diff --git a/Makefile b/Makefile index bd7196e..3411f5d 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ include makefiles/dependency.mk K3S_VERSION ?= v1.24.8+k3s1 STATIC_DIR := pkg/resources/static -VELA_VERSION ?= v1.6.5 +VELA_VERSION ?= v1.7.0-alpha.1 VELAUX_VERSION ?= v1.6.4 VELAUX_IMAGE_VERSION ?= ${VELAUX_VERSION} LDFLAGS= "-X github.com/oam-dev/velad/version.VelaUXVersion=${VELAUX_VERSION} -X github.com/oam-dev/velad/version.VelaVersion=${VELA_VERSION}" diff --git a/go.mod b/go.mod index b008d15..ff8ab44 100644 --- a/go.mod +++ b/go.mod @@ -22,6 +22,17 @@ require ( sigs.k8s.io/controller-runtime v0.11.2 ) +require ( + github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect + github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/cloudflare/circl v1.1.0 // indirect + github.com/go-git/gcfg v1.5.0 // indirect + github.com/go-git/go-billy/v5 v5.3.1 // indirect + github.com/go-git/go-git/v5 v5.5.1 // indirect + github.com/pjbgf/sha1cd v0.2.3 // indirect + github.com/skeema/knownhosts v1.1.0 // indirect +) + require ( cloud.google.com/go/compute v1.7.0 // indirect cuelang.org/go v0.5.0-alpha.1 // indirect @@ -45,10 +56,8 @@ require ( github.com/Microsoft/go-winio v0.5.2 // indirect github.com/Microsoft/hcsshim v0.9.4 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.2.2 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect @@ -75,7 +84,6 @@ require ( github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect github.com/chartmuseum/helm-push v0.10.2 // indirect github.com/clbanning/mxj/v2 v2.5.5 // indirect - github.com/cloudflare/circl v1.1.0 // indirect github.com/cloudtty/cloudtty v0.2.0 // indirect github.com/cockroachdb/apd/v2 v2.0.2 // indirect github.com/containerd/cgroups v1.0.3 // indirect @@ -120,9 +128,6 @@ require ( github.com/getkin/kin-openapi v0.94.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.3.1 // indirect - github.com/go-git/go-git/v5 v5.5.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect @@ -223,7 +228,6 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pjbgf/sha1cd v0.2.3 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 // indirect github.com/prometheus/client_golang v1.12.2 // indirect @@ -238,7 +242,6 @@ require ( github.com/sergi/go-diff v1.2.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/sirupsen/logrus v1.9.0 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect github.com/spf13/afero v1.8.2 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect diff --git a/pkg/resources/static/vela/charts/vela-core/Chart.yaml b/pkg/resources/static/vela/charts/vela-core/Chart.yaml index ab59043..a5acf03 100644 --- a/pkg/resources/static/vela/charts/vela-core/Chart.yaml +++ b/pkg/resources/static/vela/charts/vela-core/Chart.yaml @@ -14,11 +14,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.6.5 +version: v1.7.0-alpha.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.6.5 +appVersion: v1.7.0-alpha.1 home: https://kubevela.io icon: https://kubevela.io/img/logo.svg diff --git a/pkg/resources/static/vela/charts/vela-core/README.md b/pkg/resources/static/vela/charts/vela-core/README.md index 61331a2..869756e 100644 --- a/pkg/resources/static/vela/charts/vela-core/README.md +++ b/pkg/resources/static/vela/charts/vela-core/README.md @@ -41,13 +41,12 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai | Name | Description | Value | | ----------------------------- | --------------------------------------------------------------------------------------------- | --------- | | `systemDefinitionNamespace` | System definition namespace, if unspecified, will use built-in variable `.Release.Namespace`. | `nil` | -| `applicationRevisionLimit` | Application revision limit | `10` | -| `definitionRevisionLimit` | Definition revision limit | `20` | +| `applicationRevisionLimit` | Application revision limit | `2` | +| `definitionRevisionLimit` | Definition revision limit | `2` | | `concurrentReconciles` | concurrentReconciles is the concurrent reconcile number of the controller | `4` | | `controllerArgs.reSyncPeriod` | The period for resync the applications | `5m` | | `OAMSpecVer` | OAMSpecVer is the oam spec version controller want to setup | `v0.3` | | `disableCaps` | Disable capability | `rollout` | -| `enableFluxcdAddon` | Whether to enable fluxcd addon | `false` | | `dependCheckWait` | dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready | `30s` | @@ -81,24 +80,25 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai ### KubeVela controller optimization parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | -| `optimize.cachedGvks` | Optimize types of resources to be cached. | `""` | -| `optimize.resourceTrackerListOp` | Optimize ResourceTracker List Op by adding index. | `true` | -| `optimize.controllerReconcileLoopReduction` | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application. | `false` | -| `optimize.markWithProb` | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately. | `0.1` | -| `optimize.disableComponentRevision` | Optimize componentRevision by disabling the creation and gc | `false` | -| `optimize.disableApplicationRevision` | Optimize ApplicationRevision by disabling the creation and gc. | `false` | -| `optimize.disableWorkflowRecorder` | Optimize workflow recorder by disabling the creation and gc. | `false` | -| `optimize.enableInMemoryWorkflowContext` | Optimize workflow by use in-memory context. | `false` | -| `optimize.disableResourceApplyDoubleCheck` | Optimize workflow by ignoring resource double check after apply. | `false` | -| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted. | `true` | -| `featureGates.enableLegacyComponentRevision` | if disabled, only component with rollout trait will create component revisions | `false` | -| `featureGates.gzipResourceTracker` | if enabled, resourceTracker will be compressed using gzip before being stored | `false` | -| `featureGates.zstdResourceTracker` | if enabled, resourceTracker will be compressed using zstd before being stored. It is much faster and more efficient than gzip. If both gzip and zstd are enabled, zstd will be used. | `false` | -| `featureGates.applyOnce` | if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker | `false` | -| `featureGates.multiStageComponentApply` | if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply. | `false` | - +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `optimize.cachedGvks` | Optimize types of resources to be cached. | `""` | +| `optimize.resourceTrackerListOp` | Optimize ResourceTracker List Op by adding index. | `true` | +| `optimize.controllerReconcileLoopReduction` | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application. | `false` | +| `optimize.markWithProb` | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately. | `0.1` | +| `optimize.disableComponentRevision` | Optimize componentRevision by disabling the creation and gc | `true` | +| `optimize.disableApplicationRevision` | Optimize ApplicationRevision by disabling the creation and gc. | `false` | +| `optimize.disableWorkflowRecorder` | Optimize workflow recorder by disabling the creation and gc. | `false` | +| `optimize.enableInMemoryWorkflowContext` | Optimize workflow by use in-memory context. | `false` | +| `optimize.disableResourceApplyDoubleCheck` | Optimize workflow by ignoring resource double check after apply. | `false` | +| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted. | `true` | +| `featureGates.enableLegacyComponentRevision` | if disabled, only component with rollout trait will create component revisions | `false` | +| `featureGates.gzipResourceTracker` | compress ResourceTracker using gzip (good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers. | `false` | +| `featureGates.zstdResourceTracker` | compress ResourceTracker using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers. Note that zstd will be prioritized if you enable other compression options. | `true` | +| `featureGates.applyOnce` | if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker | `false` | +| `featureGates.multiStageComponentApply` | if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply. | `false` | +| `featureGates.gzipApplicationRevision` | compress apprev using gzip (good) before being stored. This is reduces network throughput when dealing with huge apprevs. | `false` | +| `featureGates.zstdApplicationRevision` | compress apprev using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge apprevs. Note that zstd will be prioritized if you enable other compression options. | `true` | ### MultiCluster parameters @@ -145,8 +145,8 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai | `logDebug` | Enable debug logs for development purpose | `false` | | `logFilePath` | If non-empty, write log files in this path | `""` | | `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` | -| `kubeClient.qps` | The qps for reconcile clients, default is 50 | `50` | -| `kubeClient.burst` | The burst for reconcile clients, default is 100 | `100` | +| `kubeClient.qps` | The qps for reconcile clients, default is 100 | `100` | +| `kubeClient.burst` | The burst for reconcile clients, default is 200 | `200` | | `authentication.enabled` | Enable authentication for application | `false` | | `authentication.withUser` | Application authentication will impersonate as the request User | `false` | | `authentication.defaultUser` | Application authentication will impersonate as the User if no user provided in Application | `kubevela:vela-core` | diff --git a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml index d9689f7..57579f1 100644 --- a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml +++ b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml @@ -3199,6 +3199,16 @@ spec: description: ComponentDefinitions records the snapshot of the componentDefinitions related with the created/modified Application type: object + compression: + description: Compression represents the compressed components in apprev + in base64 (if compression is enabled). + properties: + data: + type: string + type: + description: Type the compression type + type: string + type: object policies: additionalProperties: description: Policy is the Schema for the policy API diff --git a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml index 1d5c7ac..434ac11 100644 --- a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml +++ b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml @@ -57,8 +57,8 @@ spec: format: int64 type: integer compression: - description: ResourceTrackerCompression the compression for ResourceTracker - ManagedResources + description: ResourceTrackerCompression represents the compressed + components in ResourceTracker. properties: data: type: string diff --git a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_workflows.yaml b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_workflows.yaml index f949da0..1966987 100644 --- a/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_workflows.yaml +++ b/pkg/resources/static/vela/charts/vela-core/crds/core.oam.dev_workflows.yaml @@ -10,164 +10,164 @@ spec: group: core.oam.dev names: categories: - - oam + - oam kind: Workflow listKind: WorkflowList plural: workflows singular: workflow scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Workflow is the Schema for the workflow API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Workflow is the Schema for the workflow API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - mode: - description: WorkflowExecuteMode defines the mode of workflow execution - properties: - steps: - description: Steps is the mode of workflow steps execution - type: string - subSteps: - description: SubSteps is the mode of workflow sub steps execution - type: string - type: object - steps: - items: - description: WorkflowStep defines how to execute a workflow step. + type: string + metadata: + type: object + mode: + description: WorkflowExecuteMode defines the mode of workflow execution properties: - dependsOn: - description: DependsOn is the dependency of the step - items: - type: string - type: array - if: - description: If is the if condition of the step + steps: + description: Steps is the mode of workflow steps execution + type: string + subSteps: + description: SubSteps is the mode of workflow sub steps execution type: string - inputs: - description: Inputs is the inputs of the step - items: + type: object + steps: + items: + description: WorkflowStep defines how to execute a workflow step. + properties: + dependsOn: + description: DependsOn is the dependency of the step + items: + type: string + type: array + if: + description: If is the if condition of the step + type: string + inputs: + description: Inputs is the inputs of the step + items: + properties: + from: + type: string + parameterKey: + type: string + required: + - from + - parameterKey + type: object + type: array + meta: + description: Meta is the meta data of the workflow step. properties: - from: - type: string - parameterKey: + alias: type: string - required: - - from - - parameterKey type: object - type: array - meta: - description: Meta is the meta data of the workflow step. + name: + description: Name is the unique name of the workflow step. + type: string + outputs: + description: Outputs is the outputs of the step + items: + properties: + name: + type: string + valueFrom: + type: string + required: + - name + - valueFrom + type: object + type: array properties: - alias: - type: string - type: object - name: - description: Name is the unique name of the workflow step. - type: string - outputs: - description: Outputs is the outputs of the step - items: - properties: - name: - type: string - valueFrom: - type: string - required: - - name - - valueFrom + description: Properties is the properties of the step type: object - type: array - properties: - description: Properties is the properties of the step - type: object - x-kubernetes-preserve-unknown-fields: true - subSteps: - items: - description: WorkflowStepBase defines the workflow step base - properties: - dependsOn: - description: DependsOn is the dependency of the step - items: + x-kubernetes-preserve-unknown-fields: true + subSteps: + items: + description: WorkflowStepBase defines the workflow step base + properties: + dependsOn: + description: DependsOn is the dependency of the step + items: + type: string + type: array + if: + description: If is the if condition of the step type: string - type: array - if: - description: If is the if condition of the step - type: string - inputs: - description: Inputs is the inputs of the step - items: + inputs: + description: Inputs is the inputs of the step + items: + properties: + from: + type: string + parameterKey: + type: string + required: + - from + - parameterKey + type: object + type: array + meta: + description: Meta is the meta data of the workflow step. properties: - from: - type: string - parameterKey: + alias: type: string - required: - - from - - parameterKey type: object - type: array - meta: - description: Meta is the meta data of the workflow step. + name: + description: Name is the unique name of the workflow step. + type: string + outputs: + description: Outputs is the outputs of the step + items: + properties: + name: + type: string + valueFrom: + type: string + required: + - name + - valueFrom + type: object + type: array properties: - alias: - type: string - type: object - name: - description: Name is the unique name of the workflow step. - type: string - outputs: - description: Outputs is the outputs of the step - items: - properties: - name: - type: string - valueFrom: - type: string - required: - - name - - valueFrom + description: Properties is the properties of the step type: object - type: array - properties: - description: Properties is the properties of the step - type: object - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout is the timeout of the step - type: string - type: - description: Type is the type of the workflow step. - type: string - required: - - name - - type - type: object - type: array - timeout: - description: Timeout is the timeout of the step - type: string - type: - description: Type is the type of the workflow step. - type: string - required: - - name - - type - type: object - type: array - type: object - served: true - storage: true + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout is the timeout of the step + type: string + type: + description: Type is the type of the workflow step. + type: string + required: + - name + - type + type: object + type: array + timeout: + description: Timeout is the timeout of the step + type: string + type: + description: Type is the type of the workflow step. + type: string + required: + - name + - type + type: object + type: array + type: object + served: true + storage: true diff --git a/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd-def.yaml b/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd-def.yaml deleted file mode 100644 index 10d2d37..0000000 --- a/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd-def.yaml +++ /dev/null @@ -1,270 +0,0 @@ -{{- if .Values.enableFluxcdAddon -}} -apiVersion: core.oam.dev/v1beta1 -kind: Application -metadata: - labels: - addons.oam.dev/name: fluxcd-def - name: addon-fluxcd-def - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep -spec: - components: - - name: fluxc-def-resources - properties: - objects: - - apiVersion: core.oam.dev/v1beta1 - kind: ComponentDefinition - metadata: - annotations: - definition.oam.dev/description: helm release is a group of K8s resources - from either git repository or helm repo - name: helm - namespace: {{.Values.systemDefinitionNamespace}} - spec: - schematic: - cue: - template: "output: {\n\tapiVersion: \"source.toolkit.fluxcd.io/v1beta1\"\n\tmetadata: - {\n\t\tname: context.name\n\t}\n\tif parameter.repoType == \"git\" - {\n\t\tkind: \"GitRepository\"\n\t\tspec: {\n\t\t\turl: parameter.url\n\t\t\tif - parameter.git.branch != _|_ {\n\t\t\t\tref: branch: parameter.git.branch\n\t\t\t}\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n\tif - parameter.repoType == \"oss\" {\n\t\tkind: \"Bucket\"\n\t\tspec: {\n\t\t\tendpoint: - \ parameter.url\n\t\t\tbucketName: parameter.oss.bucketName\n\t\t\tprovider: - \ parameter.oss.provider\n\t\t\tif parameter.oss.region != _|_ {\n\t\t\t\tregion: - parameter.oss.region\n\t\t\t}\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n\tif - parameter.repoType == \"helm\" {\n\t\tkind: \"HelmRepository\"\n\t\tspec: - {\n\t\t\turl: parameter.url\n\t\t\t_secret\n\t\t\t_sourceCommonArgs\n\t\t}\n\t}\n}\n\noutputs: - release: {\n\tapiVersion: \"helm.toolkit.fluxcd.io/v2beta1\"\n\tkind: - \ \"HelmRelease\"\n\tmetadata: {\n\t\tname: context.name\n\t}\n\tspec: - {\n\t\ttimeout: parameter.installTimeout\n\t\tinterval: parameter.interval\n\t\tchart: - {\n\t\t\tspec: {\n\t\t\t\tchart: parameter.chart\n\t\t\t\tversion: - parameter.version\n\t\t\t\tsourceRef: {\n\t\t\t\t\tif parameter.repoType - == \"git\" {\n\t\t\t\t\t\tkind: \"GitRepository\"\n\t\t\t\t\t}\n\t\t\t\t\tif - parameter.repoType == \"helm\" {\n\t\t\t\t\t\tkind: \"HelmRepository\"\n\t\t\t\t\t}\n\t\t\t\t\tif - parameter.repoType == \"oss\" {\n\t\t\t\t\t\tkind: \"Bucket\"\n\t\t\t\t\t}\n\t\t\t\t\tname: - \ context.name\n\t\t\t\t}\n\t\t\t\tinterval: parameter.interval\n\t\t\t}\n\t\t}\n\t\tif - parameter.targetNamespace != _|_ {\n\t\t\ttargetNamespace: parameter.targetNamespace\n\t\t}\n\t\tif - parameter.releaseName != _|_ {\n\t\t\treleaseName: parameter.releaseName\n\t\t}\n\t\tif - parameter.values != _|_ {\n\t\t\tvalues: parameter.values\n\t\t}\n\t}\n}\n\n_secret: - {\n\tif parameter.secretRef != _|_ {\n\t\tsecretRef: {\n\t\t\tname: - parameter.secretRef\n\t\t}\n\t}\n}\n\n_sourceCommonArgs: {\n\tinterval: - parameter.pullInterval\n\tif parameter.timeout != _|_ {\n\t\ttimeout: - parameter.timeout\n\t}\n}\n\nparameter: {\n\trepoType: *\"helm\" | - \"git\" | \"oss\"\n\t// +usage=The interval at which to check for - repository/bucket and relese updates, default to 5m\n\tpullInterval: - *\"5m\" | string\n // +usage=The Interval at which to reconcile - the Helm release, default to 30s\n interval: *\"30s\" | string\n\t// - +usage=The Git or Helm repository URL, OSS endpoint, accept HTTP/S - or SSH address as git url,\n\turl: string\n\t// +usage=The name of - the secret containing authentication credentials\n\tsecretRef?: string\n\t// - +usage=The timeout for operations like download index/clone repository, - optional\n\ttimeout?: string\n\t// +usage=The timeout for operation - `helm install`, optional\n\tinstallTimeout: *\"10m\" | string\n\n\tgit?: - {\n\t\t// +usage=The Git reference to checkout and monitor for changes, - defaults to master branch\n\t\tbranch: string\n\t}\n\toss?: {\n\t\t// - +usage=The bucket's name, required if repoType is oss\n\t\tbucketName: - string\n\t\t// +usage=\"generic\" for Minio, Amazon S3, Google Cloud - Storage, Alibaba Cloud OSS, \"aws\" for retrieve credentials from - the EC2 service when credentials not specified, default \"generic\"\n\t\tprovider: - *\"generic\" | \"aws\"\n\t\t// +usage=The bucket region, optional\n\t\tregion?: - string\n\t}\n\n\t// +usage=1.The relative path to helm chart for git/oss - source. 2. chart name for helm resource 3. relative path for chart - package(e.g. ./charts/podinfo-1.2.3.tgz)\n\tchart: string\n\t// +usage=Chart - version\n\tversion: *\"*\" | string\n\t// +usage=The namespace for - helm chart, optional\n\ttargetNamespace?: string\n\t// +usage=The - release name\n\treleaseName?: string\n\t// +usage=Chart values\n\tvalues?: - #nestedmap\n}\n\n#nestedmap: {\n\t...\n}\n" - status: - customStatus: "repoMessage: string\nreleaseMessage: string\nif context.output.status - == _|_ {\n\trepoMessage: \"Fetching repository\"\n\treleaseMessage: - \"Wating repository ready\"\n}\nif context.output.status != _|_ {\n\trepoStatus: - context.output.status\n\tif repoStatus.conditions[0][\"type\"] != \"Ready\" - {\n\t\trepoMessage: \"Fetch repository fail\"\n\t}\n\tif repoStatus.conditions[0][\"type\"] - == \"Ready\" {\n\t\trepoMessage: \"Fetch repository successfully\"\n\t}\n\n\tif - context.outputs.release.status == _|_ {\n\t\treleaseMessage: \"Creating - helm release\"\n\t}\n\tif context.outputs.release.status != _|_ {\n\t\tif - context.outputs.release.status.conditions[0][\"message\"] == \"Release - reconciliation succeeded\" {\n\t\t\treleaseMessage: \"Create helm release - successfully\"\n\t\t}\n\t\tif context.outputs.release.status.conditions[0][\"message\"] - != \"Release reconciliation succeeded\" {\n\t\t\treleaseBasicMessage: - \"Delivery helm release in progress, message: \" + context.outputs.release.status.conditions[0][\"message\"]\n\t\t\tif - len(context.outputs.release.status.conditions) == 1 {\n\t\t\t\treleaseMessage: - releaseBasicMessage\n\t\t\t}\n\t\t\tif len(context.outputs.release.status.conditions) - > 1 {\n\t\t\t\treleaseMessage: releaseBasicMessage + \", \" + context.outputs.release.status.conditions[1][\"message\"]\n\t\t\t}\n\t\t}\n\t}\n\n}\nmessage: - repoMessage + \", \" + releaseMessage" - healthPolicy: 'isHealth: len(context.outputs.release.status.conditions) - != 0 && context.outputs.release.status.conditions[0]["status"]=="True"' - workload: - type: autodetects.core.oam.dev - - apiVersion: core.oam.dev/v1beta1 - kind: TraitDefinition - metadata: - annotations: - definition.oam.dev/description: A list of JSON6902 patch to selected target - name: kustomize-json-patch - namespace: {{.Values.systemDefinitionNamespace}} - spec: - schematic: - cue: - template: "patch: {\n\tspec: {\n\t\tpatchesJson6902: parameter.patchesJson\n\t}\n}\n\nparameter: - {\n\t// +usage=A list of JSON6902 patch.\n\tpatchesJson: [...#jsonPatchItem]\n}\n\n// - +usage=Contains a JSON6902 patch\n#jsonPatchItem: {\n\ttarget: #selector\n\tpatch: - [...{\n\t\t// +usage=operation to perform\n\t\top: string | \"add\" - | \"remove\" | \"replace\" | \"move\" | \"copy\" | \"test\"\n\t\t// - +usage=operate path e.g. /foo/bar\n\t\tpath: string\n\t\t// +usage=specify - source path when op is copy/move\n\t\tfrom?: string\n\t\t// +usage=specify - opraation value when op is test/add/replace\n\t\tvalue?: string\n\t}]\n}\n\n// - +usage=Selector specifies a set of resources\n#selector: {\n\tgroup?: - \ string\n\tversion?: string\n\tkind?: string\n\tnamespace?: - \ string\n\tname?: string\n\tannotationSelector?: - string\n\tlabelSelector?: string\n}\n" - - apiVersion: core.oam.dev/v1beta1 - kind: TraitDefinition - metadata: - annotations: - definition.oam.dev/description: A list of StrategicMerge or JSON6902 patch - to selected target - name: kustomize-patch - namespace: {{.Values.systemDefinitionNamespace}} - spec: - schematic: - cue: - template: "patch: {\n\tspec: {\n\t\tpatches: parameter.patches\n\t}\n}\nparameter: - {\n\t// +usage=a list of StrategicMerge or JSON6902 patch to selected - target\n\tpatches: [...#patchItem]\n}\n\n// +usage=Contains a strategicMerge - or JSON6902 patch\n#patchItem: {\n\t// +usage=Inline patch string, - in yaml style\n\tpatch: string\n\t// +usage=Specify the target the - patch should be applied to\n\ttarget: #selector\n}\n\n// +usage=Selector - specifies a set of resources\n#selector: {\n\tgroup?: string\n\tversion?: - \ string\n\tkind?: string\n\tnamespace?: string\n\tname?: - \ string\n\tannotationSelector?: string\n\tlabelSelector?: - \ string\n}\n" - - apiVersion: core.oam.dev/v1beta1 - kind: ComponentDefinition - metadata: - annotations: - definition.oam.dev/description: kustomize can fetching, building, updating - and applying Kustomize manifests from git repo. - name: kustomize - namespace: {{.Values.systemDefinitionNamespace}} - spec: - schematic: - cue: - template: "output: {\n\tapiVersion: \"kustomize.toolkit.fluxcd.io/v1beta1\"\n\tkind: - \ \"Kustomization\"\n\tmetadata: {\n\t\tname: context.name\n - \ namespace: context.namespace\n\t}\n\tspec: {\n\t\tinterval: parameter.pullInterval\n\t\tsourceRef: - {\n\t\t\tif parameter.repoType == \"git\" {\n\t\t\t\tkind: \"GitRepository\"\n\t\t\t}\n\t\t\tif - parameter.repoType == \"oss\" {\n\t\t\t\tkind: \"Bucket\"\n\t\t\t}\n\t\t\tname: - \ context.name\n\t\t\tnamespace: context.namespace\n\t\t}\n\t\tpath: - \ parameter.path\n\t\tprune: true\n\t\tvalidation: \"client\"\n\t}\n}\n\noutputs: - {\n repo: {\n\t apiVersion: \"source.toolkit.fluxcd.io/v1beta1\"\n\t - \ metadata: {\n\t\t name: context.name\n namespace: context.namespace\n\t - \ }\n\t if parameter.repoType == \"git\" {\n\t\t kind: \"GitRepository\"\n\t\t - \ spec: {\n\t\t\t url: parameter.url\n\t\t\t if parameter.git.branch - != _|_ {\n\t\t\t\t ref: branch: parameter.git.branch\n\t\t\t }\n - \ if parameter.git.provider != _|_ {\n if parameter.git.provider - == \"GitHub\" {\n gitImplementation: \"go-git\"\n }\n - \ if parameter.git.provider == \"AzureDevOps\" {\n gitImplementation: - \"libgit2\"\n }\n }\n\t\t\t _secret\n\t\t\t _sourceCommonArgs\n\t\t - \ }\n\t }\n\t if parameter.repoType == \"oss\" {\n\t\t kind: \"Bucket\"\n\t\t - \ spec: {\n\t\t\t endpoint: parameter.url\n\t\t\t bucketName: - parameter.oss.bucketName\n\t\t\t provider: parameter.oss.provider\n\t\t\t - \ if parameter.oss.region != _|_ {\n\t\t\t\t region: parameter.oss.region\n\t\t\t - \ }\n\t\t\t _secret\n\t\t\t _sourceCommonArgs\n\t\t }\n\t }\n - \ }\n\n if parameter.imageRepository != _|_ {\n imageRepo: {\n - \ apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n kind: - \"ImageRepository\"\n\t metadata: {\n\t\t name: context.name\n - \ namespace: context.namespace\n\t }\n spec: {\n image: - parameter.imageRepository.image\n interval: parameter.pullInterval\n - \ if parameter.imageRepository.secretRef != _|_ {\n secretRef: - name: parameter.imageRepository.secretRef\n }\n }\n }\n\n - \ imagePolicy: {\n apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n - \ kind: \"ImagePolicy\"\n\t metadata: {\n\t\t name: context.name\n - \ namespace: context.namespace\n\t }\n spec: {\n imageRepositoryRef: - name: context.name\n policy: parameter.imageRepository.policy\n - \ if parameter.imageRepository.filterTags != _|_ {\n filterTags: - parameter.imageRepository.filterTags\n }\n }\n }\n\n - \ imageUpdate: {\n apiVersion: \"image.toolkit.fluxcd.io/v1beta1\"\n - \ kind: \"ImageUpdateAutomation\"\n\t metadata: {\n\t\t name: - context.name\n namespace: context.namespace\n\t }\n spec: - {\n interval: parameter.pullInterval\n sourceRef: {\n - \ kind: \"GitRepository\"\n name: context.name\n - \ }\n git: {\n checkout: ref: branch: parameter.git.branch\n - \ commit: {\n author: {\n email: \"kubevelabot@users.noreply.github.com\"\n - \ name: \"kubevelabot\"\n }\n if - parameter.imageRepository.commitMessage != _|_ {\n messageTemplate: - \"Update image automatically.\\n\" + parameter.imageRepository.commitMessage\n - \ }\n if parameter.imageRepository.commitMessage - == _|_ {\n messageTemplate: \"Update image automatically.\"\n - \ }\n }\n push: branch: parameter.git.branch\n - \ }\n update: {\n path:\tparameter.path\n strategy: - \"Setters\"\n }\n }\n }\n }\n}\n\n_secret: {\n\tif - parameter.secretRef != _|_ {\n\t\tsecretRef: {\n\t\t\tname: parameter.secretRef\n\t\t}\n\t}\n}\n\n_sourceCommonArgs: - {\n\tinterval: parameter.pullInterval\n\tif parameter.timeout != _|_ - {\n\t\ttimeout: parameter.timeout\n\t}\n}\n\nparameter: {\n\trepoType: - *\"git\" | \"oss\"\n // +usage=The image repository for automatically - update image to git\n imageRepository?: {\n // +usage=The image - url\n image: string\n // +usage=The name of the secret containing - authentication credentials\n secretRef?: string\n // +usage=Policy - gives the particulars of the policy to be followed in selecting the - most recent image.