 1381 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 1382 + type: string 1383 + provider: 1384 + description: |- 1385 + Provider used for authentication, can be 'azure', 'github', 'generic'. 1386 + When not specified, defaults to 'generic'. 1387 + enum: 1388 + - generic 1389 + - azure 1390 + - github 1391 + type: string 1392 + proxySecretRef: 1393 + description: |- 1394 + ProxySecretRef specifies the Secret containing the proxy configuration 1395 + to use while communicating with the Git server. 1396 + properties: 1397 + name: 1398 + description: Name of the referent. 1399 + type: string 1400 + required: 1401 + - name 1402 + type: object 1403 + recurseSubmodules: 1404 + description: |- 1405 + RecurseSubmodules enables the initialization of all submodules within 1406 + the GitRepository as cloned from the URL, using their default settings. 1407 + type: boolean 1408 + ref: 1409 + description: |- 1410 + Reference specifies the Git reference to resolve and monitor for 1411 + changes, defaults to the 'master' branch. 1412 + properties: 1413 + branch: 1414 + description: Branch to check out, defaults to 'master' if no other 1415 + field is defined. 1416 + type: string 1417 + commit: 1418 + description: |- 1419 + Commit SHA to check out, takes precedence over all reference fields. 1420 + 1421 + This can be combined with Branch to shallow clone the branch, in which 1422 + the commit is expected to exist. 1423 + type: string 1424 + name: 1425 + description: |- 1426 + Name of the reference to check out; takes precedence over Branch, Tag and SemVer. 1427 + 1428 + It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description 1429 + Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" 1430 + type: string 1431 + semver: 1432 + description: SemVer tag expression to check out, takes precedence 1433 + over Tag. 1434 + type: string 1435 + tag: 1436 + description: Tag to check out, takes precedence over Branch. 1437 + type: string 1438 + type: object 1439 + secretRef: 1440 + description: |- 1441 + SecretRef specifies the Secret containing authentication credentials for 1442 + the GitRepository. 1443 + For HTTPS repositories the Secret must contain 'username' and 'password' 1444 + fields for basic auth or 'bearerToken' field for token auth. 1445 + For SSH repositories the Secret must contain 'identity' 1446 + and 'known_hosts' fields. 1447 + properties: 1448 + name: 1449 + description: Name of the referent. 1450 + type: string 1451 + required: 1452 + - name 1453 + type: object 1454 + serviceAccountName: 1455 + description: |- 1456 + ServiceAccountName is the name of the Kubernetes ServiceAccount used to 1457 + authenticate to the GitRepository. This field is only supported for 'azure' provider. 1458 + type: string 1459 + sparseCheckout: 1460 + description: |- 1461 + SparseCheckout specifies a list of directories to checkout when cloning 1462 + the repository. If specified, only these directories are included in the 1463 + Artifact produced for this GitRepository. 1464 + items: 1465 + type: string 1466 + type: array 1467 + suspend: 1468 + description: |- 1469 + Suspend tells the controller to suspend the reconciliation of this 1470 + GitRepository. 1471 + type: boolean 1472 + timeout: 1473 + default: 60s 1474 + description: Timeout for Git operations like cloning, defaults to 1475 + 60s. 1476 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 1477 + type: string 1478 + url: 1479 + description: URL specifies the Git repository URL, it can be an HTTP/S 1480 + or SSH address. 1481 + pattern: ^(http|https|ssh)://.*$ 1482 + type: string 1483 + verify: 1484 + description: |- 1485 + Verification specifies the configuration to verify the Git commit 1486 + signature(s). 1487 + properties: 1488 + mode: 1489 + default: HEAD 1490 + description: |- 1491 + Mode specifies which Git object(s) should be verified. 1492 + 1493 + The variants "head" and "HEAD" both imply the same thing, i.e. verify 1494 + the commit that the HEAD of the Git repository points to. The variant 1495 + "head" solely exists to ensure backwards compatibility. 1496 + enum: 1497 + - head 1498 + - HEAD 1499 + - Tag 1500 + - TagAndHEAD 1501 + type: string 1502 + secretRef: 1503 + description: |- 1504 + SecretRef specifies the Secret containing the public keys of trusted Git 1505 + authors. 1506 + properties: 1507 + name: 1508 + description: Name of the referent. 1509 + type: string 1510 + required: 1511 + - name 1512 + type: object 1513 + required: 1514 + - secretRef 1515 + type: object 1516 + required: 1517 + - interval 1518 + - url 1519 + type: object 1520 + x-kubernetes-validations: 1521 + - message: serviceAccountName can only be set when provider is 'azure' 1522 + rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider 1523 + == ''azure'')' 1524 + status: 1525 + default: 1526 + observedGeneration: -1 1527 + description: GitRepositoryStatus records the observed state of a Git repository. 1528 + properties: 1529 + artifact: 1530 + description: Artifact represents the last successful GitRepository 1531 + reconciliation. 1532 + properties: 1533 + digest: 1534 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 1535 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 1536 + type: string 1537 + lastUpdateTime: 1538 + description: |- 1539 + LastUpdateTime is the timestamp corresponding to the last update of the 1540 + Artifact. 1541 + format: date-time 1542 + type: string 1543 + metadata: 1544 + additionalProperties: 1545 + type: string 1546 + description: Metadata holds upstream information such as OCI annotations. 1547 + type: object 1548 + path: 1549 + description: |- 1550 + Path is the relative file path of the Artifact. It can be used to locate 1551 + the file in the root of the Artifact storage on the local file system of 1552 + the controller managing the Source. 1553 + type: string 1554 + revision: 1555 + description: |- 1556 + Revision is a human-readable identifier traceable in the origin source 1557 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 1558 + type: string 1559 + size: 1560 + description: Size is the number of bytes in the file. 1561 + format: int64 1562 + type: integer 1563 + url: 1564 + description: |- 1565 + URL is the HTTP address of the Artifact as exposed by the controller 1566 + managing the Source. It can be used to retrieve the Artifact for 1567 + consumption, e.g. by another controller applying the Artifact contents. 1568 + type: string 1569 + required: 1570 + - digest 1571 + - lastUpdateTime 1572 + - path 1573 + - revision 1574 + - url 1575 + type: object 1576 + conditions: 1577 + description: Conditions holds the conditions for the GitRepository. 1578 + items: 1579 + description: Condition contains details for one aspect of the current 1580 + state of this API Resource. 1581 + properties: 1582 + lastTransitionTime: 1583 + description: |- 1584 + lastTransitionTime is the last time the condition transitioned from one status to another. 1585 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 1586 + format: date-time 1587 + type: string 1588 + message: 1589 + description: |- 1590 + message is a human readable message indicating details about the transition. 1591 + This may be an empty string. 1592 + maxLength: 32768 1593 + type: string 1594 + observedGeneration: 1595 + description: |- 1596 + observedGeneration represents the .metadata.generation that the condition was set based upon. 1597 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 1598 + with respect to the current state of the instance. 1599 + format: int64 1600 + minimum: 0 1601 + type: integer 1602 + reason: 1603 + description: |- 1604 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 1605 + Producers of specific condition types may define expected values and meanings for this field, 1606 + and whether the values are considered a guaranteed API. 1607 + The value should be a CamelCase string. 1608 + This field may not be empty. 1609 + maxLength: 1024 1610 + minLength: 1 1611 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1612 + type: string 1613 + status: 1614 + description: status of the condition, one of True, False, Unknown. 1615 + enum: 1616 + - "True" 1617 + - "False" 1618 + - Unknown 1619 + type: string 1620 + type: 1621 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 1622 + maxLength: 316 1623 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1624 + type: string 1625 + required: 1626 + - lastTransitionTime 1627 + - message 1628 + - reason 1629 + - status 1630 + - type 1631 + type: object 1632 + type: array 1633 + includedArtifacts: 1634 + description: |- 1635 + IncludedArtifacts contains a list of the last successfully included 1636 + Artifacts as instructed by GitRepositorySpec.Include. 1637 + items: 1638 + description: Artifact represents the output of a Source reconciliation. 1639 + properties: 1640 + digest: 1641 + description: Digest is the digest of the file in the form of 1642 + '<algorithm>:<checksum>'. 1643 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 1644 + type: string 1645 + lastUpdateTime: 1646 + description: |- 1647 + LastUpdateTime is the timestamp corresponding to the last update of the 1648 + Artifact. 1649 + format: date-time 1650 + type: string 1651 + metadata: 1652 + additionalProperties: 1653 + type: string 1654 + description: Metadata holds upstream information such as OCI 1655 + annotations. 1656 + type: object 1657 + path: 1658 + description: |- 1659 + Path is the relative file path of the Artifact. It can be used to locate 1660 + the file in the root of the Artifact storage on the local file system of 1661 + the controller managing the Source. 1662 + type: string 1663 + revision: 1664 + description: |- 1665 + Revision is a human-readable identifier traceable in the origin source 1666 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 1667 + type: string 1668 + size: 1669 + description: Size is the number of bytes in the file. 1670 + format: int64 1671 + type: integer 1672 + url: 1673 + description: |- 1674 + URL is the HTTP address of the Artifact as exposed by the controller 1675 + managing the Source. It can be used to retrieve the Artifact for 1676 + consumption, e.g. by another controller applying the Artifact contents. 1677 + type: string 1678 + required: 1679 + - digest 1680 + - lastUpdateTime 1681 + - path 1682 + - revision 1683 + - url 1684 + type: object 1685 + type: array 1686 + lastHandledReconcileAt: 1687 + description: |- 1688 + LastHandledReconcileAt holds the value of the most recent 1689 + reconcile request value, so a change of the annotation value 1690 + can be detected. 1691 + type: string 1692 + observedGeneration: 1693 + description: |- 1694 + ObservedGeneration is the last observed generation of the GitRepository 1695 + object. 1696 + format: int64 1697 + type: integer 1698 + observedIgnore: 1699 + description: |- 1700 + ObservedIgnore is the observed exclusion patterns used for constructing 1701 + the source artifact. 1702 + type: string 1703 + observedInclude: 1704 + description: |- 1705 + ObservedInclude is the observed list of GitRepository resources used to 1706 + produce the current Artifact. 1707 + items: 1708 + description: |- 1709 + GitRepositoryInclude specifies a local reference to a GitRepository which 1710 + Artifact (sub-)contents must be included, and where they should be placed. 1711 + properties: 1712 + fromPath: 1713 + description: |- 1714 + FromPath specifies the path to copy contents from, defaults to the root 1715 + of the Artifact. 1716 + type: string 1717 + repository: 1718 + description: |- 1719 + GitRepositoryRef specifies the GitRepository which Artifact contents 1720 + must be included. 1721 + properties: 1722 + name: 1723 + description: Name of the referent. 1724 + type: string 1725 + required: 1726 + - name 1727 + type: object 1728 + toPath: 1729 + description: |- 1730 + ToPath specifies the path to copy contents to, defaults to the name of 1731 + the GitRepositoryRef. 1732 + type: string 1733 + required: 1734 + - repository 1735 + type: object 1736 + type: array 1737 + observedRecurseSubmodules: 1738 + description: |- 1739 + ObservedRecurseSubmodules is the observed resource submodules 1740 + configuration used to produce the current Artifact. 1741 + type: boolean 1742 + observedSparseCheckout: 1743 + description: |- 1744 + ObservedSparseCheckout is the observed list of directories used to 1745 + produce the current Artifact. 1746 + items: 1747 + type: string 1748 + type: array 1749 + sourceVerificationMode: 1750 + description: |- 1751 + SourceVerificationMode is the last used verification mode indicating 1752 + which Git object(s) have been verified. 1753 + type: string 1754 + type: object 1755 + type: object 1756 + served: true 1757 + storage: true 1758 + subresources: 1759 + status: {} 1760 + - additionalPrinterColumns: 1761 + - jsonPath: .spec.url 1762 + name: URL 1763 + type: string 1764 + - jsonPath: .metadata.creationTimestamp 1765 + name: Age 1766 + type: date 1767 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 1768 + name: Ready 1769 + type: string 1770 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 1771 + name: Status 1772 + type: string 1773 + deprecated: true 1774 + deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 1775 + name: v1beta2 1776 + schema: 1777 + openAPIV3Schema: 1778 + description: GitRepository is the Schema for the gitrepositories API. 1779 + properties: 1780 + apiVersion: 1781 + description: |- 1782 + APIVersion defines the versioned schema of this representation of an object. 1783 + Servers should convert recognized schemas to the latest internal value, and 1784 + may reject unrecognized values. 1785 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1786 + type: string 1787 + kind: 1788 + description: |- 1789 + Kind is a string value representing the REST resource this object represents. 1790 + Servers may infer this from the endpoint the client submits requests to. 1791 + Cannot be updated. 1792 + In CamelCase. 1793 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1794 + type: string 1795 + metadata: 1796 + type: object 1797 + spec: 1798 + description: |- 1799 + GitRepositorySpec specifies the required configuration to produce an 1800 + Artifact for a Git repository. 1801 + properties: 1802 + accessFrom: 1803 + description: |- 1804 + AccessFrom specifies an Access Control List for allowing cross-namespace 1805 + references to this object. 1806 + NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 1807 + properties: 1808 + namespaceSelectors: 1809 + description: |- 1810 + NamespaceSelectors is the list of namespace selectors to which this ACL applies. 1811 + Items in this list are evaluated using a logical OR operation. 1812 + items: 1813 + description: |- 1814 + NamespaceSelector selects the namespaces to which this ACL applies. 1815 + An empty map of MatchLabels matches all namespaces in a cluster. 1816 + properties: 1817 + matchLabels: 1818 + additionalProperties: 1819 + type: string 1820 + description: |- 1821 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1822 + map is equivalent to an element of matchExpressions, whose key field is "key", the 1823 + operator is "In", and the values array contains only "value". The requirements are ANDed. 1824 + type: object 1825 + type: object 1826 + type: array 1827 + required: 1828 + - namespaceSelectors 1829 + type: object 1830 + gitImplementation: 1831 + default: go-git 1832 + description: |- 1833 + GitImplementation specifies which Git client library implementation to 1834 + use. Defaults to 'go-git', valid values are ('go-git', 'libgit2'). 1835 + Deprecated: gitImplementation is deprecated now that 'go-git' is the 1836 + only supported implementation. 1837 + enum: 1838 + - go-git 1839 + - libgit2 1840 + type: string 1841 + ignore: 1842 + description: |- 1843 + Ignore overrides the set of excluded patterns in the .sourceignore format 1844 + (which is the same as .gitignore). If not provided, a default will be used, 1845 + consult the documentation for your version to find out what those are. 1846 + type: string 1847 + include: 1848 + description: |- 1849 + Include specifies a list of GitRepository resources which Artifacts 1850 + should be included in the Artifact produced for this GitRepository. 1851 + items: 1852 + description: |- 1853 + GitRepositoryInclude specifies a local reference to a GitRepository which 1854 + Artifact (sub-)contents must be included, and where they should be placed. 1855 + properties: 1856 + fromPath: 1857 + description: |- 1858 + FromPath specifies the path to copy contents from, defaults to the root 1859 + of the Artifact. 1860 + type: string 1861 + repository: 1862 + description: |- 1863 + GitRepositoryRef specifies the GitRepository which Artifact contents 1864 + must be included. 1865 + properties: 1866 + name: 1867 + description: Name of the referent. 1868 + type: string 1869 + required: 1870 + - name 1871 + type: object 1872 + toPath: 1873 + description: |- 1874 + ToPath specifies the path to copy contents to, defaults to the name of 1875 + the GitRepositoryRef. 1876 + type: string 1877 + required: 1878 + - repository 1879 + type: object 1880 + type: array 1881 + interval: 1882 + description: Interval at which to check the GitRepository for updates. 1883 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 1884 + type: string 1885 + recurseSubmodules: 1886 + description: |- 1887 + RecurseSubmodules enables the initialization of all submodules within 1888 + the GitRepository as cloned from the URL, using their default settings. 1889 + type: boolean 1890 + ref: 1891 + description: |- 1892 + Reference specifies the Git reference to resolve and monitor for 1893 + changes, defaults to the 'master' branch. 1894 + properties: 1895 + branch: 1896 + description: Branch to check out, defaults to 'master' if no other 1897 + field is defined. 1898 + type: string 1899 + commit: 1900 + description: |- 1901 + Commit SHA to check out, takes precedence over all reference fields. 1902 + 1903 + This can be combined with Branch to shallow clone the branch, in which 1904 + the commit is expected to exist. 1905 + type: string 1906 + name: 1907 + description: |- 1908 + Name of the reference to check out; takes precedence over Branch, Tag and SemVer. 1909 + 1910 + It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description 1911 + Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" 1912 + type: string 1913 + semver: 1914 + description: SemVer tag expression to check out, takes precedence 1915 + over Tag. 1916 + type: string 1917 + tag: 1918 + description: Tag to check out, takes precedence over Branch. 1919 + type: string 1920 + type: object 1921 + secretRef: 1922 + description: |- 1923 + SecretRef specifies the Secret containing authentication credentials for 1924 + the GitRepository. 1925 + For HTTPS repositories the Secret must contain 'username' and 'password' 1926 + fields for basic auth or 'bearerToken' field for token auth. 1927 + For SSH repositories the Secret must contain 'identity' 1928 + and 'known_hosts' fields. 1929 + properties: 1930 + name: 1931 + description: Name of the referent. 1932 + type: string 1933 + required: 1934 + - name 1935 + type: object 1936 + suspend: 1937 + description: |- 1938 + Suspend tells the controller to suspend the reconciliation of this 1939 + GitRepository. 1940 + type: boolean 1941 + timeout: 1942 + default: 60s 1943 + description: Timeout for Git operations like cloning, defaults to 1944 + 60s. 1945 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 1946 + type: string 1947 + url: 1948 + description: URL specifies the Git repository URL, it can be an HTTP/S 1949 + or SSH address. 1950 + pattern: ^(http|https|ssh)://.*$ 1951 + type: string 1952 + verify: 1953 + description: |- 1954 + Verification specifies the configuration to verify the Git commit 1955 + signature(s). 1956 + properties: 1957 + mode: 1958 + description: Mode specifies what Git object should be verified, 1959 + currently ('head'). 1960 + enum: 1961 + - head 1962 + type: string 1963 + secretRef: 1964 + description: |- 1965 + SecretRef specifies the Secret containing the public keys of trusted Git 1966 + authors. 1967 + properties: 1968 + name: 1969 + description: Name of the referent. 1970 + type: string 1971 + required: 1972 + - name 1973 + type: object 1974 + required: 1975 + - mode 1976 + - secretRef 1977 + type: object 1978 + required: 1979 + - interval 1980 + - url 1981 + type: object 1982 + status: 1983 + default: 1984 + observedGeneration: -1 1985 + description: GitRepositoryStatus records the observed state of a Git repository. 1986 + properties: 1987 + artifact: 1988 + description: Artifact represents the last successful GitRepository 1989 + reconciliation. 1990 + properties: 1991 + digest: 1992 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 1993 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 1994 + type: string 1995 + lastUpdateTime: 1996 + description: |- 1997 + LastUpdateTime is the timestamp corresponding to the last update of the 1998 + Artifact. 1999 + format: date-time 2000 + type: string 2001 + metadata: 2002 + additionalProperties: 2003 + type: string 2004 + description: Metadata holds upstream information such as OCI annotations. 2005 + type: object 2006 + path: 2007 + description: |- 2008 + Path is the relative file path of the Artifact. It can be used to locate 2009 + the file in the root of the Artifact storage on the local file system of 2010 + the controller managing the Source. 2011 + type: string 2012 + revision: 2013 + description: |- 2014 + Revision is a human-readable identifier traceable in the origin source 2015 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 2016 + type: string 2017 + size: 2018 + description: Size is the number of bytes in the file. 2019 + format: int64 2020 + type: integer 2021 + url: 2022 + description: |- 2023 + URL is the HTTP address of the Artifact as exposed by the controller 2024 + managing the Source. It can be used to retrieve the Artifact for 2025 + consumption, e.g. by another controller applying the Artifact contents. 2026 + type: string 2027 + required: 2028 + - digest 2029 + - lastUpdateTime 2030 + - path 2031 + - revision 2032 + - url 2033 + type: object 2034 + conditions: 2035 + description: Conditions holds the conditions for the GitRepository. 2036 + items: 2037 + description: Condition contains details for one aspect of the current 2038 + state of this API Resource. 2039 + properties: 2040 + lastTransitionTime: 2041 + description: |- 2042 + lastTransitionTime is the last time the condition transitioned from one status to another. 2043 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 2044 + format: date-time 2045 + type: string 2046 + message: 2047 + description: |- 2048 + message is a human readable message indicating details about the transition. 2049 + This may be an empty string. 2050 + maxLength: 32768 2051 + type: string 2052 + observedGeneration: 2053 + description: |- 2054 + observedGeneration represents the .metadata.generation that the condition was set based upon. 2055 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 2056 + with respect to the current state of the instance. 2057 + format: int64 2058 + minimum: 0 2059 + type: integer 2060 + reason: 2061 + description: |- 2062 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 2063 + Producers of specific condition types may define expected values and meanings for this field, 2064 + and whether the values are considered a guaranteed API. 2065 + The value should be a CamelCase string. 2066 + This field may not be empty. 2067 + maxLength: 1024 2068 + minLength: 1 2069 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 2070 + type: string 2071 + status: 2072 + description: status of the condition, one of True, False, Unknown. 2073 + enum: 2074 + - "True" 2075 + - "False" 2076 + - Unknown 2077 + type: string 2078 + type: 2079 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 2080 + maxLength: 316 2081 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 2082 + type: string 2083 + required: 2084 + - lastTransitionTime 2085 + - message 2086 + - reason 2087 + - status 2088 + - type 2089 + type: object 2090 + type: array 2091 + contentConfigChecksum: 2092 + description: |- 2093 + ContentConfigChecksum is a checksum of all the configurations related to 2094 + the content of the source artifact: 2095 + - .spec.ignore 2096 + - .spec.recurseSubmodules 2097 + - .spec.included and the checksum of the included artifacts 2098 + observed in .status.observedGeneration version of the object. This can 2099 + be used to determine if the content of the included repository has 2100 + changed. 2101 + It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`. 2102 + 2103 + Deprecated: Replaced with explicit fields for observed artifact content 2104 + config in the status. 2105 + type: string 2106 + includedArtifacts: 2107 + description: |- 2108 + IncludedArtifacts contains a list of the last successfully included 2109 + Artifacts as instructed by GitRepositorySpec.Include. 2110 + items: 2111 + description: Artifact represents the output of a Source reconciliation. 2112 + properties: 2113 + digest: 2114 + description: Digest is the digest of the file in the form of 2115 + '<algorithm>:<checksum>'. 2116 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 2117 + type: string 2118 + lastUpdateTime: 2119 + description: |- 2120 + LastUpdateTime is the timestamp corresponding to the last update of the 2121 + Artifact. 2122 + format: date-time 2123 + type: string 2124 + metadata: 2125 + additionalProperties: 2126 + type: string 2127 + description: Metadata holds upstream information such as OCI 2128 + annotations. 2129 + type: object 2130 + path: 2131 + description: |- 2132 + Path is the relative file path of the Artifact. It can be used to locate 2133 + the file in the root of the Artifact storage on the local file system of 2134 + the controller managing the Source. 2135 + type: string 2136 + revision: 2137 + description: |- 2138 + Revision is a human-readable identifier traceable in the origin source 2139 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 2140 + type: string 2141 + size: 2142 + description: Size is the number of bytes in the file. 2143 + format: int64 2144 + type: integer 2145 + url: 2146 + description: |- 2147 + URL is the HTTP address of the Artifact as exposed by the controller 2148 + managing the Source. It can be used to retrieve the Artifact for 2149 + consumption, e.g. by another controller applying the Artifact contents. 2150 + type: string 2151 + required: 2152 + - digest 2153 + - lastUpdateTime 2154 + - path 2155 + - revision 2156 + - url 2157 + type: object 2158 + type: array 2159 + lastHandledReconcileAt: 2160 + description: |- 2161 + LastHandledReconcileAt holds the value of the most recent 2162 + reconcile request value, so a change of the annotation value 2163 + can be detected. 2164 + type: string 2165 + observedGeneration: 2166 + description: |- 2167 + ObservedGeneration is the last observed generation of the GitRepository 2168 + object. 2169 + format: int64 2170 + type: integer 2171 + observedIgnore: 2172 + description: |- 2173 + ObservedIgnore is the observed exclusion patterns used for constructing 2174 + the source artifact. 2175 + type: string 2176 + observedInclude: 2177 + description: |- 2178 + ObservedInclude is the observed list of GitRepository resources used to 2179 + to produce the current Artifact. 2180 + items: 2181 + description: |- 2182 + GitRepositoryInclude specifies a local reference to a GitRepository which 2183 + Artifact (sub-)contents must be included, and where they should be placed. 2184 + properties: 2185 + fromPath: 2186 + description: |- 2187 + FromPath specifies the path to copy contents from, defaults to the root 2188 + of the Artifact. 2189 + type: string 2190 + repository: 2191 + description: |- 2192 + GitRepositoryRef specifies the GitRepository which Artifact contents 2193 + must be included. 2194 + properties: 2195 + name: 2196 + description: Name of the referent. 2197 + type: string 2198 + required: 2199 + - name 2200 + type: object 2201 + toPath: 2202 + description: |- 2203 + ToPath specifies the path to copy contents to, defaults to the name of 2204 + the GitRepositoryRef. 2205 + type: string 2206 + required: 2207 + - repository 2208 + type: object 2209 + type: array 2210 + observedRecurseSubmodules: 2211 + description: |- 2212 + ObservedRecurseSubmodules is the observed resource submodules 2213 + configuration used to produce the current Artifact. 2214 + type: boolean 2215 + url: 2216 + description: |- 2217 + URL is the dynamic fetch link for the latest Artifact. 2218 + It is provided on a "best effort" basis, and using the precise 2219 + GitRepositoryStatus.Artifact data is recommended. 2220 + type: string 2221 + type: object 2222 + type: object 2223 + served: true 2224 + storage: false 2225 + subresources: 2226 + status: {} 2227 + --- 2228 + apiVersion: apiextensions.k8s.io/v1 2229 + kind: CustomResourceDefinition 2230 + metadata: 2231 + annotations: 2232 + controller-gen.kubebuilder.io/version: v0.19.0 2233 + labels: 2234 + app.kubernetes.io/component: source-controller 2235 + app.kubernetes.io/instance: flux-system 2236 + app.kubernetes.io/part-of: flux 2237 + app.kubernetes.io/version: v2.7.3 2238 + name: helmcharts.source.toolkit.fluxcd.io 2239 + spec: 2240 + group: source.toolkit.fluxcd.io 2241 + names: 2242 + kind: HelmChart 2243 + listKind: HelmChartList 2244 + plural: helmcharts 2245 + shortNames: 2246 + - hc 2247 + singular: helmchart 2248 + scope: Namespaced 2249 + versions: 2250 + - additionalPrinterColumns: 2251 + - jsonPath: .spec.chart 2252 + name: Chart 2253 + type: string 2254 + - jsonPath: .spec.version 2255 + name: Version 2256 + type: string 2257 + - jsonPath: .spec.sourceRef.kind 2258 + name: Source Kind 2259 + type: string 2260 + - jsonPath: .spec.sourceRef.name 2261 + name: Source Name 2262 + type: string 2263 + - jsonPath: .metadata.creationTimestamp 2264 + name: Age 2265 + type: date 2266 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 2267 + name: Ready 2268 + type: string 2269 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 2270 + name: Status 2271 + type: string 2272 + name: v1 2273 + schema: 2274 + openAPIV3Schema: 2275 + description: HelmChart is the Schema for the helmcharts API. 2276 + properties: 2277 + apiVersion: 2278 + description: |- 2279 + APIVersion defines the versioned schema of this representation of an object. 2280 + Servers should convert recognized schemas to the latest internal value, and 2281 + may reject unrecognized values. 2282 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2283 + type: string 2284 + kind: 2285 + description: |- 2286 + Kind is a string value representing the REST resource this object represents. 2287 + Servers may infer this from the endpoint the client submits requests to. 2288 + Cannot be updated. 2289 + In CamelCase. 2290 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2291 + type: string 2292 + metadata: 2293 + type: object 2294 + spec: 2295 + description: HelmChartSpec specifies the desired state of a Helm chart. 2296 + properties: 2297 + chart: 2298 + description: |- 2299 + Chart is the name or path the Helm chart is available at in the 2300 + SourceRef. 2301 + type: string 2302 + ignoreMissingValuesFiles: 2303 + description: |- 2304 + IgnoreMissingValuesFiles controls whether to silently ignore missing values 2305 + files rather than failing. 2306 + type: boolean 2307 + interval: 2308 + description: |- 2309 + Interval at which the HelmChart SourceRef is checked for updates. 2310 + This interval is approximate and may be subject to jitter to ensure 2311 + efficient use of resources. 2312 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 2313 + type: string 2314 + reconcileStrategy: 2315 + default: ChartVersion 2316 + description: |- 2317 + ReconcileStrategy determines what enables the creation of a new artifact. 2318 + Valid values are ('ChartVersion', 'Revision'). 2319 + See the documentation of the values for an explanation on their behavior. 2320 + Defaults to ChartVersion when omitted. 2321 + enum: 2322 + - ChartVersion 2323 + - Revision 2324 + type: string 2325 + sourceRef: 2326 + description: SourceRef is the reference to the Source the chart is 2327 + available at. 2328 + properties: 2329 + apiVersion: 2330 + description: APIVersion of the referent. 2331 + type: string 2332 + kind: 2333 + description: |- 2334 + Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 2335 + 'Bucket'). 2336 + enum: 2337 + - HelmRepository 2338 + - GitRepository 2339 + - Bucket 2340 + type: string 2341 + name: 2342 + description: Name of the referent. 2343 + type: string 2344 + required: 2345 + - kind 2346 + - name 2347 + type: object 2348 + suspend: 2349 + description: |- 2350 + Suspend tells the controller to suspend the reconciliation of this 2351 + source. 2352 + type: boolean 2353 + valuesFiles: 2354 + description: |- 2355 + ValuesFiles is an alternative list of values files to use as the chart 2356 + values (values.yaml is not included by default), expected to be a 2357 + relative path in the SourceRef. 2358 + Values files are merged in the order of this list with the last file 2359 + overriding the first. Ignored when omitted. 2360 + items: 2361 + type: string 2362 + type: array 2363 + verify: 2364 + description: |- 2365 + Verify contains the secret name containing the trusted public keys 2366 + used to verify the signature and specifies which provider to use to check 2367 + whether OCI image is authentic. 2368 + This field is only supported when using HelmRepository source with spec.type 'oci'. 2369 + Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified. 2370 + properties: 2371 + matchOIDCIdentity: 2372 + description: |- 2373 + MatchOIDCIdentity specifies the identity matching criteria to use 2374 + while verifying an OCI artifact which was signed using Cosign keyless 2375 + signing. The artifact's identity is deemed to be verified if any of the 2376 + specified matchers match against the identity. 2377 + items: 2378 + description: |- 2379 + OIDCIdentityMatch specifies options for verifying the certificate identity, 2380 + i.e. the issuer and the subject of the certificate. 2381 + properties: 2382 + issuer: 2383 + description: |- 2384 + Issuer specifies the regex pattern to match against to verify 2385 + the OIDC issuer in the Fulcio certificate. The pattern must be a 2386 + valid Go regular expression. 2387 + type: string 2388 + subject: 2389 + description: |- 2390 + Subject specifies the regex pattern to match against to verify 2391 + the identity subject in the Fulcio certificate. The pattern must 2392 + be a valid Go regular expression. 2393 + type: string 2394 + required: 2395 + - issuer 2396 + - subject 2397 + type: object 2398 + type: array 2399 + provider: 2400 + default: cosign 2401 + description: Provider specifies the technology used to sign the 2402 + OCI Artifact. 2403 + enum: 2404 + - cosign 2405 + - notation 2406 + type: string 2407 + secretRef: 2408 + description: |- 2409 + SecretRef specifies the Kubernetes Secret containing the 2410 + trusted public keys. 2411 + properties: 2412 + name: 2413 + description: Name of the referent. 2414 + type: string 2415 + required: 2416 + - name 2417 + type: object 2418 + required: 2419 + - provider 2420 + type: object 2421 + version: 2422 + default: '*' 2423 + description: |- 2424 + Version is the chart version semver expression, ignored for charts from 2425 + GitRepository and Bucket sources. Defaults to latest when omitted. 2426 + type: string 2427 + required: 2428 + - chart 2429 + - interval 2430 + - sourceRef 2431 + type: object 2432 + status: 2433 + default: 2434 + observedGeneration: -1 2435 + description: HelmChartStatus records the observed state of the HelmChart. 2436 + properties: 2437 + artifact: 2438 + description: Artifact represents the output of the last successful 2439 + reconciliation. 2440 + properties: 2441 + digest: 2442 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 2443 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 2444 + type: string 2445 + lastUpdateTime: 2446 + description: |- 2447 + LastUpdateTime is the timestamp corresponding to the last update of the 2448 + Artifact. 2449 + format: date-time 2450 + type: string 2451 + metadata: 2452 + additionalProperties: 2453 + type: string 2454 + description: Metadata holds upstream information such as OCI annotations. 2455 + type: object 2456 + path: 2457 + description: |- 2458 + Path is the relative file path of the Artifact. It can be used to locate 2459 + the file in the root of the Artifact storage on the local file system of 2460 + the controller managing the Source. 2461 + type: string 2462 + revision: 2463 + description: |- 2464 + Revision is a human-readable identifier traceable in the origin source 2465 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 2466 + type: string 2467 + size: 2468 + description: Size is the number of bytes in the file. 2469 + format: int64 2470 + type: integer 2471 + url: 2472 + description: |- 2473 + URL is the HTTP address of the Artifact as exposed by the controller 2474 + managing the Source. It can be used to retrieve the Artifact for 2475 + consumption, e.g. by another controller applying the Artifact contents. 2476 + type: string 2477 + required: 2478 + - digest 2479 + - lastUpdateTime 2480 + - path 2481 + - revision 2482 + - url 2483 + type: object 2484 + conditions: 2485 + description: Conditions holds the conditions for the HelmChart. 2486 + items: 2487 + description: Condition contains details for one aspect of the current 2488 + state of this API Resource. 2489 + properties: 2490 + lastTransitionTime: 2491 + description: |- 2492 + lastTransitionTime is the last time the condition transitioned from one status to another. 