diff --git a/cluster/base/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml index 38c77d661000a..851143f58c2f0 100644 --- a/cluster/base/flux-system/gotk-components.yaml +++ b/cluster/base/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.24.1 +# Flux Version: v0.28.3 # Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller apiVersion: v1 kind: Namespace @@ -8,19 +8,21 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/warn-version: latest name: flux-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -32,15 +34,15 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1beta1 schema: openAPIV3Schema: @@ -92,6 +94,15 @@ spec: - ImagePolicy - ImageUpdateAutomation type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object name: description: Name of the referent maxLength: 53 @@ -116,7 +127,7 @@ spec: description: Send events using this provider. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -227,12 +238,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -338,7 +349,7 @@ spec: for the Bucket. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -348,8 +359,8 @@ spec: of this source. type: boolean timeout: - default: 20s - description: The timeout for download operations, defaults to 20s. + default: 60s + description: The timeout for download operations, defaults to 60s. type: string required: - bucketName @@ -460,7 +471,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last observed generation. @@ -473,6 +485,255 @@ spec: type: object type: object served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec specifies the required configuration to produce + an Artifact for an object storage bucket. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + bucketName: + description: BucketName is the name of the object storage bucket. + type: string + endpoint: + description: Endpoint is the object storage address the BucketName + is located at. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP Endpoint. + type: boolean + interval: + description: Interval at which to check the Endpoint for updates. + type: string + provider: + default: generic + description: Provider of the object storage bucket. Defaults to 'generic', + which expects an S3 (API) compatible object storage. + enum: + - generic + - aws + - gcp + - azure + type: string + region: + description: Region of the Endpoint where the BucketName is located + in. + type: string + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the Bucket. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this Bucket. + type: boolean + timeout: + default: 60s + description: Timeout for fetch operations, defaults to 60s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + default: + observedGeneration: -1 + description: BucketStatus records the observed state of a Bucket. + properties: + artifact: + description: Artifact represents the last successful Bucket reconciliation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the Bucket object. + format: int64 + type: integer + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true storage: true subresources: status: {} @@ -487,12 +748,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -593,7 +854,7 @@ spec: description: Reference to a GitRepository to include. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -640,7 +901,7 @@ spec: and known_hosts fields. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -650,9 +911,9 @@ spec: of this source. type: boolean timeout: - default: 20s + default: 60s description: The timeout for remote Git operations like cloning, defaults - to 20s. + to 60s. type: string url: description: The repository URL, can be a HTTP/S or SSH address. @@ -673,7 +934,7 @@ spec: trusted Git authors. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -819,7 +1080,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last observed generation. @@ -832,44 +1094,411 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart + - jsonPath: .spec.url + name: URL type: string - - jsonPath: .spec.version - name: Version + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec specifies the required configuration to + produce an Artifact for a Git repository. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + gitImplementation: + default: go-git + description: GitImplementation specifies which Git client library + implementation to use. Defaults to 'go-git', valid values are ('go-git', + 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Include specifies a list of GitRepository resources which + Artifacts should be included in the Artifact produced for this GitRepository. + items: + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. + properties: + fromPath: + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. + type: string + repository: + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. + type: string + required: + - repository + type: object + type: array + interval: + description: Interval at which to check the GitRepository for updates. + type: string + recurseSubmodules: + description: RecurseSubmodules enables the initialization of all submodules + within the GitRepository as cloned from the URL, using their default + settings. This option is available only when using the 'go-git' + GitImplementation. + type: boolean + ref: + description: Reference specifies the Git reference to resolve and + monitor for changes, defaults to the 'master' branch. + properties: + branch: + description: "Branch to check out, defaults to 'master' if no + other field is defined. \n When GitRepositorySpec.GitImplementation + is set to 'go-git', a shallow clone of the specified branch + is performed." + type: string + commit: + description: "Commit SHA to check out, takes precedence over all + reference fields. \n When GitRepositorySpec.GitImplementation + is set to 'go-git', this can be combined with Branch to shallow + clone the branch, in which the commit is expected to exist." + type: string + semver: + description: SemVer tag expression to check out, takes precedence + over Tag. + type: string + tag: + description: Tag to check out, takes