\n policy: {\n // +usage=Alphabetical set - of rules to use for alphabetical ordering of the tags.\n alphabetical?: - {\n // +usage=Order specifies the sorting order of the tags.\n - \ // +usage=Given the letters of the alphabet as tags, ascending - order would select Z, and descending order would select A.\n order?: - \"asc\" | \"desc\"\n }\n // +usage=Numerical set of rules - to use for numerical ordering of the tags.\n numerical?: {\n - \ // +usage=Order specifies the sorting order of the tags.\n - \ // +usage=Given the integer values from 0 to 9 as tags, ascending - order would select 9, and descending order would select 0.\n order: - \"asc\" | \"desc\"\n }\n // +usage=SemVer gives a semantic - version range to check against the tags available.\n semver?: - {\n // +usage=Range gives a semver range for the image tag; - the highest version within the range that's a tag yields the latest - image.\n range: string\n }\n }\n // +usage=FilterTags - enables filtering for only a subset of tags based on a set of rules. - If no rules are provided, all the tags from the repository will be - ordered and compared.\n filterTags?: {\n // +usage=Extract - allows a capture group to be extracted from the specified regular - expression pattern, useful before tag evaluation.\n extract?: - string\n // +usage=Pattern specifies a regular expression pattern - used to filter for image tags.\n pattern?: string\n }\n // - +usage=The image url\n commitMessage?: string\n }\n\t// +usage=The - interval at which to check for repository/bucket and release updates, - default to 5m\n\tpullInterval: *\"5m\" | string\n\t// +usage=The Git - or Helm repository URL, OSS endpoint, accept HTTP/S or SSH address - as git url,\n\turl: string\n\t// +usage=The name of the secret containing - authentication credentials\n\tsecretRef?: string\n\t// +usage=The - timeout for operations like download index/clone repository, optional\n\ttimeout?: - string\n\tgit?: {\n\t\t// +usage=The Git reference to checkout and - monitor for changes, defaults to master branch\n\t\tbranch: string\n - \ // +usage=Determines which git client library to use. Defaults - to GitHub, it will pick go-git. AzureDevOps will pick libgit2.\n provider?: - *\"GitHub\" | \"AzureDevOps\"\n\t}\n\toss?: {\n\t\t// +usage=The bucket's - name, required if repoType is oss\n\t\tbucketName: string\n\t\t// - +usage=\"generic\" for Minio, Amazon S3, Google Cloud Storage, Alibaba - Cloud OSS, \"aws\" for retrieve credentials from the EC2 service when - credentials not specified, default \"generic\"\n\t\tprovider: *\"generic\" - | \"aws\"\n\t\t// +usage=The bucket region, optional\n\t\tregion?: - string\n\t}\n\t//+usage=Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for.\n\tpath: string\n}" - workload: - type: autodetects.core.oam.dev - - apiVersion: core.oam.dev/v1beta1 - kind: TraitDefinition - metadata: - annotations: - definition.oam.dev/description: A list of strategic merge to kustomize - config - name: kustomize-strategy-merge - namespace: {{.Values.systemDefinitionNamespace}} - spec: - schematic: - cue: - template: "patch: {\n\tspec: {\n\t\tpatchesStrategicMerge: parameter.patchesStrategicMerge\n\t}\n}\n\nparameter: - {\n\t// +usage=a list of strategicmerge, defined as inline yaml objects.\n\tpatchesStrategicMerge: - [...#nestedmap]\n}\n\n#nestedmap: {\n\t...\n}\n" - type: k8s-objects - - {{- end }} \ No newline at end of file diff --git a/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd.yaml b/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd.yaml deleted file mode 100644 index 6129b9a..0000000 --- a/pkg/resources/static/vela/charts/vela-core/templates/addon/fluxcd.yaml +++ /dev/null @@ -1,4988 +0,0 @@ -{{- if .Values.enableFluxcdAddon -}} -apiVersion: core.oam.dev/v1beta1 -kind: Application -metadata: - labels: - addons.oam.dev/name: fluxcd - addons.oam.dev/registry: KubeVela - name: addon-fluxcd - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep -spec: - components: - - name: flux-system-namespace - properties: - apiVersion: v1 - kind: Namespace - metadata: - name: flux-system - type: raw - - name: fluxcd-resources - properties: - objects: - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: buckets.source.toolkit.fluxcd.io - spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns - in the .sourceignore format (which is the same as .gitignore). - If not provided, a default will be used, consult the documentation - for your version to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP - endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default - ('generic'). - enum: - - generic - - aws - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the - reconciliation of this source. - type: boolean - timeout: - default: 20s - description: The timeout for download operations, defaults - to 20s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding - to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit - SHA, Git tag, a Helm index timestamp, a Helm chart version, - etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output - of the last Bucket sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: gitrepositories.source.toolkit.fluxcd.io - spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a - Git repository. - properties: - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns - in the .sourceignore format (which is the same as .gitignore). - If not provided, a default will be used, consult the documentation - for your version to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with - a from and to path. - properties: - fromPath: - description: The path to copy contents from, defaults - to the root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults - to the name of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository - updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This - option is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for - changes, defaults to master branch. - properties: - branch: - default: master - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified - Tag filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence - over Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence - over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. - For HTTPS repositories the secret must contain username - and password fields. For SSH repositories the secret must - contain identity, identity.pub and known_hosts fields. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the - reconciliation of this source. - type: boolean - timeout: - default: 20s - description: The timeout for remote Git operations like cloning, - defaults to 20s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD - points to. - properties: - mode: - description: Mode describes what git object should be - verified, currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys - of all trusted Git authors. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - description: GitRepositoryStatus defines the observed state of - a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding - to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit - SHA, Git tag, a Helm index timestamp, a Helm chart version, - etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts - from the last successful repository sync. - items: - description: Artifact represents the output of a source - synchronisation. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding - to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this - artifact. - type: string - revision: - description: Revision is a human readable identifier - traceable in the origin source system. It can be a - Git commit SHA, Git tag, a Helm index timestamp, a - Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output - of the last repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: helmcharts.source.toolkit.fluxcd.io - spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm - chart. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: The interval at which to check the Source for - updates. - type: string - sourceRef: - description: The reference to the Source the chart is available - at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the - reconciliation of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - description: HelmChartStatus defines the observed state of the - HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding - to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit - SHA, Git tag, a Helm index timestamp, a Helm chart version, - etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: helmreleases.helm.toolkit.fluxcd.io - spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm - release. - properties: - chart: - description: Chart defines the template of the v1beta1.HelmChart - that should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta1.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta1.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - sourceRef: - description: The name and namespace of the v1beta1.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the - default chart values, expected to be a relative - path in the SourceRef. Deprecated in favor of ValuesFiles, - for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored - when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use - as the chart values (values.yaml is not included - by default), expected to be a relative path in the - SourceRef. Values files are merged in the order - of this list with the last file overriding the first. - Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version semver expression, ignored for - charts from v1beta1.GitRepository and v1beta1.Bucket - sources. Defaults to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference - slice with references to HelmRelease resources that must - be ready before this HelmRelease can be reconciled. - items: - description: CrossNamespaceDependencyReference holds the - reference to a dependency. - properties: - name: - description: Name holds the name reference of a dependency. - type: string - namespace: - description: Namespace holds the namespace reference - of a dependency. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install - actions for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's - crds directory according to the CRD upgrade policy provided - here. Valid values are `Skip`, `Create` or `CreateReplace`. - Default is `Create` and if omitted CRDs are installed - but not updated. \n Skip: do neither install nor replace - (update) any CRDs. \n Create: new CRDs are created, - existing CRDs are neither updated nor deleted. \n CreateReplace: - new CRDs are created, existing CRDs are updated (replaced) - but not deleted. \n By default, CRDs are applied (installed) - during Helm install action. With this option users can - opt-in to CRD replace existing CRDs on Helm install - actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action - to create the HelmReleaseSpec.TargetNamespace if it - does not exist yet. On uninstall, the namespace will - not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running - during the Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm - install action from validating rendered templates against - the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources - to be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs - to complete after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration - for when the Helm install action for the HelmRelease - fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller - to skip remediation when the Helm tests are run - after an install action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller - to remediate the last failure, when no retries remain. - Defaults to 'false'. - type: boolean - retries: - description: Retries is the number of retries that - should be attempted on failures before bailing. - Remediation, using an uninstall, is performed between - each attempt. Defaults to '0', a negative integer - equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to - re-use the 'ReleaseName', but only if that name is a - deleted release which remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to - not install any CRDs. By default, CRDs are installed - if not already present. \n Deprecated use CRD policy - (`crds`) attribute with value `Skip` instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation (like Jobs for hooks) during the - performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on - a remote cluster. When specified, KubeConfig takes precedence - over ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that - contains a 'value' key with the kubeconfig file as the - value. It must be in the same namespace as the HelmRelease. - It is recommended that the kubeconfig is self-contained, - and the secret is regularly updated if credentials such - as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - the HelmRelease. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by - Helm for this HelmRelease. Use '0' for an unlimited number - of revisions; defaults to '10'. - type: integer - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, - which will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new - name, new tag or digest) for changing image names, - tags or digests. This can also be achieved with - a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new - name, a new tag or digest, which will replace - the original name and tag. - properties: - digest: - description: Digest is the value used to replace - the original image tag. If digest is present - NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to - replace the original name. - type: string - newTag: - description: NewTag is the value used to replace - the original tag. - type: string - required: - - name - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline - YAML objects. - items: - description: JSON6902Patch contains a JSON6902 - patch and the target the patch should be applied - to. - properties: - patch: - description: Patch contains the JSON6902 patch - document with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation - object. https://tools.ietf.org/html/rfc6902#section-4 - properties: - from: - type: string - op: - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources - that the patch document should be applied - to. - properties: - annotationSelector: - description: AnnotationSelector is a string - that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to - select resources from. Together with - Version and Kind it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to - select resources from. Together with - Group and Version it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string - that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources - from. - type: string - version: - description: Version of the API Group - to select resources from. Together with - Group and Kind it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as - inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults - to a composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback - actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources - created during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running - during the Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources - to be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs - to complete after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource - if applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation (like Jobs for hooks) during the - performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to - impersonate when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started - reconciliations. Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions - for this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this - HelmRelease after an Helm install or upgrade action - has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip - remediation when the Helm tests are run but fail. Can - be overwritten for tests run after install or upgrade - actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation during the performance of a Helm - test action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation (like Jobs for hooks) during the performance - of a Helm action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running - during the Helm rollback action. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated - resources and mark the release as deleted, but retain - the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation (like Jobs for hooks) during the - performance of a Helm uninstall action. Defaults to - 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade - actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources - created during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's - crds directory according to the CRD upgrade policy provided - here. Valid values are `Skip`, `Create` or `CreateReplace`. - Default is `Skip` and if omitted CRDs are neither installed - nor upgraded. \n Skip: do neither install nor replace - (update) any CRDs. \n Create: new CRDs are created, - existing CRDs are neither updated nor deleted. \n CreateReplace: - new CRDs are created, existing CRDs are updated (replaced) - but not deleted. \n By default, CRDs are not applied - during Helm upgrade action. With this option users can - opt-in to CRD upgrade, which is not (yet) natively supported - by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running - during the Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm - upgrade action from validating rendered templates against - the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources - to be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs - to complete after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last - release's values and merge in overrides from 'Values'. - Setting this flag makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration - for when the Helm upgrade action for the HelmRelease - fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller - to skip remediation when the Helm tests are run - after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller - to remediate the last failure, when no retries remain. - Defaults to 'false' unless 'Retries' is greater - than 0. - type: boolean - retries: - description: Retries is the number of retries that - should be attempted on failures before bailing. - Remediation, using 'Strategy', is performed between - each attempt. Defaults to '0', a negative integer - equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. - Defaults to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual - Kubernetes operation (like Jobs for hooks) during the - performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing - Helm values for this HelmRelease, and information about - how they should be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can - be found at. - properties: - kind: - description: Kind of the values referent, valid values - are ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as - optional. When set, a not found error for the values - reference is ignored, but any ValuesKey, TargetPath - or transient error will still result in a reconciliation - failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path - the value should be merged at. When set, the ValuesKey - is expected to be a single flat value. Defaults to - 'None', which results in the values getting merged - at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - description: HelmReleaseStatus defines the observed state of a - HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count - against the latest desired state. It is reset after a successful - reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart - resource created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count - against the latest desired state. It is reset after a successful - reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last - successfully applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the - last reconciliation attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum - of the values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last - successful Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count - against the latest desired state. It is reset after a successful - reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: helmrepositories.source.toolkit.fluxcd.io - spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm - repository. - properties: - interval: - description: The interval at which to check the upstream for - updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the - SecretRef to be passed on to a host that does not match - the host as defined in URL. This may be required if the - host of the advertised chart URLs in the index differ from - the defined URL. Enabling this should be done with caution, - as it can potentially result in credentials getting stolen - in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication - credentials for the Helm repository. For HTTP/S basic auth - the secret must contain username and password fields. For - TLS the secret must contain a certFile and keyFile, and/or - caCert fields. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the - reconciliation of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to - 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains - at least a protocol and host. - type: string - required: - - interval - - url - type: object - status: - description: HelmRepositoryStatus defines the observed state of - the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding - to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit - SHA, Git tag, a Helm index timestamp, a Helm chart version, - etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: imagepolicies.image.toolkit.fluxcd.io - spec: - group: image.toolkit.fluxcd.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating - the ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset - of tags based on a set of rules. If no rules are provided, - all the tags from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted - from the specified regular expression pattern, useful - before tag evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern - used to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying - the image being scanned - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to - be followed in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the letters of the alphabet as tags, - ascending order would select Z, and descending order - would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the integer values from 0 to 9 as - tags, ascending order would select 9, and descending - order would select 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to - check against the tags available. - properties: - range: - description: Range gives a semver range for the image - tag; the highest version within the range that's - a tag yields the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images - scanned by the image repository, when filtered and ordered - according to the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating - the ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset - of tags based on a set of rules. If no rules are provided, - all the tags from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted - from the specified regular expression pattern, useful - before tag evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern - used to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying - the image being scanned - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to - be followed in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the letters of the alphabet as tags, - ascending order would select Z, and descending order - would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the integer values from 0 to 9 as - tags, ascending order would select 9, and descending - order would select 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to - check against the tags available. - properties: - range: - description: Range gives a semver range for the image - tag; the highest version within the range that's - a tag yields the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images - scanned by the image repository, when filtered and ordered - according to the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.latestImage - name: LatestImage - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImagePolicy is the Schema for the imagepolicies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePolicySpec defines the parameters for calculating - the ImagePolicy - properties: - filterTags: - description: FilterTags enables filtering for only a subset - of tags based on a set of rules. If no rules are provided, - all the tags from the repository will be ordered and compared. - properties: - extract: - description: Extract allows a capture group to be extracted - from the specified regular expression pattern, useful - before tag evaluation. - type: string - pattern: - description: Pattern specifies a regular expression pattern - used to filter for image tags. - type: string - type: object - imageRepositoryRef: - description: ImageRepositoryRef points at the object specifying - the image being scanned - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - policy: - description: Policy gives the particulars of the policy to - be followed in selecting the most recent image - properties: - alphabetical: - description: Alphabetical set of rules to use for alphabetical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the letters of the alphabet as tags, - ascending order would select Z, and descending order - would select A. - enum: - - asc - - desc - type: string - type: object - numerical: - description: Numerical set of rules to use for numerical - ordering of the tags. - properties: - order: - default: asc - description: Order specifies the sorting order of - the tags. Given the integer values from 0 to 9 as - tags, ascending order would select 9, and descending - order would select 0. - enum: - - asc - - desc - type: string - type: object - semver: - description: SemVer gives a semantic version range to - check against the tags available. - properties: - range: - description: Range gives a semver range for the image - tag; the highest version within the range that's - a tag yields the latest image. - type: string - required: - - range - type: object - type: object - required: - - imageRepositoryRef - - policy - type: object - status: - description: ImagePolicyStatus defines the observed state of ImagePolicy - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - latestImage: - description: LatestImage gives the first in the list of images - scanned by the image repository, when filtered and ordered - according to the policy. - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: imagerepositories.image.toolkit.fluxcd.io - spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageRepository - listKind: ImageRepositoryList - plural: imagerepositories - singular: imagerepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning - an image repository, e.g., `fluxcd/flux`. - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a secret - containing either or both of \n - a PEM-encoded client - certificate (`certFile`) and private key (`keyFile`); - - a PEM-encoded CA certificate (`caFile`) \n and whichever - are supplied, will be used for connecting to the registry. - The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using - a self-signed server certificate." - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between - scans of the image repository. - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should - be created with `kubectl create secret docker-registry`, - or the equivalent. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. - Defaults to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' - duration. - type: string - type: object - status: - description: ImageRepositoryStatus defines the observed state - of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository - with all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched - tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning - an image repository, e.g., `fluxcd/flux`. - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a secret - containing either or both of \n - a PEM-encoded client - certificate (`certFile`) and private key (`keyFile`); - - a PEM-encoded CA certificate (`caFile`) \n and whichever - are supplied, will be used for connecting to the registry. - The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using - a self-signed server certificate." - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between - scans of the image repository. - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should - be created with `kubectl create secret docker-registry`, - or the equivalent. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. - Defaults to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' - duration. - type: string - type: object - status: - description: ImageRepositoryStatus defines the observed state - of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository - with all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched - tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastScanResult.scanTime - name: Last scan - type: string - - jsonPath: .status.lastScanResult.tagCount - name: Tags - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageRepository is the Schema for the imagerepositories - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRepositorySpec defines the parameters for scanning - an image repository, e.g., `fluxcd/flux`. - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a secret - containing either or both of \n - a PEM-encoded client - certificate (`certFile`) and private key (`keyFile`); - - a PEM-encoded CA certificate (`caFile`) \n and whichever - are supplied, will be used for connecting to the registry. - The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using - a self-signed server certificate." - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - image: - description: Image is the name of the image repository - type: string - interval: - description: Interval is the length of time to wait between - scans of the image repository. - type: string - secretRef: - description: SecretRef can be given the name of a secret containing - credentials to use for the image registry. The secret should - be created with `kubectl create secret docker-registry`, - or the equivalent. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - image scans. It does not apply to already started scans. - Defaults to false. - type: boolean - timeout: - description: Timeout for image scanning. Defaults to 'Interval' - duration. - type: string - type: object - status: - description: ImageRepositoryStatus defines the observed state - of ImageRepository - properties: - canonicalImageName: - description: CanonicalName is the name of the image repository - with all the implied bits made explicit; e.g., `docker.io/library/alpine` - rather than `alpine`. - type: string - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastScanResult: - description: LastScanResult contains the number of fetched - tags. - properties: - scanTime: - format: date-time - type: string - tagCount: - type: integer - required: - - tagCount - type: object - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: imageupdateautomations.image.toolkit.fluxcd.io - spec: - group: image.toolkit.fluxcd.io - names: - kind: ImageUpdateAutomation - listKind: ImageUpdateAutomationList - plural: imageupdateautomations - singular: imageupdateautomation - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state - of ImageUpdateAutomation - properties: - checkout: - description: Checkout gives the parameters for cloning the - git repository, ready to make changes. - properties: - branch: - description: Branch gives the branch to clone from the - git repository. If `.spec.push` is not supplied, commits - will also be pushed to this branch. - type: string - gitRepositoryRef: - description: GitRepositoryRef refers to the resource giving - access details to a git repository to update files in. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - required: - - branch - - gitRepositoryRef - type: object - commit: - description: Commit specifies how to commit to the git repository. - properties: - authorEmail: - description: AuthorEmail gives the email to provide when - making a commit - type: string - authorName: - description: AuthorName gives the name to provide when - making a commit - type: string - messageTemplate: - description: MessageTemplate provides a template for the - commit message, into which will be interpolated the - details of the change made. - type: string - signingKey: - description: SigningKey provides the option to sign commits - with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret - that contains a 'git.asc' key corresponding to the - ASCII Armored file containing the GPG signing keypair - as the value. It must be in the same namespace as - the ImageUpdateAutomation. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - required: - - authorEmail - - authorName - type: object - interval: - description: Interval gives an lower bound for how often the - automation run should be attempted. - type: string - push: - description: Push specifies how and where to push commits - made by the automation. If missing, commits are pushed (back) - to `.spec.checkout.branch`. - properties: - branch: - description: Branch specifies that commits should be pushed - to the branch named. The branch is created using `.spec.checkout.branch` - as the starting point, if it doesn't already exist. - type: string - required: - - branch - type: object - suspend: - description: Suspend tells the controller to not run this - automation, until it is unset (or set to false). Defaults - to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update - the files in the repository. This can be left empty, to - use the default value. - properties: - path: - description: Path to the directory containing the manifests - to be updated. Defaults to 'None', which translates - to the root path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - checkout - - commit - - interval - type: object - status: - description: ImageUpdateAutomationStatus defines the observed - state of ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the - controller ran this automation through to completion (even - if no updates were made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit - made by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed - change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state - of ImageUpdateAutomation - properties: - git: - description: GitSpec contains all the git-specific definitions. - This is technically optional, but in practice mandatory - until there are other kinds of source allowed. - properties: - checkout: - description: Checkout gives the parameters for cloning - the git repository, ready to make changes. If not present, - the `spec.ref` field from the referenced `GitRepository` - or its default will be used. - properties: - ref: - description: Reference gives a branch, tag or commit - to clone from the Git repository. - properties: - branch: - default: master - description: The Git branch to checkout, defaults - to master. - type: string - commit: - description: The Git commit SHA to checkout, if - specified Tag filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes - precedence over Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence - over Branch. - type: string - type: object - required: - - ref - type: object - commit: - description: Commit specifies how to commit to the git - repository. - properties: - author: - description: Author gives the email and optionally - the name to use as the author of commits. - properties: - email: - description: Email gives the email to provide - when making a commit. - type: string - name: - description: Name gives the name to provide when - making a commit. - type: string - required: - - email - type: object - messageTemplate: - description: MessageTemplate provides a template for - the commit message, into which will be interpolated - the details of the change made. - type: string - signingKey: - description: SigningKey provides the option to sign - commits with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret - that contains a 'git.asc' key corresponding - to the ASCII Armored file containing the GPG - signing keypair as the value. It must be in - the same namespace as the ImageUpdateAutomation. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - required: - - author - type: object - push: - description: Push specifies how and where to push commits - made by the automation. If missing, commits are pushed - (back) to `.spec.checkout.branch` or its default. - properties: - branch: - description: Branch specifies that commits should - be pushed to the branch named. The branch is created - using `.spec.checkout.branch` as the starting point, - if it doesn't already exist. - type: string - required: - - branch - type: object - required: - - commit - type: object - interval: - description: Interval gives an lower bound for how often the - automation run should be attempted. - type: string - sourceRef: - description: SourceRef refers to the resource giving access - details to a git repository. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - default: GitRepository - description: Kind of the referent - enum: - - GitRepository - type: string - name: - description: Name of the referent - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to not run this - automation, until it is unset (or set to false). Defaults - to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update - the files in the repository. This can be left empty, to - use the default value. - properties: - path: - description: Path to the directory containing the manifests - to be updated. Defaults to 'None', which translates - to the root path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - interval - - sourceRef - type: object - status: - description: ImageUpdateAutomationStatus defines the observed - state of ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the - controller ran this automation through to completion (even - if no updates were made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit - made by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed - change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.lastAutomationRunTime - name: Last run - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: ImageUpdateAutomation is the Schema for the imageupdateautomations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageUpdateAutomationSpec defines the desired state - of ImageUpdateAutomation - properties: - git: - description: GitSpec contains all the git-specific definitions. - This is technically optional, but in practice mandatory - until there are other kinds of source allowed. - properties: - checkout: - description: Checkout gives the parameters for cloning - the git repository, ready to make changes. If not present, - the `spec.ref` field from the referenced `GitRepository` - or its default will be used. - properties: - ref: - description: Reference gives a branch, tag or commit - to clone from the Git repository. - properties: - branch: - default: master - description: The Git branch to checkout, defaults - to master. - type: string - commit: - description: The Git commit SHA to checkout, if - specified Tag filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes - precedence over Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence - over Branch. - type: string - type: object - required: - - ref - type: object - commit: - description: Commit specifies how to commit to the git - repository. - properties: - author: - description: Author gives the email and optionally - the name to use as the author of commits. - properties: - email: - description: Email gives the email to provide - when making a commit. - type: string - name: - description: Name gives the name to provide when - making a commit. - type: string - required: - - email - type: object - messageTemplate: - description: MessageTemplate provides a template for - the commit message, into which will be interpolated - the details of the change made. - type: string - signingKey: - description: SigningKey provides the option to sign - commits with a GPG key - properties: - secretRef: - description: SecretRef holds the name to a secret - that contains a 'git.asc' key corresponding - to the ASCII Armored file containing the GPG - signing keypair as the value. It must be in - the same namespace as the ImageUpdateAutomation. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - required: - - author - type: object - push: - description: Push specifies how and where to push commits - made by the automation. If missing, commits are pushed - (back) to `.spec.checkout.branch` or its default. - properties: - branch: - description: Branch specifies that commits should - be pushed to the branch named. The branch is created - using `.spec.checkout.branch` as the starting point, - if it doesn't already exist. - type: string - required: - - branch - type: object - required: - - commit - type: object - interval: - description: Interval gives an lower bound for how often the - automation run should be attempted. - type: string - sourceRef: - description: SourceRef refers to the resource giving access - details to a git repository. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - default: GitRepository - description: Kind of the referent - enum: - - GitRepository - type: string - name: - description: Name of the referent - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to not run this - automation, until it is unset (or set to false). Defaults - to false. - type: boolean - update: - default: - strategy: Setters - description: Update gives the specification for how to update - the files in the repository. This can be left empty, to - use the default value. - properties: - path: - description: Path to the directory containing the manifests - to be updated. Defaults to 'None', which translates - to the root path of the GitRepositoryRef. - type: string - strategy: - default: Setters - description: Strategy names the strategy to be used. - enum: - - Setters - type: string - required: - - strategy - type: object - required: - - interval - - sourceRef - type: object - status: - description: ImageUpdateAutomationStatus defines the observed - state of ImageUpdateAutomation - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAutomationRunTime: - description: LastAutomationRunTime records the last time the - controller ran this automation through to completion (even - if no updates were made). - format: date-time - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - lastPushCommit: - description: LastPushCommit records the SHA1 of the last commit - made by the controller, for this automation object - type: string - lastPushTime: - description: LastPushTime records the time of the last pushed - change. - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - labels: - app.kubernetes.io/instance: flux-system - name: kustomizations.kustomize.toolkit.fluxcd.io - spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a - kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them - on the cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP - keys used for decryption. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference - slice with references to Kustomization resources that must - be ready before this Kustomization can be reconciled. - items: - description: CrossNamespaceDependencyReference holds the - reference to a dependency. - properties: - name: - description: Name holds the name reference of a dependency. - type: string - namespace: - description: Namespace holds the namespace reference - of a dependency. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health - assessment. - items: - description: NamespacedObjectKindReference contains enough - information to let you locate the typed referenced object - in any namespace - properties: - apiVersion: - description: API version of the referent, if not specified - the Kubernetes preferred version will be used - type: string - kind: - description: Kind of the referent - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, when not specified - it acts as LocalObjectReference - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new - tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, a - new tag or digest, which will replace the original name - and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag value - is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the - original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization - on a remote cluster. When specified, KubeConfig takes precedence - over ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that - contains a 'value' key with the kubeconfig file as the - value. It must be in the same namespace as the Kustomization. - It is recommended that the kubeconfig is self-contained, - and the secret is regularly updated if credentials such - as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - the Kustomization. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains either a StrategicMerge or a - JSON6902 patch, either a file or inline, and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting - resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting - resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind it - is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://tools.ietf.org/html/rfc6902#section-4 - properties: - from: - type: string - op: - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable - of unambiguously identifying and/or selecting - resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is capable - of unambiguously identifying and/or selecting - resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind it - is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML - objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should - be generated for. Defaults to 'None', which translates to - the root path of the SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform - on the YAML manifest generated by building the kustomize - overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. - The variables defined in your YAML manifests that match - any of the keys defined in the map will be substituted - with the set value. Includes support for bash string - replacement functions e.g. ${var:=default}, ${var:position} - and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps - and Secrets containing the variables and their values - to be substituted in the YAML manifests. The ConfigMap - and the Secret data keys represent the var names and - they must match the vars declared in the manifests for - the substitution to happen. - items: - description: SubstituteReference contains a reference - to a resource containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid - values are ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should - reside in the same namespace as the referring - resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed - reconciliation. When not specified, the controller uses - the KustomizationSpec.Interval value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to - impersonate when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization - file is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the - Kustomization namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started - executions. Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace - in the kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking - operations. Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying - them on the cluster. The validation strategy can be 'client' - (local dry-run), 'server' (APIServer dry-run) or 'none'. - When 'Force' is 'true', validation will fallback to 'client' - if set to 'server' because server-side validation is not - supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - description: KustomizationStatus defines the observed state of - a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current - state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the - last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the - most recent reconcile request value, so a change can be - detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced - Kubernetes objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} - - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: helm-controller - namespace: flux-system - spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --watch-all-namespaces - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: fluxcd/helm-controller:v0.11.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - serviceAccountName: sa-helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp - - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: image-automation-controller - namespace: flux-system - spec: - replicas: 1 - selector: - matchLabels: - app: image-automation-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: image-automation-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: fluxcd/image-automation-controller:v0.14.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - securityContext: - fsGroup: 1337 - serviceAccountName: sa-image-automation-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: image-reflector-controller - namespace: flux-system - spec: - replicas: 1 - selector: - matchLabels: - app: image-reflector-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: image-reflector-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: fluxcd/image-reflector-controller:v0.11.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - - mountPath: /data - name: data - securityContext: - fsGroup: 1337 - serviceAccountName: sa-image-reflector-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp - - emptyDir: {} - name: data - - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: kustomize-controller - namespace: flux-system - spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: fluxcd/kustomize-controller:v0.13.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - securityContext: - fsGroup: 1337 - serviceAccountName: sa-kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp - - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: flux-source-controller - namespace: flux-system - spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: fluxcd/source-controller:v0.15.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - securityContext: - fsGroup: 1337 - serviceAccountName: sa-source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: cluster-reconciler - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin - subjects: - - kind: ServiceAccount - name: sa-kustomize-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-helm-controller - namespace: flux-system - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: crd-controller - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cr-crd-controller - subjects: - - kind: ServiceAccount - name: sa-kustomize-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-helm-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-source-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-notification-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-image-reflector-controller - namespace: flux-system - - kind: ServiceAccount - name: sa-image-automation-controller - namespace: flux-system - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: cr-crd-controller - rules: - - apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "" - resources: - - configmaps - - configmaps/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: sa-helm-controller - namespace: flux-system - - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: sa-image-automation-controller - namespace: flux-system - - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: sa-image-reflector-controller - namespace: flux-system - - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: sa-kustomize-controller - namespace: flux-system - - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: flux-system - name: sa-source-controller - namespace: flux-system - - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: source-controller - namespace: flux-system - spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP - - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: flux-system - control-plane: controller - name: webhook-receiver - namespace: flux-system - spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP - type: k8s-objects - workflow: - steps: - - name: deploy-control-plane - type: apply-application - - name: deploy-runtime - type: deploy2runtime - {{- end }} - diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-deployment.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-deployment.yaml new file mode 100644 index 0000000..eec10c1 --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-deployment.yaml @@ -0,0 +1,51 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/apply-deployment.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/alias: "" + definition.oam.dev/description: Apply deployment with specified image and cmd. + name: apply-deployment + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "strconv" + "strings" + "vela/op" + ) + + output: op.#Apply & { + value: { + apiVersion: "apps/v1" + kind: "Deployment" + metadata: { + name: context.stepName + namespace: context.namespace + } + spec: { + selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)" + template: { + metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)" + spec: containers: [{ + name: context.stepName + image: parameter.image + if parameter["cmd"] != _|_ { + command: parameter.cmd + } + }] + } + } + } + } + wait: op.#ConditionalWait & { + continue: output.value.status.readyReplicas == 1 + } + parameter: { + image: string + cmd?: [...string] + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml new file mode 100644 index 0000000..eb3e70e --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml @@ -0,0 +1,91 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/apply-terraform-config.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/alias: "" + definition.oam.dev/description: Apply terraform configuration in the step + definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/apply-terraform-resource.yaml + name: apply-terraform-config + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + ) + + apply: op.#Apply & { + value: { + apiVersion: "terraform.core.oam.dev/v1beta2" + kind: "Configuration" + metadata: { + name: "\(context.name)-\(context.stepName)" + namespace: context.namespace + } + spec: { + deleteResource: parameter.deleteResource + variable: parameter.variable + forceDelete: parameter.forceDelete + if parameter.source.path != _|_ { + path: parameter.source.path + } + if parameter.source.remote != _|_ { + remote: parameter.source.remote + } + if parameter.source.hcl != _|_ { + hcl: parameter.source.hcl + } + if parameter.providerRef != _|_ { + providerRef: parameter.providerRef + } + if parameter.jobEnv != _|_ { + jobEnv: parameter.jobEnv + } + if parameter.writeConnectionSecretToRef != _|_ { + writeConnectionSecretToRef: parameter.writeConnectionSecretToRef + } + if parameter.region != _|_ { + region: parameter.region + } + } + } + } + check: op.#ConditionalWait & { + continue: apply.value.status != _|_ && apply.value.status.apply != _|_ && apply.value.status.apply.state == "Available" + } + parameter: { + // +usage=specify the source of the terraform configuration + source: close({ + // +usage=directly specify the hcl of the terraform configuration + hcl: string + }) | close({ + // +usage=specify the remote url of the terraform configuration + remote: *"https://github.com/kubevela-contrib/terraform-modules.git" | string + // +usage=specify the path of the terraform configuration + path?: string + }) + // +usage=whether to delete resource + deleteResource: *true | bool + // +usage=the variable in the configuration + variable: {...} + // +usage=this specifies the namespace and name of a secret to which any connection details for this managed resource should be written. + writeConnectionSecretToRef?: { + name: string + namespace: *context.namespace | string + } + // +usage=providerRef specifies the reference to Provider + providerRef?: { + name: string + namespace: *context.namespace | string + } + // +usage=region is cloud provider's region. It will override the region in the region field of providerRef + region?: string + // +usage=the envs for job + jobEnv?: {...} + // +usae=forceDelete will force delete Configuration no matter which state it is or whether it has provisioned some resources + forceDelete: *false | bool + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml new file mode 100644 index 0000000..c377088 --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml @@ -0,0 +1,144 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/apply-terraform-provider.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/alias: "" + definition.oam.dev/description: Apply terraform provider config + definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/apply-terraform-resource.yaml + name: apply-terraform-provider + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + "strings" + ) + + config: op.