2493 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 2494 + format: date-time 2495 + type: string 2496 + message: 2497 + description: |- 2498 + message is a human readable message indicating details about the transition. 2499 + This may be an empty string. 2500 + maxLength: 32768 2501 + type: string 2502 + observedGeneration: 2503 + description: |- 2504 + observedGeneration represents the .metadata.generation that the condition was set based upon. 2505 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 2506 + with respect to the current state of the instance. 2507 + format: int64 2508 + minimum: 0 2509 + type: integer 2510 + reason: 2511 + description: |- 2512 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 2513 + Producers of specific condition types may define expected values and meanings for this field, 2514 + and whether the values are considered a guaranteed API. 2515 + The value should be a CamelCase string. 2516 + This field may not be empty. 2517 + maxLength: 1024 2518 + minLength: 1 2519 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 2520 + type: string 2521 + status: 2522 + description: status of the condition, one of True, False, Unknown. 2523 + enum: 2524 + - "True" 2525 + - "False" 2526 + - Unknown 2527 + type: string 2528 + type: 2529 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 2530 + maxLength: 316 2531 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 2532 + type: string 2533 + required: 2534 + - lastTransitionTime 2535 + - message 2536 + - reason 2537 + - status 2538 + - type 2539 + type: object 2540 + type: array 2541 + lastHandledReconcileAt: 2542 + description: |- 2543 + LastHandledReconcileAt holds the value of the most recent 2544 + reconcile request value, so a change of the annotation value 2545 + can be detected. 2546 + type: string 2547 + observedChartName: 2548 + description: |- 2549 + ObservedChartName is the last observed chart name as specified by the 2550 + resolved chart reference. 2551 + type: string 2552 + observedGeneration: 2553 + description: |- 2554 + ObservedGeneration is the last observed generation of the HelmChart 2555 + object. 2556 + format: int64 2557 + type: integer 2558 + observedSourceArtifactRevision: 2559 + description: |- 2560 + ObservedSourceArtifactRevision is the last observed Artifact.Revision 2561 + of the HelmChartSpec.SourceRef. 2562 + type: string 2563 + observedValuesFiles: 2564 + description: |- 2565 + ObservedValuesFiles are the observed value files of the last successful 2566 + reconciliation. 2567 + It matches the chart in the last successfully reconciled artifact. 2568 + items: 2569 + type: string 2570 + type: array 2571 + url: 2572 + description: |- 2573 + URL is the dynamic fetch link for the latest Artifact. 2574 + It is provided on a "best effort" basis, and using the precise 2575 + BucketStatus.Artifact data is recommended. 2576 + type: string 2577 + type: object 2578 + type: object 2579 + served: true 2580 + storage: true 2581 + subresources: 2582 + status: {} 2583 + - additionalPrinterColumns: 2584 + - jsonPath: .spec.chart 2585 + name: Chart 2586 + type: string 2587 + - jsonPath: .spec.version 2588 + name: Version 2589 + type: string 2590 + - jsonPath: .spec.sourceRef.kind 2591 + name: Source Kind 2592 + type: string 2593 + - jsonPath: .spec.sourceRef.name 2594 + name: Source Name 2595 + type: string 2596 + - jsonPath: .metadata.creationTimestamp 2597 + name: Age 2598 + type: date 2599 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 2600 + name: Ready 2601 + type: string 2602 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 2603 + name: Status 2604 + type: string 2605 + deprecated: true 2606 + deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1 2607 + name: v1beta2 2608 + schema: 2609 + openAPIV3Schema: 2610 + description: HelmChart is the Schema for the helmcharts API. 2611 + properties: 2612 + apiVersion: 2613 + description: |- 2614 + APIVersion defines the versioned schema of this representation of an object. 2615 + Servers should convert recognized schemas to the latest internal value, and 2616 + may reject unrecognized values. 2617 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2618 + type: string 2619 + kind: 2620 + description: |- 2621 + Kind is a string value representing the REST resource this object represents. 2622 + Servers may infer this from the endpoint the client submits requests to. 2623 + Cannot be updated. 2624 + In CamelCase. 2625 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2626 + type: string 2627 + metadata: 2628 + type: object 2629 + spec: 2630 + description: HelmChartSpec specifies the desired state of a Helm chart. 2631 + properties: 2632 + accessFrom: 2633 + description: |- 2634 + AccessFrom specifies an Access Control List for allowing cross-namespace 2635 + references to this object. 2636 + NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 2637 + properties: 2638 + namespaceSelectors: 2639 + description: |- 2640 + NamespaceSelectors is the list of namespace selectors to which this ACL applies. 2641 + Items in this list are evaluated using a logical OR operation. 2642 + items: 2643 + description: |- 2644 + NamespaceSelector selects the namespaces to which this ACL applies. 2645 + An empty map of MatchLabels matches all namespaces in a cluster. 2646 + properties: 2647 + matchLabels: 2648 + additionalProperties: 2649 + type: string 2650 + description: |- 2651 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 2652 + map is equivalent to an element of matchExpressions, whose key field is "key", the 2653 + operator is "In", and the values array contains only "value". The requirements are ANDed. 2654 + type: object 2655 + type: object 2656 + type: array 2657 + required: 2658 + - namespaceSelectors 2659 + type: object 2660 + chart: 2661 + description: |- 2662 + Chart is the name or path the Helm chart is available at in the 2663 + SourceRef. 2664 + type: string 2665 + ignoreMissingValuesFiles: 2666 + description: |- 2667 + IgnoreMissingValuesFiles controls whether to silently ignore missing values 2668 + files rather than failing. 2669 + type: boolean 2670 + interval: 2671 + description: |- 2672 + Interval at which the HelmChart SourceRef is checked for updates. 2673 + This interval is approximate and may be subject to jitter to ensure 2674 + efficient use of resources. 2675 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 2676 + type: string 2677 + reconcileStrategy: 2678 + default: ChartVersion 2679 + description: |- 2680 + ReconcileStrategy determines what enables the creation of a new artifact. 2681 + Valid values are ('ChartVersion', 'Revision'). 2682 + See the documentation of the values for an explanation on their behavior. 2683 + Defaults to ChartVersion when omitted. 2684 + enum: 2685 + - ChartVersion 2686 + - Revision 2687 + type: string 2688 + sourceRef: 2689 + description: SourceRef is the reference to the Source the chart is 2690 + available at. 2691 + properties: 2692 + apiVersion: 2693 + description: APIVersion of the referent. 2694 + type: string 2695 + kind: 2696 + description: |- 2697 + Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 2698 + 'Bucket'). 2699 + enum: 2700 + - HelmRepository 2701 + - GitRepository 2702 + - Bucket 2703 + type: string 2704 + name: 2705 + description: Name of the referent. 2706 + type: string 2707 + required: 2708 + - kind 2709 + - name 2710 + type: object 2711 + suspend: 2712 + description: |- 2713 + Suspend tells the controller to suspend the reconciliation of this 2714 + source. 2715 + type: boolean 2716 + valuesFile: 2717 + description: |- 2718 + ValuesFile is an alternative values file to use as the default chart 2719 + values, expected to be a relative path in the SourceRef. Deprecated in 2720 + favor of ValuesFiles, for backwards compatibility the file specified here 2721 + is merged before the ValuesFiles items. Ignored when omitted. 2722 + type: string 2723 + valuesFiles: 2724 + description: |- 2725 + ValuesFiles is an alternative list of values files to use as the chart 2726 + values (values.yaml is not included by default), expected to be a 2727 + relative path in the SourceRef. 2728 + Values files are merged in the order of this list with the last file 2729 + overriding the first. Ignored when omitted. 2730 + items: 2731 + type: string 2732 + type: array 2733 + verify: 2734 + description: |- 2735 + Verify contains the secret name containing the trusted public keys 2736 + used to verify the signature and specifies which provider to use to check 2737 + whether OCI image is authentic. 2738 + This field is only supported when using HelmRepository source with spec.type 'oci'. 2739 + Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified. 2740 + properties: 2741 + matchOIDCIdentity: 2742 + description: |- 2743 + MatchOIDCIdentity specifies the identity matching criteria to use 2744 + while verifying an OCI artifact which was signed using Cosign keyless 2745 + signing. The artifact's identity is deemed to be verified if any of the 2746 + specified matchers match against the identity. 2747 + items: 2748 + description: |- 2749 + OIDCIdentityMatch specifies options for verifying the certificate identity, 2750 + i.e. the issuer and the subject of the certificate. 2751 + properties: 2752 + issuer: 2753 + description: |- 2754 + Issuer specifies the regex pattern to match against to verify 2755 + the OIDC issuer in the Fulcio certificate. The pattern must be a 2756 + valid Go regular expression. 2757 + type: string 2758 + subject: 2759 + description: |- 2760 + Subject specifies the regex pattern to match against to verify 2761 + the identity subject in the Fulcio certificate. The pattern must 2762 + be a valid Go regular expression. 2763 + type: string 2764 + required: 2765 + - issuer 2766 + - subject 2767 + type: object 2768 + type: array 2769 + provider: 2770 + default: cosign 2771 + description: Provider specifies the technology used to sign the 2772 + OCI Artifact. 2773 + enum: 2774 + - cosign 2775 + - notation 2776 + type: string 2777 + secretRef: 2778 + description: |- 2779 + SecretRef specifies the Kubernetes Secret containing the 2780 + trusted public keys. 2781 + properties: 2782 + name: 2783 + description: Name of the referent. 2784 + type: string 2785 + required: 2786 + - name 2787 + type: object 2788 + required: 2789 + - provider 2790 + type: object 2791 + version: 2792 + default: '*' 2793 + description: |- 2794 + Version is the chart version semver expression, ignored for charts from 2795 + GitRepository and Bucket sources. Defaults to latest when omitted. 2796 + type: string 2797 + required: 2798 + - chart 2799 + - interval 2800 + - sourceRef 2801 + type: object 2802 + status: 2803 + default: 2804 + observedGeneration: -1 2805 + description: HelmChartStatus records the observed state of the HelmChart. 2806 + properties: 2807 + artifact: 2808 + description: Artifact represents the output of the last successful 2809 + reconciliation. 2810 + properties: 2811 + digest: 2812 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 2813 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 2814 + type: string 2815 + lastUpdateTime: 2816 + description: |- 2817 + LastUpdateTime is the timestamp corresponding to the last update of the 2818 + Artifact. 2819 + format: date-time 2820 + type: string 2821 + metadata: 2822 + additionalProperties: 2823 + type: string 2824 + description: Metadata holds upstream information such as OCI annotations. 2825 + type: object 2826 + path: 2827 + description: |- 2828 + Path is the relative file path of the Artifact. It can be used to locate 2829 + the file in the root of the Artifact storage on the local file system of 2830 + the controller managing the Source. 2831 + type: string 2832 + revision: 2833 + description: |- 2834 + Revision is a human-readable identifier traceable in the origin source 2835 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 2836 + type: string 2837 + size: 2838 + description: Size is the number of bytes in the file. 2839 + format: int64 2840 + type: integer 2841 + url: 2842 + description: |- 2843 + URL is the HTTP address of the Artifact as exposed by the controller 2844 + managing the Source. It can be used to retrieve the Artifact for 2845 + consumption, e.g. by another controller applying the Artifact contents. 2846 + type: string 2847 + required: 2848 + - digest 2849 + - lastUpdateTime 2850 + - path 2851 + - revision 2852 + - url 2853 + type: object 2854 + conditions: 2855 + description: Conditions holds the conditions for the HelmChart. 2856 + items: 2857 + description: Condition contains details for one aspect of the current 2858 + state of this API Resource. 2859 + properties: 2860 + lastTransitionTime: 2861 + description: |- 2862 + lastTransitionTime is the last time the condition transitioned from one status to another. 2863 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 2864 + format: date-time 2865 + type: string 2866 + message: 2867 + description: |- 2868 + message is a human readable message indicating details about the transition. 2869 + This may be an empty string. 2870 + maxLength: 32768 2871 + type: string 2872 + observedGeneration: 2873 + description: |- 2874 + observedGeneration represents the .metadata.generation that the condition was set based upon. 2875 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 2876 + with respect to the current state of the instance. 2877 + format: int64 2878 + minimum: 0 2879 + type: integer 2880 + reason: 2881 + description: |- 2882 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 2883 + Producers of specific condition types may define expected values and meanings for this field, 2884 + and whether the values are considered a guaranteed API. 2885 + The value should be a CamelCase string. 2886 + This field may not be empty. 2887 + maxLength: 1024 2888 + minLength: 1 2889 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 2890 + type: string 2891 + status: 2892 + description: status of the condition, one of True, False, Unknown. 2893 + enum: 2894 + - "True" 2895 + - "False" 2896 + - Unknown 2897 + type: string 2898 + type: 2899 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 2900 + maxLength: 316 2901 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 2902 + type: string 2903 + required: 2904 + - lastTransitionTime 2905 + - message 2906 + - reason 2907 + - status 2908 + - type 2909 + type: object 2910 + type: array 2911 + lastHandledReconcileAt: 2912 + description: |- 2913 + LastHandledReconcileAt holds the value of the most recent 2914 + reconcile request value, so a change of the annotation value 2915 + can be detected. 2916 + type: string 2917 + observedChartName: 2918 + description: |- 2919 + ObservedChartName is the last observed chart name as specified by the 2920 + resolved chart reference. 2921 + type: string 2922 + observedGeneration: 2923 + description: |- 2924 + ObservedGeneration is the last observed generation of the HelmChart 2925 + object. 2926 + format: int64 2927 + type: integer 2928 + observedSourceArtifactRevision: 2929 + description: |- 2930 + ObservedSourceArtifactRevision is the last observed Artifact.Revision 2931 + of the HelmChartSpec.SourceRef. 2932 + type: string 2933 + observedValuesFiles: 2934 + description: |- 2935 + ObservedValuesFiles are the observed value files of the last successful 2936 + reconciliation. 2937 + It matches the chart in the last successfully reconciled artifact. 2938 + items: 2939 + type: string 2940 + type: array 2941 + url: 2942 + description: |- 2943 + URL is the dynamic fetch link for the latest Artifact. 2944 + It is provided on a "best effort" basis, and using the precise 2945 + BucketStatus.Artifact data is recommended. 2946 + type: string 2947 + type: object 2948 + type: object 2949 + served: true 2950 + storage: false 2951 + subresources: 2952 + status: {} 2953 + --- 2954 + apiVersion: apiextensions.k8s.io/v1 2955 + kind: CustomResourceDefinition 2956 + metadata: 2957 + annotations: 2958 + controller-gen.kubebuilder.io/version: v0.19.0 2959 + labels: 2960 + app.kubernetes.io/component: source-controller 2961 + app.kubernetes.io/instance: flux-system 2962 + app.kubernetes.io/part-of: flux 2963 + app.kubernetes.io/version: v2.7.3 2964 + name: helmrepositories.source.toolkit.fluxcd.io 2965 + spec: 2966 + group: source.toolkit.fluxcd.io 2967 + names: 2968 + kind: HelmRepository 2969 + listKind: HelmRepositoryList 2970 + plural: helmrepositories 2971 + shortNames: 2972 + - helmrepo 2973 + singular: helmrepository 2974 + scope: Namespaced 2975 + versions: 2976 + - additionalPrinterColumns: 2977 + - jsonPath: .spec.url 2978 + name: URL 2979 + type: string 2980 + - jsonPath: .metadata.creationTimestamp 2981 + name: Age 2982 + type: date 2983 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 2984 + name: Ready 2985 + type: string 2986 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 2987 + name: Status 2988 + type: string 2989 + name: v1 2990 + schema: 2991 + openAPIV3Schema: 2992 + description: HelmRepository is the Schema for the helmrepositories API. 2993 + properties: 2994 + apiVersion: 2995 + description: |- 2996 + APIVersion defines the versioned schema of this representation of an object. 2997 + Servers should convert recognized schemas to the latest internal value, and 2998 + may reject unrecognized values. 2999 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 3000 + type: string 3001 + kind: 3002 + description: |- 3003 + Kind is a string value representing the REST resource this object represents. 3004 + Servers may infer this from the endpoint the client submits requests to. 3005 + Cannot be updated. 3006 + In CamelCase. 3007 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3008 + type: string 3009 + metadata: 3010 + type: object 3011 + spec: 3012 + description: |- 3013 + HelmRepositorySpec specifies the required configuration to produce an 3014 + Artifact for a Helm repository index YAML. 3015 + properties: 3016 + accessFrom: 3017 + description: |- 3018 + AccessFrom specifies an Access Control List for allowing cross-namespace 3019 + references to this object. 3020 + NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 3021 + properties: 3022 + namespaceSelectors: 3023 + description: |- 3024 + NamespaceSelectors is the list of namespace selectors to which this ACL applies. 3025 + Items in this list are evaluated using a logical OR operation. 3026 + items: 3027 + description: |- 3028 + NamespaceSelector selects the namespaces to which this ACL applies. 3029 + An empty map of MatchLabels matches all namespaces in a cluster. 3030 + properties: 3031 + matchLabels: 3032 + additionalProperties: 3033 + type: string 3034 + description: |- 3035 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 3036 + map is equivalent to an element of matchExpressions, whose key field is "key", the 3037 + operator is "In", and the values array contains only "value". The requirements are ANDed. 3038 + type: object 3039 + type: object 3040 + type: array 3041 + required: 3042 + - namespaceSelectors 3043 + type: object 3044 + certSecretRef: 3045 + description: |- 3046 + CertSecretRef can be given the name of a Secret containing 3047 + either or both of 3048 + 3049 + - a PEM-encoded client certificate (`tls.crt`) and private 3050 + key (`tls.key`); 3051 + - a PEM-encoded CA certificate (`ca.crt`) 3052 + 3053 + and whichever are supplied, will be used for connecting to the 3054 + registry. The client cert and key are useful if you are 3055 + authenticating with a certificate; the CA cert is useful if 3056 + you are using a self-signed server certificate. The Secret must 3057 + be of type `Opaque` or `kubernetes.io/tls`. 3058 + 3059 + It takes precedence over the values specified in the Secret referred 3060 + to by `.spec.secretRef`. 3061 + properties: 3062 + name: 3063 + description: Name of the referent. 3064 + type: string 3065 + required: 3066 + - name 3067 + type: object 3068 + insecure: 3069 + description: |- 3070 + Insecure allows connecting to a non-TLS HTTP container registry. 3071 + This field is only taken into account if the .spec.type field is set to 'oci'. 3072 + type: boolean 3073 + interval: 3074 + description: |- 3075 + Interval at which the HelmRepository URL is checked for updates. 3076 + This interval is approximate and may be subject to jitter to ensure 3077 + efficient use of resources. 3078 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 3079 + type: string 3080 + passCredentials: 3081 + description: |- 3082 + PassCredentials allows the credentials from the SecretRef to be passed 3083 + on to a host that does not match the host as defined in URL. 3084 + This may be required if the host of the advertised chart URLs in the 3085 + index differ from the defined URL. 3086 + Enabling this should be done with caution, as it can potentially result 3087 + in credentials getting stolen in a MITM-attack. 3088 + type: boolean 3089 + provider: 3090 + default: generic 3091 + description: |- 3092 + Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. 3093 + This field is optional, and only taken into account if the .spec.type field is set to 'oci'. 3094 + When not specified, defaults to 'generic'. 3095 + enum: 3096 + - generic 3097 + - aws 3098 + - azure 3099 + - gcp 3100 + type: string 3101 + secretRef: 3102 + description: |- 3103 + SecretRef specifies the Secret containing authentication credentials 3104 + for the HelmRepository. 3105 + For HTTP/S basic auth the secret must contain 'username' and 'password' 3106 + fields. 3107 + Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' 3108 + keys is deprecated. Please use `.spec.certSecretRef` instead. 3109 + properties: 3110 + name: 3111 + description: Name of the referent. 3112 + type: string 3113 + required: 3114 + - name 3115 + type: object 3116 + suspend: 3117 + description: |- 3118 + Suspend tells the controller to suspend the reconciliation of this 3119 + HelmRepository. 3120 + type: boolean 3121 + timeout: 3122 + description: |- 3123 + Timeout is used for the index fetch operation for an HTTPS helm repository, 3124 + and for remote OCI Repository operations like pulling for an OCI helm 3125 + chart by the associated HelmChart. 3126 + Its default value is 60s. 3127 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 3128 + type: string 3129 + type: 3130 + description: |- 3131 + Type of the HelmRepository. 3132 + When this field is set to "oci", the URL field value must be prefixed with "oci://". 3133 + enum: 3134 + - default 3135 + - oci 3136 + type: string 3137 + url: 3138 + description: |- 3139 + URL of the Helm repository, a valid URL contains at least a protocol and 3140 + host. 3141 + pattern: ^(http|https|oci)://.*$ 3142 + type: string 3143 + required: 3144 + - url 3145 + type: object 3146 + status: 3147 + default: 3148 + observedGeneration: -1 3149 + description: HelmRepositoryStatus records the observed state of the HelmRepository. 3150 + properties: 3151 + artifact: 3152 + description: Artifact represents the last successful HelmRepository 3153 + reconciliation. 3154 + properties: 3155 + digest: 3156 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 3157 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 3158 + type: string 3159 + lastUpdateTime: 3160 + description: |- 3161 + LastUpdateTime is the timestamp corresponding to the last update of the 3162 + Artifact. 3163 + format: date-time 3164 + type: string 3165 + metadata: 3166 + additionalProperties: 3167 + type: string 3168 + description: Metadata holds upstream information such as OCI annotations. 3169 + type: object 3170 + path: 3171 + description: |- 3172 + Path is the relative file path of the Artifact. It can be used to locate 3173 + the file in the root of the Artifact storage on the local file system of 3174 + the controller managing the Source. 3175 + type: string 3176 + revision: 3177 + description: |- 3178 + Revision is a human-readable identifier traceable in the origin source 3179 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 3180 + type: string 3181 + size: 3182 + description: Size is the number of bytes in the file. 3183 + format: int64 3184 + type: integer 3185 + url: 3186 + description: |- 3187 + URL is the HTTP address of the Artifact as exposed by the controller 3188 + managing the Source. It can be used to retrieve the Artifact for 3189 + consumption, e.g. by another controller applying the Artifact contents. 3190 + type: string 3191 + required: 3192 + - digest 3193 + - lastUpdateTime 3194 + - path 3195 + - revision 3196 + - url 3197 + type: object 3198 + conditions: 3199 + description: Conditions holds the conditions for the HelmRepository. 3200 + items: 3201 + description: Condition contains details for one aspect of the current 3202 + state of this API Resource. 3203 + properties: 3204 + lastTransitionTime: 3205 + description: |- 3206 + lastTransitionTime is the last time the condition transitioned from one status to another. 3207 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 3208 + format: date-time 3209 + type: string 3210 + message: 3211 + description: |- 3212 + message is a human readable message indicating details about the transition. 3213 + This may be an empty string. 3214 + maxLength: 32768 3215 + type: string 3216 + observedGeneration: 3217 + description: |- 3218 + observedGeneration represents the .metadata.generation that the condition was set based upon. 3219 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 3220 + with respect to the current state of the instance. 3221 + format: int64 3222 + minimum: 0 3223 + type: integer 3224 + reason: 3225 + description: |- 3226 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 3227 + Producers of specific condition types may define expected values and meanings for this field, 3228 + and whether the values are considered a guaranteed API. 3229 + The value should be a CamelCase string. 3230 + This field may not be empty. 3231 + maxLength: 1024 3232 + minLength: 1 3233 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 3234 + type: string 3235 + status: 3236 + description: status of the condition, one of True, False, Unknown. 3237 + enum: 3238 + - "True" 3239 + - "False" 3240 + - Unknown 3241 + type: string 3242 + type: 3243 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 3244 + maxLength: 316 3245 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 3246 + type: string 3247 + required: 3248 + - lastTransitionTime 3249 + - message 3250 + - reason 3251 + - status 3252 + - type 3253 + type: object 3254 + type: array 3255 + lastHandledReconcileAt: 3256 + description: |- 3257 + LastHandledReconcileAt holds the value of the most recent 3258 + reconcile request value, so a change of the annotation value 3259 + can be detected. 3260 + type: string 3261 + observedGeneration: 3262 + description: |- 3263 + ObservedGeneration is the last observed generation of the HelmRepository 3264 + object. 3265 + format: int64 3266 + type: integer 3267 + url: 3268 + description: |- 3269 + URL is the dynamic fetch link for the latest Artifact. 3270 + It is provided on a "best effort" basis, and using the precise 3271 + HelmRepositoryStatus.Artifact data is recommended. 3272 + type: string 3273 + type: object 3274 + type: object 3275 + served: true 3276 + storage: true 3277 + subresources: 3278 + status: {} 3279 + - additionalPrinterColumns: 3280 + - jsonPath: .spec.url 3281 + name: URL 3282 + type: string 3283 + - jsonPath: .metadata.creationTimestamp 3284 + name: Age 3285 + type: date 3286 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 3287 + name: Ready 3288 + type: string 3289 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 3290 + name: Status 3291 + type: string 3292 + deprecated: true 3293 + deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1 3294 + name: v1beta2 3295 + schema: 3296 + openAPIV3Schema: 3297 + description: HelmRepository is the Schema for the helmrepositories API. 3298 + properties: 3299 + apiVersion: 3300 + description: |- 3301 + APIVersion defines the versioned schema of this representation of an object. 3302 + Servers should convert recognized schemas to the latest internal value, and 3303 + may reject unrecognized values. 3304 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 3305 + type: string 3306 + kind: 3307 + description: |- 3308 + Kind is a string value representing the REST resource this object represents. 3309 + Servers may infer this from the endpoint the client submits requests to. 3310 + Cannot be updated. 3311 + In CamelCase. 3312 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3313 + type: string 3314 + metadata: 3315 + type: object 3316 + spec: 3317 + description: |- 3318 + HelmRepositorySpec specifies the required configuration to produce an 3319 + Artifact for a Helm repository index YAML. 3320 + properties: 3321 + accessFrom: 3322 + description: |- 3323 + AccessFrom specifies an Access Control List for allowing cross-namespace 3324 + references to this object. 3325 + NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 3326 + properties: 3327 + namespaceSelectors: 3328 + description: |- 3329 + NamespaceSelectors is the list of namespace selectors to which this ACL applies. 3330 + Items in this list are evaluated using a logical OR operation. 3331 + items: 3332 + description: |- 3333 + NamespaceSelector selects the namespaces to which this ACL applies. 3334 + An empty map of MatchLabels matches all namespaces in a cluster. 3335 + properties: 3336 + matchLabels: 3337 + additionalProperties: 3338 + type: string 3339 + description: |- 3340 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 3341 + map is equivalent to an element of matchExpressions, whose key field is "key", the 3342 + operator is "In", and the values array contains only "value". The requirements are ANDed. 3343 + type: object 3344 + type: object 3345 + type: array 3346 + required: 3347 + - namespaceSelectors 3348 + type: object 3349 + certSecretRef: 3350 + description: |- 3351 + CertSecretRef can be given the name of a Secret containing 3352 + either or both of 3353 + 3354 + - a PEM-encoded client certificate (`tls.crt`) and private 3355 + key (`tls.key`); 3356 + - a PEM-encoded CA certificate (`ca.crt`) 3357 + 3358 + and whichever are supplied, will be used for connecting to the 3359 + registry. The client cert and key are useful if you are 3360 + authenticating with a certificate; the CA cert is useful if 3361 + you are using a self-signed server certificate. The Secret must 3362 + be of type `Opaque` or `kubernetes.io/tls`. 3363 + 3364 + It takes precedence over the values specified in the Secret referred 3365 + to by `.spec.secretRef`. 3366 + properties: 3367 + name: 3368 + description: Name of the referent. 3369 + type: string 3370 + required: 3371 + - name 3372 + type: object 3373 + insecure: 3374 + description: |- 3375 + Insecure allows connecting to a non-TLS HTTP container registry. 3376 + This field is only taken into account if the .spec.type field is set to 'oci'. 3377 + type: boolean 3378 + interval: 3379 + description: |- 3380 + Interval at which the HelmRepository URL is checked for updates. 3381 + This interval is approximate and may be subject to jitter to ensure 3382 + efficient use of resources. 3383 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 3384 + type: string 3385 + passCredentials: 3386 + description: |- 3387 + PassCredentials allows the credentials from the SecretRef to be passed 3388 + on to a host that does not match the host as defined in URL. 3389 + This may be required if the host of the advertised chart URLs in the 3390 + index differ from the defined URL. 3391 + Enabling this should be done with caution, as it can potentially result 3392 + in credentials getting stolen in a MITM-attack. 3393 + type: boolean 3394 + provider: 3395 + default: generic 3396 + description: |- 3397 + Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. 3398 + This field is optional, and only taken into account if the .spec.type field is set to 'oci'. 3399 + When not specified, defaults to 'generic'. 3400 + enum: 3401 + - generic 3402 + - aws 3403 + - azure 3404 + - gcp 3405 + type: string 3406 + secretRef: 3407 + description: |- 3408 + SecretRef specifies the Secret containing authentication credentials 3409 + for the HelmRepository. 3410 + For HTTP/S basic auth the secret must contain 'username' and 'password' 3411 + fields. 3412 + Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' 3413 + keys is deprecated. Please use `.spec.certSecretRef` instead. 3414 + properties: 3415 + name: 3416 + description: Name of the referent. 3417 + type: string 3418 + required: 3419 + - name 3420 + type: object 3421 + suspend: 3422 + description: |- 3423 + Suspend tells the controller to suspend the reconciliation of this 3424 + HelmRepository. 3425 + type: boolean 3426 + timeout: 3427 + description: |- 3428 + Timeout is used for the index fetch operation for an HTTPS helm repository, 3429 + and for remote OCI Repository operations like pulling for an OCI helm 3430 + chart by the associated HelmChart. 3431 + Its default value is 60s. 3432 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 3433 + type: string 3434 + type: 3435 + description: |- 3436 + Type of the HelmRepository. 3437 + When this field is set to "oci", the URL field value must be prefixed with "oci://". 3438 + enum: 3439 + - default 3440 + - oci 3441 + type: string 3442 + url: 3443 + description: |- 3444 + URL of the Helm repository, a valid URL contains at least a protocol and 3445 + host. 3446 + pattern: ^(http|https|oci)://.*$ 3447 + type: string 3448 + required: 3449 + - url 3450 + type: object 3451 + status: 3452 + default: 3453 + observedGeneration: -1 3454 + description: HelmRepositoryStatus records the observed state of the HelmRepository. 3455 + properties: 3456 + artifact: 3457 + description: Artifact represents the last successful HelmRepository 3458 + reconciliation. 3459 + properties: 3460 + digest: 3461 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 3462 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 3463 + type: string 3464 + lastUpdateTime: 3465 + description: |- 3466 + LastUpdateTime is the timestamp corresponding to the last update of the 3467 + Artifact. 3468 + format: date-time 3469 + type: string 3470 + metadata: 3471 + additionalProperties: 3472 + type: string 3473 + description: Metadata holds upstream information such as OCI annotations. 3474 + type: object 3475 + path: 3476 + description: |- 3477 + Path is the relative file path of the Artifact. It can be used to locate 3478 + the file in the root of the Artifact storage on the local file system of 3479 + the controller managing the Source. 3480 + type: string 3481 + revision: 3482 + description: |- 3483 + Revision is a human-readable identifier traceable in the origin source 3484 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 3485 + type: string 3486 + size: 3487 + description: Size is the number of bytes in the file. 3488 + format: int64 3489 + type: integer 3490 + url: 3491 + description: |- 3492 + URL is the HTTP address of the Artifact as exposed by the controller 3493 + managing the Source. It can be used to retrieve the Artifact for 3494 + consumption, e.g. by another controller applying the Artifact contents. 3495 + type: string 3496 + required: 3497 + - digest 3498 + - lastUpdateTime 3499 + - path 3500 + - revision 3501 + - url 3502 + type: object 3503 + conditions: 3504 + description: Conditions holds the conditions for the HelmRepository. 3505 + items: 3506 + description: Condition contains details for one aspect of the current 3507 + state of this API Resource. 3508 + properties: 3509 + lastTransitionTime: 3510 + description: |- 3511 + lastTransitionTime is the last time the condition transitioned from one status to another. 3512 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 3513 + format: date-time 3514 + type: string 3515 + message: 3516 + description: |- 3517 + message is a human readable message indicating details about the transition. 3518 + This may be an empty string. 3519 + maxLength: 32768 3520 + type: string 3521 + observedGeneration: 3522 + description: |- 3523 + observedGeneration represents the .metadata.generation that the condition was set based upon. 3524 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 3525 + with respect to the current state of the instance. 3526 + format: int64 3527 + minimum: 0 3528 + type: integer 3529 + reason: 3530 + description: |- 3531 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 3532 + Producers of specific condition types may define expected values and meanings for this field, 3533 + and whether the values are considered a guaranteed API. 3534 + The value should be a CamelCase string. 3535 + This field may not be empty. 3536 + maxLength: 1024 3537 + minLength: 1 3538 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 3539 + type: string 3540 + status: 3541 + description: status of the condition, one of True, False, Unknown. 3542 + enum: 3543 + - "True" 3544 + - "False" 3545 + - Unknown 3546 + type: string 3547 + type: 3548 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 3549 + maxLength: 316 3550 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 3551 + type: string 3552 + required: 3553 + - lastTransitionTime 3554 + - message 3555 + - reason 3556 + - status 3557 + - type 3558 + type: object 3559 + type: array 3560 + lastHandledReconcileAt: 3561 + description: |- 3562 + LastHandledReconcileAt holds the value of the most recent 3563 + reconcile request value, so a change of the annotation value 3564 + can be detected. 3565 + type: string 3566 + observedGeneration: 3567 + description: |- 3568 + ObservedGeneration is the last observed generation of the HelmRepository 3569 + object. 3570 + format: int64 3571 + type: integer 3572 + url: 3573 + description: |- 3574 + URL is the dynamic fetch link for the latest Artifact. 