precedence over Branch. + type: string + type: object + secretRef: + description: SecretRef specifies the Secret containing authentication + credentials for the GitRepository. For HTTPS repositories the Secret + must contain 'username' and 'password' fields. For SSH repositories + the Secret must contain 'identity', 'identity.pub' and 'known_hosts' + fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this GitRepository. + type: boolean + timeout: + default: 60s + description: Timeout for Git operations like cloning, defaults to + 60s. + type: string + url: + description: URL specifies the Git repository URL, it can be an HTTP/S + or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verification specifies the configuration to verify the + Git commit signature(s). + properties: + mode: + description: Mode specifies what Git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: SecretRef specifies the Secret containing the public + keys of trusted Git authors. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus records the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the last successful GitRepository + reconciliation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: IncludedArtifacts contains a list of the last successfully + included Artifacts as instructed by GitRepositorySpec.Include. + items: + description: Artifact represents the output of a Source reconciliation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact + file. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + path: + description: Path is the relative file path of the Artifact. + It can be used to locate the file in the root of the Artifact + storage on the local file system of the controller managing + the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - path + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the GitRepository object. + format: int64 + type: integer + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.28.3 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version type: string - jsonPath: .spec.sourceRef.kind name: Source Kind @@ -1104,7 +1733,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last observed generation. @@ -1116,6 +1746,287 @@ spec: type: object type: object served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec specifies the desired state of a Helm chart. + properties: + accessFrom: + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + chart: + description: Chart is the name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval is the interval at which to check the Source + for updates. + type: string + reconcileStrategy: + default: ChartVersion + description: ReconcileStrategy determines what enables the creation + of a new artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on their + behavior. Defaults to ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: SourceRef is the reference to the Source the chart is + available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: Suspend tells the controller to suspend the reconciliation + of this source. + type: boolean + valuesFile: + description: ValuesFile is an alternative values file to use as the + default chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file specified here is merged before the ValuesFiles items. + Ignored when omitted. + type: string + valuesFiles: + description: ValuesFiles is an alternative list of values files to + use as the chart values (values.yaml is not included by default), + expected to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding the + first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: Version is the chart version semver expression, ignored + for charts from GitRepository and Bucket sources. Defaults to latest + when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + default: + observedGeneration: -1 + description: HelmChartStatus records the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + reconciliation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. + format: date-time + type: string + path: + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. + type: string + revision: + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedChartName: + description: ObservedChartName is the last observed chart name as + specified by the resolved chart reference. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation of + the HelmChart object. + format: int64 + type: integer + observedSourceArtifactRevision: + description: ObservedSourceArtifactRevision is the last observed Artifact.Revision + of the HelmChartSpec.SourceRef. + type: string + url: + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. + type: string + type: object + type: object + served: true storage: true subresources: status: {} @@ -1130,12 +2041,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -1149,15 +2060,15 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v2beta1 schema: openAPIV3Schema: @@ -1179,11 +2090,11 @@ spec: description: HelmReleaseSpec defines the desired state of a Helm release. properties: chart: - description: Chart defines the template of the v1beta1.HelmChart that + description: Chart defines the template of the v1beta2.HelmChart that should be created for this HelmRelease. properties: spec: - description: Spec holds the template for the v1beta1.HelmChartSpec + description: Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease. properties: chart: @@ -1191,7 +2102,7 @@ spec: at in the SourceRef. type: string interval: - description: Interval at which to check the v1beta1.Source + description: Interval at which to check the v1beta2.