#CreateConfig & { + name: "\(context.name)-\(context.stepName)" + namespace: context.namespace + template: "terraform-\(parameter.type)" + config: { + name: parameter.name + if parameter.type == "alibaba" { + ALICLOUD_ACCESS_KEY: parameter.accessKey + ALICLOUD_SECRET_KEY: parameter.secretKey + ALICLOUD_REGION: parameter.region + } + if parameter.type == "aws" { + AWS_ACCESS_KEY_ID: parameter.accessKey + AWS_SECRET_ACCESS_KEY: parameter.secretKey + AWS_DEFAULT_REGION: parameter.region + AWS_SESSION_TOKEN: parameter.token + } + if parameter.type == "azure" { + ARM_CLIENT_ID: parameter.clientID + ARM_CLIENT_SECRET: parameter.clientSecret + ARM_SUBSCRIPTION_ID: parameter.subscriptionID + ARM_TENANT_ID: parameter.tenantID + } + if parameter.type == "baidu" { + BAIDUCLOUD_ACCESS_KEY: parameter.accessKey + BAIDUCLOUD_SECRET_KEY: parameter.secretKey + BAIDUCLOUD_REGION: parameter.region + } + if parameter.type == "ec" { + EC_API_KEY: parameter.apiKey + } + if parameter.type == "gcp" { + GOOGLE_CREDENTIALS: parameter.credentials + GOOGLE_REGION: parameter.region + GOOGLE_PROJECT: parameter.project + } + if parameter.type == "tencent" { + TENCENTCLOUD_SECRET_ID: parameter.secretID + TENCENTCLOUD_SECRET_KEY: parameter.secretKey + TENCENTCLOUD_REGION: parameter.region + } + if parameter.type == "ucloud" { + UCLOUD_PRIVATE_KEY: parameter.privateKey + UCLOUD_PUBLIC_KEY: parameter.publicKey + UCLOUD_PROJECT_ID: parameter.projectID + UCLOUD_REGION: parameter.region + } + } + } + read: op.#Read & { + value: { + apiVersion: "terraform.core.oam.dev/v1beta1" + kind: "Provider" + metadata: { + name: parameter.name + namespace: context.namespace + } + } + } + check: op.#ConditionalWait & { + if read.value.status != _|_ { + continue: read.value.status.state == "ready" + } + if read.value.status == _|_ { + continue: false + } + } + providerBasic: { + accessKey: string + secretKey: string + region: string + } + #AlibabaProvider: { + providerBasic + type: "alibaba" + name: *"alibaba-provider" | string + } + #AWSProvider: { + providerBasic + token: *"" | string + type: "aws" + name: *"aws-provider" | string + } + #AzureProvider: { + subscriptionID: string + tenantID: string + clientID: string + clientSecret: string + name: *"azure-provider" | string + } + #BaiduProvider: { + providerBasic + type: "baidu" + name: *"baidu-provider" | string + } + #ECProvider: { + type: "ec" + apiKey: *"" | string + name: "ec-provider" | string + } + #GCPProvider: { + credentials: string + region: string + project: string + type: "gcp" + name: *"gcp-provider" | string + } + #TencentProvider: { + secretID: string + secretKey: string + region: string + type: "tencent" + name: *"tencent-provider" | string + } + #UCloudProvider: { + publicKey: string + privateKey: string + projectID: string + region: string + type: "ucloud" + name: *"ucloud-provider" | string + } + parameter: *#AlibabaProvider | #AWSProvider | #AzureProvider | #BaiduProvider | #ECProvider | #GCPProvider | #TencentProvider | #UCloudProvider + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/build-push-image.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/build-push-image.yaml new file mode 100644 index 0000000..45214cc --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/build-push-image.yaml @@ -0,0 +1,125 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/build-push-image.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/alias: "" + definition.oam.dev/description: Build and push image from git url + definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/built-push-image.yaml + name: build-push-image + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + "encoding/json" + "strings" + ) + + url: strings.TrimPrefix(strings.TrimPrefix(parameter.git, "https://"), "http://") + kaniko: op.#Apply & { + value: { + apiVersion: "v1" + kind: "Pod" + metadata: { + name: "\(context.name)-\(context.stepSessionID)-kaniko" + namespace: context.namespace + } + spec: { + containers: [ + { + args: [ + "--dockerfile=\(parameter.dockerfile)", + "--context=git://\(url)#refs/heads/\(parameter.branch)", + "--destination=\(parameter.image)", + "--verbosity=\(parameter.verbosity)", + ] + image: parameter.kanikoExecutor + name: "kaniko" + if parameter.credentials != _|_ && parameter.credentials.image != _|_ { + volumeMounts: [ + { + mountPath: "/kaniko/.docker/" + name: parameter.credentials.image.name + }, + ] + } + if parameter.credentials != _|_ && parameter.credentials.git != _|_ { + env: [ + { + name: "GIT_TOKEN" + valueFrom: secretKeyRef: { + key: parameter.credentials.git.key + name: parameter.credentials.git.name + } + }, + ] + } + }, + ] + if parameter.credentials != _|_ && parameter.credentials.image != _|_ { + volumes: [ + { + name: parameter.credentials.image.name + secret: { + defaultMode: 420 + items: [ + { + key: parameter.credentials.image.key + path: "config.json" + }, + ] + secretName: parameter.credentials.image.name + } + }, + ] + } + restartPolicy: "Never" + } + } + } + log: op.#Log & { + source: resources: [{ + name: "\(context.name)-\(context.stepSessionID)-kaniko" + namespace: context.namespace + }] + } + read: op.#Read & { + value: { + apiVersion: "v1" + kind: "Pod" + metadata: { + name: "\(context.name)-\(context.stepSessionID)-kaniko" + namespace: context.namespace + } + } + } + wait: op.#ConditionalWait & { + continue: read.value.status != _|_ && read.value.status.phase == "Succeeded" + } + #secret: { + name: string + key: string + } + parameter: { + kanikoExecutor: *"gcr.io/kaniko-project/executor:latest" | string + git: string + branch: *"master" | string + dockerfile: *"./Dockerfile" | string + image: string + credentials?: { + git?: { + name: string + key: string + } + image?: { + name: string + key: *".dockerconfigjson" | string + } + } + verbosity: *"info" | "panic" | "fatal" | "error" | "warn" | "debug" | "trace" + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/clean-jobs.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/clean-jobs.yaml new file mode 100644 index 0000000..c8bbacb --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/clean-jobs.yaml @@ -0,0 +1,57 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/clean-jobs.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/description: clean applied jobs in the cluster + name: clean-jobs + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + ) + + parameter: labelselector?: {...} + cleanJobs: op.#Delete & { + value: { + apiVersion: "batch/v1" + kind: "Job" + metadata: { + name: context.name + namespace: context.namespace + } + } + filter: { + namespace: context.namespace + if parameter.labelselector != _|_ { + matchingLabels: parameter.labelselector + } + if parameter.labelselector == _|_ { + matchingLabels: "workflow.oam.dev/name": context.name + } + } + } + cleanPods: op.#Delete & { + value: { + apiVersion: "v1" + kind: "pod" + metadata: { + name: context.name + namespace: context.namespace + } + } + filter: { + namespace: context.namespace + if parameter.labelselector != _|_ { + matchingLabels: parameter.labelselector + } + if parameter.labelselector == _|_ { + matchingLabels: "workflow.oam.dev/name": context.name + } + } + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/export2secret.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/export2secret.yaml index 4a2bad2..b3415e0 100644 --- a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/export2secret.yaml +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/export2secret.yaml @@ -15,27 +15,43 @@ spec: template: | import ( "vela/op" + "encoding/base64" + "encoding/json" ) - apply: op.#Apply & { - value: { - apiVersion: "v1" - kind: "Secret" - if parameter.type != _|_ { - type: parameter.type + secret: op.#Steps & { + data: *parameter.data | {} + if parameter.kind == "docker-registry" && parameter.dockerRegistry != _|_ { + registryData: auths: "\(parameter.dockerRegistry.server)": { + username: parameter.dockerRegistry.username + password: parameter.dockerRegistry.password + auth: base64.Encode(null, "\(parameter.dockerRegistry.username):\(parameter.dockerRegistry.password)") } - metadata: { - name: parameter.secretName - if parameter.namespace != _|_ { - namespace: parameter.namespace + data: ".dockerconfigjson": json.Marshal(registryData) + } + apply: op.#Apply & { + value: { + apiVersion: "v1" + kind: "Secret" + if parameter.type == _|_ && parameter.kind == "docker-registry" { + type: "kubernetes.io/dockerconfigjson" + } + if parameter.type != _|_ { + type: parameter.type } - if parameter.namespace == _|_ { - namespace: context.namespace + metadata: { + name: parameter.secretName + if parameter.namespace != _|_ { + namespace: parameter.namespace + } + if parameter.namespace == _|_ { + namespace: context.namespace + } } + stringData: data } - stringData: parameter.data + cluster: parameter.cluster } - cluster: parameter.cluster } parameter: { // +usage=Specify the name of the secret @@ -48,5 +64,16 @@ spec: data: {} // +usage=Specify the cluster of the secret cluster: *"" | string + // +usage=Specify the kind of the secret + kind: *"generic" | "docker-registry" + // +usage=Specify the docker data + dockerRegistry?: { + // +usage=Specify the username of the docker registry + username: string + // +usage=Specify the password of the docker registry + password: string + // +usage=Specify the server of the docker registry + server: *"https://index.docker.io/v1/" | string + } } diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/read-only.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/read-only.yaml new file mode 100644 index 0000000..5a70f72 --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/read-only.yaml @@ -0,0 +1,38 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/read-only.cue +apiVersion: core.oam.dev/v1beta1 +kind: PolicyDefinition +metadata: + annotations: + definition.oam.dev/description: Configure the resources to be read-only in the application (no update / state-keep). + name: read-only + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + #PolicyRule: { + // +usage=Specify how to select the targets of the rule + selector: [...#RuleSelector] + } + #RuleSelector: { + // +usage=Select resources by component names + componentNames?: [...string] + // +usage=Select resources by component types + componentTypes?: [...string] + // +usage=Select resources by oamTypes (COMPONENT or TRAIT) + oamTypes?: [...string] + // +usage=Select resources by trait types + traitTypes?: [...string] + // +usage=Select resources by resource types (like Deployment) + resourceTypes?: [...string] + // +usage=Select resources by their names + resourceNames?: [...string] + } + parameter: { + // +usage=Specify the list of rules to control read only strategy at resource level. + // The selected resource will be read-only to the current application. If the target resource does + // not exist, error will be raised. + rules?: [...#PolicyRule] + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/request.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/request.yaml new file mode 100644 index 0000000..969e08c --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/request.yaml @@ -0,0 +1,47 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/request.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/alias: "" + definition.oam.dev/description: Send request to the url + definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/request.yaml + name: request + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + "encoding/json" + ) + + http: op.#HTTPDo & { + method: parameter.method + url: parameter.url + request: { + if parameter.body != _|_ { + body: json.Marshal(parameter.body) + } + if parameter.header != _|_ { + header: parameter.header + } + } + } + fail: op.#Steps & { + if http.response.statusCode > 400 { + requestFail: op.#Fail & { + message: "request of \(parameter.url) is fail: \(http.response.statusCode)" + } + } + } + response: json.Unmarshal(http.response.body) + parameter: { + url: string + method: *"GET" | "POST" | "PUT" | "DELETE" + body?: {...} + header?: [string]: string + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/startup-probe.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/startup-probe.yaml new file mode 100644 index 0000000..0c80848 --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/startup-probe.yaml @@ -0,0 +1,168 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/startup-probe.cue +apiVersion: core.oam.dev/v1beta1 +kind: TraitDefinition +metadata: + annotations: + definition.oam.dev/description: Add startup probe hooks for the specified container of K8s pod for your workload which follows the pod spec in path 'spec.template'. + name: startup-probe + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + appliesToWorkloads: + - deployments.apps + - statefulsets.apps + - daemonsets.apps + - jobs.batch + podDisruptive: true + schematic: + cue: + template: | + #StartupProbeParams: { + // +usage=Specify the name of the target container, if not set, use the component name + containerName: *"" | string + // +usage=Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0. + initialDelaySeconds: *0 | int + // +usage=How often, in seconds, to execute the probe. Minimum value is 1. + periodSeconds: *10 | int + // +usage=Number of seconds after which the probe times out. Minimum value is 1. + timeoutSeconds: *1 | int + // +usage=Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. + successThreshold: *1 | int + // +usage=Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. + failureThreshold: *3 | int + // +usage=Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Set this value longer than the expected cleanup time for your process. + terminationGracePeriodSeconds?: int + // +usage=Instructions for assessing container startup status by executing a command. Either this attribute or the httpGet attribute or the grpc attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with the httpGet attribute and the tcpSocket attribute and the gRPC attribute. + exec?: { + // +usage=A command to be executed inside the container to assess its health. Each space delimited token of the command is a separate array element. Commands exiting 0 are considered to be successful probes, whilst all other exit codes are considered failures. + command: [...string] + } + // +usage=Instructions for assessing container startup status by executing an HTTP GET request. Either this attribute or the exec attribute or the grpc attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with the exec attribute and the tcpSocket attribute and the gRPC attribute. + httpGet?: { + // +usage=The endpoint, relative to the port, to which the HTTP GET request should be directed. + path?: string + // +usage=The port numer to access on the host or container. + port: int + // +usage=The hostname to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + host?: string + // +usage=The Scheme to use for connecting to the host. + scheme?: *"HTTP" | "HTTPS" + // +usage=Custom headers to set in the request. HTTP allows repeated headers. + httpHeaders?: [...