3575 + It is provided on a "best effort" basis, and using the precise 3576 + HelmRepositoryStatus.Artifact data is recommended. 3577 + type: string 3578 + type: object 3579 + type: object 3580 + served: true 3581 + storage: false 3582 + subresources: 3583 + status: {} 3584 + --- 3585 + apiVersion: apiextensions.k8s.io/v1 3586 + kind: CustomResourceDefinition 3587 + metadata: 3588 + annotations: 3589 + controller-gen.kubebuilder.io/version: v0.19.0 3590 + labels: 3591 + app.kubernetes.io/component: source-controller 3592 + app.kubernetes.io/instance: flux-system 3593 + app.kubernetes.io/part-of: flux 3594 + app.kubernetes.io/version: v2.7.3 3595 + name: ocirepositories.source.toolkit.fluxcd.io 3596 + spec: 3597 + group: source.toolkit.fluxcd.io 3598 + names: 3599 + kind: OCIRepository 3600 + listKind: OCIRepositoryList 3601 + plural: ocirepositories 3602 + shortNames: 3603 + - ocirepo 3604 + singular: ocirepository 3605 + scope: Namespaced 3606 + versions: 3607 + - additionalPrinterColumns: 3608 + - jsonPath: .spec.url 3609 + name: URL 3610 + type: string 3611 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 3612 + name: Ready 3613 + type: string 3614 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 3615 + name: Status 3616 + type: string 3617 + - jsonPath: .metadata.creationTimestamp 3618 + name: Age 3619 + type: date 3620 + name: v1 3621 + schema: 3622 + openAPIV3Schema: 3623 + description: OCIRepository is the Schema for the ocirepositories API 3624 + properties: 3625 + apiVersion: 3626 + description: |- 3627 + APIVersion defines the versioned schema of this representation of an object. 3628 + Servers should convert recognized schemas to the latest internal value, and 3629 + may reject unrecognized values. 3630 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 3631 + type: string 3632 + kind: 3633 + description: |- 3634 + Kind is a string value representing the REST resource this object represents. 3635 + Servers may infer this from the endpoint the client submits requests to. 3636 + Cannot be updated. 3637 + In CamelCase. 3638 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 3639 + type: string 3640 + metadata: 3641 + type: object 3642 + spec: 3643 + description: OCIRepositorySpec defines the desired state of OCIRepository 3644 + properties: 3645 + certSecretRef: 3646 + description: |- 3647 + CertSecretRef can be given the name of a Secret containing 3648 + either or both of 3649 + 3650 + - a PEM-encoded client certificate (`tls.crt`) and private 3651 + key (`tls.key`); 3652 + - a PEM-encoded CA certificate (`ca.crt`) 3653 + 3654 + and whichever are supplied, will be used for connecting to the 3655 + registry. The client cert and key are useful if you are 3656 + authenticating with a certificate; the CA cert is useful if 3657 + you are using a self-signed server certificate. The Secret must 3658 + be of type `Opaque` or `kubernetes.io/tls`. 3659 + properties: 3660 + name: 3661 + description: Name of the referent. 3662 + type: string 3663 + required: 3664 + - name 3665 + type: object 3666 + ignore: 3667 + description: |- 3668 + Ignore overrides the set of excluded patterns in the .sourceignore format 3669 + (which is the same as .gitignore). If not provided, a default will be used, 3670 + consult the documentation for your version to find out what those are. 3671 + type: string 3672 + insecure: 3673 + description: Insecure allows connecting to a non-TLS HTTP container 3674 + registry. 3675 + type: boolean 3676 + interval: 3677 + description: |- 3678 + Interval at which the OCIRepository URL is checked for updates. 3679 + This interval is approximate and may be subject to jitter to ensure 3680 + efficient use of resources. 3681 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 3682 + type: string 3683 + layerSelector: 3684 + description: |- 3685 + LayerSelector specifies which layer should be extracted from the OCI artifact. 3686 + When not specified, the first layer found in the artifact is selected. 3687 + properties: 3688 + mediaType: 3689 + description: |- 3690 + MediaType specifies the OCI media type of the layer 3691 + which should be extracted from the OCI Artifact. The 3692 + first layer matching this type is selected. 3693 + type: string 3694 + operation: 3695 + description: |- 3696 + Operation specifies how the selected layer should be processed. 3697 + By default, the layer compressed content is extracted to storage. 3698 + When the operation is set to 'copy', the layer compressed content 3699 + is persisted to storage as it is. 3700 + enum: 3701 + - extract 3702 + - copy 3703 + type: string 3704 + type: object 3705 + provider: 3706 + default: generic 3707 + description: |- 3708 + The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. 3709 + When not specified, defaults to 'generic'. 3710 + enum: 3711 + - generic 3712 + - aws 3713 + - azure 3714 + - gcp 3715 + type: string 3716 + proxySecretRef: 3717 + description: |- 3718 + ProxySecretRef specifies the Secret containing the proxy configuration 3719 + to use while communicating with the container registry. 3720 + properties: 3721 + name: 3722 + description: Name of the referent. 3723 + type: string 3724 + required: 3725 + - name 3726 + type: object 3727 + ref: 3728 + description: |- 3729 + The OCI reference to pull and monitor for changes, 3730 + defaults to the latest tag. 3731 + properties: 3732 + digest: 3733 + description: |- 3734 + Digest is the image digest to pull, takes precedence over SemVer. 3735 + The value should be in the format 'sha256:<HASH>'. 3736 + type: string 3737 + semver: 3738 + description: |- 3739 + SemVer is the range of tags to pull selecting the latest within 3740 + the range, takes precedence over Tag. 3741 + type: string 3742 + semverFilter: 3743 + description: SemverFilter is a regex pattern to filter the tags 3744 + within the SemVer range. 3745 + type: string 3746 + tag: 3747 + description: Tag is the image tag to pull, defaults to latest. 3748 + type: string 3749 + type: object 3750 + secretRef: 3751 + description: |- 3752 + SecretRef contains the secret name containing the registry login 3753 + credentials to resolve image metadata. 3754 + The secret must be of type kubernetes.io/dockerconfigjson. 3755 + properties: 3756 + name: 3757 + description: Name of the referent. 3758 + type: string 3759 + required: 3760 + - name 3761 + type: object 3762 + serviceAccountName: 3763 + description: |- 3764 + ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate 3765 + the image pull if the service account has attached pull secrets. For more information: 3766 + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account 3767 + type: string 3768 + suspend: 3769 + description: This flag tells the controller to suspend the reconciliation 3770 + of this source. 3771 + type: boolean 3772 + timeout: 3773 + default: 60s 3774 + description: The timeout for remote OCI Repository operations like 3775 + pulling, defaults to 60s. 3776 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 3777 + type: string 3778 + url: 3779 + description: |- 3780 + URL is a reference to an OCI artifact repository hosted 3781 + on a remote container registry. 3782 + pattern: ^oci://.*$ 3783 + type: string 3784 + verify: 3785 + description: |- 3786 + Verify contains the secret name containing the trusted public keys 3787 + used to verify the signature and specifies which provider to use to check 3788 + whether OCI image is authentic. 3789 + properties: 3790 + matchOIDCIdentity: 3791 + description: |- 3792 + MatchOIDCIdentity specifies the identity matching criteria to use 3793 + while verifying an OCI artifact which was signed using Cosign keyless 3794 + signing. The artifact's identity is deemed to be verified if any of the 3795 + specified matchers match against the identity. 3796 + items: 3797 + description: |- 3798 + OIDCIdentityMatch specifies options for verifying the certificate identity, 3799 + i.e. the issuer and the subject of the certificate. 3800 + properties: 3801 + issuer: 3802 + description: |- 3803 + Issuer specifies the regex pattern to match against to verify 3804 + the OIDC issuer in the Fulcio certificate. The pattern must be a 3805 + valid Go regular expression. 3806 + type: string 3807 + subject: 3808 + description: |- 3809 + Subject specifies the regex pattern to match against to verify 3810 + the identity subject in the Fulcio certificate. The pattern must 3811 + be a valid Go regular expression. 3812 + type: string 3813 + required: 3814 + - issuer 3815 + - subject 3816 + type: object 3817 + type: array 3818 + provider: 3819 + default: cosign 3820 + description: Provider specifies the technology used to sign the 3821 + OCI Artifact. 3822 + enum: 3823 + - cosign 3824 + - notation 3825 + type: string 3826 + secretRef: 3827 + description: |- 3828 + SecretRef specifies the Kubernetes Secret containing the 3829 + trusted public keys. 3830 + properties: 3831 + name: 3832 + description: Name of the referent. 3833 + type: string 3834 + required: 3835 + - name 3836 + type: object 3837 + required: 3838 + - provider 3839 + type: object 3840 + required: 3841 + - interval 3842 + - url 3843 + type: object 3844 + status: 3845 + default: 3846 + observedGeneration: -1 3847 + description: OCIRepositoryStatus defines the observed state of OCIRepository 3848 + properties: 3849 + artifact: 3850 + description: Artifact represents the output of the last successful 3851 + OCI Repository sync. 3852 + properties: 3853 + digest: 3854 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 3855 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 3856 + type: string 3857 + lastUpdateTime: 3858 + description: |- 3859 + LastUpdateTime is the timestamp corresponding to the last update of the 3860 + Artifact. 3861 + format: date-time 3862 + type: string 3863 + metadata: 3864 + additionalProperties: 3865 + type: string 3866 + description: Metadata holds upstream information such as OCI annotations. 3867 + type: object 3868 + path: 3869 + description: |- 3870 + Path is the relative file path of the Artifact. It can be used to locate 3871 + the file in the root of the Artifact storage on the local file system of 3872 + the controller managing the Source. 3873 + type: string 3874 + revision: 3875 + description: |- 3876 + Revision is a human-readable identifier traceable in the origin source 3877 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 3878 + type: string 3879 + size: 3880 + description: Size is the number of bytes in the file. 3881 + format: int64 3882 + type: integer 3883 + url: 3884 + description: |- 3885 + URL is the HTTP address of the Artifact as exposed by the controller 3886 + managing the Source. It can be used to retrieve the Artifact for 3887 + consumption, e.g. by another controller applying the Artifact contents. 3888 + type: string 3889 + required: 3890 + - digest 3891 + - lastUpdateTime 3892 + - path 3893 + - revision 3894 + - url 3895 + type: object 3896 + conditions: 3897 + description: Conditions holds the conditions for the OCIRepository. 3898 + items: 3899 + description: Condition contains details for one aspect of the current 3900 + state of this API Resource. 3901 + properties: 3902 + lastTransitionTime: 3903 + description: |- 3904 + lastTransitionTime is the last time the condition transitioned from one status to another. 3905 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 3906 + format: date-time 3907 + type: string 3908 + message: 3909 + description: |- 3910 + message is a human readable message indicating details about the transition. 3911 + This may be an empty string. 3912 + maxLength: 32768 3913 + type: string 3914 + observedGeneration: 3915 + description: |- 3916 + observedGeneration represents the .metadata.generation that the condition was set based upon. 3917 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 3918 + with respect to the current state of the instance. 3919 + format: int64 3920 + minimum: 0 3921 + type: integer 3922 + reason: 3923 + description: |- 3924 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 3925 + Producers of specific condition types may define expected values and meanings for this field, 3926 + and whether the values are considered a guaranteed API. 3927 + The value should be a CamelCase string. 3928 + This field may not be empty. 3929 + maxLength: 1024 3930 + minLength: 1 3931 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 3932 + type: string 3933 + status: 3934 + description: status of the condition, one of True, False, Unknown. 3935 + enum: 3936 + - "True" 3937 + - "False" 3938 + - Unknown 3939 + type: string 3940 + type: 3941 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 3942 + maxLength: 316 3943 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 3944 + type: string 3945 + required: 3946 + - lastTransitionTime 3947 + - message 3948 + - reason 3949 + - status 3950 + - type 3951 + type: object 3952 + type: array 3953 + lastHandledReconcileAt: 3954 + description: |- 3955 + LastHandledReconcileAt holds the value of the most recent 3956 + reconcile request value, so a change of the annotation value 3957 + can be detected. 3958 + type: string 3959 + observedGeneration: 3960 + description: ObservedGeneration is the last observed generation. 3961 + format: int64 3962 + type: integer 3963 + observedIgnore: 3964 + description: |- 3965 + ObservedIgnore is the observed exclusion patterns used for constructing 3966 + the source artifact. 3967 + type: string 3968 + observedLayerSelector: 3969 + description: |- 3970 + ObservedLayerSelector is the observed layer selector used for constructing 3971 + the source artifact. 3972 + properties: 3973 + mediaType: 3974 + description: |- 3975 + MediaType specifies the OCI media type of the layer 3976 + which should be extracted from the OCI Artifact. The 3977 + first layer matching this type is selected. 3978 + type: string 3979 + operation: 3980 + description: |- 3981 + Operation specifies how the selected layer should be processed. 3982 + By default, the layer compressed content is extracted to storage. 3983 + When the operation is set to 'copy', the layer compressed content 3984 + is persisted to storage as it is. 3985 + enum: 3986 + - extract 3987 + - copy 3988 + type: string 3989 + type: object 3990 + url: 3991 + description: URL is the download link for the artifact output of the 3992 + last OCI Repository sync. 3993 + type: string 3994 + type: object 3995 + type: object 3996 + served: true 3997 + storage: true 3998 + subresources: 3999 + status: {} 4000 + - additionalPrinterColumns: 4001 + - jsonPath: .spec.url 4002 + name: URL 4003 + type: string 4004 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 4005 + name: Ready 4006 + type: string 4007 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 4008 + name: Status 4009 + type: string 4010 + - jsonPath: .metadata.creationTimestamp 4011 + name: Age 4012 + type: date 4013 + deprecated: true 4014 + deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1 4015 + name: v1beta2 4016 + schema: 4017 + openAPIV3Schema: 4018 + description: OCIRepository is the Schema for the ocirepositories API 4019 + properties: 4020 + apiVersion: 4021 + description: |- 4022 + APIVersion defines the versioned schema of this representation of an object. 4023 + Servers should convert recognized schemas to the latest internal value, and 4024 + may reject unrecognized values. 4025 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 4026 + type: string 4027 + kind: 4028 + description: |- 4029 + Kind is a string value representing the REST resource this object represents. 4030 + Servers may infer this from the endpoint the client submits requests to. 4031 + Cannot be updated. 4032 + In CamelCase. 4033 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4034 + type: string 4035 + metadata: 4036 + type: object 4037 + spec: 4038 + description: OCIRepositorySpec defines the desired state of OCIRepository 4039 + properties: 4040 + certSecretRef: 4041 + description: |- 4042 + CertSecretRef can be given the name of a Secret containing 4043 + either or both of 4044 + 4045 + - a PEM-encoded client certificate (`tls.crt`) and private 4046 + key (`tls.key`); 4047 + - a PEM-encoded CA certificate (`ca.crt`) 4048 + 4049 + and whichever are supplied, will be used for connecting to the 4050 + registry. The client cert and key are useful if you are 4051 + authenticating with a certificate; the CA cert is useful if 4052 + you are using a self-signed server certificate. The Secret must 4053 + be of type `Opaque` or `kubernetes.io/tls`. 4054 + 4055 + Note: Support for the `caFile`, `certFile` and `keyFile` keys have 4056 + been deprecated. 4057 + properties: 4058 + name: 4059 + description: Name of the referent. 4060 + type: string 4061 + required: 4062 + - name 4063 + type: object 4064 + ignore: 4065 + description: |- 4066 + Ignore overrides the set of excluded patterns in the .sourceignore format 4067 + (which is the same as .gitignore). If not provided, a default will be used, 4068 + consult the documentation for your version to find out what those are. 4069 + type: string 4070 + insecure: 4071 + description: Insecure allows connecting to a non-TLS HTTP container 4072 + registry. 4073 + type: boolean 4074 + interval: 4075 + description: |- 4076 + Interval at which the OCIRepository URL is checked for updates. 4077 + This interval is approximate and may be subject to jitter to ensure 4078 + efficient use of resources. 4079 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 4080 + type: string 4081 + layerSelector: 4082 + description: |- 4083 + LayerSelector specifies which layer should be extracted from the OCI artifact. 4084 + When not specified, the first layer found in the artifact is selected. 4085 + properties: 4086 + mediaType: 4087 + description: |- 4088 + MediaType specifies the OCI media type of the layer 4089 + which should be extracted from the OCI Artifact. The 4090 + first layer matching this type is selected. 4091 + type: string 4092 + operation: 4093 + description: |- 4094 + Operation specifies how the selected layer should be processed. 4095 + By default, the layer compressed content is extracted to storage. 4096 + When the operation is set to 'copy', the layer compressed content 4097 + is persisted to storage as it is. 4098 + enum: 4099 + - extract 4100 + - copy 4101 + type: string 4102 + type: object 4103 + provider: 4104 + default: generic 4105 + description: |- 4106 + The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. 4107 + When not specified, defaults to 'generic'. 4108 + enum: 4109 + - generic 4110 + - aws 4111 + - azure 4112 + - gcp 4113 + type: string 4114 + proxySecretRef: 4115 + description: |- 4116 + ProxySecretRef specifies the Secret containing the proxy configuration 4117 + to use while communicating with the container registry. 4118 + properties: 4119 + name: 4120 + description: Name of the referent. 4121 + type: string 4122 + required: 4123 + - name 4124 + type: object 4125 + ref: 4126 + description: |- 4127 + The OCI reference to pull and monitor for changes, 4128 + defaults to the latest tag. 4129 + properties: 4130 + digest: 4131 + description: |- 4132 + Digest is the image digest to pull, takes precedence over SemVer. 4133 + The value should be in the format 'sha256:<HASH>'. 4134 + type: string 4135 + semver: 4136 + description: |- 4137 + SemVer is the range of tags to pull selecting the latest within 4138 + the range, takes precedence over Tag. 4139 + type: string 4140 + semverFilter: 4141 + description: SemverFilter is a regex pattern to filter the tags 4142 + within the SemVer range. 4143 + type: string 4144 + tag: 4145 + description: Tag is the image tag to pull, defaults to latest. 4146 + type: string 4147 + type: object 4148 + secretRef: 4149 + description: |- 4150 + SecretRef contains the secret name containing the registry login 4151 + credentials to resolve image metadata. 4152 + The secret must be of type kubernetes.io/dockerconfigjson. 4153 + properties: 4154 + name: 4155 + description: Name of the referent. 4156 + type: string 4157 + required: 4158 + - name 4159 + type: object 4160 + serviceAccountName: 4161 + description: |- 4162 + ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate 4163 + the image pull if the service account has attached pull secrets. For more information: 4164 + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account 4165 + type: string 4166 + suspend: 4167 + description: This flag tells the controller to suspend the reconciliation 4168 + of this source. 4169 + type: boolean 4170 + timeout: 4171 + default: 60s 4172 + description: The timeout for remote OCI Repository operations like 4173 + pulling, defaults to 60s. 4174 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 4175 + type: string 4176 + url: 4177 + description: |- 4178 + URL is a reference to an OCI artifact repository hosted 4179 + on a remote container registry. 4180 + pattern: ^oci://.*$ 4181 + type: string 4182 + verify: 4183 + description: |- 4184 + Verify contains the secret name containing the trusted public keys 4185 + used to verify the signature and specifies which provider to use to check 4186 + whether OCI image is authentic. 4187 + properties: 4188 + matchOIDCIdentity: 4189 + description: |- 4190 + MatchOIDCIdentity specifies the identity matching criteria to use 4191 + while verifying an OCI artifact which was signed using Cosign keyless 4192 + signing. The artifact's identity is deemed to be verified if any of the 4193 + specified matchers match against the identity. 4194 + items: 4195 + description: |- 4196 + OIDCIdentityMatch specifies options for verifying the certificate identity, 4197 + i.e. the issuer and the subject of the certificate. 4198 + properties: 4199 + issuer: 4200 + description: |- 4201 + Issuer specifies the regex pattern to match against to verify 4202 + the OIDC issuer in the Fulcio certificate. The pattern must be a 4203 + valid Go regular expression. 4204 + type: string 4205 + subject: 4206 + description: |- 4207 + Subject specifies the regex pattern to match against to verify 4208 + the identity subject in the Fulcio certificate. The pattern must 4209 + be a valid Go regular expression. 4210 + type: string 4211 + required: 4212 + - issuer 4213 + - subject 4214 + type: object 4215 + type: array 4216 + provider: 4217 + default: cosign 4218 + description: Provider specifies the technology used to sign the 4219 + OCI Artifact. 4220 + enum: 4221 + - cosign 4222 + - notation 4223 + type: string 4224 + secretRef: 4225 + description: |- 4226 + SecretRef specifies the Kubernetes Secret containing the 4227 + trusted public keys. 4228 + properties: 4229 + name: 4230 + description: Name of the referent. 4231 + type: string 4232 + required: 4233 + - name 4234 + type: object 4235 + required: 4236 + - provider 4237 + type: object 4238 + required: 4239 + - interval 4240 + - url 4241 + type: object 4242 + status: 4243 + default: 4244 + observedGeneration: -1 4245 + description: OCIRepositoryStatus defines the observed state of OCIRepository 4246 + properties: 4247 + artifact: 4248 + description: Artifact represents the output of the last successful 4249 + OCI Repository sync. 4250 + properties: 4251 + digest: 4252 + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. 4253 + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ 4254 + type: string 4255 + lastUpdateTime: 4256 + description: |- 4257 + LastUpdateTime is the timestamp corresponding to the last update of the 4258 + Artifact. 4259 + format: date-time 4260 + type: string 4261 + metadata: 4262 + additionalProperties: 4263 + type: string 4264 + description: Metadata holds upstream information such as OCI annotations. 4265 + type: object 4266 + path: 4267 + description: |- 4268 + Path is the relative file path of the Artifact. It can be used to locate 4269 + the file in the root of the Artifact storage on the local file system of 4270 + the controller managing the Source. 4271 + type: string 4272 + revision: 4273 + description: |- 4274 + Revision is a human-readable identifier traceable in the origin source 4275 + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. 4276 + type: string 4277 + size: 4278 + description: Size is the number of bytes in the file. 4279 + format: int64 4280 + type: integer 4281 + url: 4282 + description: |- 4283 + URL is the HTTP address of the Artifact as exposed by the controller 4284 + managing the Source. It can be used to retrieve the Artifact for 4285 + consumption, e.g. by another controller applying the Artifact contents. 4286 + type: string 4287 + required: 4288 + - digest 4289 + - lastUpdateTime 4290 + - path 4291 + - revision 4292 + - url 4293 + type: object 4294 + conditions: 4295 + description: Conditions holds the conditions for the OCIRepository. 4296 + items: 4297 + description: Condition contains details for one aspect of the current 4298 + state of this API Resource. 4299 + properties: 4300 + lastTransitionTime: 4301 + description: |- 4302 + lastTransitionTime is the last time the condition transitioned from one status to another. 4303 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 4304 + format: date-time 4305 + type: string 4306 + message: 4307 + description: |- 4308 + message is a human readable message indicating details about the transition. 4309 + This may be an empty string. 4310 + maxLength: 32768 4311 + type: string 4312 + observedGeneration: 4313 + description: |- 4314 + observedGeneration represents the .metadata.generation that the condition was set based upon. 4315 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 4316 + with respect to the current state of the instance. 4317 + format: int64 4318 + minimum: 0 4319 + type: integer 4320 + reason: 4321 + description: |- 4322 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 4323 + Producers of specific condition types may define expected values and meanings for this field, 4324 + and whether the values are considered a guaranteed API. 4325 + The value should be a CamelCase string. 4326 + This field may not be empty. 4327 + maxLength: 1024 4328 + minLength: 1 4329 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 4330 + type: string 4331 + status: 4332 + description: status of the condition, one of True, False, Unknown. 4333 + enum: 4334 + - "True" 4335 + - "False" 4336 + - Unknown 4337 + type: string 4338 + type: 4339 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 4340 + maxLength: 316 4341 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 4342 + type: string 4343 + required: 4344 + - lastTransitionTime 4345 + - message 4346 + - reason 4347 + - status 4348 + - type 4349 + type: object 4350 + type: array 4351 + contentConfigChecksum: 4352 + description: |- 4353 + ContentConfigChecksum is a checksum of all the configurations related to 4354 + the content of the source artifact: 4355 + - .spec.ignore 4356 + - .spec.layerSelector 4357 + observed in .status.observedGeneration version of the object. This can 4358 + be used to determine if the content configuration has changed and the 4359 + artifact needs to be rebuilt. 4360 + It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`. 4361 + 4362 + Deprecated: Replaced with explicit fields for observed artifact content 4363 + config in the status. 4364 + type: string 4365 + lastHandledReconcileAt: 4366 + description: |- 4367 + LastHandledReconcileAt holds the value of the most recent 4368 + reconcile request value, so a change of the annotation value 4369 + can be detected. 4370 + type: string 4371 + observedGeneration: 4372 + description: ObservedGeneration is the last observed generation. 4373 + format: int64 4374 + type: integer 4375 + observedIgnore: 4376 + description: |- 4377 + ObservedIgnore is the observed exclusion patterns used for constructing 4378 + the source artifact. 4379 + type: string 4380 + observedLayerSelector: 4381 + description: |- 4382 + ObservedLayerSelector is the observed layer selector used for constructing 4383 + the source artifact. 4384 + properties: 4385 + mediaType: 4386 + description: |- 4387 + MediaType specifies the OCI media type of the layer 4388 + which should be extracted from the OCI Artifact. The 4389 + first layer matching this type is selected. 4390 + type: string 4391 + operation: 4392 + description: |- 4393 + Operation specifies how the selected layer should be processed. 4394 + By default, the layer compressed content is extracted to storage. 4395 + When the operation is set to 'copy', the layer compressed content 4396 + is persisted to storage as it is. 4397 + enum: 4398 + - extract 4399 + - copy 4400 + type: string 4401 + type: object 4402 + url: 4403 + description: URL is the download link for the artifact output of the 4404 + last OCI Repository sync. 4405 + type: string 4406 + type: object 4407 + type: object 4408 + served: true 4409 + storage: false 4410 + subresources: 4411 + status: {} 4412 + --- 4413 + apiVersion: v1 4414 + kind: ServiceAccount 4415 + metadata: 4416 + labels: 4417 + app.kubernetes.io/component: source-controller 4418 + app.kubernetes.io/instance: flux-system 4419 + app.kubernetes.io/part-of: flux 4420 + app.kubernetes.io/version: v2.7.3 4421 + name: source-controller 4422 + namespace: flux-system 4423 + --- 4424 + apiVersion: v1 4425 + kind: Service 4426 + metadata: 4427 + labels: 4428 + app.kubernetes.io/component: source-controller 4429 + app.kubernetes.io/instance: flux-system 4430 + app.kubernetes.io/part-of: flux 4431 + app.kubernetes.io/version: v2.7.3 4432 + control-plane: controller 4433 + name: source-controller 4434 + namespace: flux-system 4435 + spec: 4436 + ports: 4437 + - name: http 4438 + port: 80 4439 + protocol: TCP 4440 + targetPort: http 4441 + selector: 4442 + app: source-controller 4443 + type: ClusterIP 4444 + --- 4445 + apiVersion: apps/v1 4446 + kind: Deployment 4447 + metadata: 4448 + labels: 4449 + app.kubernetes.io/component: source-controller 4450 + app.kubernetes.io/instance: flux-system 4451 + app.kubernetes.io/part-of: flux 4452 + app.kubernetes.io/version: v2.7.3 4453 + control-plane: controller 4454 + name: source-controller 4455 + namespace: flux-system 4456 + spec: 4457 + replicas: 1 4458 + selector: 4459 + matchLabels: 4460 + app: source-controller 4461 + strategy: 4462 + type: Recreate 4463 + template: 4464 + metadata: 4465 + annotations: 4466 + prometheus.io/port: "8080" 4467 + prometheus.io/scrape: "true" 4468 + labels: 4469 + app: source-controller 4470 + app.kubernetes.io/component: source-controller 4471 + app.kubernetes.io/instance: flux-system 4472 + app.kubernetes.io/part-of: flux 4473 + app.kubernetes.io/version: v2.7.3 4474 + spec: 4475 + containers: 4476 + - args: 4477 + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ 4478 + - --watch-all-namespaces=true 4479 + - --log-level=info 4480 + - --log-encoding=json 4481 + - --enable-leader-election 4482 + - --storage-path=/data 4483 + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. 4484 + env: 4485 + - name: RUNTIME_NAMESPACE 4486 + valueFrom: 4487 + fieldRef: 4488 + fieldPath: metadata.namespace 4489 + - name: TUF_ROOT 4490 + value: /tmp/.sigstore 4491 + - name: GOMEMLIMIT 4492 + valueFrom: 4493 + resourceFieldRef: 4494 + containerName: manager 4495 + resource: limits.memory 4496 + image: ghcr.io/fluxcd/source-controller:v1.7.3 4497 + imagePullPolicy: IfNotPresent 4498 + livenessProbe: 4499 + httpGet: 4500 + path: /healthz 4501 + port: healthz 4502 + name: manager 4503 + ports: 4504 + - containerPort: 9090 4505 + name: http 4506 + protocol: TCP 4507 + - containerPort: 8080 4508 + name: http-prom 4509 + protocol: TCP 4510 + - containerPort: 9440 4511 + name: healthz 4512 + protocol: TCP 4513 + readinessProbe: 4514 + httpGet: 4515 + path: / 4516 + port: http 4517 + resources: 4518 + limits: 4519 + cpu: 1000m 4520 + memory: 1Gi 4521 + requests: 4522 + cpu: 50m 4523 + memory: 64Mi 4524 + securityContext: 4525 + allowPrivilegeEscalation: false 4526 + capabilities: 4527 + drop: 4528 + - ALL 4529 + readOnlyRootFilesystem: true 4530 + runAsNonRoot: true 4531 + seccompProfile: 4532 + type: RuntimeDefault 4533 + volumeMounts: 4534 + - mountPath: /data 4535 + name: data 4536 + - mountPath: /tmp 4537 + name: tmp 4538 + nodeSelector: 4539 + kubernetes.io/os: linux 4540 + priorityClassName: system-cluster-critical 4541 + securityContext: 4542 + fsGroup: 1337 4543 + serviceAccountName: source-controller 4544 + terminationGracePeriodSeconds: 10 4545 + volumes: 4546 + - emptyDir: {} 4547 + name: data 4548 + - emptyDir: {} 4549 + name: tmp 4550 + --- 4551 + apiVersion: apiextensions.k8s.io/v1 4552 + kind: CustomResourceDefinition 4553 + metadata: 4554 + annotations: 4555 + controller-gen.kubebuilder.io/version: v0.19.0 4556 + labels: 4557 + app.kubernetes.io/component: kustomize-controller 4558 + app.kubernetes.io/instance: flux-system 4559 + app.kubernetes.io/part-of: flux 4560 + app.kubernetes.io/version: v2.7.3 4561 + name: kustomizations.kustomize.toolkit.fluxcd.io 4562 + spec: 4563 + group: kustomize.toolkit.fluxcd.io 4564 + names: 4565 + kind: Kustomization 4566 + listKind: KustomizationList 4567 + plural: kustomizations 4568 + shortNames: 4569 + - ks 4570 + singular: kustomization 4571 + scope: Namespaced 4572 + versions: 4573 + - additionalPrinterColumns: 4574 + - jsonPath: .metadata.creationTimestamp 4575 + name: Age 4576 + type: date 4577 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 4578 + name: Ready 4579 + type: string 4580 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 4581 + name: Status 4582 + type: string 4583 + name: v1 4584 + schema: 4585 + openAPIV3Schema: 4586 + description: Kustomization is the Schema for the kustomizations API. 4587 + properties: 4588 + apiVersion: 4589 + description: |- 4590 + APIVersion defines the versioned schema of this representation of an object. 4591 + Servers should convert recognized schemas to the latest internal value, and 4592 + may reject unrecognized values. 4593 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 4594 + type: string 4595 + kind: 4596 + description: |- 4597 + Kind is a string value representing the REST resource this object represents. 4598 + Servers may infer this from the endpoint the client submits requests to. 4599 + Cannot be updated. 4600 + In CamelCase. 4601 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 4602 + type: string 4603 + metadata: 4604 + type: object 4605 + spec: 4606 + description: |- 4607 + KustomizationSpec defines the configuration to calculate the desired state 4608 + from a Source using Kustomize. 4609 + properties: 4610 + commonMetadata: 4611 + description: |- 4612 + CommonMetadata specifies the common labels and annotations that are 4613 + applied to all resources. Any existing label or annotation will be 4614 + overridden if its key matches a common one. 4615 + properties: 4616 + annotations: 4617 + additionalProperties: 4618 + type: string 4619 + description: Annotations to be added to the object's metadata. 4620 + type: object 4621 + labels: 4622 + additionalProperties: 4623 + type: string 4624 + description: Labels to be added to the object's metadata. 4625 + type: object 4626 + type: object 4627 + components: 4628 + description: Components specifies relative paths to kustomize Components. 4629 + items: 4630 + type: string 4631 + type: array 4632 + decryption: 4633 + description: Decrypt Kubernetes secrets before applying them on the 4634 + cluster. 4635 + properties: 4636 + provider: 4637 + description: Provider is the name of the decryption engine. 4638 + enum: 4639 + - sops 4640 + type: string 4641 + secretRef: 4642 + description: |- 4643 + The secret name containing the private OpenPGP keys used for decryption. 4644 + A static credential for a cloud provider defined inside the Secret 4645 + takes priority to secret-less authentication with the ServiceAccountName 4646 + field. 4647 + properties: 4648 + name: 4649 + description: Name of the referent. 4650 + type: string 4651 + required: 4652 + - name 4653 + type: object 4654 + serviceAccountName: 4655 + description: |- 4656 + ServiceAccountName is the name of the service account used to 4657 + authenticate with KMS services from cloud providers. If a 4658 + static credential for a given cloud provider is defined 4659 + inside the Secret referenced by SecretRef, that static 4660 + credential takes priority. 4661 + type: string 4662 + required: 4663 + - provider 4664 + type: object 4665 + deletionPolicy: 4666 + description: |- 4667 + DeletionPolicy can be used to control garbage collection when this 4668 + Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete', 4669 + 'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field 4670 + (orphan if false, delete if true). Defaults to 'MirrorPrune'. 4671 + enum: 4672 + - MirrorPrune 4673 + - Delete 4674 + - WaitForTermination 4675 + - Orphan 4676 + type: string 4677 + dependsOn: 4678 + description: |- 4679 + DependsOn may contain a DependencyReference slice 4680 + with references to Kustomization resources that must be ready before this 4681 + Kustomization can be reconciled. 4682 + items: 4683 + description: DependencyReference defines a Kustomization dependency 4684 + on another Kustomization resource. 4685 + properties: 4686 + name: 4687 + description: Name of the referent. 4688 + type: string 4689 + namespace: 4690 + description: |- 4691 + Namespace of the referent, defaults to the namespace of the Kustomization 4692 + resource object that contains the reference. 4693 + type: string 4694 + readyExpr: 4695 + description: |- 4696 + ReadyExpr is a CEL expression that can be used to assess the readiness 4697 + of a dependency. When specified, the built-in readiness check 4698 + is replaced by the logic defined in the CEL expression. 4699 + To make the CEL expression additive to the built-in readiness check, 4700 + the feature gate `AdditiveCELDependencyCheck` must be set to `true`. 