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. type: string reconcileStrategy: @@ -1205,7 +2116,7 @@ spec: - Revision type: string sourceRef: - description: The name and namespace of the v1beta1.Source + description: The name and namespace of the v1beta2.Source the chart is available at. properties: apiVersion: @@ -1250,7 +2161,7 @@ spec: version: default: '*' description: Version semver expression, ignored for charts - from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults + from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults to latest when omitted. type: string required: @@ -1261,18 +2172,19 @@ spec: - spec type: object dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + description: DependsOn may contain a meta.NamespacedObjectReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. items: - description: CrossNamespaceDependencyReference holds the reference - to a dependency. + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. properties: name: - description: Name holds the name reference of a dependency. + description: Name of the referent. type: string namespace: - description: Namespace holds the namespace reference of a dependency. + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. type: string required: - name @@ -1379,7 +2291,7 @@ spec: for reconciling the HelmRelease. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -1429,6 +2341,61 @@ spec: - name type: object type: array + patches: + description: Strategic merge and JSON patches, defined as + inline YAML objects, capable of targeting objects based + on kind, label and annotation selectors. + items: + description: Patch contains an inline StrategicMerge or + JSON6902 patch, and the target the patch should be applied + to. + properties: + patch: + description: Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with an array + of operation objects. + type: string + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + type: object + type: array patchesJson6902: description: JSON 6902 patches, defined as inline YAML objects. items: @@ -1627,6 +2594,10 @@ spec: description: DisableHooks prevents hooks from running during the Helm rollback action. type: boolean + disableWait: + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. + type: boolean keepHistory: description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. @@ -1770,16 +2741,296 @@ spec: type: object type: array required: - - chart + - chart + - interval + type: object + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully + applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful + Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.28.3 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + interval: + description: The interval at which to check the upstream for updates. + type: string + passCredentials: + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. + type: boolean + secretRef: + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain a + certFile and keyFile, and/or caCert fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least + a protocol and host. + type: string + required: - interval + - url type: object status: default: observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. + description: HelmRepositoryStatus defines the observed state of the HelmRepository. properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object conditions: - description: Conditions holds the conditions for the HelmRelease. + description: Conditions holds the conditions for the HelmRepository. items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct @@ -1848,101 +3099,41 @@ spec: - type type: object type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer observedGeneration: description: ObservedGeneration is the last observed generation. format: int64 type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer + url: + description: URL is the download link for the last index fetched. + type: string type: object type: object served: true - storage: true + storage: false subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - additionalPrinterColumns: - jsonPath: .spec.url name: URL type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 + name: v1beta2 schema: openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API + description: HelmRepository is the Schema for the helmrepositories API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -1957,11 +3148,13 @@ spec: metadata: type: object spec: - description: HelmRepositorySpec defines the reference to a Helm repository. + description: HelmRepositorySpec specifies the required configuration to + produce an Artifact for a Helm repository index YAML. properties: accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' properties: namespaceSelectors: description: NamespaceSelectors is the list of namespace selectors @@ -1987,7 +3180,7 @@ spec: - namespaceSelectors type: object interval: - description: The interval at which to check the upstream for updates. + description: Interval at which to check the URL for updates. type: string passCredentials: description: PassCredentials allows the credentials from the SecretRef @@ -1998,27 +3191,27 @@ spec: getting stolen in a MITM-attack. type: boolean secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caCert fields. + description: SecretRef specifies the Secret containing authentication + credentials for the HelmRepository. For HTTP/S basic auth the secret + must contain 'username' and 'password' fields. For TLS the secret + must contain a 'certFile' and 'keyFile', and/or 'caCert' fields. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name type: object suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. + description: Suspend tells the controller to suspend the reconciliation + of this HelmRepository. type: boolean timeout: default: 60s - description: The timeout of index downloading, defaults to 60s. + description: Timeout of the index fetch operation, defaults to 60s. type: string url: - description: The Helm repository URL, a valid URL contains at least + description: URL of the Helm repository, a valid URL contains at least a protocol and host. type: string required: @@ -2028,30 +3221,39 @@ spec: status: default: observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. + description: HelmRepositoryStatus records the observed state of the HelmRepository. properties: artifact: - description: Artifact represents the output of the last successful - repository sync. + description: Artifact represents the last successful HelmRepository + reconciliation. properties: checksum: - description: Checksum is the SHA256 checksum of the artifact. + description: Checksum is the SHA256 checksum of the Artifact file. type: string lastUpdateTime: description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. + the last update of the Artifact. format: date-time type: string path: - description: Path is the relative file path of this artifact. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: Revision is a human readable identifier traceable + description: Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. + tag, a Helm chart version, etc. type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer url: - description: URL is the HTTP address of this artifact. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - path @@ -2129,14 +3331,18 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: ObservedGeneration is the last observed generation. + description: ObservedGeneration is the last observed generation of + the HelmRepository object. format: int64 type: integer url: - description: URL is the download link for the last index fetched. + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact + data is recommended. type: string type: object type: object @@ -2155,12 +3361,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: imagepolicies.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2216,7 +3422,7 @@ spec: image being scanned properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -2272,8 +3478,6 @@ spec: - policy type: object status: - default: - observedGeneration: -1 description: ImagePolicyStatus defines the observed state of ImagePolicy properties: conditions: @@ -2351,7 +3555,6 @@ spec: the policy. type: string observedGeneration: - description: ObservedGeneration is the last reconciled generation. format: int64 type: integer type: object @@ -2405,7 +3608,7 @@ spec: image being scanned properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -2591,11 +3794,11 @@ spec: image being scanned properties: name: - description: Name of the referent + description: Name of the referent. type: string namespace: description: Namespace of the referent, when not specified it - acts as LocalObjectReference + acts as LocalObjectReference. type: string required: - name @@ -2651,6 +3854,8 @@ spec: - policy type: object status: + default: + observedGeneration: -1 description: ImagePolicyStatus defines the observed state of ImagePolicy properties: conditions: @@ -2747,12 +3952,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: imagerepositories.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -2801,7 +4006,7 @@ spec: server certificate." properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -2819,7 +4024,7 @@ spec: created with `kubectl create secret docker-registry`, or the equivalent. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -2834,8 +4039,6 @@ spec: type: string type: object status: - default: - observedGeneration: -1 description: ImageRepositoryStatus defines the observed state of ImageRepository properties: canonicalImageName: @@ -2914,7 +4117,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastScanResult: description: LastScanResult contains the number of fetched tags. @@ -2975,7 +4179,7 @@ spec: server certificate." properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -2993,7 +4197,7 @@ spec: created with `kubectl create secret docker-registry`, or the equivalent. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3086,7 +4290,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastScanResult: description: LastScanResult contains the number of fetched tags. @@ -3143,14 +4348,27 @@ spec: labels. properties: namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array + required: + - namespaceSelectors type: object certSecretRef: description: "CertSecretRef can be given the name of a secret containing @@ -3162,7 +4380,7 @@ spec: server certificate." properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3180,7 +4398,7 @@ spec: created with `kubectl create secret docker-registry`, or the equivalent. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3195,6 +4413,8 @@ spec: type: string type: object status: + default: + observedGeneration: -1 description: ImageRepositoryStatus defines the observed state of ImageRepository properties: canonicalImageName: @@ -3273,7 +4493,8 @@ spec: type: array lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastScanResult: description: LastScanResult contains the number of fetched tags. @@ -3307,12 +4528,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: imageupdateautomations.image.toolkit.fluxcd.io spec: group: image.toolkit.fluxcd.io @@ -3362,7 +4583,7 @@ spec: details to a git repository to update files in. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3398,7 +4619,7 @@ spec: be in the same namespace as the ImageUpdateAutomation. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3535,7 +4756,8 @@ spec: type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastPushCommit: description: LastPushCommit records the SHA1 of the last commit made @@ -3647,7 +4869,7 @@ spec: value. It must be in the same namespace as the ImageUpdateAutomation. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3806,7 +5028,8 @@ spec: type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastPushCommit: description: LastPushCommit records the SHA1 of the last commit made @@ -3866,19 +5089,24 @@ spec: from the Git repository. properties: branch: - description: The Git branch to checkout, defaults to master. + description: "Branch to check out, defaults to 'master' + if no other field is defined. \n When GitRepositorySpec.GitImplementation + is set to 'go-git', a shallow clone of the specified + branch is performed." type: string commit: - description: The Git commit SHA to checkout, if specified - Tag filters will be ignored. + description: "Commit SHA to check out, takes precedence + over all reference fields. \n When GitRepositorySpec.GitImplementation + is set to 'go-git', this can be combined with Branch + to shallow clone the branch, in which the commit is + expected to exist." type: string semver: - description: The Git tag semver expression, takes precedence - over Tag. + description: SemVer tag expression to check out, takes + precedence over Tag. type: string tag: - description: The Git tag to checkout, takes precedence - over Branch. + description: Tag to check out, takes precedence over Branch. type: string type: object required: @@ -3918,7 +5146,7 @@ spec: value. It must be in the same namespace as the ImageUpdateAutomation. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -3952,16 +5180,20 @@ spec: to a git repository. properties: apiVersion: - description: API version of the referent + description: API version of the referent. type: string kind: default: GitRepository - description: Kind of the referent + description: Kind of the referent. enum: - GitRepository type: string name: - description: Name of the referent + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, defaults to the namespace + of the Kubernetes resource object that contains the reference. type: string required: - kind @@ -3997,6 +5229,8 @@ spec: - sourceRef type: object status: + default: + observedGeneration: -1 description: ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation properties: @@ -4077,7 +5311,8 @@ spec: type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string lastPushCommit: description: LastPushCommit records the SHA1 of the last commit made @@ -4107,12 +5342,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -4169,7 +5404,7 @@ spec: used for decryption. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -4178,18 +5413,19 @@ spec: - provider type: object dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + description: DependsOn may contain a meta.NamespacedObjectReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. items: - description: CrossNamespaceDependencyReference holds the reference - to a dependency. + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. properties: name: - description: Name holds the name reference of a dependency. + description: Name of the referent. type: string namespace: - description: Namespace holds the namespace reference of a dependency. + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. type: string required: - name @@ -4204,21 +5440,22 @@ spec: description: A list of resources to be included in the health assessment. items: description: NamespacedObjectKindReference contains enough information - to let you locate the typed referenced object in any namespace + to locate the typed referenced Kubernetes resource object in any + namespace. properties: apiVersion: description: API version of the referent, if not specified the - Kubernetes preferred version will be used + Kubernetes preferred version will be used. type: string kind: - description: Kind of the referent + description: Kind of the referent. type: string name: - description: Name of the referent + description: Name of the referent. type: string namespace: description: Namespace of the referent, when not specified it - acts as LocalObjectReference + acts as LocalObjectReference. type: string required: - kind @@ -4271,7 +5508,7 @@ spec: for reconciling the Kustomization. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -4620,7 +5857,8 @@ spec: type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last reconciled generation. @@ -4661,15 +5899,15 @@ spec: subresources: status: {} - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1beta2 schema: openAPIV3Schema: @@ -4705,7 +5943,7 @@ spec: used for decryption. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -4714,18 +5952,19 @@ spec: - provider type: object dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference + description: DependsOn may contain a meta.NamespacedObjectReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. items: - description: CrossNamespaceDependencyReference holds the reference - to a dependency. + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. properties: name: - description: Name holds the name reference of a dependency. + description: Name of the referent. type: string namespace: - description: Namespace holds the namespace reference of a dependency. + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. type: string required: - name @@ -4740,21 +5979,22 @@ spec: description: A list of resources to be included in the health assessment. items: description: NamespacedObjectKindReference contains enough information - to let you locate the typed referenced object in any namespace + to locate the typed referenced Kubernetes resource object in any + namespace. properties: apiVersion: description: API version of the referent, if not specified the - Kubernetes preferred version will be used + Kubernetes preferred version will be used. type: string kind: - description: Kind of the referent + description: Kind of the referent. type: string name: - description: Name of the referent + description: Name of the referent. type: string namespace: description: Namespace of the referent, when not specified it - acts as LocalObjectReference + acts as LocalObjectReference. type: string required: - kind @@ -4807,7 +6047,7 @@ spec: for reconciling the Kustomization. properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -5001,6 +6241,14 @@ spec: maxLength: 253 minLength: 1 type: string + optional: + default: false + description: Optional indicates whether the referenced resource + must exist, or whether to tolerate its absence. If true + and the referenced resource is absent, proceed as if the + resource was present but empty, without any variables + defined. + type: boolean required: - kind - name @@ -5185,7 +6433,8 @@ spec: type: string lastHandledReconcileAt: description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change can be detected. + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last reconciled generation. @@ -5208,12 +6457,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5225,15 +6474,15 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1beta1 schema: openAPIV3Schema: @@ -5263,7 +6512,7 @@ spec: a PEM-encoded CA certificate (`caFile`) properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -5280,7 +6529,7 @@ spec: using "address" as data key properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -5310,6 +6559,7 @@ spec: - matrix - opsgenie - alertmanager + - grafana type: string username: description: Bot username for this provider @@ -5412,12 +6662,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -5429,15 +6679,15 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1beta1 schema: openAPIV3Schema: @@ -5486,6 +6736,15 @@ spec: - ImagePolicy - ImageUpdateAutomation type: string + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object name: description: Name of the referent maxLength: 53 @@ -5505,7 +6764,7 @@ spec: the payload authenticity properties: name: - description: Name of the referent + description: Name of the referent. type: string required: - name @@ -5634,7 +6893,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: helm-controller namespace: flux-system --- @@ -5644,7 +6903,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: image-automation-controller namespace: flux-system --- @@ -5654,7 +6913,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: image-reflector-controller namespace: flux-system --- @@ -5664,7 +6923,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: kustomize-controller namespace: flux-system --- @@ -5674,7 +6933,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: notification-controller namespace: flux-system --- @@ -5684,7 +6943,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: source-controller namespace: flux-system --- @@ -5694,7 +6953,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: crd-controller-flux-system rules: - apiGroups: @@ -5775,7 +7034,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5795,7 +7054,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -5827,7 +7086,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: notification-controller namespace: flux-system @@ -5847,7 +7106,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: source-controller namespace: flux-system @@ -5867,7 +7126,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: webhook-receiver namespace: flux-system @@ -5887,7 +7146,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: helm-controller namespace: flux-system @@ -5906,7 +7165,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5916,7 +7175,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.14.1 + image: ghcr.io/fluxcd/helm-controller:v0.18.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5926,6 +7185,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -5942,12 +7202,20 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp nodeSelector: kubernetes.io/os: linux + securityContext: + fsGroup: 1337 serviceAccountName: helm-controller terminationGracePeriodSeconds: 600 volumes: @@ -5960,7 +7228,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: image-automation-controller namespace: flux-system @@ -5979,7 +7247,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5989,7 +7257,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-automation-controller:v0.18.0 + image: ghcr.io/fluxcd/image-automation-controller:v0.21.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5999,6 +7267,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6015,7 +7284,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6035,7 +7310,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: image-reflector-controller namespace: flux-system @@ -6054,7 +7329,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -6064,7 +7339,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/image-reflector-controller:v0.14.0 + image: ghcr.io/fluxcd/image-reflector-controller:v0.17.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6074,6 +7349,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6090,7 +7366,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6114,7 +7396,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: kustomize-controller namespace: flux-system @@ -6133,7 +7415,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -6143,7 +7425,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.18.2 + image: ghcr.io/fluxcd/kustomize-controller:v0.22.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6153,6 +7435,7 @@ spec: ports: - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6169,7 +7452,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp @@ -6189,7 +7478,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: notification-controller namespace: flux-system @@ -6217,7 +7506,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.19.0 + image: ghcr.io/fluxcd/notification-controller:v0.23.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6227,10 +7516,13 @@ spec: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 9292 name: http-webhook + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz protocol: TCP @@ -6247,12 +7539,20 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tmp name: temp nodeSelector: kubernetes.io/os: linux + securityContext: + fsGroup: 1337 serviceAccountName: notification-controller terminationGracePeriodSeconds: 10 volumes: @@ -6265,7 +7565,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.24.1 + app.kubernetes.io/version: v0.28.3 control-plane: controller name: source-controller namespace: flux-system @@ -6286,7 +7586,7 @@ spec: spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local/ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -6298,7 +7598,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.19.2 + image: ghcr.io/fluxcd/source-controller:v0.22.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6308,10 +7608,13 @@ spec: ports: - containerPort: 9090 name: http + protocol: TCP - containerPort: 8080 name: http-prom + protocol: TCP - containerPort: 9440 name: healthz + protocol: TCP readinessProbe: httpGet: path: / @@ -6325,7 +7628,13 @@ spec: memory: 64Mi securityContext: allowPrivilegeEscalation: false + capabilities: + drop: + - ALL readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /data name: data