{ + // +usage=The header field name + name: string + //+usage=The header field value + value: string + }] + } + // +usage=Instructions for assessing container startup status by probing a gRPC service. Either this attribute or the exec attribute or the grpc attribute or the httpGet attribute MUST be specified. This attribute is mutually exclusive with the exec attribute and the httpGet attribute and the tcpSocket attribute. + grpc?: { + // +usage=The port number of the gRPC service. + port: int + // +usage=The name of the service to place in the gRPC HealthCheckRequest + service?: string + } + // +usage=Instructions for assessing container startup status by probing a TCP socket. Either this attribute or the exec attribute or the tcpSocket attribute or the httpGet attribute MUST be specified. This attribute is mutually exclusive with the exec attribute and the httpGet attribute and the gRPC attribute. + tcpSocket?: { + // +usage=Number or name of the port to access on the container. + port: string + // +usage=Host name to connect to, defaults to the pod IP. + host?: string + } + } + PatchContainer: { + _params: #StartupProbeParams + name: _params.containerName + _baseContainers: context.output.spec.template.spec.containers + _matchContainers_: [ for _container_ in _baseContainers if _container_.name == name {_container_}] + if len(_matchContainers_) == 0 { + err: "container \(name) not found" + } + if len(_matchContainers_) > 0 { + startupProbe: { + if _params.exec != _|_ { + exec: _params.exec + } + if _params.httpGet != _|_ { + httpGet: _params.httpGet + } + if _params.grpc != _|_ { + grpc: _params.grpc + } + if _params.tcpSocket != _|_ { + tcpSocket: _params.tcpSocket + } + if _params.initialDelaySeconds != _|_ { + initialDelaySeconds: _params.initialDelaySeconds + } + if _params.periodSeconds != _|_ { + periodSeconds: _params.periodSeconds + } + if _params.tcpSocket != _|_ { + tcpSocket: _params.tcpSocket + } + if _params.timeoutSeconds != _|_ { + timeoutSeconds: _params.timeoutSeconds + } + if _params.successThreshold != _|_ { + successThreshold: _params.successThreshold + } + if _params.failureThreshold != _|_ { + failureThreshold: _params.failureThreshold + } + if _params.terminationGracePeriodSeconds != _|_ { + terminationGracePeriodSeconds: _params.terminationGracePeriodSeconds + } + } + } + } + patch: spec: template: spec: { + if parameter.probes == _|_ { + // +patchKey=name + containers: [{ + PatchContainer & {_params: { + if parameter.containerName == "" { + containerName: context.name + } + if parameter.containerName != "" { + containerName: parameter.containerName + } + periodSeconds: parameter.periodSeconds + initialDelaySeconds: parameter.initialDelaySeconds + timeoutSeconds: parameter.timeoutSeconds + successThreshold: parameter.successThreshold + failureThreshold: parameter.failureThreshold + terminationGracePeriodSeconds: parameter.terminationGracePeriodSeconds + if parameter.exec != _|_ { + exec: parameter.exec + } + if parameter.httpGet != _|_ { + httpGet: parameter.httpGet + } + if parameter.grpc != _|_ { + grpc: parameter.grpc + } + if parameter.tcpSocket != _|_ { + tcpSocket: parameter.grtcpSocketpc + } + }} + }] + } + if parameter.probes != _|_ { + // +patchKey=name + containers: [ for c in parameter.probes { + if c.name == "" { + err: "containerName must be set when specifying startup probe for multiple containers" + } + if c.name != "" { + PatchContainer & {_params: c} + } + }] + } + } + parameter: *#StartupProbeParams | close({ + // +usage=Specify the startup probe for multiple containers + probes: [...#StartupProbeParams] + }) + errs: [ for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}] + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/take-over.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/take-over.yaml new file mode 100644 index 0000000..5905c6e --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/take-over.yaml @@ -0,0 +1,38 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/take-over.cue +apiVersion: core.oam.dev/v1beta1 +kind: PolicyDefinition +metadata: + annotations: + definition.oam.dev/description: Configure the resources to be able to take over when it belongs to no application. + name: take-over + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + #PolicyRule: { + // +usage=Specify how to select the targets of the rule + selector: [...#RuleSelector] + } + #RuleSelector: { + // +usage=Select resources by component names + componentNames?: [...string] + // +usage=Select resources by component types + componentTypes?: [...string] + // +usage=Select resources by oamTypes (COMPONENT or TRAIT) + oamTypes?: [...string] + // +usage=Select resources by trait types + traitTypes?: [...string] + // +usage=Select resources by resource types (like Deployment) + resourceTypes?: [...string] + // +usage=Select resources by their names + resourceNames?: [...string] + } + parameter: { + // +usage=Specify the list of rules to control take over strategy at resource level. + // The selected resource will be able to be taken over by the current application when the resource belongs to no + // one. + rules?: [...#PolicyRule] + } + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/topologyspreadconstraints.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/topologyspreadconstraints.yaml new file mode 100644 index 0000000..65d0658 --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/topologyspreadconstraints.yaml @@ -0,0 +1,67 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/topologyspreadconstraints.cue +apiVersion: core.oam.dev/v1beta1 +kind: TraitDefinition +metadata: + annotations: + definition.oam.dev/description: Add topology spread constraints hooks for every container of K8s pod for your workload which follows the pod spec in path 'spec.template'. + name: topologyspreadconstraints + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + appliesToWorkloads: + - deployments.apps + - statefulsets.apps + - daemonsets.apps + - jobs.batch + podDisruptive: true + schematic: + cue: + template: | + constraintsArray: [ + for v in parameter.constraints { + maxSkew: v.maxSkew + topologyKey: v.topologyKey + whenUnsatisfiable: v.whenUnsatisfiable + labelSelector: v.labelSelector + if v.nodeAffinityPolicy != _|_ { + nodeAffinityPolicy: v.nodeAffinityPolicy + } + if v.nodeTaintsPolicy != _|_ { + nodeTaintsPolicy: v.nodeTaintsPolicy + } + if v.minDomains != _|_ { + minDomains: v.minDomains + } + if v.matchLabelKeys != _|_ { + matchLabelKeys: v.matchLabelKeys + } + }, + ] + patch: spec: template: spec: topologySpreadConstraints: constraintsArray + #labSelector: { + matchLabels?: [string]: string + matchExpressions?: [...{ + key: string + operator: *"In" | "NotIn" | "Exists" | "DoesNotExist" + values?: [...string] + }] + } + parameter: constraints: [...{ + // +usage=Describe the degree to which Pods may be unevenly distributed + maxSkew: int + // +usage=Specify the key of node labels + topologyKey: string + // +usage=Indicate how to deal with a Pod if it doesn't satisfy the spread constraint + whenUnsatisfiable: *"DoNotSchedule" | "ScheduleAnyway" + // +usage: labelSelector to find matching Pods + labelSelector: #labSelector + // +usage=Indicate a minimum number of eligible domains + minDomains?: int + // +usage=A list of pod label keys to select the pods over which spreading will be calculated + matchLabelKeys?: [...string] + // +usage=Indicate how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew + nodeAffinityPolicy?: *"Honor" | "Ignore" + // +usage=Indicate how we will treat node taints when calculating pod topology spread skew + nodeTaintsPolicy?: *"Honor" | "Ignore" + }] + diff --git a/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/vela-cli.yaml b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/vela-cli.yaml new file mode 100644 index 0000000..26c25eb --- /dev/null +++ b/pkg/resources/static/vela/charts/vela-core/templates/defwithtemplate/vela-cli.yaml @@ -0,0 +1,130 @@ +# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file. +# Definition source cue file: vela-templates/definitions/internal/vela-cli.cue +apiVersion: core.oam.dev/v1beta1 +kind: WorkflowStepDefinition +metadata: + annotations: + definition.oam.dev/description: Run a vela command + definition.oam.dev/example-url: https://raw.githubusercontent.com/kubevela/workflow/main/examples/workflow-run/apply-terraform-resource.yaml + name: vela-cli + namespace: {{ include "systemDefinitionNamespace" . }} +spec: + schematic: + cue: + template: | + import ( + "vela/op" + ) + + mountsArray: [ + if parameter.storage != _|_ && parameter.storage.secret != _|_ for v in parameter.storage.secret { + { + mountPath: v.mountPath + if v.subPath != _|_ { + subPath: v.subPath + } + name: v.name + } + }, + ] + volumesList: [ + if parameter.storage != _|_ && parameter.storage.secret != _|_ for v in parameter.storage.secret { + { + name: v.name + secret: { + defaultMode: v.defaultMode + secretName: v.secretName + if v.items != _|_ { + items: v.items + } + } + } + }, + ] + deDupVolumesArray: [ + for val in [ + for i, vi in volumesList { + for j, vj in volumesList if j < i && vi.name == vj.name { + _ignore: true + } + vi + }, + ] if val._ignore == _|_ { + val + }, + ] + job: op.#Apply & { + value: { + apiVersion: "batch/v1" + kind: "Job" + metadata: { + name: "\(context.name)-\(context.stepName)-\(context.stepSessionID)" + if parameter.serviceAccountName == "kubevela-vela-core" { + namespace: "vela-system" + } + if parameter.serviceAccountName != "kubevela-vela-core" { + namespace: context.namespace + } + } + spec: { + backoffLimit: 3 + template: { + labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)" + spec: { + containers: [ + { + name: "\(context.name)-\(context.stepName)-\(context.stepSessionID)-job" + image: parameter.image + command: parameter.command + volumeMounts: mountsArray + }, + ] + restartPolicy: "Never" + serviceAccount: parameter.serviceAccountName + volumes: deDupVolumesArray + } + } + } + } + } + log: op.#Log & { + source: resources: [{labelSelector: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"}] + } + fail: op.#Steps & { + if job.value.status.failed != _|_ { + if job.value.status.failed > 2 { + breakWorkflow: op.#Fail & { + message: "failed to execute vela command" + } + } + } + } + wait: op.#ConditionalWait & { + continue: job.value.status.succeeded != _|_ && job.value.status.succeeded > 0 + } + parameter: { + // +usage=Specify the name of the addon. + addonName: string + // +usage=Specify the vela command + command: [...string] + // +usage=Specify the image + image: *"oamdev/vela-cli:v1.6.4" | string + // +usage=specify serviceAccountName want to use + serviceAccountName: *"kubevela-vela-core" | string + storage?: { + // +usage=Mount Secret type storage + secret?: [...{ + name: string + mountPath: string + subPath?: string + defaultMode: *420 | int + secretName: string + items?: [...{ + key: string + path: string + mode: *511 | int + }] + }] + } + } + diff --git a/pkg/resources/static/vela/charts/vela-core/values.yaml b/pkg/resources/static/vela/charts/vela-core/values.yaml index 8c8d37f..2ae8433 100644 --- a/pkg/resources/static/vela/charts/vela-core/values.yaml +++ b/pkg/resources/static/vela/charts/vela-core/values.yaml @@ -8,10 +8,10 @@ systemDefinitionNamespace: ## @param applicationRevisionLimit Application revision limit -applicationRevisionLimit: 10 +applicationRevisionLimit: 2 ## @param definitionRevisionLimit Definition revision limit -definitionRevisionLimit: 20 +definitionRevisionLimit: 2 ## @param concurrentReconciles concurrentReconciles is the concurrent reconcile number of the controller concurrentReconciles: 4 @@ -26,9 +26,6 @@ OAMSpecVer: "v0.3" ## @param disableCaps Disable capability disableCaps: "rollout" -## @param enableFluxcdAddon Whether to enable fluxcd addon -enableFluxcdAddon: false - ## @param dependCheckWait dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready dependCheckWait: 30s @@ -102,7 +99,7 @@ optimize: resourceTrackerListOp: true controllerReconcileLoopReduction: false markWithProb: 0.1 - disableComponentRevision: false + disableComponentRevision: true disableApplicationRevision: false disableWorkflowRecorder: false enableInMemoryWorkflowContext: false @@ -110,16 +107,20 @@ optimize: enableResourceTrackerDeleteOnlyTrigger: true ##@param featureGates.enableLegacyComponentRevision if disabled, only component with rollout trait will create component revisions -##@param featureGates.gzipResourceTracker if enabled, resourceTracker will be compressed using gzip before being stored -##@param featureGates.zstdResourceTracker if enabled, resourceTracker will be compressed using zstd before being stored. It is much faster and more efficient than gzip. If both gzip and zstd are enabled, zstd will be used. +##@param featureGates.gzipResourceTracker compress ResourceTracker using gzip (good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers. +##@param featureGates.zstdResourceTracker compress ResourceTracker using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge ResourceTrackers. Note that zstd will be prioritized if you enable other compression options. ##@param featureGates.applyOnce if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker ##@param featureGates.multiStageComponentApply if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply. +##@param featureGates.gzipApplicationRevision compress apprev using gzip (good) before being stored. This is reduces network throughput when dealing with huge apprevs. +##@param featureGates.zstdApplicationRevision compress apprev using zstd (fast and good) before being stored. This is reduces network throughput when dealing with huge apprevs. Note that zstd will be prioritized if you enable other compression options. featureGates: enableLegacyComponentRevision: false gzipResourceTracker: false - zstdResourceTracker: false + zstdResourceTracker: true applyOnce: false multiStageComponentApply: false + gzipApplicationRevision: false + zstdApplicationRevision: true ## @section MultiCluster parameters @@ -249,11 +250,11 @@ admissionWebhooks: enabled: false revisionHistoryLimit: 3 -## @param kubeClient.qps The qps for reconcile clients, default is 50 -## @param kubeClient.burst The burst for reconcile clients, default is 100 +## @param kubeClient.qps The qps for reconcile clients, default is 100 +## @param kubeClient.burst The burst for reconcile clients, default is 200 kubeClient: - qps: 50 - burst: 100 + qps: 100 + burst: 200 ## @param authentication.enabled Enable authentication for application ## @param authentication.withUser Application authentication will impersonate as the request User