4701 + type: string 4702 + required: 4703 + - name 4704 + type: object 4705 + type: array 4706 + force: 4707 + default: false 4708 + description: |- 4709 + Force instructs the controller to recreate resources 4710 + when patching fails due to an immutable field change. 4711 + type: boolean 4712 + healthCheckExprs: 4713 + description: |- 4714 + HealthCheckExprs is a list of healthcheck expressions for evaluating the 4715 + health of custom resources using Common Expression Language (CEL). 4716 + The expressions are evaluated only when Wait or HealthChecks are specified. 4717 + items: 4718 + description: CustomHealthCheck defines the health check for custom 4719 + resources. 4720 + properties: 4721 + apiVersion: 4722 + description: APIVersion of the custom resource under evaluation. 4723 + type: string 4724 + current: 4725 + description: |- 4726 + Current is the CEL expression that determines if the status 4727 + of the custom resource has reached the desired state. 4728 + type: string 4729 + failed: 4730 + description: |- 4731 + Failed is the CEL expression that determines if the status 4732 + of the custom resource has failed to reach the desired state. 4733 + type: string 4734 + inProgress: 4735 + description: |- 4736 + InProgress is the CEL expression that determines if the status 4737 + of the custom resource has not yet reached the desired state. 4738 + type: string 4739 + kind: 4740 + description: Kind of the custom resource under evaluation. 4741 + type: string 4742 + required: 4743 + - apiVersion 4744 + - current 4745 + - kind 4746 + type: object 4747 + type: array 4748 + healthChecks: 4749 + description: A list of resources to be included in the health assessment. 4750 + items: 4751 + description: |- 4752 + NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object 4753 + in any namespace. 4754 + properties: 4755 + apiVersion: 4756 + description: API version of the referent, if not specified the 4757 + Kubernetes preferred version will be used. 4758 + type: string 4759 + kind: 4760 + description: Kind of the referent. 4761 + type: string 4762 + name: 4763 + description: Name of the referent. 4764 + type: string 4765 + namespace: 4766 + description: Namespace of the referent, when not specified it 4767 + acts as LocalObjectReference. 4768 + type: string 4769 + required: 4770 + - kind 4771 + - name 4772 + type: object 4773 + type: array 4774 + ignoreMissingComponents: 4775 + description: |- 4776 + IgnoreMissingComponents instructs the controller to ignore Components paths 4777 + not found in source by removing them from the generated kustomization.yaml 4778 + before running kustomize build. 4779 + type: boolean 4780 + images: 4781 + description: |- 4782 + Images is a list of (image name, new name, new tag or digest) 4783 + for changing image names, tags or digests. This can also be achieved with a 4784 + patch, but this operator is simpler to specify. 4785 + items: 4786 + description: Image contains an image name, a new name, a new tag 4787 + or digest, which will replace the original name and tag. 4788 + properties: 4789 + digest: 4790 + description: |- 4791 + Digest is the value used to replace the original image tag. 4792 + If digest is present NewTag value is ignored. 4793 + type: string 4794 + name: 4795 + description: Name is a tag-less image name. 4796 + type: string 4797 + newName: 4798 + description: NewName is the value used to replace the original 4799 + name. 4800 + type: string 4801 + newTag: 4802 + description: NewTag is the value used to replace the original 4803 + tag. 4804 + type: string 4805 + required: 4806 + - name 4807 + type: object 4808 + type: array 4809 + interval: 4810 + description: |- 4811 + The interval at which to reconcile the Kustomization. 4812 + This interval is approximate and may be subject to jitter to ensure 4813 + efficient use of resources. 4814 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 4815 + type: string 4816 + kubeConfig: 4817 + description: |- 4818 + The KubeConfig for reconciling the Kustomization on a remote cluster. 4819 + When used in combination with KustomizationSpec.ServiceAccountName, 4820 + forces the controller to act on behalf of that Service Account at the 4821 + target cluster. 4822 + If the --default-service-account flag is set, its value will be used as 4823 + a controller level fallback for when KustomizationSpec.ServiceAccountName 4824 + is empty. 4825 + properties: 4826 + configMapRef: 4827 + description: |- 4828 + ConfigMapRef holds an optional name of a ConfigMap that contains 4829 + the following keys: 4830 + 4831 + - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or 4832 + `generic`. Required. 4833 + - `cluster`: the fully qualified resource name of the Kubernetes 4834 + cluster in the cloud provider API. Not used by the `generic` 4835 + provider. Required when one of `address` or `ca.crt` is not set. 4836 + - `address`: the address of the Kubernetes API server. Required 4837 + for `generic`. For the other providers, if not specified, the 4838 + first address in the cluster resource will be used, and if 4839 + specified, it must match one of the addresses in the cluster 4840 + resource. 4841 + If audiences is not set, will be used as the audience for the 4842 + `generic` provider. 4843 + - `ca.crt`: the optional PEM-encoded CA certificate for the 4844 + Kubernetes API server. If not set, the controller will use the 4845 + CA certificate from the cluster resource. 4846 + - `audiences`: the optional audiences as a list of 4847 + line-break-separated strings for the Kubernetes ServiceAccount 4848 + token. Defaults to the `address` for the `generic` provider, or 4849 + to specific values for the other providers depending on the 4850 + provider. 4851 + - `serviceAccountName`: the optional name of the Kubernetes 4852 + ServiceAccount in the same namespace that should be used 4853 + for authentication. If not specified, the controller 4854 + ServiceAccount will be used. 4855 + 4856 + Mutually exclusive with SecretRef. 4857 + properties: 4858 + name: 4859 + description: Name of the referent. 4860 + type: string 4861 + required: 4862 + - name 4863 + type: object 4864 + secretRef: 4865 + description: |- 4866 + SecretRef holds an optional name of a secret that contains a key with 4867 + the kubeconfig file as the value. If no key is set, the key will default 4868 + to 'value'. Mutually exclusive with ConfigMapRef. 4869 + It is recommended that the kubeconfig is self-contained, and the secret 4870 + is regularly updated if credentials such as a cloud-access-token expire. 4871 + Cloud specific `cmd-path` auth helpers will not function without adding 4872 + binaries and credentials to the Pod that is responsible for reconciling 4873 + Kubernetes resources. Supported only for the generic provider. 4874 + properties: 4875 + key: 4876 + description: Key in the Secret, when not specified an implementation-specific 4877 + default key is used. 4878 + type: string 4879 + name: 4880 + description: Name of the Secret. 4881 + type: string 4882 + required: 4883 + - name 4884 + type: object 4885 + type: object 4886 + x-kubernetes-validations: 4887 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 4888 + must be specified 4889 + rule: has(self.configMapRef) || has(self.secretRef) 4890 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 4891 + must be specified 4892 + rule: '!has(self.configMapRef) || !has(self.secretRef)' 4893 + namePrefix: 4894 + description: NamePrefix will prefix the names of all managed resources. 4895 + maxLength: 200 4896 + minLength: 1 4897 + type: string 4898 + nameSuffix: 4899 + description: NameSuffix will suffix the names of all managed resources. 4900 + maxLength: 200 4901 + minLength: 1 4902 + type: string 4903 + patches: 4904 + description: |- 4905 + Strategic merge and JSON patches, defined as inline YAML objects, 4906 + capable of targeting objects based on kind, label and annotation selectors. 4907 + items: 4908 + description: |- 4909 + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should 4910 + be applied to. 4911 + properties: 4912 + patch: 4913 + description: |- 4914 + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with 4915 + an array of operation objects. 4916 + type: string 4917 + target: 4918 + description: Target points to the resources that the patch document 4919 + should be applied to. 4920 + properties: 4921 + annotationSelector: 4922 + description: |- 4923 + AnnotationSelector is a string that follows the label selection expression 4924 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 4925 + It matches with the resource annotations. 4926 + type: string 4927 + group: 4928 + description: |- 4929 + Group is the API group to select resources from. 4930 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 4931 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 4932 + type: string 4933 + kind: 4934 + description: |- 4935 + Kind of the API Group to select resources from. 4936 + Together with Group and Version it is capable of unambiguously 4937 + identifying and/or selecting resources. 4938 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 4939 + type: string 4940 + labelSelector: 4941 + description: |- 4942 + LabelSelector is a string that follows the label selection expression 4943 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 4944 + It matches with the resource labels. 4945 + type: string 4946 + name: 4947 + description: Name to match resources with. 4948 + type: string 4949 + namespace: 4950 + description: Namespace to select resources from. 4951 + type: string 4952 + version: 4953 + description: |- 4954 + Version of the API Group to select resources from. 4955 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 4956 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 4957 + type: string 4958 + type: object 4959 + required: 4960 + - patch 4961 + type: object 4962 + type: array 4963 + path: 4964 + description: |- 4965 + Path to the directory containing the kustomization.yaml file, or the 4966 + set of plain YAMLs a kustomization.yaml should be generated for. 4967 + Defaults to 'None', which translates to the root path of the SourceRef. 4968 + type: string 4969 + postBuild: 4970 + description: |- 4971 + PostBuild describes which actions to perform on the YAML manifest 4972 + generated by building the kustomize overlay. 4973 + properties: 4974 + substitute: 4975 + additionalProperties: 4976 + type: string 4977 + description: |- 4978 + Substitute holds a map of key/value pairs. 4979 + The variables defined in your YAML manifests that match any of the keys 4980 + defined in the map will be substituted with the set value. 4981 + Includes support for bash string replacement functions 4982 + e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. 4983 + type: object 4984 + substituteFrom: 4985 + description: |- 4986 + SubstituteFrom holds references to ConfigMaps and Secrets containing 4987 + the variables and their values to be substituted in the YAML manifests. 4988 + The ConfigMap and the Secret data keys represent the var names, and they 4989 + must match the vars declared in the manifests for the substitution to 4990 + happen. 4991 + items: 4992 + description: |- 4993 + SubstituteReference contains a reference to a resource containing 4994 + the variables name and value. 4995 + properties: 4996 + kind: 4997 + description: Kind of the values referent, valid values are 4998 + ('Secret', 'ConfigMap'). 4999 + enum: 5000 + - Secret 5001 + - ConfigMap 5002 + type: string 5003 + name: 5004 + description: |- 5005 + Name of the values referent. Should reside in the same namespace as the 5006 + referring resource. 5007 + maxLength: 253 5008 + minLength: 1 5009 + type: string 5010 + optional: 5011 + default: false 5012 + description: |- 5013 + Optional indicates whether the referenced resource must exist, or whether to 5014 + tolerate its absence. If true and the referenced resource is absent, proceed 5015 + as if the resource was present but empty, without any variables defined. 5016 + type: boolean 5017 + required: 5018 + - kind 5019 + - name 5020 + type: object 5021 + type: array 5022 + type: object 5023 + prune: 5024 + description: Prune enables garbage collection. 5025 + type: boolean 5026 + retryInterval: 5027 + description: |- 5028 + The interval at which to retry a previously failed reconciliation. 5029 + When not specified, the controller uses the KustomizationSpec.Interval 5030 + value to retry failures. 5031 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 5032 + type: string 5033 + serviceAccountName: 5034 + description: |- 5035 + The name of the Kubernetes service account to impersonate 5036 + when reconciling this Kustomization. 5037 + type: string 5038 + sourceRef: 5039 + description: Reference of the source where the kustomization file 5040 + is. 5041 + properties: 5042 + apiVersion: 5043 + description: API version of the referent. 5044 + type: string 5045 + kind: 5046 + description: Kind of the referent. 5047 + enum: 5048 + - OCIRepository 5049 + - GitRepository 5050 + - Bucket 5051 + - ExternalArtifact 5052 + type: string 5053 + name: 5054 + description: Name of the referent. 5055 + type: string 5056 + namespace: 5057 + description: |- 5058 + Namespace of the referent, defaults to the namespace of the Kubernetes 5059 + resource object that contains the reference. 5060 + type: string 5061 + required: 5062 + - kind 5063 + - name 5064 + type: object 5065 + suspend: 5066 + description: |- 5067 + This flag tells the controller to suspend subsequent kustomize executions, 5068 + it does not apply to already started executions. Defaults to false. 5069 + type: boolean 5070 + targetNamespace: 5071 + description: |- 5072 + TargetNamespace sets or overrides the namespace in the 5073 + kustomization.yaml file. 5074 + maxLength: 63 5075 + minLength: 1 5076 + type: string 5077 + timeout: 5078 + description: |- 5079 + Timeout for validation, apply and health checking operations. 5080 + Defaults to 'Interval' duration. 5081 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 5082 + type: string 5083 + wait: 5084 + description: |- 5085 + Wait instructs the controller to check the health of all the reconciled 5086 + resources. When enabled, the HealthChecks are ignored. Defaults to false. 5087 + type: boolean 5088 + required: 5089 + - interval 5090 + - prune 5091 + - sourceRef 5092 + type: object 5093 + status: 5094 + default: 5095 + observedGeneration: -1 5096 + description: KustomizationStatus defines the observed state of a kustomization. 5097 + properties: 5098 + conditions: 5099 + items: 5100 + description: Condition contains details for one aspect of the current 5101 + state of this API Resource. 5102 + properties: 5103 + lastTransitionTime: 5104 + description: |- 5105 + lastTransitionTime is the last time the condition transitioned from one status to another. 5106 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5107 + format: date-time 5108 + type: string 5109 + message: 5110 + description: |- 5111 + message is a human readable message indicating details about the transition. 5112 + This may be an empty string. 5113 + maxLength: 32768 5114 + type: string 5115 + observedGeneration: 5116 + description: |- 5117 + observedGeneration represents the .metadata.generation that the condition was set based upon. 5118 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 5119 + with respect to the current state of the instance. 5120 + format: int64 5121 + minimum: 0 5122 + type: integer 5123 + reason: 5124 + description: |- 5125 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 5126 + Producers of specific condition types may define expected values and meanings for this field, 5127 + and whether the values are considered a guaranteed API. 5128 + The value should be a CamelCase string. 5129 + This field may not be empty. 5130 + maxLength: 1024 5131 + minLength: 1 5132 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5133 + type: string 5134 + status: 5135 + description: status of the condition, one of True, False, Unknown. 5136 + enum: 5137 + - "True" 5138 + - "False" 5139 + - Unknown 5140 + type: string 5141 + type: 5142 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 5143 + maxLength: 316 5144 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5145 + type: string 5146 + required: 5147 + - lastTransitionTime 5148 + - message 5149 + - reason 5150 + - status 5151 + - type 5152 + type: object 5153 + type: array 5154 + history: 5155 + description: |- 5156 + History contains a set of snapshots of the last reconciliation attempts 5157 + tracking the revision, the state and the duration of each attempt. 5158 + items: 5159 + description: |- 5160 + Snapshot represents a point-in-time record of a group of resources reconciliation, 5161 + including timing information, status, and a unique digest identifier. 5162 + properties: 5163 + digest: 5164 + description: Digest is the checksum in the format `<algo>:<hex>` 5165 + of the resources in this snapshot. 5166 + type: string 5167 + firstReconciled: 5168 + description: FirstReconciled is the time when this revision 5169 + was first reconciled to the cluster. 5170 + format: date-time 5171 + type: string 5172 + lastReconciled: 5173 + description: LastReconciled is the time when this revision was 5174 + last reconciled to the cluster. 5175 + format: date-time 5176 + type: string 5177 + lastReconciledDuration: 5178 + description: LastReconciledDuration is time it took to reconcile 5179 + the resources in this revision. 5180 + type: string 5181 + lastReconciledStatus: 5182 + description: LastReconciledStatus is the status of the last 5183 + reconciliation. 5184 + type: string 5185 + metadata: 5186 + additionalProperties: 5187 + type: string 5188 + description: Metadata contains additional information about 5189 + the snapshot. 5190 + type: object 5191 + totalReconciliations: 5192 + description: TotalReconciliations is the total number of reconciliations 5193 + that have occurred for this snapshot. 5194 + format: int64 5195 + type: integer 5196 + required: 5197 + - digest 5198 + - firstReconciled 5199 + - lastReconciled 5200 + - lastReconciledDuration 5201 + - lastReconciledStatus 5202 + - totalReconciliations 5203 + type: object 5204 + type: array 5205 + inventory: 5206 + description: |- 5207 + Inventory contains the list of Kubernetes resource object references that 5208 + have been successfully applied. 5209 + properties: 5210 + entries: 5211 + description: Entries of Kubernetes resource object references. 5212 + items: 5213 + description: ResourceRef contains the information necessary 5214 + to locate a resource within a cluster. 5215 + properties: 5216 + id: 5217 + description: |- 5218 + ID is the string representation of the Kubernetes resource object's metadata, 5219 + in the format '<namespace>_<name>_<group>_<kind>'. 5220 + type: string 5221 + v: 5222 + description: Version is the API version of the Kubernetes 5223 + resource object's kind. 5224 + type: string 5225 + required: 5226 + - id 5227 + - v 5228 + type: object 5229 + type: array 5230 + required: 5231 + - entries 5232 + type: object 5233 + lastAppliedOriginRevision: 5234 + description: |- 5235 + The last successfully applied origin revision. 5236 + Equals the origin revision of the applied Artifact from the referenced Source. 5237 + Usually present on the Metadata of the applied Artifact and depends on the 5238 + Source type, e.g. for OCI it's the value associated with the key 5239 + "org.opencontainers.image.revision". 5240 + type: string 5241 + lastAppliedRevision: 5242 + description: |- 5243 + The last successfully applied revision. 5244 + Equals the Revision of the applied Artifact from the referenced Source. 5245 + type: string 5246 + lastAttemptedRevision: 5247 + description: LastAttemptedRevision is the revision of the last reconciliation 5248 + attempt. 5249 + type: string 5250 + lastHandledReconcileAt: 5251 + description: |- 5252 + LastHandledReconcileAt holds the value of the most recent 5253 + reconcile request value, so a change of the annotation value 5254 + can be detected. 5255 + type: string 5256 + observedGeneration: 5257 + description: ObservedGeneration is the last reconciled generation. 5258 + format: int64 5259 + type: integer 5260 + type: object 5261 + type: object 5262 + served: true 5263 + storage: true 5264 + subresources: 5265 + status: {} 5266 + - additionalPrinterColumns: 5267 + - jsonPath: .metadata.creationTimestamp 5268 + name: Age 5269 + type: date 5270 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 5271 + name: Ready 5272 + type: string 5273 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 5274 + name: Status 5275 + type: string 5276 + deprecated: true 5277 + deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 5278 + name: v1beta2 5279 + schema: 5280 + openAPIV3Schema: 5281 + description: Kustomization is the Schema for the kustomizations API. 5282 + properties: 5283 + apiVersion: 5284 + description: |- 5285 + APIVersion defines the versioned schema of this representation of an object. 5286 + Servers should convert recognized schemas to the latest internal value, and 5287 + may reject unrecognized values. 5288 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 5289 + type: string 5290 + kind: 5291 + description: |- 5292 + Kind is a string value representing the REST resource this object represents. 5293 + Servers may infer this from the endpoint the client submits requests to. 5294 + Cannot be updated. 5295 + In CamelCase. 5296 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 5297 + type: string 5298 + metadata: 5299 + type: object 5300 + spec: 5301 + description: KustomizationSpec defines the configuration to calculate 5302 + the desired state from a Source using Kustomize. 5303 + properties: 5304 + commonMetadata: 5305 + description: |- 5306 + CommonMetadata specifies the common labels and annotations that are applied to all resources. 5307 + Any existing label or annotation will be overridden if its key matches a common one. 5308 + properties: 5309 + annotations: 5310 + additionalProperties: 5311 + type: string 5312 + description: Annotations to be added to the object's metadata. 5313 + type: object 5314 + labels: 5315 + additionalProperties: 5316 + type: string 5317 + description: Labels to be added to the object's metadata. 5318 + type: object 5319 + type: object 5320 + components: 5321 + description: Components specifies relative paths to specifications 5322 + of other Components. 5323 + items: 5324 + type: string 5325 + type: array 5326 + decryption: 5327 + description: Decrypt Kubernetes secrets before applying them on the 5328 + cluster. 5329 + properties: 5330 + provider: 5331 + description: Provider is the name of the decryption engine. 5332 + enum: 5333 + - sops 5334 + type: string 5335 + secretRef: 5336 + description: The secret name containing the private OpenPGP keys 5337 + used for decryption. 5338 + properties: 5339 + name: 5340 + description: Name of the referent. 5341 + type: string 5342 + required: 5343 + - name 5344 + type: object 5345 + required: 5346 + - provider 5347 + type: object 5348 + dependsOn: 5349 + description: |- 5350 + DependsOn may contain a meta.NamespacedObjectReference slice 5351 + with references to Kustomization resources that must be ready before this 5352 + Kustomization can be reconciled. 5353 + items: 5354 + description: |- 5355 + NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any 5356 + namespace. 5357 + properties: 5358 + name: 5359 + description: Name of the referent. 5360 + type: string 5361 + namespace: 5362 + description: Namespace of the referent, when not specified it 5363 + acts as LocalObjectReference. 5364 + type: string 5365 + required: 5366 + - name 5367 + type: object 5368 + type: array 5369 + force: 5370 + default: false 5371 + description: |- 5372 + Force instructs the controller to recreate resources 5373 + when patching fails due to an immutable field change. 5374 + type: boolean 5375 + healthChecks: 5376 + description: A list of resources to be included in the health assessment. 5377 + items: 5378 + description: |- 5379 + NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object 5380 + in any namespace. 5381 + properties: 5382 + apiVersion: 5383 + description: API version of the referent, if not specified the 5384 + Kubernetes preferred version will be used. 5385 + type: string 5386 + kind: 5387 + description: Kind of the referent. 5388 + type: string 5389 + name: 5390 + description: Name of the referent. 5391 + type: string 5392 + namespace: 5393 + description: Namespace of the referent, when not specified it 5394 + acts as LocalObjectReference. 5395 + type: string 5396 + required: 5397 + - kind 5398 + - name 5399 + type: object 5400 + type: array 5401 + images: 5402 + description: |- 5403 + Images is a list of (image name, new name, new tag or digest) 5404 + for changing image names, tags or digests. This can also be achieved with a 5405 + patch, but this operator is simpler to specify. 5406 + items: 5407 + description: Image contains an image name, a new name, a new tag 5408 + or digest, which will replace the original name and tag. 5409 + properties: 5410 + digest: 5411 + description: |- 5412 + Digest is the value used to replace the original image tag. 5413 + If digest is present NewTag value is ignored. 5414 + type: string 5415 + name: 5416 + description: Name is a tag-less image name. 5417 + type: string 5418 + newName: 5419 + description: NewName is the value used to replace the original 5420 + name. 5421 + type: string 5422 + newTag: 5423 + description: NewTag is the value used to replace the original 5424 + tag. 5425 + type: string 5426 + required: 5427 + - name 5428 + type: object 5429 + type: array 5430 + interval: 5431 + description: The interval at which to reconcile the Kustomization. 5432 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 5433 + type: string 5434 + kubeConfig: 5435 + description: |- 5436 + The KubeConfig for reconciling the Kustomization on a remote cluster. 5437 + When used in combination with KustomizationSpec.ServiceAccountName, 5438 + forces the controller to act on behalf of that Service Account at the 5439 + target cluster. 5440 + If the --default-service-account flag is set, its value will be used as 5441 + a controller level fallback for when KustomizationSpec.ServiceAccountName 5442 + is empty. 5443 + properties: 5444 + configMapRef: 5445 + description: |- 5446 + ConfigMapRef holds an optional name of a ConfigMap that contains 5447 + the following keys: 5448 + 5449 + - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or 5450 + `generic`. Required. 5451 + - `cluster`: the fully qualified resource name of the Kubernetes 5452 + cluster in the cloud provider API. Not used by the `generic` 5453 + provider. Required when one of `address` or `ca.crt` is not set. 5454 + - `address`: the address of the Kubernetes API server. Required 5455 + for `generic`. For the other providers, if not specified, the 5456 + first address in the cluster resource will be used, and if 5457 + specified, it must match one of the addresses in the cluster 5458 + resource. 5459 + If audiences is not set, will be used as the audience for the 5460 + `generic` provider. 5461 + - `ca.crt`: the optional PEM-encoded CA certificate for the 5462 + Kubernetes API server. If not set, the controller will use the 5463 + CA certificate from the cluster resource. 5464 + - `audiences`: the optional audiences as a list of 5465 + line-break-separated strings for the Kubernetes ServiceAccount 5466 + token. Defaults to the `address` for the `generic` provider, or 5467 + to specific values for the other providers depending on the 5468 + provider. 5469 + - `serviceAccountName`: the optional name of the Kubernetes 5470 + ServiceAccount in the same namespace that should be used 5471 + for authentication. If not specified, the controller 5472 + ServiceAccount will be used. 5473 + 5474 + Mutually exclusive with SecretRef. 5475 + properties: 5476 + name: 5477 + description: Name of the referent. 5478 + type: string 5479 + required: 5480 + - name 5481 + type: object 5482 + secretRef: 5483 + description: |- 5484 + SecretRef holds an optional name of a secret that contains a key with 5485 + the kubeconfig file as the value. If no key is set, the key will default 5486 + to 'value'. Mutually exclusive with ConfigMapRef. 5487 + It is recommended that the kubeconfig is self-contained, and the secret 5488 + is regularly updated if credentials such as a cloud-access-token expire. 5489 + Cloud specific `cmd-path` auth helpers will not function without adding 5490 + binaries and credentials to the Pod that is responsible for reconciling 5491 + Kubernetes resources. Supported only for the generic provider. 5492 + properties: 5493 + key: 5494 + description: Key in the Secret, when not specified an implementation-specific 5495 + default key is used. 5496 + type: string 5497 + name: 5498 + description: Name of the Secret. 5499 + type: string 5500 + required: 5501 + - name 5502 + type: object 5503 + type: object 5504 + x-kubernetes-validations: 5505 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 5506 + must be specified 5507 + rule: has(self.configMapRef) || has(self.secretRef) 5508 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 5509 + must be specified 5510 + rule: '!has(self.configMapRef) || !has(self.secretRef)' 5511 + patches: 5512 + description: |- 5513 + Strategic merge and JSON patches, defined as inline YAML objects, 5514 + capable of targeting objects based on kind, label and annotation selectors. 5515 + items: 5516 + description: |- 5517 + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should 5518 + be applied to. 5519 + properties: 5520 + patch: 5521 + description: |- 5522 + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with 5523 + an array of operation objects. 5524 + type: string 5525 + target: 5526 + description: Target points to the resources that the patch document 5527 + should be applied to. 5528 + properties: 5529 + annotationSelector: 5530 + description: |- 5531 + AnnotationSelector is a string that follows the label selection expression 5532 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 5533 + It matches with the resource annotations. 5534 + type: string 5535 + group: 5536 + description: |- 5537 + Group is the API group to select resources from. 5538 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 5539 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5540 + type: string 5541 + kind: 5542 + description: |- 5543 + Kind of the API Group to select resources from. 5544 + Together with Group and Version it is capable of unambiguously 5545 + identifying and/or selecting resources. 5546 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5547 + type: string 5548 + labelSelector: 5549 + description: |- 5550 + LabelSelector is a string that follows the label selection expression 5551 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 5552 + It matches with the resource labels. 5553 + type: string 5554 + name: 5555 + description: Name to match resources with. 5556 + type: string 5557 + namespace: 5558 + description: Namespace to select resources from. 5559 + type: string 5560 + version: 5561 + description: |- 5562 + Version of the API Group to select resources from. 5563 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 5564 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5565 + type: string 5566 + type: object 5567 + required: 5568 + - patch 5569 + type: object 5570 + type: array 5571 + patchesJson6902: 5572 + description: |- 5573 + JSON 6902 patches, defined as inline YAML objects. 5574 + Deprecated: Use Patches instead. 5575 + items: 5576 + description: JSON6902Patch contains a JSON6902 patch and the target 5577 + the patch should be applied to. 5578 + properties: 5579 + patch: 5580 + description: Patch contains the JSON6902 patch document with 5581 + an array of operation objects. 5582 + items: 5583 + description: |- 5584 + JSON6902 is a JSON6902 operation object. 5585 + https://datatracker.ietf.org/doc/html/rfc6902#section-4 5586 + properties: 5587 + from: 5588 + description: |- 5589 + From contains a JSON-pointer value that references a location within the target document where the operation is 5590 + performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations. 5591 + type: string 5592 + op: 5593 + description: |- 5594 + Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or 5595 + "test". 5596 + https://datatracker.ietf.org/doc/html/rfc6902#section-4 5597 + enum: 5598 + - test 5599 + - remove 5600 + - add 5601 + - replace 5602 + - move 5603 + - copy 5604 + type: string 5605 + path: 5606 + description: |- 5607 + Path contains the JSON-pointer value that references a location within the target document where the operation 5608 + is performed. The meaning of the value depends on the value of Op. 5609 + type: string 5610 + value: 5611 + description: |- 5612 + Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into 5613 + account by all operations. 5614 + x-kubernetes-preserve-unknown-fields: true 5615 + required: 5616 + - op 5617 + - path 5618 + type: object 5619 + type: array 5620 + target: 5621 + description: Target points to the resources that the patch document 5622 + should be applied to. 5623 + properties: 5624 + annotationSelector: 5625 + description: |- 5626 + AnnotationSelector is a string that follows the label selection expression 5627 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 5628 + It matches with the resource annotations. 5629 + type: string 5630 + group: 5631 + description: |- 5632 + Group is the API group to select resources from. 5633 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 5634 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5635 + type: string 5636 + kind: 5637 + description: |- 5638 + Kind of the API Group to select resources from. 5639 + Together with Group and Version it is capable of unambiguously 5640 + identifying and/or selecting resources. 5641 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5642 + type: string 5643 + labelSelector: 5644 + description: |- 5645 + LabelSelector is a string that follows the label selection expression 5646 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 5647 + It matches with the resource labels. 5648 + type: string 5649 + name: 5650 + description: Name to match resources with. 5651 + type: string 5652 + namespace: 5653 + description: Namespace to select resources from. 5654 + type: string 5655 + version: 5656 + description: |- 5657 + Version of the API Group to select resources from. 5658 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 5659 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 5660 + type: string 5661 + type: object 5662 + required: 5663 + - patch 5664 + - target 5665 + type: object 5666 + type: array 5667 + patchesStrategicMerge: 5668 + description: |- 5669 + Strategic merge patches, defined as inline YAML objects. 5670 + Deprecated: Use Patches instead. 5671 + items: 5672 + x-kubernetes-preserve-unknown-fields: true 5673 + type: array 5674 + path: 5675 + description: |- 5676 + Path to the directory containing the kustomization.yaml file, or the 5677 + set of plain YAMLs a kustomization.yaml should be generated for. 5678 + Defaults to 'None', which translates to the root path of the SourceRef. 5679 + type: string 5680 + postBuild: 5681 + description: |- 5682 + PostBuild describes which actions to perform on the YAML manifest 5683 + generated by building the kustomize overlay. 5684 + properties: 5685 + substitute: 5686 + additionalProperties: 5687 + type: string 5688 + description: |- 5689 + Substitute holds a map of key/value pairs. 5690 + The variables defined in your YAML manifests 5691 + that match any of the keys defined in the map 5692 + will be substituted with the set value. 5693 + Includes support for bash string replacement functions 5694 + e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. 5695 + type: object 5696 + substituteFrom: 5697 + description: |- 5698 + SubstituteFrom holds references to ConfigMaps and Secrets containing 5699 + the variables and their values to be substituted in the YAML manifests. 5700 + The ConfigMap and the Secret data keys represent the var names and they 5701 + must match the vars declared in the manifests for the substitution to happen. 5702 + items: 5703 + description: |- 5704 + SubstituteReference contains a reference to a resource containing 5705 + the variables name and value. 5706 + properties: 5707 + kind: 5708 + description: Kind of the values referent, valid values are 5709 + ('Secret', 'ConfigMap'). 5710 + enum: 5711 + - Secret 5712 + - ConfigMap 5713 + type: string 5714 + name: 5715 + description: |- 5716 + Name of the values referent. Should reside in the same namespace as the 5717 + referring resource. 5718 + maxLength: 253 5719 + minLength: 1 5720 + type: string 5721 + optional: 5722 + default: false 5723 + description: |- 5724 + Optional indicates whether the referenced resource must exist, or whether to 5725 + tolerate its absence. If true and the referenced resource is absent, proceed 5726 + as if the resource was present but empty, without any variables defined. 5727 + type: boolean 5728 + required: 5729 + - kind 5730 + - name 5731 + type: object 5732 + type: array 5733 + type: object 5734 + prune: 5735 + description: Prune enables garbage collection. 5736 + type: boolean 5737 + retryInterval: 5738 + description: |- 5739 + The interval at which to retry a previously failed reconciliation. 5740 + When not specified, the controller uses the KustomizationSpec.Interval 5741 + value to retry failures. 5742 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 5743 + type: string 5744 + serviceAccountName: 5745 + description: |- 5746 + The name of the Kubernetes service account to impersonate 5747 + when reconciling this Kustomization. 5748 + type: string 5749 + sourceRef: 5750 + description: Reference of the source where the kustomization file 5751 + is. 5752 + properties: 5753 + apiVersion: 5754 + description: API version of the referent. 5755 + type: string 5756 + kind: 5757 + description: Kind of the referent. 5758 + enum: 5759 + - OCIRepository 5760 + - GitRepository 5761 + - Bucket 5762 + type: string 5763 + name: 5764 + description: Name of the referent. 5765 + type: string 5766 + namespace: 5767 + description: Namespace of the referent, defaults to the namespace 5768 + of the Kubernetes resource object that contains the reference. 5769 + type: string 5770 + required: 5771 + - kind 5772 + - name 5773 + type: object 5774 + suspend: 5775 + description: |- 5776 + This flag tells the controller to suspend subsequent kustomize executions, 5777 + it does not apply to already started executions. Defaults to false. 5778 + type: boolean 5779 + targetNamespace: 5780 + description: |- 5781 + TargetNamespace sets or overrides the namespace in the 5782 + kustomization.yaml file. 5783 + maxLength: 63 5784 + minLength: 1 5785 + type: string 5786 + timeout: 5787 + description: |- 5788 + Timeout for validation, apply and health checking operations. 5789 + Defaults to 'Interval' duration. 5790 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 5791 + type: string 5792 + validation: 5793 + description: 'Deprecated: Not used in v1beta2.' 5794 + enum: 5795 + - none 5796 + - client 5797 + - server 5798 + type: string 5799 + wait: 5800 + description: |- 5801 + Wait instructs the controller to check the health of all the reconciled resources. 5802 + When enabled, the HealthChecks are ignored. Defaults to false. 5803 + type: boolean 5804 + required: 5805 + - interval 5806 + - prune 5807 + - sourceRef 5808 + type: object 5809 + status: 5810 + default: 5811 + observedGeneration: -1 5812 + description: KustomizationStatus defines the observed state of a kustomization. 5813 + properties: 5814 + conditions: 5815 + items: 5816 + description: Condition contains details for one aspect of the current 5817 + state of this API Resource. 5818 + properties: 5819 + lastTransitionTime: 5820 + description: |- 5821 + lastTransitionTime is the last time the condition transitioned from one status to another. 5822 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 5823 + format: date-time 5824 + type: string 5825 + message: 5826 + description: |- 5827 + message is a human readable message indicating details about the transition. 5828 + This may be an empty string. 5829 + maxLength: 32768 5830 + type: string 5831 + observedGeneration: 5832 + description: |- 5833 + observedGeneration represents the .metadata.generation that the condition was set based upon. 5834 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 5835 + with respect to the current state of the instance. 5836 + format: int64 5837 + minimum: 0 5838 + type: integer 5839 + reason: 5840 + description: |- 5841 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 5842 + Producers of specific condition types may define expected values and meanings for this field, 5843 + and whether the values are considered a guaranteed API. 5844 + The value should be a CamelCase string. 5845 + This field may not be empty. 5846 + maxLength: 1024 5847 + minLength: 1 5848 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 5849 + type: string 5850 + status: 5851 + description: status of the condition, one of True, False, Unknown. 5852 + enum: 5853 + - "True" 5854 + - "False" 5855 + - Unknown 5856 + type: string 5857 + type: 5858 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 5859 + maxLength: 316 5860 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 5861 + type: string 5862 + required: 5863 + - lastTransitionTime 5864 + - message 5865 + - reason 5866 + - status 5867 + - type 5868 + type: object 5869 + type: array 5870 + inventory: 5871 + description: Inventory contains the list of Kubernetes resource object 5872 + references that have been successfully applied. 5873 + properties: 5874 + entries: 5875 + description: Entries of Kubernetes resource object references. 5876 + items: 5877 + description: ResourceRef contains the information necessary 5878 + to locate a resource within a cluster. 5879 + properties: 5880 + id: 5881 + description: |- 5882 + ID is the string representation of the Kubernetes resource object's metadata, 5883 + in the format '<namespace>_<name>_<group>_<kind>'. 5884 + type: string 5885 + v: 5886 + description: Version is the API version of the Kubernetes 5887 + resource object's kind. 5888 + type: string 5889 + required: 5890 + - id 5891 + - v 5892 + type: object 5893 + type: array 5894 + required: 5895 + - entries 5896 + type: object 5897 + lastAppliedRevision: 5898 + description: |- 5899 + The last successfully applied revision. 5900 + Equals the Revision of the applied Artifact from the referenced Source. 5901 + type: string 5902 + lastAttemptedRevision: 5903 + description: LastAttemptedRevision is the revision of the last reconciliation 5904 + attempt. 5905 + type: string 5906 + lastHandledReconcileAt: 5907 + description: |- 5908 + LastHandledReconcileAt holds the value of the most recent 5909 + reconcile request value, so a change of the annotation value 5910 + can be detected. 5911 + type: string 5912 + observedGeneration: 5913 + description: ObservedGeneration is the last reconciled generation. 5914 + format: int64 5915 + type: integer 5916 + type: object 5917 + type: object 5918 + served: true 5919 + storage: false 5920 + subresources: 5921 + status: {} 5922 + --- 5923 + apiVersion: v1 5924 + kind: ServiceAccount 5925 + metadata: 5926 + labels: 5927 + app.kubernetes.io/component: kustomize-controller 5928 + app.kubernetes.io/instance: flux-system 5929 + app.kubernetes.io/part-of: flux 5930 + app.kubernetes.io/version: v2.7.3 5931 + name: kustomize-controller 5932 + namespace: flux-system 5933 + --- 5934 + apiVersion: apps/v1 5935 + kind: Deployment 5936 + metadata: 5937 + labels: 5938 + app.kubernetes.io/component: kustomize-controller 5939 + app.kubernetes.io/instance: flux-system 5940 + app.kubernetes.io/part-of: flux 5941 + app.kubernetes.io/version: v2.7.3 5942 + control-plane: controller 5943 + name: kustomize-controller 5944 + namespace: flux-system 5945 + spec: 5946 + replicas: 1 5947 + selector: 5948 + matchLabels: 5949 + app: kustomize-controller 5950 + template: 5951 + metadata: 5952 + annotations: 5953 + prometheus.io/port: "8080" 5954 + prometheus.io/scrape: "true" 5955 + labels: 5956 + app: kustomize-controller 5957 + app.kubernetes.io/component: kustomize-controller 5958 + app.kubernetes.io/instance: flux-system 5959 + app.kubernetes.io/part-of: flux 5960 + app.kubernetes.io/version: v2.7.3 5961 + spec: 5962 + containers: 5963 + - args: 5964 + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ 5965 + - --watch-all-namespaces=true 5966 + - --log-level=info 5967 + - --log-encoding=json 5968 + - --enable-leader-election 5969 + env: 5970 + - name: RUNTIME_NAMESPACE 5971 + valueFrom: 5972 + fieldRef: 5973 + fieldPath: metadata.namespace 5974 + - name: GOMEMLIMIT 5975 + valueFrom: 5976 + resourceFieldRef: 5977 + containerName: manager 5978 + resource: limits.memory 5979 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.2 5980 + imagePullPolicy: IfNotPresent 5981 + livenessProbe: 5982 + httpGet: 5983 + path: /healthz 5984 + port: healthz 5985 + name: manager 5986 + ports: 5987 + - containerPort: 8080 5988 + name: http-prom 5989 + protocol: TCP 5990 + - containerPort: 9440 5991 + name: healthz 5992 + protocol: TCP 5993 + readinessProbe: 5994 + httpGet: 5995 + path: /readyz 5996 + port: healthz 5997 + resources: 5998 + limits: 5999 + cpu: 1000m 6000 + memory: 1Gi 6001 + requests: 6002 + cpu: 100m 6003 + memory: 64Mi 6004 + securityContext: 6005 + allowPrivilegeEscalation: false 6006 + capabilities: 6007 + drop: 6008 + - ALL 6009 + readOnlyRootFilesystem: true 6010 + runAsNonRoot: true 6011 + seccompProfile: 6012 + type: RuntimeDefault 6013 + volumeMounts: 6014 + - mountPath: /tmp 6015 + name: temp 6016 + nodeSelector: 6017 + kubernetes.io/os: linux 6018 + priorityClassName: system-cluster-critical 6019 + securityContext: 6020 + fsGroup: 1337 6021 + serviceAccountName: kustomize-controller 6022 + terminationGracePeriodSeconds: 60 6023 + volumes: 6024 + - emptyDir: {} 6025 + name: temp 6026 + --- 6027 + apiVersion: apiextensions.k8s.io/v1 6028 + kind: CustomResourceDefinition 6029 + metadata: 6030 + annotations: 6031 + controller-gen.kubebuilder.io/version: v0.19.0 6032 + labels: 6033 + app.kubernetes.io/component: helm-controller 6034 + app.kubernetes.io/instance: flux-system 6035 + app.kubernetes.io/part-of: flux 6036 + app.kubernetes.io/version: v2.7.3 6037 + name: helmreleases.helm.toolkit.fluxcd.io 6038 + spec: 6039 + group: helm.toolkit.fluxcd.io 6040 + names: 6041 + kind: HelmRelease 6042 + listKind: HelmReleaseList 6043 + plural: helmreleases 6044 + shortNames: 6045 + - hr 6046 + singular: helmrelease 6047 + scope: Namespaced 6048 + versions: 6049 + - additionalPrinterColumns: 6050 + - jsonPath: .metadata.creationTimestamp 6051 + name: Age 6052 + type: date 6053 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 6054 + name: Ready 6055 + type: string 6056 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 6057 + name: Status 6058 + type: string 6059 + name: v2 6060 + schema: 6061 + openAPIV3Schema: 6062 + description: HelmRelease is the Schema for the helmreleases API 6063 + properties: 6064 + apiVersion: 6065 + description: |- 6066 + APIVersion defines the versioned schema of this representation of an object. 6067 + Servers should convert recognized schemas to the latest internal value, and 6068 + may reject unrecognized values. 6069 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 6070 + type: string 6071 + kind: 6072 + description: |- 6073 + Kind is a string value representing the REST resource this object represents. 6074 + Servers may infer this from the endpoint the client submits requests to. 6075 + Cannot be updated. 6076 + In CamelCase. 6077 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 6078 + type: string 6079 + metadata: 6080 + type: object 6081 + spec: 6082 + description: HelmReleaseSpec defines the desired state of a Helm release. 6083 + properties: 6084 + chart: 6085 + description: |- 6086 + Chart defines the template of the v1.HelmChart that should be created 6087 + for this HelmRelease. 6088 + properties: 6089 + metadata: 6090 + description: ObjectMeta holds the template for metadata like labels 6091 + and annotations. 6092 + properties: 6093 + annotations: 6094 + additionalProperties: 6095 + type: string 6096 + description: |- 6097 + Annotations is an unstructured key value map stored with a resource that may be 6098 + set by external tools to store and retrieve arbitrary metadata. They are not 6099 + queryable and should be preserved when modifying objects. 6100 + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 6101 + type: object 6102 + labels: 6103 + additionalProperties: 6104 + type: string 6105 + description: |- 6106 + Map of string keys and values that can be used to organize and categorize 6107 + (scope and select) objects. 6108 + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 6109 + type: object 6110 + type: object 6111 + spec: 6112 + description: Spec holds the template for the v1.HelmChartSpec 6113 + for this HelmRelease. 6114 + properties: 6115 + chart: 6116 + description: The name or path the Helm chart is available 6117 + at in the SourceRef. 6118 + maxLength: 2048 6119 + minLength: 1 6120 + type: string 6121 + ignoreMissingValuesFiles: 6122 + description: IgnoreMissingValuesFiles controls whether to 6123 + silently ignore missing values files rather than failing. 6124 + type: boolean 6125 + interval: 6126 + description: |- 6127 + Interval at which to check the v1.Source for updates. Defaults to 6128 + 'HelmReleaseSpec.Interval'. 6129 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6130 + type: string 6131 + reconcileStrategy: 6132 + default: ChartVersion 6133 + description: |- 6134 + Determines what enables the creation of a new artifact. Valid values are 6135 + ('ChartVersion', 'Revision'). 6136 + See the documentation of the values for an explanation on their behavior. 6137 + Defaults to ChartVersion when omitted. 6138 + enum: 6139 + - ChartVersion 6140 + - Revision 6141 + type: string 6142 + sourceRef: 6143 + description: The name and namespace of the v1.Source the chart 6144 + is available at. 6145 + properties: 6146 + apiVersion: 6147 + description: APIVersion of the referent. 6148 + type: string 6149 + kind: 6150 + description: Kind of the referent. 6151 + enum: 6152 + - HelmRepository 6153 + - GitRepository 6154 + - Bucket 6155 + type: string 6156 + name: 6157 + description: Name of the referent. 6158 + maxLength: 253 6159 + minLength: 1 6160 + type: string 6161 + namespace: 6162 + description: Namespace of the referent. 6163 + maxLength: 63 6164 + minLength: 1 6165 + type: string 6166 + required: 6167 + - kind 6168 + - name 6169 + type: object 6170 + valuesFiles: 6171 + description: |- 6172 + Alternative list of values files to use as the chart values (values.yaml 6173 + is not included by default), expected to be a relative path in the SourceRef. 6174 + Values files are merged in the order of this list with the last file overriding 6175 + the first. Ignored when omitted. 6176 + items: 6177 + type: string 6178 + type: array 6179 + verify: 6180 + description: |- 6181 + Verify contains the secret name containing the trusted public keys 6182 + used to verify the signature and specifies which provider to use to check 6183 + whether OCI image is authentic. 6184 + This field is only supported for OCI sources. 6185 + Chart dependencies, which are not bundled in the umbrella chart artifact, 6186 + are not verified. 6187 + properties: 6188 + provider: 6189 + default: cosign 6190 + description: Provider specifies the technology used to 6191 + sign the OCI Helm chart. 6192 + enum: 6193 + - cosign 6194 + - notation 6195 + type: string 6196 + secretRef: 6197 + description: |- 6198 + SecretRef specifies the Kubernetes Secret containing the 6199 + trusted public keys. 6200 + properties: 6201 + name: 6202 + description: Name of the referent. 6203 + type: string 6204 + required: 6205 + - name 6206 + type: object 6207 + required: 6208 + - provider 6209 + type: object 6210 + version: 6211 + default: '*' 6212 + description: |- 6213 + Version semver expression, ignored for charts from v1.GitRepository and 6214 + v1beta2.Bucket sources. Defaults to latest when omitted. 6215 + type: string 6216 + required: 6217 + - chart 6218 + - sourceRef 6219 + type: object 6220 + required: 6221 + - spec 6222 + type: object 6223 + chartRef: 6224 + description: |- 6225 + ChartRef holds a reference to a source controller resource containing the 6226 + Helm chart artifact. 6227 + properties: 6228 + apiVersion: 6229 + description: APIVersion of the referent. 6230 + type: string 6231 + kind: 6232 + description: Kind of the referent. 6233 + enum: 6234 + - OCIRepository 6235 + - HelmChart 6236 + - ExternalArtifact 6237 + type: string 6238 + name: 6239 + description: Name of the referent. 6240 + maxLength: 253 6241 + minLength: 1 6242 + type: string 6243 + namespace: 6244 + description: |- 6245 + Namespace of the referent, defaults to the namespace of the Kubernetes 6246 + resource object that contains the reference. 6247 + maxLength: 63 6248 + minLength: 1 6249 + type: string 6250 + required: 6251 + - kind 6252 + - name 6253 + type: object 6254 + commonMetadata: 6255 + description: |- 6256 + CommonMetadata specifies the common labels and annotations that are 6257 + applied to all resources. Any existing label or annotation will be 6258 + overridden if its key matches a common one. 6259 + properties: 6260 + annotations: 6261 + additionalProperties: 6262 + type: string 6263 + description: Annotations to be added to the object's metadata. 6264 + type: object 6265 + labels: 6266 + additionalProperties: 6267 + type: string 6268 + description: Labels to be added to the object's metadata. 6269 + type: object 6270 + type: object 6271 + dependsOn: 6272 + description: |- 6273 + DependsOn may contain a DependencyReference slice with 6274 + references to HelmRelease resources that must be ready before this HelmRelease 6275 + can be reconciled. 6276 + items: 6277 + description: DependencyReference defines a HelmRelease dependency 6278 + on another HelmRelease resource. 6279 + properties: 6280 + name: 6281 + description: Name of the referent. 6282 + type: string 6283 + namespace: 6284 + description: |- 6285 + Namespace of the referent, defaults to the namespace of the HelmRelease 6286 + resource object that contains the reference. 6287 + type: string 6288 + readyExpr: 6289 + description: |- 6290 + ReadyExpr is a CEL expression that can be used to assess the readiness 6291 + of a dependency. When specified, the built-in readiness check 6292 + is replaced by the logic defined in the CEL expression. 6293 + To make the CEL expression additive to the built-in readiness check, 6294 + the feature gate `AdditiveCELDependencyCheck` must be set to `true`. 6295 + type: string 6296 + required: 6297 + - name 6298 + type: object 6299 + type: array 6300 + driftDetection: 6301 + description: |- 6302 + DriftDetection holds the configuration for detecting and handling 6303 + differences between the manifest in the Helm storage and the resources 6304 + currently existing in the cluster. 6305 + properties: 6306 + ignore: 6307 + description: |- 6308 + Ignore contains a list of rules for specifying which changes to ignore 6309 + during diffing. 6310 + items: 6311 + description: |- 6312 + IgnoreRule defines a rule to selectively disregard specific changes during 6313 + the drift detection process. 6314 + properties: 6315 + paths: 6316 + description: |- 6317 + Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from 6318 + consideration in a Kubernetes object. 6319 + items: 6320 + type: string 6321 + type: array 6322 + target: 6323 + description: |- 6324 + Target is a selector for specifying Kubernetes objects to which this 6325 + rule applies. 6326 + If Target is not set, the Paths will be ignored for all Kubernetes 6327 + objects within the manifest of the Helm release. 6328 + properties: 6329 + annotationSelector: 6330 + description: |- 6331 + AnnotationSelector is a string that follows the label selection expression 6332 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 6333 + It matches with the resource annotations. 6334 + type: string 6335 + group: 6336 + description: |- 6337 + Group is the API group to select resources from. 6338 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 6339 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6340 + type: string 6341 + kind: 6342 + description: |- 6343 + Kind of the API Group to select resources from. 6344 + Together with Group and Version it is capable of unambiguously 6345 + identifying and/or selecting resources. 6346 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6347 + type: string 6348 + labelSelector: 6349 + description: |- 6350 + LabelSelector is a string that follows the label selection expression 6351 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 6352 + It matches with the resource labels. 6353 + type: string 6354 + name: 6355 + description: Name to match resources with. 6356 + type: string 6357 + namespace: 6358 + description: Namespace to select resources from. 6359 + type: string 6360 + version: 6361 + description: |- 6362 + Version of the API Group to select resources from. 6363 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 6364 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6365 + type: string 6366 + type: object 6367 + required: 6368 + - paths 6369 + type: object 6370 + type: array 6371 + mode: 6372 + description: |- 6373 + Mode defines how differences should be handled between the Helm manifest 6374 + and the manifest currently applied to the cluster. 6375 + If not explicitly set, it defaults to DiffModeDisabled. 6376 + enum: 6377 + - enabled 6378 + - warn 6379 + - disabled 6380 + type: string 6381 + type: object 6382 + install: 6383 + description: Install holds the configuration for Helm install actions 6384 + for this HelmRelease. 6385 + properties: 6386 + crds: 6387 + description: |- 6388 + CRDs upgrade CRDs from the Helm Chart's crds directory according 6389 + to the CRD upgrade policy provided here. Valid values are `Skip`, 6390 + `Create` or `CreateReplace`. Default is `Create` and if omitted 6391 + CRDs are installed but not updated. 6392 + 6393 + Skip: do neither install nor replace (update) any CRDs. 6394 + 6395 + Create: new CRDs are created, existing CRDs are neither updated nor deleted. 6396 + 6397 + CreateReplace: new CRDs are created, existing CRDs are updated (replaced) 6398 + but not deleted. 6399 + 6400 + By default, CRDs are applied (installed) during Helm install action. 6401 + With this option users can opt in to CRD replace existing CRDs on Helm 6402 + install actions, which is not (yet) natively supported by Helm. 6403 + https://helm.sh/docs/chart_best_practices/custom_resource_definitions. 6404 + enum: 6405 + - Skip 6406 + - Create 6407 + - CreateReplace 6408 + type: string 6409 + createNamespace: 6410 + description: |- 6411 + CreateNamespace tells the Helm install action to create the 6412 + HelmReleaseSpec.TargetNamespace if it does not exist yet. 6413 + On uninstall, the namespace will not be garbage collected. 6414 + type: boolean 6415 + disableHooks: 6416 + description: DisableHooks prevents hooks from running during the 6417 + Helm install action. 6418 + type: boolean 6419 + disableOpenAPIValidation: 6420 + description: |- 6421 + DisableOpenAPIValidation prevents the Helm install action from validating 6422 + rendered templates against the Kubernetes OpenAPI Schema. 6423 + type: boolean 6424 + disableSchemaValidation: 6425 + description: |- 6426 + DisableSchemaValidation prevents the Helm install action from validating 6427 + the values against the JSON Schema. 6428 + type: boolean 6429 + disableTakeOwnership: 6430 + description: |- 6431 + DisableTakeOwnership disables taking ownership of existing resources 6432 + during the Helm install action. Defaults to false. 6433 + type: boolean 6434 + disableWait: 6435 + description: |- 6436 + DisableWait disables the waiting for resources to be ready after a Helm 6437 + install has been performed. 6438 + type: boolean 6439 + disableWaitForJobs: 6440 + description: |- 6441 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 6442 + install has been performed. 6443 + type: boolean 6444 + remediation: 6445 + description: |- 6446 + Remediation holds the remediation configuration for when the Helm install 6447 + action for the HelmRelease fails. The default is to not perform any action. 6448 + properties: 6449 + ignoreTestFailures: 6450 + description: |- 6451 + IgnoreTestFailures tells the controller to skip remediation when the Helm 6452 + tests are run after an install action but fail. Defaults to 6453 + 'Test.IgnoreFailures'. 6454 + type: boolean 6455 + remediateLastFailure: 6456 + description: |- 6457 + RemediateLastFailure tells the controller to remediate the last failure, when 6458 + no retries remain. Defaults to 'false'. 6459 + type: boolean 6460 + retries: 6461 + description: |- 6462 + Retries is the number of retries that should be attempted on failures before 6463 + bailing. Remediation, using an uninstall, is performed between each attempt. 6464 + Defaults to '0', a negative integer equals to unlimited retries. 6465 + type: integer 6466 + type: object 6467 + replace: 6468 + description: |- 6469 + Replace tells the Helm install action to re-use the 'ReleaseName', but only 6470 + if that name is a deleted release which remains in the history. 6471 + type: boolean 6472 + skipCRDs: 6473 + description: |- 6474 + SkipCRDs tells the Helm install action to not install any CRDs. By default, 6475 + CRDs are installed if not already present. 6476 + 6477 + Deprecated use CRD policy (`crds`) attribute with value `Skip` instead. 6478 + type: boolean 6479 + strategy: 6480 + description: |- 6481 + Strategy defines the install strategy to use for this HelmRelease. 6482 + Defaults to 'RemediateOnFailure'. 6483 + properties: 6484 + name: 6485 + description: Name of the install strategy. 6486 + enum: 6487 + - RemediateOnFailure 6488 + - RetryOnFailure 6489 + type: string 6490 + retryInterval: 6491 + description: |- 6492 + RetryInterval is the interval at which to retry a failed install. 6493 + Can be used only when Name is set to RetryOnFailure. 6494 + Defaults to '5m'. 6495 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6496 + type: string 6497 + required: 6498 + - name 6499 + type: object 6500 + x-kubernetes-validations: 6501 + - message: .retryInterval cannot be set when .name is 'RemediateOnFailure' 6502 + rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure''' 6503 + timeout: 6504 + description: |- 6505 + Timeout is the time to wait for any individual Kubernetes operation (like 6506 + Jobs for hooks) during the performance of a Helm install action. Defaults to 6507 + 'HelmReleaseSpec.Timeout'. 6508 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6509 + type: string 6510 + type: object 6511 + interval: 6512 + description: Interval at which to reconcile the Helm release. 6513 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6514 + type: string 6515 + kubeConfig: 6516 + description: |- 6517 + KubeConfig for reconciling the HelmRelease on a remote cluster. 6518 + When used in combination with HelmReleaseSpec.ServiceAccountName, 6519 + forces the controller to act on behalf of that Service Account at the 6520 + target cluster. 6521 + If the --default-service-account flag is set, its value will be used as 6522 + a controller level fallback for when HelmReleaseSpec.ServiceAccountName 6523 + is empty. 6524 + properties: 6525 + configMapRef: 6526 + description: |- 6527 + ConfigMapRef holds an optional name of a ConfigMap that contains 6528 + the following keys: 6529 + 6530 + - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or 6531 + `generic`. Required. 6532 + - `cluster`: the fully qualified resource name of the Kubernetes 6533 + cluster in the cloud provider API. Not used by the `generic` 6534 + provider. Required when one of `address` or `ca.crt` is not set. 6535 + - `address`: the address of the Kubernetes API server. Required 6536 + for `generic`. For the other providers, if not specified, the 6537 + first address in the cluster resource will be used, and if 6538 + specified, it must match one of the addresses in the cluster 6539 + resource. 6540 + If audiences is not set, will be used as the audience for the 6541 + `generic` provider. 6542 + - `ca.crt`: the optional PEM-encoded CA certificate for the 6543 + Kubernetes API server. If not set, the controller will use the 6544 + CA certificate from the cluster resource. 6545 + - `audiences`: the optional audiences as a list of 6546 + line-break-separated strings for the Kubernetes ServiceAccount 6547 + token. Defaults to the `address` for the `generic` provider, or 6548 + to specific values for the other providers depending on the 6549 + provider. 6550 + - `serviceAccountName`: the optional name of the Kubernetes 6551 + ServiceAccount in the same namespace that should be used 6552 + for authentication. If not specified, the controller 6553 + ServiceAccount will be used. 6554 + 6555 + Mutually exclusive with SecretRef. 6556 + properties: 6557 + name: 6558 + description: Name of the referent. 6559 + type: string 6560 + required: 6561 + - name 6562 + type: object 6563 + secretRef: 6564 + description: |- 6565 + SecretRef holds an optional name of a secret that contains a key with 6566 + the kubeconfig file as the value. If no key is set, the key will default 6567 + to 'value'. Mutually exclusive with ConfigMapRef. 6568 + It is recommended that the kubeconfig is self-contained, and the secret 6569 + is regularly updated if credentials such as a cloud-access-token expire. 6570 + Cloud specific `cmd-path` auth helpers will not function without adding 6571 + binaries and credentials to the Pod that is responsible for reconciling 6572 + Kubernetes resources. Supported only for the generic provider. 6573 + properties: 6574 + key: 6575 + description: Key in the Secret, when not specified an implementation-specific 6576 + default key is used. 6577 + type: string 6578 + name: 6579 + description: Name of the Secret. 6580 + type: string 6581 + required: 6582 + - name 6583 + type: object 6584 + type: object 6585 + x-kubernetes-validations: 6586 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 6587 + must be specified 6588 + rule: has(self.configMapRef) || has(self.secretRef) 6589 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 6590 + must be specified 6591 + rule: '!has(self.configMapRef) || !has(self.secretRef)' 6592 + maxHistory: 6593 + description: |- 6594 + MaxHistory is the number of revisions saved by Helm for this HelmRelease. 6595 + Use '0' for an unlimited number of revisions; defaults to '5'. 6596 + type: integer 6597 + persistentClient: 6598 + description: |- 6599 + PersistentClient tells the controller to use a persistent Kubernetes 6600 + client for this release. When enabled, the client will be reused for the 6601 + duration of the reconciliation, instead of being created and destroyed 6602 + for each (step of a) Helm action. 6603 + 6604 + This can improve performance, but may cause issues with some Helm charts 6605 + that for example do create Custom Resource Definitions during installation 6606 + outside Helm's CRD lifecycle hooks, which are then not observed to be 6607 + available by e.g. post-install hooks. 6608 + 6609 + If not set, it defaults to true. 6610 + type: boolean 6611 + postRenderers: 6612 + description: |- 6613 + PostRenderers holds an array of Helm PostRenderers, which will be applied in order 6614 + of their definition. 6615 + items: 6616 + description: PostRenderer contains a Helm PostRenderer specification. 6617 + properties: 6618 + kustomize: 6619 + description: Kustomization to apply as PostRenderer. 6620 + properties: 6621 + images: 6622 + description: |- 6623 + Images is a list of (image name, new name, new tag or digest) 6624 + for changing image names, tags or digests. This can also be achieved with a 6625 + patch, but this operator is simpler to specify. 6626 + items: 6627 + description: Image contains an image name, a new name, 6628 + a new tag or digest, which will replace the original 6629 + name and tag. 6630 + properties: 6631 + digest: 6632 + description: |- 6633 + Digest is the value used to replace the original image tag. 6634 + If digest is present NewTag value is ignored. 6635 + type: string 6636 + name: 6637 + description: Name is a tag-less image name. 6638 + type: string 6639 + newName: 6640 + description: NewName is the value used to replace 6641 + the original name. 6642 + type: string 6643 + newTag: 6644 + description: NewTag is the value used to replace the 6645 + original tag. 6646 + type: string 6647 + required: 6648 + - name 6649 + type: object 6650 + type: array 6651 + patches: 6652 + description: |- 6653 + Strategic merge and JSON patches, defined as inline YAML objects, 6654 + capable of targeting objects based on kind, label and annotation selectors. 6655 + items: 6656 + description: |- 6657 + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should 6658 + be applied to. 6659 + properties: 6660 + patch: 6661 + description: |- 6662 + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with 6663 + an array of operation objects. 6664 + type: string 6665 + target: 6666 + description: Target points to the resources that the 6667 + patch document should be applied to. 6668 + properties: 6669 + annotationSelector: 6670 + description: |- 6671 + AnnotationSelector is a string that follows the label selection expression 6672 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 6673 + It matches with the resource annotations. 6674 + type: string 6675 + group: 6676 + description: |- 6677 + Group is the API group to select resources from. 6678 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 6679 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6680 + type: string 6681 + kind: 6682 + description: |- 6683 + Kind of the API Group to select resources from. 6684 + Together with Group and Version it is capable of unambiguously 6685 + identifying and/or selecting resources. 6686 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6687 + type: string 6688 + labelSelector: 6689 + description: |- 6690 + LabelSelector is a string that follows the label selection expression 6691 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 6692 + It matches with the resource labels. 6693 + type: string 6694 + name: 6695 + description: Name to match resources with. 6696 + type: string 6697 + namespace: 6698 + description: Namespace to select resources from. 6699 + type: string 6700 + version: 6701 + description: |- 6702 + Version of the API Group to select resources from. 6703 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 6704 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 6705 + type: string 6706 + type: object 6707 + required: 6708 + - patch 6709 + type: object 6710 + type: array 6711 + type: object 6712 + type: object 6713 + type: array 6714 + releaseName: 6715 + description: |- 6716 + ReleaseName used for the Helm release. Defaults to a composition of 6717 + '[TargetNamespace-]Name'. 6718 + maxLength: 53 6719 + minLength: 1 6720 + type: string 6721 + rollback: 6722 + description: Rollback holds the configuration for Helm rollback actions 6723 + for this HelmRelease. 6724 + properties: 6725 + cleanupOnFail: 6726 + description: |- 6727 + CleanupOnFail allows deletion of new resources created during the Helm 6728 + rollback action when it fails. 6729 + type: boolean 6730 + disableHooks: 6731 + description: DisableHooks prevents hooks from running during the 6732 + Helm rollback action. 6733 + type: boolean 6734 + disableWait: 6735 + description: |- 6736 + DisableWait disables the waiting for resources to be ready after a Helm 6737 + rollback has been performed. 6738 + type: boolean 6739 + disableWaitForJobs: 6740 + description: |- 6741 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 6742 + rollback has been performed. 6743 + type: boolean 6744 + force: 6745 + description: Force forces resource updates through a replacement 6746 + strategy. 6747 + type: boolean 6748 + recreate: 6749 + description: Recreate performs pod restarts for the resource if 6750 + applicable. 6751 + type: boolean 6752 + timeout: 6753 + description: |- 6754 + Timeout is the time to wait for any individual Kubernetes operation (like 6755 + Jobs for hooks) during the performance of a Helm rollback action. Defaults to 6756 + 'HelmReleaseSpec.Timeout'. 6757 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6758 + type: string 6759 + type: object 6760 + serviceAccountName: 6761 + description: |- 6762 + The name of the Kubernetes service account to impersonate 6763 + when reconciling this HelmRelease. 6764 + maxLength: 253 6765 + minLength: 1 6766 + type: string 6767 + storageNamespace: 6768 + description: |- 6769 + StorageNamespace used for the Helm storage. 6770 + Defaults to the namespace of the HelmRelease. 6771 + maxLength: 63 6772 + minLength: 1 6773 + type: string 6774 + suspend: 6775 + description: |- 6776 + Suspend tells the controller to suspend reconciliation for this HelmRelease, 6777 + it does not apply to already started reconciliations. Defaults to false. 6778 + type: boolean 6779 + targetNamespace: 6780 + description: |- 6781 + TargetNamespace to target when performing operations for the HelmRelease. 6782 + Defaults to the namespace of the HelmRelease. 6783 + maxLength: 63 6784 + minLength: 1 6785 + type: string 6786 + test: 6787 + description: Test holds the configuration for Helm test actions for 6788 + this HelmRelease. 6789 + properties: 6790 + enable: 6791 + description: |- 6792 + Enable enables Helm test actions for this HelmRelease after an Helm install 6793 + or upgrade action has been performed. 6794 + type: boolean 6795 + filters: 6796 + description: Filters is a list of tests to run or exclude from 6797 + running. 6798 + items: 6799 + description: Filter holds the configuration for individual Helm 6800 + test filters. 6801 + properties: 6802 + exclude: 6803 + description: Exclude specifies whether the named test should 6804 + be excluded. 6805 + type: boolean 6806 + name: 6807 + description: Name is the name of the test. 6808 + maxLength: 253 6809 + minLength: 1 6810 + type: string 6811 + required: 6812 + - name 6813 + type: object 6814 + type: array 6815 + ignoreFailures: 6816 + description: |- 6817 + IgnoreFailures tells the controller to skip remediation when the Helm tests 6818 + are run but fail. Can be overwritten for tests run after install or upgrade 6819 + actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. 6820 + type: boolean 6821 + timeout: 6822 + description: |- 6823 + Timeout is the time to wait for any individual Kubernetes operation during 6824 + the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. 6825 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6826 + type: string 6827 + type: object 6828 + timeout: 6829 + description: |- 6830 + Timeout is the time to wait for any individual Kubernetes operation (like Jobs 6831 + for hooks) during the performance of a Helm action. Defaults to '5m0s'. 6832 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6833 + type: string 6834 + uninstall: 6835 + description: Uninstall holds the configuration for Helm uninstall 6836 + actions for this HelmRelease. 6837 + properties: 6838 + deletionPropagation: 6839 + default: background 6840 + description: |- 6841 + DeletionPropagation specifies the deletion propagation policy when 6842 + a Helm uninstall is performed. 6843 + enum: 6844 + - background 6845 + - foreground 6846 + - orphan 6847 + type: string 6848 + disableHooks: 6849 + description: DisableHooks prevents hooks from running during the 6850 + Helm rollback action. 6851 + type: boolean 6852 + disableWait: 6853 + description: |- 6854 + DisableWait disables waiting for all the resources to be deleted after 6855 + a Helm uninstall is performed. 6856 + type: boolean 6857 + keepHistory: 6858 + description: |- 6859 + KeepHistory tells Helm to remove all associated resources and mark the 6860 + release as deleted, but retain the release history. 6861 + type: boolean 6862 + timeout: 6863 + description: |- 6864 + Timeout is the time to wait for any individual Kubernetes operation (like 6865 + Jobs for hooks) during the performance of a Helm uninstall action. Defaults 6866 + to 'HelmReleaseSpec.Timeout'. 6867 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6868 + type: string 6869 + type: object 6870 + upgrade: 6871 + description: Upgrade holds the configuration for Helm upgrade actions 6872 + for this HelmRelease. 6873 + properties: 6874 + cleanupOnFail: 6875 + description: |- 6876 + CleanupOnFail allows deletion of new resources created during the Helm 6877 + upgrade action when it fails. 6878 + type: boolean 6879 + crds: 6880 + description: |- 6881 + CRDs upgrade CRDs from the Helm Chart's crds directory according 6882 + to the CRD upgrade policy provided here. Valid values are `Skip`, 6883 + `Create` or `CreateReplace`. Default is `Skip` and if omitted 6884 + CRDs are neither installed nor upgraded. 6885 + 6886 + Skip: do neither install nor replace (update) any CRDs. 6887 + 6888 + Create: new CRDs are created, existing CRDs are neither updated nor deleted. 6889 + 6890 + CreateReplace: new CRDs are created, existing CRDs are updated (replaced) 6891 + but not deleted. 6892 + 6893 + By default, CRDs are not applied during Helm upgrade action. With this 6894 + option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. 6895 + https://helm.sh/docs/chart_best_practices/custom_resource_definitions. 6896 + enum: 6897 + - Skip 6898 + - Create 6899 + - CreateReplace 6900 + type: string 6901 + disableHooks: 6902 + description: DisableHooks prevents hooks from running during the 6903 + Helm upgrade action. 6904 + type: boolean 6905 + disableOpenAPIValidation: 6906 + description: |- 6907 + DisableOpenAPIValidation prevents the Helm upgrade action from validating 6908 + rendered templates against the Kubernetes OpenAPI Schema. 6909 + type: boolean 6910 + disableSchemaValidation: 6911 + description: |- 6912 + DisableSchemaValidation prevents the Helm upgrade action from validating 6913 + the values against the JSON Schema. 6914 + type: boolean 6915 + disableTakeOwnership: 6916 + description: |- 6917 + DisableTakeOwnership disables taking ownership of existing resources 6918 + during the Helm upgrade action. Defaults to false. 6919 + type: boolean 6920 + disableWait: 6921 + description: |- 6922 + DisableWait disables the waiting for resources to be ready after a Helm 6923 + upgrade has been performed. 6924 + type: boolean 6925 + disableWaitForJobs: 6926 + description: |- 6927 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 6928 + upgrade has been performed. 6929 + type: boolean 6930 + force: 6931 + description: Force forces resource updates through a replacement 6932 + strategy. 6933 + type: boolean 6934 + preserveValues: 6935 + description: |- 6936 + PreserveValues will make Helm reuse the last release's values and merge in 6937 + overrides from 'Values'. Setting this flag makes the HelmRelease 6938 + non-declarative. 6939 + type: boolean 6940 + remediation: 6941 + description: |- 6942 + Remediation holds the remediation configuration for when the Helm upgrade 6943 + action for the HelmRelease fails. The default is to not perform any action. 6944 + properties: 6945 + ignoreTestFailures: 6946 + description: |- 6947 + IgnoreTestFailures tells the controller to skip remediation when the Helm 6948 + tests are run after an upgrade action but fail. 6949 + Defaults to 'Test.IgnoreFailures'. 6950 + type: boolean 6951 + remediateLastFailure: 6952 + description: |- 6953 + RemediateLastFailure tells the controller to remediate the last failure, when 6954 + no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. 6955 + type: boolean 6956 + retries: 6957 + description: |- 6958 + Retries is the number of retries that should be attempted on failures before 6959 + bailing. Remediation, using 'Strategy', is performed between each attempt. 6960 + Defaults to '0', a negative integer equals to unlimited retries. 6961 + type: integer 6962 + strategy: 6963 + description: Strategy to use for failure remediation. Defaults 6964 + to 'rollback'. 6965 + enum: 6966 + - rollback 6967 + - uninstall 6968 + type: string 6969 + type: object 6970 + strategy: 6971 + description: |- 6972 + Strategy defines the upgrade strategy to use for this HelmRelease. 6973 + Defaults to 'RemediateOnFailure'. 6974 + properties: 6975 + name: 6976 + description: Name of the upgrade strategy. 6977 + enum: 6978 + - RemediateOnFailure 6979 + - RetryOnFailure 6980 + type: string 6981 + retryInterval: 6982 + description: |- 6983 + RetryInterval is the interval at which to retry a failed upgrade. 6984 + Can be used only when Name is set to RetryOnFailure. 6985 + Defaults to '5m'. 6986 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 6987 + type: string 6988 + required: 6989 + - name 6990 + type: object 6991 + x-kubernetes-validations: 6992 + - message: .retryInterval can only be set when .name is 'RetryOnFailure' 6993 + rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure''' 6994 + timeout: 6995 + description: |- 6996 + Timeout is the time to wait for any individual Kubernetes operation (like 6997 + Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 6998 + 'HelmReleaseSpec.Timeout'. 6999 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 7000 + type: string 7001 + type: object 7002 + values: 7003 + description: Values holds the values for this Helm release. 7004 + x-kubernetes-preserve-unknown-fields: true 7005 + valuesFrom: 7006 + description: |- 7007 + ValuesFrom holds references to resources containing Helm values for this HelmRelease, 7008 + and information about how they should be merged. 7009 + items: 7010 + description: |- 7011 + ValuesReference contains a reference to a resource containing Helm values, 7012 + and optionally the key they can be found at. 7013 + properties: 7014 + kind: 7015 + description: Kind of the values referent, valid values are ('Secret', 7016 + 'ConfigMap'). 7017 + enum: 7018 + - Secret 7019 + - ConfigMap 7020 + type: string 7021 + name: 7022 + description: |- 7023 + Name of the values referent. Should reside in the same namespace as the 7024 + referring resource. 7025 + maxLength: 253 7026 + minLength: 1 7027 + type: string 7028 + optional: 7029 + description: |- 7030 + Optional marks this ValuesReference as optional. When set, a not found error 7031 + for the values reference is ignored, but any ValuesKey, TargetPath or 7032 + transient error will still result in a reconciliation failure. 7033 + type: boolean 7034 + targetPath: 7035 + description: |- 7036 + TargetPath is the YAML dot notation path the value should be merged at. When 7037 + set, the ValuesKey is expected to be a single flat value. Defaults to 'None', 7038 + which results in the values getting merged at the root. 7039 + maxLength: 250 7040 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ 7041 + type: string 7042 + valuesKey: 7043 + description: |- 7044 + ValuesKey is the data key where the values.yaml or a specific value can be 7045 + found at. Defaults to 'values.yaml'. 7046 + maxLength: 253 7047 + pattern: ^[\-._a-zA-Z0-9]+$ 7048 + type: string 7049 + required: 7050 + - kind 7051 + - name 7052 + type: object 7053 + type: array 7054 + required: 7055 + - interval 7056 + type: object 7057 + x-kubernetes-validations: 7058 + - message: either chart or chartRef must be set 7059 + rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) 7060 + && has(self.chartRef)) 7061 + status: 7062 + default: 7063 + observedGeneration: -1 7064 + description: HelmReleaseStatus defines the observed state of a HelmRelease. 7065 + properties: 7066 + conditions: 7067 + description: Conditions holds the conditions for the HelmRelease. 7068 + items: 7069 + description: Condition contains details for one aspect of the current 7070 + state of this API Resource. 7071 + properties: 7072 + lastTransitionTime: 7073 + description: |- 7074 + lastTransitionTime is the last time the condition transitioned from one status to another. 7075 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 7076 + format: date-time 7077 + type: string 7078 + message: 7079 + description: |- 7080 + message is a human readable message indicating details about the transition. 7081 + This may be an empty string. 7082 + maxLength: 32768 7083 + type: string 7084 + observedGeneration: 7085 + description: |- 7086 + observedGeneration represents the .metadata.generation that the condition was set based upon. 7087 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 7088 + with respect to the current state of the instance. 7089 + format: int64 7090 + minimum: 0 7091 + type: integer 7092 + reason: 7093 + description: |- 7094 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 7095 + Producers of specific condition types may define expected values and meanings for this field, 7096 + and whether the values are considered a guaranteed API. 7097 + The value should be a CamelCase string. 7098 + This field may not be empty. 7099 + maxLength: 1024 7100 + minLength: 1 7101 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 7102 + type: string 7103 + status: 7104 + description: status of the condition, one of True, False, Unknown. 7105 + enum: 7106 + - "True" 7107 + - "False" 7108 + - Unknown 7109 + type: string 7110 + type: 7111 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 7112 + maxLength: 316 7113 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 7114 + type: string 7115 + required: 7116 + - lastTransitionTime 7117 + - message 7118 + - reason 7119 + - status 7120 + - type 7121 + type: object 7122 + type: array 7123 + failures: 7124 + description: |- 7125 + Failures is the reconciliation failure count against the latest desired 7126 + state. It is reset after a successful reconciliation. 7127 + format: int64 7128 + type: integer 7129 + helmChart: 7130 + description: |- 7131 + HelmChart is the namespaced name of the HelmChart resource created by 7132 + the controller for the HelmRelease. 7133 + type: string 7134 + history: 7135 + description: |- 7136 + History holds the history of Helm releases performed for this HelmRelease 7137 + up to the last successfully completed release. 7138 + items: 7139 + description: |- 7140 + Snapshot captures a point-in-time copy of the status information for a Helm release, 7141 + as managed by the controller. 7142 + properties: 7143 + apiVersion: 7144 + description: |- 7145 + APIVersion is the API version of the Snapshot. 7146 + Provisional: when the calculation method of the Digest field is changed, 7147 + this field will be used to distinguish between the old and new methods. 7148 + type: string 7149 + appVersion: 7150 + description: AppVersion is the chart app version of the release 7151 + object in storage. 7152 + type: string 7153 + chartName: 7154 + description: ChartName is the chart name of the release object 7155 + in storage. 7156 + type: string 7157 + chartVersion: 7158 + description: |- 7159 + ChartVersion is the chart version of the release object in 7160 + storage. 7161 + type: string 7162 + configDigest: 7163 + description: |- 7164 + ConfigDigest is the checksum of the config (better known as 7165 + "values") of the release object in storage. 7166 + It has the format of `<algo>:<checksum>`. 7167 + type: string 7168 + deleted: 7169 + description: Deleted is when the release was deleted. 7170 + format: date-time 7171 + type: string 7172 + digest: 7173 + description: |- 7174 + Digest is the checksum of the release object in storage. 7175 + It has the format of `<algo>:<checksum>`. 7176 + type: string 7177 + firstDeployed: 7178 + description: FirstDeployed is when the release was first deployed. 7179 + format: date-time 7180 + type: string 7181 + lastDeployed: 7182 + description: LastDeployed is when the release was last deployed. 7183 + format: date-time 7184 + type: string 7185 + name: 7186 + description: Name is the name of the release. 7187 + type: string 7188 + namespace: 7189 + description: Namespace is the namespace the release is deployed 7190 + to. 7191 + type: string 7192 + ociDigest: 7193 + description: OCIDigest is the digest of the OCI artifact associated 7194 + with the release. 7195 + type: string 7196 + status: 7197 + description: Status is the current state of the release. 7198 + type: string 7199 + testHooks: 7200 + additionalProperties: 7201 + description: |- 7202 + TestHookStatus holds the status information for a test hook as observed 7203 + to be run by the controller. 7204 + properties: 7205 + lastCompleted: 7206 + description: LastCompleted is the time the test hook last 7207 + completed. 7208 + format: date-time 7209 + type: string 7210 + lastStarted: 7211 + description: LastStarted is the time the test hook was 7212 + last started. 7213 + format: date-time 7214 + type: string 7215 + phase: 7216 + description: Phase the test hook was observed to be in. 7217 + type: string 7218 + type: object 7219 + description: |- 7220 + TestHooks is the list of test hooks for the release as observed to be 7221 + run by the controller. 7222 + type: object 7223 + version: 7224 + description: Version is the version of the release object in 7225 + storage. 7226 + type: integer 7227 + required: 7228 + - chartName 7229 + - chartVersion 7230 + - configDigest 7231 + - digest 7232 + - firstDeployed 7233 + - lastDeployed 7234 + - name 7235 + - namespace 7236 + - status 7237 + - version 7238 + type: object 7239 + type: array 7240 + installFailures: 7241 + description: |- 7242 + InstallFailures is the install failure count against the latest desired 7243 + state. It is reset after a successful reconciliation. 7244 + format: int64 7245 + type: integer 7246 + lastAttemptedConfigDigest: 7247 + description: |- 7248 + LastAttemptedConfigDigest is the digest for the config (better known as 7249 + "values") of the last reconciliation attempt. 7250 + type: string 7251 + lastAttemptedGeneration: 7252 + description: |- 7253 + LastAttemptedGeneration is the last generation the controller attempted 7254 + to reconcile. 7255 + format: int64 7256 + type: integer 7257 + lastAttemptedReleaseAction: 7258 + description: |- 7259 + LastAttemptedReleaseAction is the last release action performed for this 7260 + HelmRelease. It is used to determine the active retry or remediation 7261 + strategy. 7262 + enum: 7263 + - install 7264 + - upgrade 7265 + type: string 7266 + lastAttemptedReleaseActionDuration: 7267 + description: |- 7268 + LastAttemptedReleaseActionDuration is the duration of the last 7269 + release action performed for this HelmRelease. 7270 + type: string 7271 + lastAttemptedRevision: 7272 + description: |- 7273 + LastAttemptedRevision is the Source revision of the last reconciliation 7274 + attempt. For OCIRepository sources, the 12 first characters of the digest are 7275 + appended to the chart version e.g. "1.2.3+1234567890ab". 7276 + type: string 7277 + lastAttemptedRevisionDigest: 7278 + description: |- 7279 + LastAttemptedRevisionDigest is the digest of the last reconciliation attempt. 7280 + This is only set for OCIRepository sources. 7281 + type: string 7282 + lastAttemptedValuesChecksum: 7283 + description: |- 7284 + LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last 7285 + reconciliation attempt. 7286 + 7287 + Deprecated: Use LastAttemptedConfigDigest instead. 7288 + type: string 7289 + lastHandledForceAt: 7290 + description: |- 7291 + LastHandledForceAt holds the value of the most recent 7292 + force request value, so a change of the annotation value 7293 + can be detected. 7294 + type: string 7295 + lastHandledReconcileAt: 7296 + description: |- 7297 + LastHandledReconcileAt holds the value of the most recent 7298 + reconcile request value, so a change of the annotation value 7299 + can be detected. 7300 + type: string 7301 + lastHandledResetAt: 7302 + description: |- 7303 + LastHandledResetAt holds the value of the most recent reset request 7304 + value, so a change of the annotation value can be detected. 7305 + type: string 7306 + lastReleaseRevision: 7307 + description: |- 7308 + LastReleaseRevision is the revision of the last successful Helm release. 7309 + 7310 + Deprecated: Use History instead. 7311 + type: integer 7312 + observedCommonMetadataDigest: 7313 + description: |- 7314 + ObservedCommonMetadataDigest is the digest for the common metadata of 7315 + the last successful reconciliation attempt. 7316 + type: string 7317 + observedGeneration: 7318 + description: ObservedGeneration is the last observed generation. 7319 + format: int64 7320 + type: integer 7321 + observedPostRenderersDigest: 7322 + description: |- 7323 + ObservedPostRenderersDigest is the digest for the post-renderers of 7324 + the last successful reconciliation attempt. 7325 + type: string 7326 + storageNamespace: 7327 + description: |- 7328 + StorageNamespace is the namespace of the Helm release storage for the 7329 + current release. 7330 + maxLength: 63 7331 + minLength: 1 7332 + type: string 7333 + upgradeFailures: 7334 + description: |- 7335 + UpgradeFailures is the upgrade failure count against the latest desired 7336 + state. It is reset after a successful reconciliation. 7337 + format: int64 7338 + type: integer 7339 + type: object 7340 + type: object 7341 + served: true 7342 + storage: true 7343 + subresources: 7344 + status: {} 7345 + - additionalPrinterColumns: 7346 + - jsonPath: .metadata.creationTimestamp 7347 + name: Age 7348 + type: date 7349 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 7350 + name: Ready 7351 + type: string 7352 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 7353 + name: Status 7354 + type: string 7355 + deprecated: true 7356 + deprecationWarning: v2beta2 HelmRelease is deprecated, upgrade to v2 7357 + name: v2beta2 7358 + schema: 7359 + openAPIV3Schema: 7360 + description: HelmRelease is the Schema for the helmreleases API 7361 + properties: 7362 + apiVersion: 7363 + description: |- 7364 + APIVersion defines the versioned schema of this representation of an object. 7365 + Servers should convert recognized schemas to the latest internal value, and 7366 + may reject unrecognized values. 7367 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 7368 + type: string 7369 + kind: 7370 + description: |- 7371 + Kind is a string value representing the REST resource this object represents. 7372 + Servers may infer this from the endpoint the client submits requests to. 7373 + Cannot be updated. 7374 + In CamelCase. 7375 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 7376 + type: string 7377 + metadata: 7378 + type: object 7379 + spec: 7380 + description: HelmReleaseSpec defines the desired state of a Helm release. 7381 + properties: 7382 + chart: 7383 + description: |- 7384 + Chart defines the template of the v1beta2.HelmChart that should be created 7385 + for this HelmRelease. 7386 + properties: 7387 + metadata: 7388 + description: ObjectMeta holds the template for metadata like labels 7389 + and annotations. 7390 + properties: 7391 + annotations: 7392 + additionalProperties: 7393 + type: string 7394 + description: |- 7395 + Annotations is an unstructured key value map stored with a resource that may be 7396 + set by external tools to store and retrieve arbitrary metadata. They are not 7397 + queryable and should be preserved when modifying objects. 7398 + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 7399 + type: object 7400 + labels: 7401 + additionalProperties: 7402 + type: string 7403 + description: |- 7404 + Map of string keys and values that can be used to organize and categorize 7405 + (scope and select) objects. 7406 + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ 7407 + type: object 7408 + type: object 7409 + spec: 7410 + description: Spec holds the template for the v1beta2.HelmChartSpec 7411 + for this HelmRelease. 7412 + properties: 7413 + chart: 7414 + description: The name or path the Helm chart is available 7415 + at in the SourceRef. 7416 + maxLength: 2048 7417 + minLength: 1 7418 + type: string 7419 + ignoreMissingValuesFiles: 7420 + description: IgnoreMissingValuesFiles controls whether to 7421 + silently ignore missing values files rather than failing. 7422 + type: boolean 7423 + interval: 7424 + description: |- 7425 + Interval at which to check the v1.Source for updates. Defaults to 7426 + 'HelmReleaseSpec.Interval'. 7427 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 7428 + type: string 7429 + reconcileStrategy: 7430 + default: ChartVersion 7431 + description: |- 7432 + Determines what enables the creation of a new artifact. Valid values are 7433 + ('ChartVersion', 'Revision'). 7434 + See the documentation of the values for an explanation on their behavior. 7435 + Defaults to ChartVersion when omitted. 7436 + enum: 7437 + - ChartVersion 7438 + - Revision 7439 + type: string 7440 + sourceRef: 7441 + description: The name and namespace of the v1.Source the chart 7442 + is available at. 7443 + properties: 7444 + apiVersion: 7445 + description: APIVersion of the referent. 7446 + type: string 7447 + kind: 7448 + description: Kind of the referent. 7449 + enum: 7450 + - HelmRepository 7451 + - GitRepository 7452 + - Bucket 7453 + type: string 7454 + name: 7455 + description: Name of the referent. 7456 + maxLength: 253 7457 + minLength: 1 7458 + type: string 7459 + namespace: 7460 + description: Namespace of the referent. 7461 + maxLength: 63 7462 + minLength: 1 7463 + type: string 7464 + required: 7465 + - kind 7466 + - name 7467 + type: object 7468 + valuesFile: 7469 + description: |- 7470 + Alternative values file to use as the default chart values, expected to 7471 + be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, 7472 + for backwards compatibility the file defined here is merged before the 7473 + ValuesFiles items. Ignored when omitted. 7474 + type: string 7475 + valuesFiles: 7476 + description: |- 7477 + Alternative list of values files to use as the chart values (values.yaml 7478 + is not included by default), expected to be a relative path in the SourceRef. 7479 + Values files are merged in the order of this list with the last file overriding 7480 + the first. Ignored when omitted. 7481 + items: 7482 + type: string 7483 + type: array 7484 + verify: 7485 + description: |- 7486 + Verify contains the secret name containing the trusted public keys 7487 + used to verify the signature and specifies which provider to use to check 7488 + whether OCI image is authentic. 7489 + This field is only supported for OCI sources. 7490 + Chart dependencies, which are not bundled in the umbrella chart artifact, 7491 + are not verified. 7492 + properties: 7493 + provider: 7494 + default: cosign 7495 + description: Provider specifies the technology used to 7496 + sign the OCI Helm chart. 7497 + enum: 7498 + - cosign 7499 + - notation 7500 + type: string 7501 + secretRef: 7502 + description: |- 7503 + SecretRef specifies the Kubernetes Secret containing the 7504 + trusted public keys. 7505 + properties: 7506 + name: 7507 + description: Name of the referent. 7508 + type: string 7509 + required: 7510 + - name 7511 + type: object 7512 + required: 7513 + - provider 7514 + type: object 7515 + version: 7516 + default: '*' 7517 + description: |- 7518 + Version semver expression, ignored for charts from v1beta2.GitRepository and 7519 + v1beta2.Bucket sources. Defaults to latest when omitted. 7520 + type: string 7521 + required: 7522 + - chart 7523 + - sourceRef 7524 + type: object 7525 + required: 7526 + - spec 7527 + type: object 7528 + chartRef: 7529 + description: |- 7530 + ChartRef holds a reference to a source controller resource containing the 7531 + Helm chart artifact. 7532 + 7533 + Note: this field is provisional to the v2 API, and not actively used 7534 + by v2beta2 HelmReleases. 7535 + properties: 7536 + apiVersion: 7537 + description: APIVersion of the referent. 7538 + type: string 7539 + kind: 7540 + description: Kind of the referent. 7541 + enum: 7542 + - OCIRepository 7543 + - HelmChart 7544 + type: string 7545 + name: 7546 + description: Name of the referent. 7547 + maxLength: 253 7548 + minLength: 1 7549 + type: string 7550 + namespace: 7551 + description: |- 7552 + Namespace of the referent, defaults to the namespace of the Kubernetes 7553 + resource object that contains the reference. 7554 + maxLength: 63 7555 + minLength: 1 7556 + type: string 7557 + required: 7558 + - kind 7559 + - name 7560 + type: object 7561 + dependsOn: 7562 + description: |- 7563 + DependsOn may contain a meta.NamespacedObjectReference slice with 7564 + references to HelmRelease resources that must be ready before this HelmRelease 7565 + can be reconciled. 7566 + items: 7567 + description: |- 7568 + NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any 7569 + namespace. 7570 + properties: 7571 + name: 7572 + description: Name of the referent. 7573 + type: string 7574 + namespace: 7575 + description: Namespace of the referent, when not specified it 7576 + acts as LocalObjectReference. 7577 + type: string 7578 + required: 7579 + - name 7580 + type: object 7581 + type: array 7582 + driftDetection: 7583 + description: |- 7584 + DriftDetection holds the configuration for detecting and handling 7585 + differences between the manifest in the Helm storage and the resources 7586 + currently existing in the cluster. 7587 + properties: 7588 + ignore: 7589 + description: |- 7590 + Ignore contains a list of rules for specifying which changes to ignore 7591 + during diffing. 7592 + items: 7593 + description: |- 7594 + IgnoreRule defines a rule to selectively disregard specific changes during 7595 + the drift detection process. 7596 + properties: 7597 + paths: 7598 + description: |- 7599 + Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from 7600 + consideration in a Kubernetes object. 7601 + items: 7602 + type: string 7603 + type: array 7604 + target: 7605 + description: |- 7606 + Target is a selector for specifying Kubernetes objects to which this 7607 + rule applies. 7608 + If Target is not set, the Paths will be ignored for all Kubernetes 7609 + objects within the manifest of the Helm release. 7610 + properties: 7611 + annotationSelector: 7612 + description: |- 7613 + AnnotationSelector is a string that follows the label selection expression 7614 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 7615 + It matches with the resource annotations. 7616 + type: string 7617 + group: 7618 + description: |- 7619 + Group is the API group to select resources from. 7620 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 7621 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7622 + type: string 7623 + kind: 7624 + description: |- 7625 + Kind of the API Group to select resources from. 7626 + Together with Group and Version it is capable of unambiguously 7627 + identifying and/or selecting resources. 7628 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7629 + type: string 7630 + labelSelector: 7631 + description: |- 7632 + LabelSelector is a string that follows the label selection expression 7633 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 7634 + It matches with the resource labels. 7635 + type: string 7636 + name: 7637 + description: Name to match resources with. 7638 + type: string 7639 + namespace: 7640 + description: Namespace to select resources from. 7641 + type: string 7642 + version: 7643 + description: |- 7644 + Version of the API Group to select resources from. 7645 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 7646 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7647 + type: string 7648 + type: object 7649 + required: 7650 + - paths 7651 + type: object 7652 + type: array 7653 + mode: 7654 + description: |- 7655 + Mode defines how differences should be handled between the Helm manifest 7656 + and the manifest currently applied to the cluster. 7657 + If not explicitly set, it defaults to DiffModeDisabled. 7658 + enum: 7659 + - enabled 7660 + - warn 7661 + - disabled 7662 + type: string 7663 + type: object 7664 + install: 7665 + description: Install holds the configuration for Helm install actions 7666 + for this HelmRelease. 7667 + properties: 7668 + crds: 7669 + description: |- 7670 + CRDs upgrade CRDs from the Helm Chart's crds directory according 7671 + to the CRD upgrade policy provided here. Valid values are `Skip`, 7672 + `Create` or `CreateReplace`. Default is `Create` and if omitted 7673 + CRDs are installed but not updated. 7674 + 7675 + Skip: do neither install nor replace (update) any CRDs. 7676 + 7677 + Create: new CRDs are created, existing CRDs are neither updated nor deleted. 7678 + 7679 + CreateReplace: new CRDs are created, existing CRDs are updated (replaced) 7680 + but not deleted. 7681 + 7682 + By default, CRDs are applied (installed) during Helm install action. 7683 + With this option users can opt in to CRD replace existing CRDs on Helm 7684 + install actions, which is not (yet) natively supported by Helm. 7685 + https://helm.sh/docs/chart_best_practices/custom_resource_definitions. 7686 + enum: 7687 + - Skip 7688 + - Create 7689 + - CreateReplace 7690 + type: string 7691 + createNamespace: 7692 + description: |- 7693 + CreateNamespace tells the Helm install action to create the 7694 + HelmReleaseSpec.TargetNamespace if it does not exist yet. 7695 + On uninstall, the namespace will not be garbage collected. 7696 + type: boolean 7697 + disableHooks: 7698 + description: DisableHooks prevents hooks from running during the 7699 + Helm install action. 7700 + type: boolean 7701 + disableOpenAPIValidation: 7702 + description: |- 7703 + DisableOpenAPIValidation prevents the Helm install action from validating 7704 + rendered templates against the Kubernetes OpenAPI Schema. 7705 + type: boolean 7706 + disableWait: 7707 + description: |- 7708 + DisableWait disables the waiting for resources to be ready after a Helm 7709 + install has been performed. 7710 + type: boolean 7711 + disableWaitForJobs: 7712 + description: |- 7713 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 7714 + install has been performed. 7715 + type: boolean 7716 + remediation: 7717 + description: |- 7718 + Remediation holds the remediation configuration for when the Helm install 7719 + action for the HelmRelease fails. The default is to not perform any action. 7720 + properties: 7721 + ignoreTestFailures: 7722 + description: |- 7723 + IgnoreTestFailures tells the controller to skip remediation when the Helm 7724 + tests are run after an install action but fail. Defaults to 7725 + 'Test.IgnoreFailures'. 7726 + type: boolean 7727 + remediateLastFailure: 7728 + description: |- 7729 + RemediateLastFailure tells the controller to remediate the last failure, when 7730 + no retries remain. Defaults to 'false'. 7731 + type: boolean 7732 + retries: 7733 + description: |- 7734 + Retries is the number of retries that should be attempted on failures before 7735 + bailing. Remediation, using an uninstall, is performed between each attempt. 7736 + Defaults to '0', a negative integer equals to unlimited retries. 7737 + type: integer 7738 + type: object 7739 + replace: 7740 + description: |- 7741 + Replace tells the Helm install action to re-use the 'ReleaseName', but only 7742 + if that name is a deleted release which remains in the history. 7743 + type: boolean 7744 + skipCRDs: 7745 + description: |- 7746 + SkipCRDs tells the Helm install action to not install any CRDs. By default, 7747 + CRDs are installed if not already present. 7748 + 7749 + Deprecated use CRD policy (`crds`) attribute with value `Skip` instead. 7750 + type: boolean 7751 + timeout: 7752 + description: |- 7753 + Timeout is the time to wait for any individual Kubernetes operation (like 7754 + Jobs for hooks) during the performance of a Helm install action. Defaults to 7755 + 'HelmReleaseSpec.Timeout'. 7756 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 7757 + type: string 7758 + type: object 7759 + interval: 7760 + description: Interval at which to reconcile the Helm release. 7761 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 7762 + type: string 7763 + kubeConfig: 7764 + description: |- 7765 + KubeConfig for reconciling the HelmRelease on a remote cluster. 7766 + When used in combination with HelmReleaseSpec.ServiceAccountName, 7767 + forces the controller to act on behalf of that Service Account at the 7768 + target cluster. 7769 + If the --default-service-account flag is set, its value will be used as 7770 + a controller level fallback for when HelmReleaseSpec.ServiceAccountName 7771 + is empty. 7772 + properties: 7773 + configMapRef: 7774 + description: |- 7775 + ConfigMapRef holds an optional name of a ConfigMap that contains 7776 + the following keys: 7777 + 7778 + - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or 7779 + `generic`. Required. 7780 + - `cluster`: the fully qualified resource name of the Kubernetes 7781 + cluster in the cloud provider API. Not used by the `generic` 7782 + provider. Required when one of `address` or `ca.crt` is not set. 7783 + - `address`: the address of the Kubernetes API server. Required 7784 + for `generic`. For the other providers, if not specified, the 7785 + first address in the cluster resource will be used, and if 7786 + specified, it must match one of the addresses in the cluster 7787 + resource. 7788 + If audiences is not set, will be used as the audience for the 7789 + `generic` provider. 7790 + - `ca.crt`: the optional PEM-encoded CA certificate for the 7791 + Kubernetes API server. If not set, the controller will use the 7792 + CA certificate from the cluster resource. 7793 + - `audiences`: the optional audiences as a list of 7794 + line-break-separated strings for the Kubernetes ServiceAccount 7795 + token. Defaults to the `address` for the `generic` provider, or 7796 + to specific values for the other providers depending on the 7797 + provider. 7798 + - `serviceAccountName`: the optional name of the Kubernetes 7799 + ServiceAccount in the same namespace that should be used 7800 + for authentication. If not specified, the controller 7801 + ServiceAccount will be used. 7802 + 7803 + Mutually exclusive with SecretRef. 7804 + properties: 7805 + name: 7806 + description: Name of the referent. 7807 + type: string 7808 + required: 7809 + - name 7810 + type: object 7811 + secretRef: 7812 + description: |- 7813 + SecretRef holds an optional name of a secret that contains a key with 7814 + the kubeconfig file as the value. If no key is set, the key will default 7815 + to 'value'. Mutually exclusive with ConfigMapRef. 7816 + It is recommended that the kubeconfig is self-contained, and the secret 7817 + is regularly updated if credentials such as a cloud-access-token expire. 7818 + Cloud specific `cmd-path` auth helpers will not function without adding 7819 + binaries and credentials to the Pod that is responsible for reconciling 7820 + Kubernetes resources. Supported only for the generic provider. 7821 + properties: 7822 + key: 7823 + description: Key in the Secret, when not specified an implementation-specific 7824 + default key is used. 7825 + type: string 7826 + name: 7827 + description: Name of the Secret. 7828 + type: string 7829 + required: 7830 + - name 7831 + type: object 7832 + type: object 7833 + x-kubernetes-validations: 7834 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 7835 + must be specified 7836 + rule: has(self.configMapRef) || has(self.secretRef) 7837 + - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef 7838 + must be specified 7839 + rule: '!has(self.configMapRef) || !has(self.secretRef)' 7840 + maxHistory: 7841 + description: |- 7842 + MaxHistory is the number of revisions saved by Helm for this HelmRelease. 7843 + Use '0' for an unlimited number of revisions; defaults to '5'. 7844 + type: integer 7845 + persistentClient: 7846 + description: |- 7847 + PersistentClient tells the controller to use a persistent Kubernetes 7848 + client for this release. When enabled, the client will be reused for the 7849 + duration of the reconciliation, instead of being created and destroyed 7850 + for each (step of a) Helm action. 7851 + 7852 + This can improve performance, but may cause issues with some Helm charts 7853 + that for example do create Custom Resource Definitions during installation 7854 + outside Helm's CRD lifecycle hooks, which are then not observed to be 7855 + available by e.g. post-install hooks. 7856 + 7857 + If not set, it defaults to true. 7858 + type: boolean 7859 + postRenderers: 7860 + description: |- 7861 + PostRenderers holds an array of Helm PostRenderers, which will be applied in order 7862 + of their definition. 7863 + items: 7864 + description: PostRenderer contains a Helm PostRenderer specification. 7865 + properties: 7866 + kustomize: 7867 + description: Kustomization to apply as PostRenderer. 7868 + properties: 7869 + images: 7870 + description: |- 7871 + Images is a list of (image name, new name, new tag or digest) 7872 + for changing image names, tags or digests. This can also be achieved with a 7873 + patch, but this operator is simpler to specify. 7874 + items: 7875 + description: Image contains an image name, a new name, 7876 + a new tag or digest, which will replace the original 7877 + name and tag. 7878 + properties: 7879 + digest: 7880 + description: |- 7881 + Digest is the value used to replace the original image tag. 7882 + If digest is present NewTag value is ignored. 7883 + type: string 7884 + name: 7885 + description: Name is a tag-less image name. 7886 + type: string 7887 + newName: 7888 + description: NewName is the value used to replace 7889 + the original name. 7890 + type: string 7891 + newTag: 7892 + description: NewTag is the value used to replace the 7893 + original tag. 7894 + type: string 7895 + required: 7896 + - name 7897 + type: object 7898 + type: array 7899 + patches: 7900 + description: |- 7901 + Strategic merge and JSON patches, defined as inline YAML objects, 7902 + capable of targeting objects based on kind, label and annotation selectors. 7903 + items: 7904 + description: |- 7905 + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should 7906 + be applied to. 7907 + properties: 7908 + patch: 7909 + description: |- 7910 + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with 7911 + an array of operation objects. 7912 + type: string 7913 + target: 7914 + description: Target points to the resources that the 7915 + patch document should be applied to. 7916 + properties: 7917 + annotationSelector: 7918 + description: |- 7919 + AnnotationSelector is a string that follows the label selection expression 7920 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 7921 + It matches with the resource annotations. 7922 + type: string 7923 + group: 7924 + description: |- 7925 + Group is the API group to select resources from. 7926 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 7927 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7928 + type: string 7929 + kind: 7930 + description: |- 7931 + Kind of the API Group to select resources from. 7932 + Together with Group and Version it is capable of unambiguously 7933 + identifying and/or selecting resources. 7934 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7935 + type: string 7936 + labelSelector: 7937 + description: |- 7938 + LabelSelector is a string that follows the label selection expression 7939 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 7940 + It matches with the resource labels. 7941 + type: string 7942 + name: 7943 + description: Name to match resources with. 7944 + type: string 7945 + namespace: 7946 + description: Namespace to select resources from. 7947 + type: string 7948 + version: 7949 + description: |- 7950 + Version of the API Group to select resources from. 7951 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 7952 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 7953 + type: string 7954 + type: object 7955 + required: 7956 + - patch 7957 + type: object 7958 + type: array 7959 + patchesJson6902: 7960 + description: |- 7961 + JSON 6902 patches, defined as inline YAML objects. 7962 + 7963 + Deprecated: use Patches instead. 7964 + items: 7965 + description: JSON6902Patch contains a JSON6902 patch and 7966 + the target the patch should be applied to. 7967 + properties: 7968 + patch: 7969 + description: Patch contains the JSON6902 patch document 7970 + with an array of operation objects. 7971 + items: 7972 + description: |- 7973 + JSON6902 is a JSON6902 operation object. 7974 + https://datatracker.ietf.org/doc/html/rfc6902#section-4 7975 + properties: 7976 + from: 7977 + description: |- 7978 + From contains a JSON-pointer value that references a location within the target document where the operation is 7979 + performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations. 7980 + type: string 7981 + op: 7982 + description: |- 7983 + Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or 7984 + "test". 7985 + https://datatracker.ietf.org/doc/html/rfc6902#section-4 7986 + enum: 7987 + - test 7988 + - remove 7989 + - add 7990 + - replace 7991 + - move 7992 + - copy 7993 + type: string 7994 + path: 7995 + description: |- 7996 + Path contains the JSON-pointer value that references a location within the target document where the operation 7997 + is performed. The meaning of the value depends on the value of Op. 7998 + type: string 7999 + value: 8000 + description: |- 8001 + Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into 8002 + account by all operations. 8003 + x-kubernetes-preserve-unknown-fields: true 8004 + required: 8005 + - op 8006 + - path 8007 + type: object 8008 + type: array 8009 + target: 8010 + description: Target points to the resources that the 8011 + patch document should be applied to. 8012 + properties: 8013 + annotationSelector: 8014 + description: |- 8015 + AnnotationSelector is a string that follows the label selection expression 8016 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 8017 + It matches with the resource annotations. 8018 + type: string 8019 + group: 8020 + description: |- 8021 + Group is the API group to select resources from. 8022 + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. 8023 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 8024 + type: string 8025 + kind: 8026 + description: |- 8027 + Kind of the API Group to select resources from. 8028 + Together with Group and Version it is capable of unambiguously 8029 + identifying and/or selecting resources. 8030 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 8031 + type: string 8032 + labelSelector: 8033 + description: |- 8034 + LabelSelector is a string that follows the label selection expression 8035 + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api 8036 + It matches with the resource labels. 8037 + type: string 8038 + name: 8039 + description: Name to match resources with. 8040 + type: string 8041 + namespace: 8042 + description: Namespace to select resources from. 8043 + type: string 8044 + version: 8045 + description: |- 8046 + Version of the API Group to select resources from. 8047 + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. 8048 + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md 8049 + type: string 8050 + type: object 8051 + required: 8052 + - patch 8053 + - target 8054 + type: object 8055 + type: array 8056 + patchesStrategicMerge: 8057 + description: |- 8058 + Strategic merge patches, defined as inline YAML objects. 8059 + 8060 + Deprecated: use Patches instead. 8061 + items: 8062 + x-kubernetes-preserve-unknown-fields: true 8063 + type: array 8064 + type: object 8065 + type: object 8066 + type: array 8067 + releaseName: 8068 + description: |- 8069 + ReleaseName used for the Helm release. Defaults to a composition of 8070 + '[TargetNamespace-]Name'. 8071 + maxLength: 53 8072 + minLength: 1 8073 + type: string 8074 + rollback: 8075 + description: Rollback holds the configuration for Helm rollback actions 8076 + for this HelmRelease. 8077 + properties: 8078 + cleanupOnFail: 8079 + description: |- 8080 + CleanupOnFail allows deletion of new resources created during the Helm 8081 + rollback action when it fails. 8082 + type: boolean 8083 + disableHooks: 8084 + description: DisableHooks prevents hooks from running during the 8085 + Helm rollback action. 8086 + type: boolean 8087 + disableWait: 8088 + description: |- 8089 + DisableWait disables the waiting for resources to be ready after a Helm 8090 + rollback has been performed. 8091 + type: boolean 8092 + disableWaitForJobs: 8093 + description: |- 8094 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 8095 + rollback has been performed. 8096 + type: boolean 8097 + force: 8098 + description: Force forces resource updates through a replacement 8099 + strategy. 8100 + type: boolean 8101 + recreate: 8102 + description: Recreate performs pod restarts for the resource if 8103 + applicable. 8104 + type: boolean 8105 + timeout: 8106 + description: |- 8107 + Timeout is the time to wait for any individual Kubernetes operation (like 8108 + Jobs for hooks) during the performance of a Helm rollback action. Defaults to 8109 + 'HelmReleaseSpec.Timeout'. 8110 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 8111 + type: string 8112 + type: object 8113 + serviceAccountName: 8114 + description: |- 8115 + The name of the Kubernetes service account to impersonate 8116 + when reconciling this HelmRelease. 8117 + maxLength: 253 8118 + minLength: 1 8119 + type: string 8120 + storageNamespace: 8121 + description: |- 8122 + StorageNamespace used for the Helm storage. 8123 + Defaults to the namespace of the HelmRelease. 8124 + maxLength: 63 8125 + minLength: 1 8126 + type: string 8127 + suspend: 8128 + description: |- 8129 + Suspend tells the controller to suspend reconciliation for this HelmRelease, 8130 + it does not apply to already started reconciliations. Defaults to false. 8131 + type: boolean 8132 + targetNamespace: 8133 + description: |- 8134 + TargetNamespace to target when performing operations for the HelmRelease. 8135 + Defaults to the namespace of the HelmRelease. 8136 + maxLength: 63 8137 + minLength: 1 8138 + type: string 8139 + test: 8140 + description: Test holds the configuration for Helm test actions for 8141 + this HelmRelease. 8142 + properties: 8143 + enable: 8144 + description: |- 8145 + Enable enables Helm test actions for this HelmRelease after an Helm install 8146 + or upgrade action has been performed. 8147 + type: boolean 8148 + filters: 8149 + description: Filters is a list of tests to run or exclude from 8150 + running. 8151 + items: 8152 + description: Filter holds the configuration for individual Helm 8153 + test filters. 8154 + properties: 8155 + exclude: 8156 + description: Exclude specifies whether the named test should 8157 + be excluded. 8158 + type: boolean 8159 + name: 8160 + description: Name is the name of the test. 8161 + maxLength: 253 8162 + minLength: 1 8163 + type: string 8164 + required: 8165 + - name 8166 + type: object 8167 + type: array 8168 + ignoreFailures: 8169 + description: |- 8170 + IgnoreFailures tells the controller to skip remediation when the Helm tests 8171 + are run but fail. Can be overwritten for tests run after install or upgrade 8172 + actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. 8173 + type: boolean 8174 + timeout: 8175 + description: |- 8176 + Timeout is the time to wait for any individual Kubernetes operation during 8177 + the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. 8178 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 8179 + type: string 8180 + type: object 8181 + timeout: 8182 + description: |- 8183 + Timeout is the time to wait for any individual Kubernetes operation (like Jobs 8184 + for hooks) during the performance of a Helm action. Defaults to '5m0s'. 8185 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 8186 + type: string 8187 + uninstall: 8188 + description: Uninstall holds the configuration for Helm uninstall 8189 + actions for this HelmRelease. 8190 + properties: 8191 + deletionPropagation: 8192 + default: background 8193 + description: |- 8194 + DeletionPropagation specifies the deletion propagation policy when 8195 + a Helm uninstall is performed. 8196 + enum: 8197 + - background 8198 + - foreground 8199 + - orphan 8200 + type: string 8201 + disableHooks: 8202 + description: DisableHooks prevents hooks from running during the 8203 + Helm rollback action. 8204 + type: boolean 8205 + disableWait: 8206 + description: |- 8207 + DisableWait disables waiting for all the resources to be deleted after 8208 + a Helm uninstall is performed. 8209 + type: boolean 8210 + keepHistory: 8211 + description: |- 8212 + KeepHistory tells Helm to remove all associated resources and mark the 8213 + release as deleted, but retain the release history. 8214 + type: boolean 8215 + timeout: 8216 + description: |- 8217 + Timeout is the time to wait for any individual Kubernetes operation (like 8218 + Jobs for hooks) during the performance of a Helm uninstall action. Defaults 8219 + to 'HelmReleaseSpec.Timeout'. 8220 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 8221 + type: string 8222 + type: object 8223 + upgrade: 8224 + description: Upgrade holds the configuration for Helm upgrade actions 8225 + for this HelmRelease. 8226 + properties: 8227 + cleanupOnFail: 8228 + description: |- 8229 + CleanupOnFail allows deletion of new resources created during the Helm 8230 + upgrade action when it fails. 8231 + type: boolean 8232 + crds: 8233 + description: |- 8234 + CRDs upgrade CRDs from the Helm Chart's crds directory according 8235 + to the CRD upgrade policy provided here. Valid values are `Skip`, 8236 + `Create` or `CreateReplace`. Default is `Skip` and if omitted 8237 + CRDs are neither installed nor upgraded. 8238 + 8239 + Skip: do neither install nor replace (update) any CRDs. 8240 + 8241 + Create: new CRDs are created, existing CRDs are neither updated nor deleted. 8242 + 8243 + CreateReplace: new CRDs are created, existing CRDs are updated (replaced) 8244 + but not deleted. 8245 + 8246 + By default, CRDs are not applied during Helm upgrade action. With this 8247 + option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. 8248 + https://helm.sh/docs/chart_best_practices/custom_resource_definitions. 8249 + enum: 8250 + - Skip 8251 + - Create 8252 + - CreateReplace 8253 + type: string 8254 + disableHooks: 8255 + description: DisableHooks prevents hooks from running during the 8256 + Helm upgrade action. 8257 + type: boolean 8258 + disableOpenAPIValidation: 8259 + description: |- 8260 + DisableOpenAPIValidation prevents the Helm upgrade action from validating 8261 + rendered templates against the Kubernetes OpenAPI Schema. 8262 + type: boolean 8263 + disableWait: 8264 + description: |- 8265 + DisableWait disables the waiting for resources to be ready after a Helm 8266 + upgrade has been performed. 8267 + type: boolean 8268 + disableWaitForJobs: 8269 + description: |- 8270 + DisableWaitForJobs disables waiting for jobs to complete after a Helm 8271 + upgrade has been performed. 8272 + type: boolean 8273 + force: 8274 + description: Force forces resource updates through a replacement 8275 + strategy. 8276 + type: boolean 8277 + preserveValues: 8278 + description: |- 8279 + PreserveValues will make Helm reuse the last release's values and merge in 8280 + overrides from 'Values'. Setting this flag makes the HelmRelease 8281 + non-declarative. 8282 + type: boolean 8283 + remediation: 8284 + description: |- 8285 + Remediation holds the remediation configuration for when the Helm upgrade 8286 + action for the HelmRelease fails. The default is to not perform any action. 8287 + properties: 8288 + ignoreTestFailures: 8289 + description: |- 8290 + IgnoreTestFailures tells the controller to skip remediation when the Helm 8291 + tests are run after an upgrade action but fail. 8292 + Defaults to 'Test.IgnoreFailures'. 8293 + type: boolean 8294 + remediateLastFailure: 8295 + description: |- 8296 + RemediateLastFailure tells the controller to remediate the last failure, when 8297 + no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. 8298 + type: boolean 8299 + retries: 8300 + description: |- 8301 + Retries is the number of retries that should be attempted on failures before 8302 + bailing. Remediation, using 'Strategy', is performed between each attempt. 8303 + Defaults to '0', a negative integer equals to unlimited retries. 8304 + type: integer 8305 + strategy: 8306 + description: Strategy to use for failure remediation. Defaults 8307 + to 'rollback'. 8308 + enum: 8309 + - rollback 8310 + - uninstall 8311 + type: string 8312 + type: object 8313 + timeout: 8314 + description: |- 8315 + Timeout is the time to wait for any individual Kubernetes operation (like 8316 + Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 8317 + 'HelmReleaseSpec.Timeout'. 8318 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 8319 + type: string 8320 + type: object 8321 + values: 8322 + description: Values holds the values for this Helm release. 8323 + x-kubernetes-preserve-unknown-fields: true 8324 + valuesFrom: 8325 + description: |- 8326 + ValuesFrom holds references to resources containing Helm values for this HelmRelease, 8327 + and information about how they should be merged. 8328 + items: 8329 + description: |- 8330 + ValuesReference contains a reference to a resource containing Helm values, 8331 + and optionally the key they can be found at. 8332 + properties: 8333 + kind: 8334 + description: Kind of the values referent, valid values are ('Secret', 8335 + 'ConfigMap'). 8336 + enum: 8337 + - Secret 8338 + - ConfigMap 8339 + type: string 8340 + name: 8341 + description: |- 8342 + Name of the values referent. Should reside in the same namespace as the 8343 + referring resource. 8344 + maxLength: 253 8345 + minLength: 1 8346 + type: string 8347 + optional: 8348 + description: |- 8349 + Optional marks this ValuesReference as optional. When set, a not found error 8350 + for the values reference is ignored, but any ValuesKey, TargetPath or 8351 + transient error will still result in a reconciliation failure. 8352 + type: boolean 8353 + targetPath: 8354 + description: |- 8355 + TargetPath is the YAML dot notation path the value should be merged at. When 8356 + set, the ValuesKey is expected to be a single flat value. Defaults to 'None', 8357 + which results in the values getting merged at the root. 8358 + maxLength: 250 8359 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ 8360 + type: string 8361 + valuesKey: 8362 + description: |- 8363 + ValuesKey is the data key where the values.yaml or a specific value can be 8364 + found at. Defaults to 'values.yaml'. 8365 + maxLength: 253 8366 + pattern: ^[\-._a-zA-Z0-9]+$ 8367 + type: string 8368 + required: 8369 + - kind 8370 + - name 8371 + type: object 8372 + type: array 8373 + required: 8374 + - interval 8375 + type: object 8376 + x-kubernetes-validations: 8377 + - message: either chart or chartRef must be set 8378 + rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) 8379 + && has(self.chartRef)) 8380 + status: 8381 + default: 8382 + observedGeneration: -1 8383 + description: HelmReleaseStatus defines the observed state of a HelmRelease. 8384 + properties: 8385 + conditions: 8386 + description: Conditions holds the conditions for the HelmRelease. 8387 + items: 8388 + description: Condition contains details for one aspect of the current 8389 + state of this API Resource. 8390 + properties: 8391 + lastTransitionTime: 8392 + description: |- 8393 + lastTransitionTime is the last time the condition transitioned from one status to another. 8394 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 8395 + format: date-time 8396 + type: string 8397 + message: 8398 + description: |- 8399 + message is a human readable message indicating details about the transition. 8400 + This may be an empty string. 8401 + maxLength: 32768 8402 + type: string 8403 + observedGeneration: 8404 + description: |- 8405 + observedGeneration represents the .metadata.generation that the condition was set based upon. 8406 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 8407 + with respect to the current state of the instance. 8408 + format: int64 8409 + minimum: 0 8410 + type: integer 8411 + reason: 8412 + description: |- 8413 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 8414 + Producers of specific condition types may define expected values and meanings for this field, 8415 + and whether the values are considered a guaranteed API. 8416 + The value should be a CamelCase string. 8417 + This field may not be empty. 8418 + maxLength: 1024 8419 + minLength: 1 8420 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 8421 + type: string 8422 + status: 8423 + description: status of the condition, one of True, False, Unknown. 8424 + enum: 8425 + - "True" 8426 + - "False" 8427 + - Unknown 8428 + type: string 8429 + type: 8430 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 8431 + maxLength: 316 8432 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 8433 + type: string 8434 + required: 8435 + - lastTransitionTime 8436 + - message 8437 + - reason 8438 + - status 8439 + - type 8440 + type: object 8441 + type: array 8442 + failures: 8443 + description: |- 8444 + Failures is the reconciliation failure count against the latest desired 8445 + state. It is reset after a successful reconciliation. 8446 + format: int64 8447 + type: integer 8448 + helmChart: 8449 + description: |- 8450 + HelmChart is the namespaced name of the HelmChart resource created by 8451 + the controller for the HelmRelease. 8452 + type: string 8453 + history: 8454 + description: |- 8455 + History holds the history of Helm releases performed for this HelmRelease 8456 + up to the last successfully completed release. 8457 + items: 8458 + description: |- 8459 + Snapshot captures a point-in-time copy of the status information for a Helm release, 8460 + as managed by the controller. 8461 + properties: 8462 + apiVersion: 8463 + description: |- 8464 + APIVersion is the API version of the Snapshot. 8465 + Provisional: when the calculation method of the Digest field is changed, 8466 + this field will be used to distinguish between the old and new methods. 8467 + type: string 8468 + appVersion: 8469 + description: AppVersion is the chart app version of the release 8470 + object in storage. 8471 + type: string 8472 + chartName: 8473 + description: ChartName is the chart name of the release object 8474 + in storage. 8475 + type: string 8476 + chartVersion: 8477 + description: |- 8478 + ChartVersion is the chart version of the release object in 8479 + storage. 8480 + type: string 8481 + configDigest: 8482 + description: |- 8483 + ConfigDigest is the checksum of the config (better known as 8484 + "values") of the release object in storage. 8485 + It has the format of `<algo>:<checksum>`. 8486 + type: string 8487 + deleted: 8488 + description: Deleted is when the release was deleted. 8489 + format: date-time 8490 + type: string 8491 + digest: 8492 + description: |- 8493 + Digest is the checksum of the release object in storage. 8494 + It has the format of `<algo>:<checksum>`. 8495 + type: string 8496 + firstDeployed: 8497 + description: FirstDeployed is when the release was first deployed. 8498 + format: date-time 8499 + type: string 8500 + lastDeployed: 8501 + description: LastDeployed is when the release was last deployed. 8502 + format: date-time 8503 + type: string 8504 + name: 8505 + description: Name is the name of the release. 8506 + type: string 8507 + namespace: 8508 + description: Namespace is the namespace the release is deployed 8509 + to. 8510 + type: string 8511 + ociDigest: 8512 + description: OCIDigest is the digest of the OCI artifact associated 8513 + with the release. 8514 + type: string 8515 + status: 8516 + description: Status is the current state of the release. 8517 + type: string 8518 + testHooks: 8519 + additionalProperties: 8520 + description: |- 8521 + TestHookStatus holds the status information for a test hook as observed 8522 + to be run by the controller. 8523 + properties: 8524 + lastCompleted: 8525 + description: LastCompleted is the time the test hook last 8526 + completed. 8527 + format: date-time 8528 + type: string 8529 + lastStarted: 8530 + description: LastStarted is the time the test hook was 8531 + last started. 8532 + format: date-time 8533 + type: string 8534 + phase: 8535 + description: Phase the test hook was observed to be in. 8536 + type: string 8537 + type: object 8538 + description: |- 8539 + TestHooks is the list of test hooks for the release as observed to be 8540 + run by the controller. 8541 + type: object 8542 + version: 8543 + description: Version is the version of the release object in 8544 + storage. 8545 + type: integer 8546 + required: 8547 + - chartName 8548 + - chartVersion 8549 + - configDigest 8550 + - digest 8551 + - firstDeployed 8552 + - lastDeployed 8553 + - name 8554 + - namespace 8555 + - status 8556 + - version 8557 + type: object 8558 + type: array 8559 + installFailures: 8560 + description: |- 8561 + InstallFailures is the install failure count against the latest desired 8562 + state. It is reset after a successful reconciliation. 8563 + format: int64 8564 + type: integer 8565 + lastAppliedRevision: 8566 + description: |- 8567 + LastAppliedRevision is the revision of the last successfully applied 8568 + source. 8569 + 8570 + Deprecated: the revision can now be found in the History. 8571 + type: string 8572 + lastAttemptedConfigDigest: 8573 + description: |- 8574 + LastAttemptedConfigDigest is the digest for the config (better known as 8575 + "values") of the last reconciliation attempt. 8576 + type: string 8577 + lastAttemptedGeneration: 8578 + description: |- 8579 + LastAttemptedGeneration is the last generation the controller attempted 8580 + to reconcile. 8581 + format: int64 8582 + type: integer 8583 + lastAttemptedReleaseAction: 8584 + description: |- 8585 + LastAttemptedReleaseAction is the last release action performed for this 8586 + HelmRelease. It is used to determine the active remediation strategy. 8587 + enum: 8588 + - install 8589 + - upgrade 8590 + type: string 8591 + lastAttemptedRevision: 8592 + description: |- 8593 + LastAttemptedRevision is the Source revision of the last reconciliation 8594 + attempt. For OCIRepository sources, the 12 first characters of the digest are 8595 + appended to the chart version e.g. "1.2.3+1234567890ab". 8596 + type: string 8597 + lastAttemptedRevisionDigest: 8598 + description: |- 8599 + LastAttemptedRevisionDigest is the digest of the last reconciliation attempt. 8600 + This is only set for OCIRepository sources. 8601 + type: string 8602 + lastAttemptedValuesChecksum: 8603 + description: |- 8604 + LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last 8605 + reconciliation attempt. 8606 + 8607 + Deprecated: Use LastAttemptedConfigDigest instead. 8608 + type: string 8609 + lastHandledForceAt: 8610 + description: |- 8611 + LastHandledForceAt holds the value of the most recent force request 8612 + value, so a change of the annotation value can be detected. 8613 + type: string 8614 + lastHandledReconcileAt: 8615 + description: |- 8616 + LastHandledReconcileAt holds the value of the most recent 8617 + reconcile request value, so a change of the annotation value 8618 + can be detected. 8619 + type: string 8620 + lastHandledResetAt: 8621 + description: |- 8622 + LastHandledResetAt holds the value of the most recent reset request 8623 + value, so a change of the annotation value can be detected. 8624 + type: string 8625 + lastReleaseRevision: 8626 + description: |- 8627 + LastReleaseRevision is the revision of the last successful Helm release. 8628 + 8629 + Deprecated: Use History instead. 8630 + type: integer 8631 + observedGeneration: 8632 + description: ObservedGeneration is the last observed generation. 8633 + format: int64 8634 + type: integer 8635 + observedPostRenderersDigest: 8636 + description: |- 8637 + ObservedPostRenderersDigest is the digest for the post-renderers of 8638 + the last successful reconciliation attempt. 8639 + type: string 8640 + storageNamespace: 8641 + description: |- 8642 + StorageNamespace is the namespace of the Helm release storage for the 8643 + current release. 8644 + maxLength: 63 8645 + minLength: 1 8646 + type: string 8647 + upgradeFailures: 8648 + description: |- 8649 + UpgradeFailures is the upgrade failure count against the latest desired 8650 + state. It is reset after a successful reconciliation. 8651 + format: int64 8652 + type: integer 8653 + type: object 8654 + type: object 8655 + served: true 8656 + storage: false 8657 + subresources: 8658 + status: {} 8659 + --- 8660 + apiVersion: v1 8661 + kind: ServiceAccount 8662 + metadata: 8663 + labels: 8664 + app.kubernetes.io/component: helm-controller 8665 + app.kubernetes.io/instance: flux-system 8666 + app.kubernetes.io/part-of: flux 8667 + app.kubernetes.io/version: v2.7.3 8668 + name: helm-controller 8669 + namespace: flux-system 8670 + --- 8671 + apiVersion: apps/v1 8672 + kind: Deployment 8673 + metadata: 8674 + labels: 8675 + app.kubernetes.io/component: helm-controller 8676 + app.kubernetes.io/instance: flux-system 8677 + app.kubernetes.io/part-of: flux 8678 + app.kubernetes.io/version: v2.7.3 8679 + control-plane: controller 8680 + name: helm-controller 8681 + namespace: flux-system 8682 + spec: 8683 + replicas: 1 8684 + selector: 8685 + matchLabels: 8686 + app: helm-controller 8687 + template: 8688 + metadata: 8689 + annotations: 8690 + prometheus.io/port: "8080" 8691 + prometheus.io/scrape: "true" 8692 + labels: 8693 + app: helm-controller 8694 + app.kubernetes.io/component: helm-controller 8695 + app.kubernetes.io/instance: flux-system 8696 + app.kubernetes.io/part-of: flux 8697 + app.kubernetes.io/version: v2.7.3 8698 + spec: 8699 + containers: 8700 + - args: 8701 + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ 8702 + - --watch-all-namespaces=true 8703 + - --log-level=info 8704 + - --log-encoding=json 8705 + - --enable-leader-election 8706 + env: 8707 + - name: RUNTIME_NAMESPACE 8708 + valueFrom: 8709 + fieldRef: 8710 + fieldPath: metadata.namespace 8711 + - name: GOMEMLIMIT 8712 + valueFrom: 8713 + resourceFieldRef: 8714 + containerName: manager 8715 + resource: limits.memory 8716 + image: ghcr.io/fluxcd/helm-controller:v1.4.3 8717 + imagePullPolicy: IfNotPresent 8718 + livenessProbe: 8719 + httpGet: 8720 + path: /healthz 8721 + port: healthz 8722 + name: manager 8723 + ports: 8724 + - containerPort: 8080 8725 + name: http-prom 8726 + protocol: TCP 8727 + - containerPort: 9440 8728 + name: healthz 8729 + protocol: TCP 8730 + readinessProbe: 8731 + httpGet: 8732 + path: /readyz 8733 + port: healthz 8734 + resources: 8735 + limits: 8736 + cpu: 1000m 8737 + memory: 1Gi 8738 + requests: 8739 + cpu: 100m 8740 + memory: 64Mi 8741 + securityContext: 8742 + allowPrivilegeEscalation: false 8743 + capabilities: 8744 + drop: 8745 + - ALL 8746 + readOnlyRootFilesystem: true 8747 + runAsNonRoot: true 8748 + seccompProfile: 8749 + type: RuntimeDefault 8750 + volumeMounts: 8751 + - mountPath: /tmp 8752 + name: temp 8753 + nodeSelector: 8754 + kubernetes.io/os: linux 8755 + priorityClassName: system-cluster-critical 8756 + securityContext: 8757 + fsGroup: 1337 8758 + serviceAccountName: helm-controller 8759 + terminationGracePeriodSeconds: 600 8760 + volumes: 8761 + - emptyDir: {} 8762 + name: temp 8763 + --- 8764 + apiVersion: apiextensions.k8s.io/v1 8765 + kind: CustomResourceDefinition 8766 + metadata: 8767 + annotations: 8768 + controller-gen.kubebuilder.io/version: v0.19.0 8769 + labels: 8770 + app.kubernetes.io/component: notification-controller 8771 + app.kubernetes.io/instance: flux-system 8772 + app.kubernetes.io/part-of: flux 8773 + app.kubernetes.io/version: v2.7.3 8774 + name: alerts.notification.toolkit.fluxcd.io 8775 + spec: 8776 + group: notification.toolkit.fluxcd.io 8777 + names: 8778 + kind: Alert 8779 + listKind: AlertList 8780 + plural: alerts 8781 + singular: alert 8782 + scope: Namespaced 8783 + versions: 8784 + - additionalPrinterColumns: 8785 + - jsonPath: .metadata.creationTimestamp 8786 + name: Age 8787 + type: date 8788 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 8789 + name: Ready 8790 + type: string 8791 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 8792 + name: Status 8793 + type: string 8794 + deprecated: true 8795 + deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3 8796 + name: v1beta2 8797 + schema: 8798 + openAPIV3Schema: 8799 + description: Alert is the Schema for the alerts API 8800 + properties: 8801 + apiVersion: 8802 + description: |- 8803 + APIVersion defines the versioned schema of this representation of an object. 8804 + Servers should convert recognized schemas to the latest internal value, and 8805 + may reject unrecognized values. 8806 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 8807 + type: string 8808 + kind: 8809 + description: |- 8810 + Kind is a string value representing the REST resource this object represents. 8811 + Servers may infer this from the endpoint the client submits requests to. 8812 + Cannot be updated. 8813 + In CamelCase. 8814 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 8815 + type: string 8816 + metadata: 8817 + type: object 8818 + spec: 8819 + description: AlertSpec defines an alerting rule for events involving a 8820 + list of objects. 8821 + properties: 8822 + eventMetadata: 8823 + additionalProperties: 8824 + type: string 8825 + description: |- 8826 + EventMetadata is an optional field for adding metadata to events dispatched by the 8827 + controller. This can be used for enhancing the context of the event. If a field 8828 + would override one already present on the original event as generated by the emitter, 8829 + then the override doesn't happen, i.e. the original value is preserved, and an info 8830 + log is printed. 8831 + type: object 8832 + eventSeverity: 8833 + default: info 8834 + description: |- 8835 + EventSeverity specifies how to filter events based on severity. 8836 + If set to 'info' no events will be filtered. 8837 + enum: 8838 + - info 8839 + - error 8840 + type: string 8841 + eventSources: 8842 + description: |- 8843 + EventSources specifies how to filter events based 8844 + on the involved object kind, name and namespace. 8845 + items: 8846 + description: |- 8847 + CrossNamespaceObjectReference contains enough information to let you locate the 8848 + typed referenced object at cluster level 8849 + properties: 8850 + apiVersion: 8851 + description: API version of the referent 8852 + type: string 8853 + kind: 8854 + description: Kind of the referent 8855 + enum: 8856 + - Bucket 8857 + - GitRepository 8858 + - Kustomization 8859 + - HelmRelease 8860 + - HelmChart 8861 + - HelmRepository 8862 + - ImageRepository 8863 + - ImagePolicy 8864 + - ImageUpdateAutomation 8865 + - OCIRepository 8866 + type: string 8867 + matchLabels: 8868 + additionalProperties: 8869 + type: string 8870 + description: |- 8871 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 8872 + map is equivalent to an element of matchExpressions, whose key field is "key", the 8873 + operator is "In", and the values array contains only "value". The requirements are ANDed. 8874 + MatchLabels requires the name to be set to `*`. 8875 + type: object 8876 + name: 8877 + description: |- 8878 + Name of the referent 8879 + If multiple resources are targeted `*` may be set. 8880 + maxLength: 253 8881 + minLength: 1 8882 + type: string 8883 + namespace: 8884 + description: Namespace of the referent 8885 + maxLength: 253 8886 + minLength: 1 8887 + type: string 8888 + required: 8889 + - kind 8890 + - name 8891 + type: object 8892 + type: array 8893 + exclusionList: 8894 + description: |- 8895 + ExclusionList specifies a list of Golang regular expressions 8896 + to be used for excluding messages. 8897 + items: 8898 + type: string 8899 + type: array 8900 + inclusionList: 8901 + description: |- 8902 + InclusionList specifies a list of Golang regular expressions 8903 + to be used for including messages. 8904 + items: 8905 + type: string 8906 + type: array 8907 + providerRef: 8908 + description: ProviderRef specifies which Provider this Alert should 8909 + use. 8910 + properties: 8911 + name: 8912 + description: Name of the referent. 8913 + type: string 8914 + required: 8915 + - name 8916 + type: object 8917 + summary: 8918 + description: Summary holds a short description of the impact and affected 8919 + cluster. 8920 + maxLength: 255 8921 + type: string 8922 + suspend: 8923 + description: |- 8924 + Suspend tells the controller to suspend subsequent 8925 + events handling for this Alert. 8926 + type: boolean 8927 + required: 8928 + - eventSources 8929 + - providerRef 8930 + type: object 8931 + status: 8932 + default: 8933 + observedGeneration: -1 8934 + description: AlertStatus defines the observed state of the Alert. 8935 + properties: 8936 + conditions: 8937 + description: Conditions holds the conditions for the Alert. 8938 + items: 8939 + description: Condition contains details for one aspect of the current 8940 + state of this API Resource. 8941 + properties: 8942 + lastTransitionTime: 8943 + description: |- 8944 + lastTransitionTime is the last time the condition transitioned from one status to another. 8945 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 8946 + format: date-time 8947 + type: string 8948 + message: 8949 + description: |- 8950 + message is a human readable message indicating details about the transition. 8951 + This may be an empty string. 8952 + maxLength: 32768 8953 + type: string 8954 + observedGeneration: 8955 + description: |- 8956 + observedGeneration represents the .metadata.generation that the condition was set based upon. 8957 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 8958 + with respect to the current state of the instance. 8959 + format: int64 8960 + minimum: 0 8961 + type: integer 8962 + reason: 8963 + description: |- 8964 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 8965 + Producers of specific condition types may define expected values and meanings for this field, 8966 + and whether the values are considered a guaranteed API. 8967 + The value should be a CamelCase string. 8968 + This field may not be empty. 8969 + maxLength: 1024 8970 + minLength: 1 8971 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 8972 + type: string 8973 + status: 8974 + description: status of the condition, one of True, False, Unknown. 8975 + enum: 8976 + - "True" 8977 + - "False" 8978 + - Unknown 8979 + type: string 8980 + type: 8981 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 8982 + maxLength: 316 8983 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 8984 + type: string 8985 + required: 8986 + - lastTransitionTime 8987 + - message 8988 + - reason 8989 + - status 8990 + - type 8991 + type: object 8992 + type: array 8993 + lastHandledReconcileAt: 8994 + description: |- 8995 + LastHandledReconcileAt holds the value of the most recent 8996 + reconcile request value, so a change of the annotation value 8997 + can be detected. 8998 + type: string 8999 + observedGeneration: 9000 + description: ObservedGeneration is the last observed generation. 9001 + format: int64 9002 + type: integer 9003 + type: object 9004 + type: object 9005 + served: true 9006 + storage: false 9007 + subresources: 9008 + status: {} 9009 + - additionalPrinterColumns: 9010 + - jsonPath: .metadata.creationTimestamp 9011 + name: Age 9012 + type: date 9013 + name: v1beta3 9014 + schema: 9015 + openAPIV3Schema: 9016 + description: Alert is the Schema for the alerts API 9017 + properties: 9018 + apiVersion: 9019 + description: |- 9020 + APIVersion defines the versioned schema of this representation of an object. 9021 + Servers should convert recognized schemas to the latest internal value, and 9022 + may reject unrecognized values. 9023 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 9024 + type: string 9025 + kind: 9026 + description: |- 9027 + Kind is a string value representing the REST resource this object represents. 9028 + Servers may infer this from the endpoint the client submits requests to. 9029 + Cannot be updated. 9030 + In CamelCase. 9031 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 9032 + type: string 9033 + metadata: 9034 + type: object 9035 + spec: 9036 + description: AlertSpec defines an alerting rule for events involving a 9037 + list of objects. 9038 + properties: 9039 + eventMetadata: 9040 + additionalProperties: 9041 + type: string 9042 + description: |- 9043 + EventMetadata is an optional field for adding metadata to events dispatched by the 9044 + controller. This can be used for enhancing the context of the event. If a field 9045 + would override one already present on the original event as generated by the emitter, 9046 + then the override doesn't happen, i.e. the original value is preserved, and an info 9047 + log is printed. 9048 + type: object 9049 + eventSeverity: 9050 + default: info 9051 + description: |- 9052 + EventSeverity specifies how to filter events based on severity. 9053 + If set to 'info' no events will be filtered. 9054 + enum: 9055 + - info 9056 + - error 9057 + type: string 9058 + eventSources: 9059 + description: |- 9060 + EventSources specifies how to filter events based 9061 + on the involved object kind, name and namespace. 9062 + items: 9063 + description: |- 9064 + CrossNamespaceObjectReference contains enough information to let you locate the 9065 + typed referenced object at cluster level 9066 + properties: 9067 + apiVersion: 9068 + description: API version of the referent 9069 + type: string 9070 + kind: 9071 + description: Kind of the referent 9072 + enum: 9073 + - Bucket 9074 + - GitRepository 9075 + - Kustomization 9076 + - HelmRelease 9077 + - HelmChart 9078 + - HelmRepository 9079 + - ImageRepository 9080 + - ImagePolicy 9081 + - ImageUpdateAutomation 9082 + - OCIRepository 9083 + type: string 9084 + matchLabels: 9085 + additionalProperties: 9086 + type: string 9087 + description: |- 9088 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 9089 + map is equivalent to an element of matchExpressions, whose key field is "key", the 9090 + operator is "In", and the values array contains only "value". The requirements are ANDed. 9091 + MatchLabels requires the name to be set to `*`. 9092 + type: object 9093 + name: 9094 + description: |- 9095 + Name of the referent 9096 + If multiple resources are targeted `*` may be set. 9097 + maxLength: 253 9098 + minLength: 1 9099 + type: string 9100 + namespace: 9101 + description: Namespace of the referent 9102 + maxLength: 253 9103 + minLength: 1 9104 + type: string 9105 + required: 9106 + - kind 9107 + - name 9108 + type: object 9109 + type: array 9110 + exclusionList: 9111 + description: |- 9112 + ExclusionList specifies a list of Golang regular expressions 9113 + to be used for excluding messages. 9114 + items: 9115 + type: string 9116 + type: array 9117 + inclusionList: 9118 + description: |- 9119 + InclusionList specifies a list of Golang regular expressions 9120 + to be used for including messages. 9121 + items: 9122 + type: string 9123 + type: array 9124 + providerRef: 9125 + description: ProviderRef specifies which Provider this Alert should 9126 + use. 9127 + properties: 9128 + name: 9129 + description: Name of the referent. 9130 + type: string 9131 + required: 9132 + - name 9133 + type: object 9134 + summary: 9135 + description: |- 9136 + Summary holds a short description of the impact and affected cluster. 9137 + Deprecated: Use EventMetadata instead. 9138 + maxLength: 255 9139 + type: string 9140 + suspend: 9141 + description: |- 9142 + Suspend tells the controller to suspend subsequent 9143 + events handling for this Alert. 9144 + type: boolean 9145 + required: 9146 + - eventSources 9147 + - providerRef 9148 + type: object 9149 + type: object 9150 + served: true 9151 + storage: true 9152 + subresources: {} 9153 + --- 9154 + apiVersion: apiextensions.k8s.io/v1 9155 + kind: CustomResourceDefinition 9156 + metadata: 9157 + annotations: 9158 + controller-gen.kubebuilder.io/version: v0.19.0 9159 + labels: 9160 + app.kubernetes.io/component: notification-controller 9161 + app.kubernetes.io/instance: flux-system 9162 + app.kubernetes.io/part-of: flux 9163 + app.kubernetes.io/version: v2.7.3 9164 + name: providers.notification.toolkit.fluxcd.io 9165 + spec: 9166 + group: notification.toolkit.fluxcd.io 9167 + names: 9168 + kind: Provider 9169 + listKind: ProviderList 9170 + plural: providers 9171 + singular: provider 9172 + scope: Namespaced 9173 + versions: 9174 + - additionalPrinterColumns: 9175 + - jsonPath: .metadata.creationTimestamp 9176 + name: Age 9177 + type: date 9178 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 9179 + name: Ready 9180 + type: string 9181 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 9182 + name: Status 9183 + type: string 9184 + deprecated: true 9185 + deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3 9186 + name: v1beta2 9187 + schema: 9188 + openAPIV3Schema: 9189 + description: Provider is the Schema for the providers API. 9190 + properties: 9191 + apiVersion: 9192 + description: |- 9193 + APIVersion defines the versioned schema of this representation of an object. 9194 + Servers should convert recognized schemas to the latest internal value, and 9195 + may reject unrecognized values. 9196 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 9197 + type: string 9198 + kind: 9199 + description: |- 9200 + Kind is a string value representing the REST resource this object represents. 9201 + Servers may infer this from the endpoint the client submits requests to. 9202 + Cannot be updated. 9203 + In CamelCase. 9204 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 9205 + type: string 9206 + metadata: 9207 + type: object 9208 + spec: 9209 + description: ProviderSpec defines the desired state of the Provider. 9210 + properties: 9211 + address: 9212 + description: |- 9213 + Address specifies the endpoint, in a generic sense, to where alerts are sent. 9214 + What kind of endpoint depends on the specific Provider type being used. 9215 + For the generic Provider, for example, this is an HTTP/S address. 9216 + For other Provider types this could be a project ID or a namespace. 9217 + maxLength: 2048 9218 + type: string 9219 + certSecretRef: 9220 + description: |- 9221 + CertSecretRef specifies the Secret containing 9222 + a PEM-encoded CA certificate (in the `ca.crt` key). 9223 + 9224 + Note: Support for the `caFile` key has 9225 + been deprecated. 9226 + properties: 9227 + name: 9228 + description: Name of the referent. 9229 + type: string 9230 + required: 9231 + - name 9232 + type: object 9233 + channel: 9234 + description: Channel specifies the destination channel where events 9235 + should be posted. 9236 + maxLength: 2048 9237 + type: string 9238 + interval: 9239 + description: Interval at which to reconcile the Provider with its 9240 + Secret references. 9241 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 9242 + type: string 9243 + proxy: 9244 + description: Proxy the HTTP/S address of the proxy server. 9245 + maxLength: 2048 9246 + pattern: ^(http|https)://.*$ 9247 + type: string 9248 + secretRef: 9249 + description: |- 9250 + SecretRef specifies the Secret containing the authentication 9251 + credentials for this Provider. 9252 + properties: 9253 + name: 9254 + description: Name of the referent. 9255 + type: string 9256 + required: 9257 + - name 9258 + type: object 9259 + suspend: 9260 + description: |- 9261 + Suspend tells the controller to suspend subsequent 9262 + events handling for this Provider. 9263 + type: boolean 9264 + timeout: 9265 + description: Timeout for sending alerts to the Provider. 9266 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 9267 + type: string 9268 + type: 9269 + description: Type specifies which Provider implementation to use. 9270 + enum: 9271 + - slack 9272 + - discord 9273 + - msteams 9274 + - rocket 9275 + - generic 9276 + - generic-hmac 9277 + - github 9278 + - gitlab 9279 + - gitea 9280 + - bitbucketserver 9281 + - bitbucket 9282 + - azuredevops 9283 + - googlechat 9284 + - googlepubsub 9285 + - webex 9286 + - sentry 9287 + - azureeventhub 9288 + - telegram 9289 + - lark 9290 + - matrix 9291 + - opsgenie 9292 + - alertmanager 9293 + - grafana 9294 + - githubdispatch 9295 + - pagerduty 9296 + - datadog 9297 + type: string 9298 + username: 9299 + description: Username specifies the name under which events are posted. 9300 + maxLength: 2048 9301 + type: string 9302 + required: 9303 + - type 9304 + type: object 9305 + status: 9306 + default: 9307 + observedGeneration: -1 9308 + description: ProviderStatus defines the observed state of the Provider. 9309 + properties: 9310 + conditions: 9311 + description: Conditions holds the conditions for the Provider. 9312 + items: 9313 + description: Condition contains details for one aspect of the current 9314 + state of this API Resource. 9315 + properties: 9316 + lastTransitionTime: 9317 + description: |- 9318 + lastTransitionTime is the last time the condition transitioned from one status to another. 9319 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 9320 + format: date-time 9321 + type: string 9322 + message: 9323 + description: |- 9324 + message is a human readable message indicating details about the transition. 9325 + This may be an empty string. 9326 + maxLength: 32768 9327 + type: string 9328 + observedGeneration: 9329 + description: |- 9330 + observedGeneration represents the .metadata.generation that the condition was set based upon. 9331 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 9332 + with respect to the current state of the instance. 9333 + format: int64 9334 + minimum: 0 9335 + type: integer 9336 + reason: 9337 + description: |- 9338 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 9339 + Producers of specific condition types may define expected values and meanings for this field, 9340 + and whether the values are considered a guaranteed API. 9341 + The value should be a CamelCase string. 9342 + This field may not be empty. 9343 + maxLength: 1024 9344 + minLength: 1 9345 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 9346 + type: string 9347 + status: 9348 + description: status of the condition, one of True, False, Unknown. 9349 + enum: 9350 + - "True" 9351 + - "False" 9352 + - Unknown 9353 + type: string 9354 + type: 9355 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 9356 + maxLength: 316 9357 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 9358 + type: string 9359 + required: 9360 + - lastTransitionTime 9361 + - message 9362 + - reason 9363 + - status 9364 + - type 9365 + type: object 9366 + type: array 9367 + lastHandledReconcileAt: 9368 + description: |- 9369 + LastHandledReconcileAt holds the value of the most recent 9370 + reconcile request value, so a change of the annotation value 9371 + can be detected. 9372 + type: string 9373 + observedGeneration: 9374 + description: ObservedGeneration is the last reconciled generation. 9375 + format: int64 9376 + type: integer 9377 + type: object 9378 + type: object 9379 + served: true 9380 + storage: false 9381 + subresources: 9382 + status: {} 9383 + - additionalPrinterColumns: 9384 + - jsonPath: .metadata.creationTimestamp 9385 + name: Age 9386 + type: date 9387 + name: v1beta3 9388 + schema: 9389 + openAPIV3Schema: 9390 + description: Provider is the Schema for the providers API 9391 + properties: 9392 + apiVersion: 9393 + description: |- 9394 + APIVersion defines the versioned schema of this representation of an object. 9395 + Servers should convert recognized schemas to the latest internal value, and 9396 + may reject unrecognized values. 9397 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 9398 + type: string 9399 + kind: 9400 + description: |- 9401 + Kind is a string value representing the REST resource this object represents. 9402 + Servers may infer this from the endpoint the client submits requests to. 9403 + Cannot be updated. 9404 + In CamelCase. 9405 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 9406 + type: string 9407 + metadata: 9408 + type: object 9409 + spec: 9410 + description: ProviderSpec defines the desired state of the Provider. 9411 + properties: 9412 + address: 9413 + description: |- 9414 + Address specifies the endpoint, in a generic sense, to where alerts are sent. 9415 + What kind of endpoint depends on the specific Provider type being used. 9416 + For the generic Provider, for example, this is an HTTP/S address. 9417 + For other Provider types this could be a project ID or a namespace. 9418 + maxLength: 2048 9419 + type: string 9420 + certSecretRef: 9421 + description: |- 9422 + CertSecretRef specifies the Secret containing TLS certificates 9423 + for secure communication. 9424 + 9425 + Supported configurations: 9426 + - CA-only: Server authentication (provide ca.crt only) 9427 + - mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key) 9428 + - Client-only: Client authentication with system CA (provide tls.crt + tls.key only) 9429 + 9430 + Legacy keys "caFile", "certFile", "keyFile" are supported but deprecated. Use "ca.crt", "tls.crt", "tls.key" instead. 9431 + properties: 9432 + name: 9433 + description: Name of the referent. 9434 + type: string 9435 + required: 9436 + - name 9437 + type: object 9438 + channel: 9439 + description: Channel specifies the destination channel where events 9440 + should be posted. 9441 + maxLength: 2048 9442 + type: string 9443 + commitStatusExpr: 9444 + description: |- 9445 + CommitStatusExpr is a CEL expression that evaluates to a string value 9446 + that can be used to generate a custom commit status message for use 9447 + with eligible Provider types (github, gitlab, gitea, bitbucketserver, 9448 + bitbucket, azuredevops). Supported variables are: event, provider, 9449 + and alert. 9450 + type: string 9451 + interval: 9452 + description: |- 9453 + Interval at which to reconcile the Provider with its Secret references. 9454 + Deprecated and not used in v1beta3. 9455 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 9456 + type: string 9457 + proxy: 9458 + description: |- 9459 + Proxy the HTTP/S address of the proxy server. 9460 + Deprecated: Use ProxySecretRef instead. Will be removed in v1. 9461 + maxLength: 2048 9462 + pattern: ^(http|https)://.*$ 9463 + type: string 9464 + proxySecretRef: 9465 + description: |- 9466 + ProxySecretRef specifies the Secret containing the proxy configuration 9467 + for this Provider. The Secret should contain an 'address' key with the 9468 + HTTP/S address of the proxy server. Optional 'username' and 'password' 9469 + keys can be provided for proxy authentication. 9470 + properties: 9471 + name: 9472 + description: Name of the referent. 9473 + type: string 9474 + required: 9475 + - name 9476 + type: object 9477 + secretRef: 9478 + description: |- 9479 + SecretRef specifies the Secret containing the authentication 9480 + credentials for this Provider. 9481 + properties: 9482 + name: 9483 + description: Name of the referent. 9484 + type: string 9485 + required: 9486 + - name 9487 + type: object 9488 + serviceAccountName: 9489 + description: |- 9490 + ServiceAccountName is the name of the Kubernetes ServiceAccount used to 9491 + authenticate with cloud provider services through workload identity. 9492 + This enables multi-tenant authentication without storing static credentials. 9493 + 9494 + Supported provider types: azureeventhub, azuredevops, googlepubsub 9495 + 9496 + When specified, the controller will: 9497 + 1. Create an OIDC token for the specified ServiceAccount 9498 + 2. Exchange it for cloud provider credentials via STS 9499 + 3. Use the obtained credentials for API authentication 9500 + 9501 + When unspecified, controller-level authentication is used (single-tenant). 9502 + 9503 + An error is thrown if static credentials are also defined in SecretRef. 9504 + This field requires the ObjectLevelWorkloadIdentity feature gate to be enabled. 9505 + type: string 9506 + suspend: 9507 + description: |- 9508 + Suspend tells the controller to suspend subsequent 9509 + events handling for this Provider. 9510 + type: boolean 9511 + timeout: 9512 + description: Timeout for sending alerts to the Provider. 9513 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 9514 + type: string 9515 + type: 9516 + description: Type specifies which Provider implementation to use. 9517 + enum: 9518 + - slack 9519 + - discord 9520 + - msteams 9521 + - rocket 9522 + - generic 9523 + - generic-hmac 9524 + - github 9525 + - gitlab 9526 + - gitea 9527 + - bitbucketserver 9528 + - bitbucket 9529 + - azuredevops 9530 + - googlechat 9531 + - googlepubsub 9532 + - webex 9533 + - sentry 9534 + - azureeventhub 9535 + - telegram 9536 + - lark 9537 + - matrix 9538 + - opsgenie 9539 + - alertmanager 9540 + - grafana 9541 + - githubdispatch 9542 + - pagerduty 9543 + - datadog 9544 + - nats 9545 + - zulip 9546 + - otel 9547 + type: string 9548 + username: 9549 + description: Username specifies the name under which events are posted. 9550 + maxLength: 2048 9551 + type: string 9552 + required: 9553 + - type 9554 + type: object 9555 + x-kubernetes-validations: 9556 + - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', 9557 + 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types 9558 + rule: self.type == 'github' || self.type == 'gitlab' || self.type == 9559 + 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' 9560 + || self.type == 'azuredevops' || !has(self.commitStatusExpr) 9561 + type: object 9562 + served: true 9563 + storage: true 9564 + subresources: {} 9565 + --- 9566 + apiVersion: apiextensions.k8s.io/v1 9567 + kind: CustomResourceDefinition 9568 + metadata: 9569 + annotations: 9570 + controller-gen.kubebuilder.io/version: v0.19.0 9571 + labels: 9572 + app.kubernetes.io/component: notification-controller 9573 + app.kubernetes.io/instance: flux-system 9574 + app.kubernetes.io/part-of: flux 9575 + app.kubernetes.io/version: v2.7.3 9576 + name: receivers.notification.toolkit.fluxcd.io 9577 + spec: 9578 + group: notification.toolkit.fluxcd.io 9579 + names: 9580 + kind: Receiver 9581 + listKind: ReceiverList 9582 + plural: receivers 9583 + singular: receiver 9584 + scope: Namespaced 9585 + versions: 9586 + - additionalPrinterColumns: 9587 + - jsonPath: .metadata.creationTimestamp 9588 + name: Age 9589 + type: date 9590 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 9591 + name: Ready 9592 + type: string 9593 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 9594 + name: Status 9595 + type: string 9596 + name: v1 9597 + schema: 9598 + openAPIV3Schema: 9599 + description: Receiver is the Schema for the receivers API. 9600 + properties: 9601 + apiVersion: 9602 + description: |- 9603 + APIVersion defines the versioned schema of this representation of an object. 9604 + Servers should convert recognized schemas to the latest internal value, and 9605 + may reject unrecognized values. 9606 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 9607 + type: string 9608 + kind: 9609 + description: |- 9610 + Kind is a string value representing the REST resource this object represents. 9611 + Servers may infer this from the endpoint the client submits requests to. 9612 + Cannot be updated. 9613 + In CamelCase. 9614 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 9615 + type: string 9616 + metadata: 9617 + type: object 9618 + spec: 9619 + description: ReceiverSpec defines the desired state of the Receiver. 9620 + properties: 9621 + events: 9622 + description: |- 9623 + Events specifies the list of event types to handle, 9624 + e.g. 'push' for GitHub or 'Push Hook' for GitLab. 9625 + items: 9626 + type: string 9627 + type: array 9628 + interval: 9629 + default: 10m 9630 + description: Interval at which to reconcile the Receiver with its 9631 + Secret references. 9632 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 9633 + type: string 9634 + resourceFilter: 9635 + description: |- 9636 + ResourceFilter is a CEL expression expected to return a boolean that is 9637 + evaluated for each resource referenced in the Resources field when a 9638 + webhook is received. If the expression returns false then the controller 9639 + will not request a reconciliation for the resource. 9640 + When the expression is specified the controller will parse it and mark 9641 + the object as terminally failed if the expression is invalid or does not 9642 + return a boolean. 9643 + type: string 9644 + resources: 9645 + description: A list of resources to be notified about changes. 9646 + items: 9647 + description: |- 9648 + CrossNamespaceObjectReference contains enough information to let you locate the 9649 + typed referenced object at cluster level 9650 + properties: 9651 + apiVersion: 9652 + description: API version of the referent 9653 + type: string 9654 + kind: 9655 + description: Kind of the referent 9656 + enum: 9657 + - Bucket 9658 + - GitRepository 9659 + - Kustomization 9660 + - HelmRelease 9661 + - HelmChart 9662 + - HelmRepository 9663 + - ImageRepository 9664 + - ImagePolicy 9665 + - ImageUpdateAutomation 9666 + - OCIRepository 9667 + type: string 9668 + matchLabels: 9669 + additionalProperties: 9670 + type: string 9671 + description: |- 9672 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 9673 + map is equivalent to an element of matchExpressions, whose key field is "key", the 9674 + operator is "In", and the values array contains only "value". The requirements are ANDed. 9675 + MatchLabels requires the name to be set to `*`. 9676 + type: object 9677 + name: 9678 + description: |- 9679 + Name of the referent 9680 + If multiple resources are targeted `*` may be set. 9681 + maxLength: 253 9682 + minLength: 1 9683 + type: string 9684 + namespace: 9685 + description: Namespace of the referent 9686 + maxLength: 253 9687 + minLength: 1 9688 + type: string 9689 + required: 9690 + - kind 9691 + - name 9692 + type: object 9693 + type: array 9694 + secretRef: 9695 + description: |- 9696 + SecretRef specifies the Secret containing the token used 9697 + to validate the payload authenticity. 9698 + properties: 9699 + name: 9700 + description: Name of the referent. 9701 + type: string 9702 + required: 9703 + - name 9704 + type: object 9705 + suspend: 9706 + description: |- 9707 + Suspend tells the controller to suspend subsequent 9708 + events handling for this receiver. 9709 + type: boolean 9710 + type: 9711 + description: |- 9712 + Type of webhook sender, used to determine 9713 + the validation procedure and payload deserialization. 9714 + enum: 9715 + - generic 9716 + - generic-hmac 9717 + - github 9718 + - gitlab 9719 + - bitbucket 9720 + - harbor 9721 + - dockerhub 9722 + - quay 9723 + - gcr 9724 + - nexus 9725 + - acr 9726 + - cdevents 9727 + type: string 9728 + required: 9729 + - resources 9730 + - secretRef 9731 + - type 9732 + type: object 9733 + status: 9734 + default: 9735 + observedGeneration: -1 9736 + description: ReceiverStatus defines the observed state of the Receiver. 9737 + properties: 9738 + conditions: 9739 + description: Conditions holds the conditions for the Receiver. 9740 + items: 9741 + description: Condition contains details for one aspect of the current 9742 + state of this API Resource. 9743 + properties: 9744 + lastTransitionTime: 9745 + description: |- 9746 + lastTransitionTime is the last time the condition transitioned from one status to another. 9747 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 9748 + format: date-time 9749 + type: string 9750 + message: 9751 + description: |- 9752 + message is a human readable message indicating details about the transition. 9753 + This may be an empty string. 9754 + maxLength: 32768 9755 + type: string 9756 + observedGeneration: 9757 + description: |- 9758 + observedGeneration represents the .metadata.generation that the condition was set based upon. 9759 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 9760 + with respect to the current state of the instance. 9761 + format: int64 9762 + minimum: 0 9763 + type: integer 9764 + reason: 9765 + description: |- 9766 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 9767 + Producers of specific condition types may define expected values and meanings for this field, 9768 + and whether the values are considered a guaranteed API. 9769 + The value should be a CamelCase string. 9770 + This field may not be empty. 9771 + maxLength: 1024 9772 + minLength: 1 9773 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 9774 + type: string 9775 + status: 9776 + description: status of the condition, one of True, False, Unknown. 9777 + enum: 9778 + - "True" 9779 + - "False" 9780 + - Unknown 9781 + type: string 9782 + type: 9783 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 9784 + maxLength: 316 9785 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 9786 + type: string 9787 + required: 9788 + - lastTransitionTime 9789 + - message 9790 + - reason 9791 + - status 9792 + - type 9793 + type: object 9794 + type: array 9795 + lastHandledReconcileAt: 9796 + description: |- 9797 + LastHandledReconcileAt holds the value of the most recent 9798 + reconcile request value, so a change of the annotation value 9799 + can be detected. 9800 + type: string 9801 + observedGeneration: 9802 + description: ObservedGeneration is the last observed generation of 9803 + the Receiver object. 9804 + format: int64 9805 + type: integer 9806 + webhookPath: 9807 + description: |- 9808 + WebhookPath is the generated incoming webhook address in the format 9809 + of '/hook/sha256sum(token+name+namespace)'. 9810 + type: string 9811 + type: object 9812 + type: object 9813 + served: true 9814 + storage: true 9815 + subresources: 9816 + status: {} 9817 + - additionalPrinterColumns: 9818 + - jsonPath: .metadata.creationTimestamp 9819 + name: Age 9820 + type: date 9821 + - jsonPath: .status.conditions[?(@.type=="Ready")].status 9822 + name: Ready 9823 + type: string 9824 + - jsonPath: .status.conditions[?(@.type=="Ready")].message 9825 + name: Status 9826 + type: string 9827 + deprecated: true 9828 + deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 9829 + name: v1beta2 9830 + schema: 9831 + openAPIV3Schema: 9832 + description: Receiver is the Schema for the receivers API. 9833 + properties: 9834 + apiVersion: 9835 + description: |- 9836 + APIVersion defines the versioned schema of this representation of an object. 9837 + Servers should convert recognized schemas to the latest internal value, and 9838 + may reject unrecognized values. 9839 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 9840 + type: string 9841 + kind: 9842 + description: |- 9843 + Kind is a string value representing the REST resource this object represents. 9844 + Servers may infer this from the endpoint the client submits requests to. 9845 + Cannot be updated. 9846 + In CamelCase. 9847 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 9848 + type: string 9849 + metadata: 9850 + type: object 9851 + spec: 9852 + description: ReceiverSpec defines the desired state of the Receiver. 9853 + properties: 9854 + events: 9855 + description: |- 9856 + Events specifies the list of event types to handle, 9857 + e.g. 'push' for GitHub or 'Push Hook' for GitLab. 9858 + items: 9859 + type: string 9860 + type: array 9861 + interval: 9862 + description: Interval at which to reconcile the Receiver with its 9863 + Secret references. 9864 + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 9865 + type: string 9866 + resources: 9867 + description: A list of resources to be notified about changes. 9868 + items: 9869 + description: |- 9870 + CrossNamespaceObjectReference contains enough information to let you locate the 9871 + typed referenced object at cluster level 9872 + properties: 9873 + apiVersion: 9874 + description: API version of the referent 9875 + type: string 9876 + kind: 9877 + description: Kind of the referent 9878 + enum: 9879 + - Bucket 9880 + - GitRepository 9881 + - Kustomization 9882 + - HelmRelease 9883 + - HelmChart 9884 + - HelmRepository 9885 + - ImageRepository 9886 + - ImagePolicy 9887 + - ImageUpdateAutomation 9888 + - OCIRepository 9889 + type: string 9890 + matchLabels: 9891 + additionalProperties: 9892 + type: string 9893 + description: |- 9894 + MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 9895 + map is equivalent to an element of matchExpressions, whose key field is "key", the 9896 + operator is "In", and the values array contains only "value". The requirements are ANDed. 9897 + MatchLabels requires the name to be set to `*`. 9898 + type: object 9899 + name: 9900 + description: |- 9901 + Name of the referent 9902 + If multiple resources are targeted `*` may be set. 9903 + maxLength: 253 9904 + minLength: 1 9905 + type: string 9906 + namespace: 9907 + description: Namespace of the referent 9908 + maxLength: 253 9909 + minLength: 1 9910 + type: string 9911 + required: 9912 + - kind 9913 + - name 9914 + type: object 9915 + type: array 9916 + secretRef: 9917 + description: |- 9918 + SecretRef specifies the Secret containing the token used 9919 + to validate the payload authenticity. 9920 + properties: 9921 + name: 9922 + description: Name of the referent. 9923 + type: string 9924 + required: 9925 + - name 9926 + type: object 9927 + suspend: 9928 + description: |- 9929 + Suspend tells the controller to suspend subsequent 9930 + events handling for this receiver. 9931 + type: boolean 9932 + type: 9933 + description: |- 9934 + Type of webhook sender, used to determine 9935 + the validation procedure and payload deserialization. 9936 + enum: 9937 + - generic 9938 + - generic-hmac 9939 + - github 9940 + - gitlab 9941 + - bitbucket 9942 + - harbor 9943 + - dockerhub 9944 + - quay 9945 + - gcr 9946 + - nexus 9947 + - acr 9948 + type: string 9949 + required: 9950 + - resources 9951 + - secretRef 9952 + - type 9953 + type: object 9954 + status: 9955 + default: 9956 + observedGeneration: -1 9957 + description: ReceiverStatus defines the observed state of the Receiver. 9958 + properties: 9959 + conditions: 9960 + description: Conditions holds the conditions for the Receiver. 9961 + items: 9962 + description: Condition contains details for one aspect of the current 9963 + state of this API Resource. 9964 + properties: 9965 + lastTransitionTime: 9966 + description: |- 9967 + lastTransitionTime is the last time the condition transitioned from one status to another. 9968 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 9969 + format: date-time 9970 + type: string 9971 + message: 9972 + description: |- 9973 + message is a human readable message indicating details about the transition. 9974 + This may be an empty string. 9975 + maxLength: 32768 9976 + type: string 9977 + observedGeneration: 9978 + description: |- 9979 + observedGeneration represents the .metadata.generation that the condition was set based upon. 9980 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 9981 + with respect to the current state of the instance. 9982 + format: int64 9983 + minimum: 0 9984 + type: integer 9985 + reason: 9986 + description: |- 9987 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 9988 + Producers of specific condition types may define expected values and meanings for this field, 9989 + and whether the values are considered a guaranteed API. 9990 + The value should be a CamelCase string. 9991 + This field may not be empty. 9992 + maxLength: 1024 9993 + minLength: 1 9994 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 9995 + type: string 9996 + status: 9997 + description: status of the condition, one of True, False, Unknown. 9998 + enum: 9999 + - "True" 10000 + - "False" 10001 + - Unknown 10002 + type: string 10003 + type: 10004 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 10005 + maxLength: 316 10006 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 10007 + type: string 10008 + required: 10009 + - lastTransitionTime 10010 + - message 10011 + - reason 10012 + - status 10013 + - type 10014 + type: object 10015 + type: array 10016 + lastHandledReconcileAt: 10017 + description: |- 10018 + LastHandledReconcileAt holds the value of the most recent 10019 + reconcile request value, so a change of the annotation value 10020 + can be detected. 10021 + type: string 10022 + observedGeneration: 10023 + description: ObservedGeneration is the last observed generation of 10024 + the Receiver object. 10025 + format: int64 10026 + type: integer 10027 + url: 10028 + description: |- 10029 + URL is the generated incoming webhook address in the format 10030 + of '/hook/sha256sum(token+name+namespace)'. 10031 + Deprecated: Replaced by WebhookPath. 10032 + type: string 10033 + webhookPath: 10034 + description: |- 10035 + WebhookPath is the generated incoming webhook address in the format 10036 + of '/hook/sha256sum(token+name+namespace)'. 10037 + type: string 10038 + type: object 10039 + type: object 10040 + served: true 10041 + storage: false 10042 + subresources: 10043 + status: {} 10044 + --- 10045 + apiVersion: v1 10046 + kind: ServiceAccount 10047 + metadata: 10048 + labels: 10049 + app.kubernetes.io/component: notification-controller 10050 + app.kubernetes.io/instance: flux-system 10051 + app.kubernetes.io/part-of: flux 10052 + app.kubernetes.io/version: v2.7.3 10053 + name: notification-controller 10054 + namespace: flux-system 10055 + --- 10056 + apiVersion: v1 10057 + kind: Service 10058 + metadata: 10059 + labels: 10060 + app.kubernetes.io/component: notification-controller 10061 + app.kubernetes.io/instance: flux-system 10062 + app.kubernetes.io/part-of: flux 10063 + app.kubernetes.io/version: v2.7.3 10064 + control-plane: controller 10065 + name: notification-controller 10066 + namespace: flux-system 10067 + spec: 10068 + ports: 10069 + - name: http 10070 + port: 80 10071 + protocol: TCP 10072 + targetPort: http 10073 + selector: 10074 + app: notification-controller 10075 + type: ClusterIP 10076 + --- 10077 + apiVersion: v1 10078 + kind: Service 10079 + metadata: 10080 + labels: 10081 + app.kubernetes.io/component: notification-controller 10082 + app.kubernetes.io/instance: flux-system 10083 + app.kubernetes.io/part-of: flux 10084 + app.kubernetes.io/version: v2.7.3 10085 + control-plane: controller 10086 + name: webhook-receiver 10087 + namespace: flux-system 10088 + spec: 10089 + ports: 10090 + - name: http 10091 + port: 80 10092 + protocol: TCP 10093 + targetPort: http-webhook 10094 + selector: 10095 + app: notification-controller 10096 + type: ClusterIP 10097 + --- 10098 + apiVersion: apps/v1 10099 + kind: Deployment 10100 + metadata: 10101 + labels: 10102 + app.kubernetes.io/component: notification-controller 10103 + app.kubernetes.io/instance: flux-system 10104 + app.kubernetes.io/part-of: flux 10105 + app.kubernetes.io/version: v2.7.3 10106 + control-plane: controller 10107 + name: notification-controller 10108 + namespace: flux-system 10109 + spec: 10110 + replicas: 1 10111 + selector: 10112 + matchLabels: 10113 + app: notification-controller 10114 + template: 10115 + metadata: 10116 + annotations: 10117 + prometheus.io/port: "8080" 10118 + prometheus.io/scrape: "true" 10119 + labels: 10120 + app: notification-controller 10121 + app.kubernetes.io/component: notification-controller 10122 + app.kubernetes.io/instance: flux-system 10123 + app.kubernetes.io/part-of: flux 10124 + app.kubernetes.io/version: v2.7.3 10125 + spec: 10126 + containers: 10127 + - args: 10128 + - --watch-all-namespaces=true 10129 + - --log-level=info 10130 + - --log-encoding=json 10131 + - --enable-leader-election 10132 + env: 10133 + - name: RUNTIME_NAMESPACE 10134 + valueFrom: 10135 + fieldRef: 10136 + fieldPath: metadata.namespace 10137 + - name: GOMEMLIMIT 10138 + valueFrom: 10139 + resourceFieldRef: 10140 + containerName: manager 10141 + resource: limits.memory 10142 + image: ghcr.io/fluxcd/notification-controller:v1.7.4 10143 + imagePullPolicy: IfNotPresent 10144 + livenessProbe: 10145 + httpGet: 10146 + path: /healthz 10147 + port: healthz 10148 + name: manager 10149 + ports: 10150 + - containerPort: 9090 10151 + name: http 10152 + protocol: TCP 10153 + - containerPort: 9292 10154 + name: http-webhook 10155 + protocol: TCP 10156 + - containerPort: 8080 10157 + name: http-prom 10158 + protocol: TCP 10159 + - containerPort: 9440 10160 + name: healthz 10161 + protocol: TCP 10162 + readinessProbe: 10163 + httpGet: 10164 + path: /readyz 10165 + port: healthz 10166 + resources: 10167 + limits: 10168 + cpu: 1000m 10169 + memory: 1Gi 10170 + requests: 10171 + cpu: 100m 10172 + memory: 64Mi 10173 + securityContext: 10174 + allowPrivilegeEscalation: false 10175 + capabilities: 10176 + drop: 10177 + - ALL 10178 + readOnlyRootFilesystem: true 10179 + runAsNonRoot: true 10180 + seccompProfile: 10181 + type: RuntimeDefault 10182 + volumeMounts: 10183 + - mountPath: /tmp 10184 + name: temp 10185 + nodeSelector: 10186 + kubernetes.io/os: linux 10187 + securityContext: 10188 + fsGroup: 1337 10189 + serviceAccountName: notification-controller 10190 + terminationGracePeriodSeconds: 10 10191 + volumes: 10192 + - emptyDir: {} 10193 + name: temp