diff --git a/PROJECT b/PROJECT index 9d89d81be..e71c757bc 100644 --- a/PROJECT +++ b/PROJECT @@ -4,39 +4,12 @@ resources: - group: source kind: GitRepository version: v1 -- group: source - kind: GitRepository - version: v1beta2 - group: source kind: HelmRepository version: v1 -- group: source - kind: HelmRepository - version: v1beta2 - group: source kind: HelmChart version: v1 -- group: source - kind: HelmChart - version: v1beta2 -- group: source - kind: Bucket - version: v1beta2 -- group: source - kind: GitRepository - version: v1beta1 -- group: source - kind: HelmRepository - version: v1beta1 -- group: source - kind: HelmChart - version: v1beta1 -- group: source - kind: Bucket - version: v1beta1 -- group: source - kind: OCIRepository - version: v1beta2 - group: source kind: Bucket version: v1 diff --git a/README.md b/README.md index 6f07b2e00..5d6bccb90 100644 --- a/README.md +++ b/README.md @@ -16,13 +16,14 @@ and is a core component of the [GitOps toolkit](https://fluxcd.io/flux/component ## APIs -| Kind | API Version | -|----------------------------------------------------|-------------------------------| -| [GitRepository](docs/spec/v1/gitrepositories.md) | `source.toolkit.fluxcd.io/v1` | -| [OCIRepository](docs/spec/v1/ocirepositories.md) | `source.toolkit.fluxcd.io/v1` | -| [HelmRepository](docs/spec/v1/helmrepositories.md) | `source.toolkit.fluxcd.io/v1` | -| [HelmChart](docs/spec/v1/helmcharts.md) | `source.toolkit.fluxcd.io/v1` | -| [Bucket](docs/spec/v1/buckets.md) | `source.toolkit.fluxcd.io/v1` | +| Kind | API Version | +|-------------------------------------------------------|-------------------------------| +| [GitRepository](docs/spec/v1/gitrepositories.md) | `source.toolkit.fluxcd.io/v1` | +| [OCIRepository](docs/spec/v1/ocirepositories.md) | `source.toolkit.fluxcd.io/v1` | +| [HelmRepository](docs/spec/v1/helmrepositories.md) | `source.toolkit.fluxcd.io/v1` | +| [HelmChart](docs/spec/v1/helmcharts.md) | `source.toolkit.fluxcd.io/v1` | +| [Bucket](docs/spec/v1/buckets.md) | `source.toolkit.fluxcd.io/v1` | +| [ExternalArtifact](docs/spec/v1/externalartifacts.md) | `source.toolkit.fluxcd.io/v1` | ## Features diff --git a/api/v1beta2/bucket_types.go b/api/v1beta2/bucket_types.go index 6495abdd0..107474ae3 100644 --- a/api/v1beta2/bucket_types.go +++ b/api/v1beta2/bucket_types.go @@ -271,12 +271,7 @@ func (in *Bucket) GetArtifact() *meta.Artifact { // +genclient // +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="v1beta2 Bucket is deprecated, upgrade to v1" -// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" -// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" -// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +// +kubebuilder:skipversion // Bucket is the Schema for the buckets API. type Bucket struct { diff --git a/api/v1beta2/gitrepository_types.go b/api/v1beta2/gitrepository_types.go index 89beeb9a7..97d317953 100644 --- a/api/v1beta2/gitrepository_types.go +++ b/api/v1beta2/gitrepository_types.go @@ -287,12 +287,7 @@ func (in *GitRepository) GetArtifact() *meta.Artifact { // +genclient // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=gitrepo -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="v1beta2 GitRepository is deprecated, upgrade to v1" -// +kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.spec.url` -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" -// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" -// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +// +kubebuilder:skipversion // GitRepository is the Schema for the gitrepositories API. type GitRepository struct { diff --git a/api/v1beta2/helmchart_types.go b/api/v1beta2/helmchart_types.go index ac24b1c13..f9dbd9662 100644 --- a/api/v1beta2/helmchart_types.go +++ b/api/v1beta2/helmchart_types.go @@ -217,15 +217,7 @@ func (in *HelmChart) GetValuesFiles() []string { // +genclient // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=hc -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="v1beta2 HelmChart is deprecated, upgrade to v1" -// +kubebuilder:printcolumn:name="Chart",type=string,JSONPath=`.spec.chart` -// +kubebuilder:printcolumn:name="Version",type=string,JSONPath=`.spec.version` -// +kubebuilder:printcolumn:name="Source Kind",type=string,JSONPath=`.spec.sourceRef.kind` -// +kubebuilder:printcolumn:name="Source Name",type=string,JSONPath=`.spec.sourceRef.name` -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" -// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" -// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +// +kubebuilder:skipversion // HelmChart is the Schema for the helmcharts API. type HelmChart struct { diff --git a/api/v1beta2/helmrepository_types.go b/api/v1beta2/helmrepository_types.go index 56cbd928c..a47bb64f6 100644 --- a/api/v1beta2/helmrepository_types.go +++ b/api/v1beta2/helmrepository_types.go @@ -198,12 +198,7 @@ func (in *HelmRepository) GetArtifact() *meta.Artifact { // +genclient // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=helmrepo -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="v1beta2 HelmRepository is deprecated, upgrade to v1" -// +kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.spec.url` -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" -// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" -// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" +// +kubebuilder:skipversion // HelmRepository is the Schema for the helmrepositories API. type HelmRepository struct { diff --git a/api/v1beta2/ocirepository_types.go b/api/v1beta2/ocirepository_types.go index 760f0d8f1..8314d5ba0 100644 --- a/api/v1beta2/ocirepository_types.go +++ b/api/v1beta2/ocirepository_types.go @@ -285,12 +285,7 @@ func (in *OCIRepository) GetLayerOperation() string { // +genclient // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=ocirepo -// +kubebuilder:subresource:status -// +kubebuilder:deprecatedversion:warning="v1beta2 OCIRepository is deprecated, upgrade to v1" -// +kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.spec.url` -// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" -// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" +// +kubebuilder:skipversion // OCIRepository is the Schema for the ocirepositories API type OCIRepository struct { diff --git a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml index f578c8da0..9c0b13233 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_buckets.yaml @@ -380,387 +380,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - BucketSpec specifies the required configuration to produce an Artifact for - an object storage bucket. - properties: - accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 - properties: - namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. - items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - bucket. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `generic` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: |- - Interval at which the Bucket Endpoint is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - prefix: - description: Prefix to use for server-side filtering of files in the - Bucket. - type: string - provider: - default: generic - description: |- - Provider of the object storage bucket. - Defaults to 'generic', which expects an S3 (API) compatible object - storage. - enum: - - generic - - aws - - gcp - - azure - type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the Bucket server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - sts: - description: |- - STS specifies the required configuration to use a Security Token - Service for fetching temporary credentials to authenticate in a - Bucket provider. - - This field is only supported for the `aws` and `generic` providers. - properties: - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - STS endpoint. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: |- - Endpoint is the HTTP/S endpoint of the Security Token Service from - where temporary credentials will be fetched. - pattern: ^(http|https)://.*$ - type: string - provider: - description: Provider of the Security Token Service. - enum: - - aws - - ldap - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the STS endpoint. This Secret must contain the fields `username` - and `password` and is supported only for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - endpoint - - provider - type: object - suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - x-kubernetes-validations: - - message: STS configuration is only supported for the 'aws' and 'generic' - Bucket providers - rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) - - message: '''aws'' is the only supported STS provider for the ''aws'' - Bucket provider' - rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider - == 'aws' - - message: '''ldap'' is the only supported STS provider for the ''generic'' - Bucket provider' - rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider - == 'ldap' - - message: spec.sts.secretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' - - message: spec.sts.certSecretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. - type: string - url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml index 10663e473..7e2554252 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml @@ -480,470 +480,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - GitRepositorySpec specifies the required configuration to produce an - Artifact for a Git repository. - properties: - accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 - properties: - namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. - items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: |- - GitImplementation specifies which Git client library implementation to - use. Defaults to 'go-git', valid values are ('go-git', 'libgit2'). - Deprecated: gitImplementation is deprecated now that 'go-git' is the - only supported implementation. - enum: - - go-git - - libgit2 - type: string - ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. - type: string - include: - description: |- - Include specifies a list of GitRepository resources which Artifacts - should be included in the Artifact produced for this GitRepository. - items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. - properties: - fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. - type: string - repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: |- - RecurseSubmodules enables the initialization of all submodules within - the GitRepository as cloned from the URL, using their default settings. - type: boolean - ref: - description: |- - Reference specifies the Git reference to resolve and monitor for - changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: |- - Commit SHA to check out, takes precedence over all reference fields. - - This can be combined with Branch to shallow clone the branch, in which - the commit is expected to exist. - type: string - name: - description: |- - Name of the reference to check out; takes precedence over Branch, Tag and SemVer. - - It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials for - the GitRepository. - For HTTPS repositories the Secret must contain 'username' and 'password' - fields for basic auth or 'bearerToken' field for token auth. - For SSH repositories the Secret must contain 'identity' - and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: |- - Verification specifies the configuration to verify the Git commit - signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing the public keys of trusted Git - authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: |- - ContentConfigChecksum is a checksum of all the configurations related to - the content of the source artifact: - - .spec.ignore - - .spec.recurseSubmodules - - .spec.included and the checksum of the included artifacts - observed in .status.observedGeneration version of the object. This can - be used to determine if the content of the included repository has - changed. - It has the format of `:`, for example: `sha256:`. - - Deprecated: Replaced with explicit fields for observed artifact content - config in the status. - type: string - includedArtifacts: - description: |- - IncludedArtifacts contains a list of the last successfully included - Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the GitRepository - object. - format: int64 - type: integer - observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. - type: string - observedInclude: - description: |- - ObservedInclude is the observed list of GitRepository resources used to - to produce the current Artifact. - items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. - properties: - fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. - type: string - repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: |- - ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - GitRepositoryStatus.Artifact data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml index 50237f713..1ae58d5da 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml @@ -352,373 +352,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 - properties: - namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. - items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: |- - Chart is the name or path the Helm chart is available at in the - SourceRef. - type: string - ignoreMissingValuesFiles: - description: |- - IgnoreMissingValuesFiles controls whether to silently ignore missing values - files rather than failing. - type: boolean - interval: - description: |- - Interval at which the HelmChart SourceRef is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: |- - ReconcileStrategy determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their behavior. - Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: |- - Kind of the referent, valid values are ('HelmRepository', 'GitRepository', - 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - source. - type: boolean - valuesFile: - description: |- - ValuesFile is an alternative values file to use as the default chart - values, expected to be a relative path in the SourceRef. Deprecated in - favor of ValuesFiles, for backwards compatibility the file specified here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: |- - ValuesFiles is an alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be a - relative path in the SourceRef. - Values files are merged in the order of this list with the last file - overriding the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - This field is only supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified. - properties: - matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. - items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. - properties: - issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. - type: string - subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: |- - Version is the chart version semver expression, ignored for charts from - GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedChartName: - description: |- - ObservedChartName is the last observed chart name as specified by the - resolved chart reference. - type: string - observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmChart - object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: |- - ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - observedValuesFiles: - description: |- - ObservedValuesFiles are the observed value files of the last successful - reconciliation. - It matches the chart in the last successfully reconciled artifact. - items: - type: string - type: array - url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml index 750a36500..c93090a5c 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml @@ -319,308 +319,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - HelmRepositorySpec specifies the required configuration to produce an - Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 - properties: - namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. - items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - insecure: - description: |- - Insecure allows connecting to a non-TLS HTTP container registry. - This field is only taken into account if the .spec.type field is set to 'oci'. - type: boolean - interval: - description: |- - Interval at which the HelmRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: |- - PassCredentials allows the credentials from the SecretRef to be passed - on to a host that does not match the host as defined in URL. - This may be required if the host of the advertised chart URLs in the - index differ from the defined URL. - Enabling this should be done with caution, as it can potentially result - in credentials getting stolen in a MITM-attack. - type: boolean - provider: - default: generic - description: |- - Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - This field is optional, and only taken into account if the .spec.type field is set to 'oci'. - When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the HelmRepository. - For HTTP/S basic auth the secret must contain 'username' and 'password' - fields. - Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' - keys is deprecated. Please use `.spec.certSecretRef` instead. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - HelmRepository. - type: boolean - timeout: - description: |- - Timeout is used for the index fetch operation for an HTTPS helm repository, - and for remote OCI Repository operations like pulling for an OCI helm - chart by the associated HelmChart. - Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: |- - Type of the HelmRepository. - When this field is set to "oci", the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: |- - URL of the Helm repository, a valid URL contains at least a protocol and - host. - pattern: ^(http|https|oci)://.*$ - type: string - required: - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmRepository - object. - format: int64 - type: integer - url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - HelmRepositoryStatus.Artifact data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml index 05b7b96ab..f3a57d1b4 100644 --- a/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml +++ b/config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml @@ -409,415 +409,3 @@ spec: storage: true subresources: status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - Note: Support for the `caFile`, `certFile` and `keyFile` keys have - been deprecated. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: |- - Interval at which the OCIRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: |- - LayerSelector specifies which layer should be extracted from the OCI artifact. - When not specified, the first layer found in the artifact is selected. - properties: - mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. - type: string - operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: |- - The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the container registry. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ref: - description: |- - The OCI reference to pull and monitor for changes, - defaults to the latest tag. - properties: - digest: - description: |- - Digest is the image digest to pull, takes precedence over SemVer. - The value should be in the format 'sha256:'. - type: string - semver: - description: |- - SemVer is the range of tags to pull selecting the latest within - the range, takes precedence over Tag. - type: string - semverFilter: - description: SemverFilter is a regex pattern to filter the tags - within the SemVer range. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: |- - SecretRef contains the secret name containing the registry login - credentials to resolve image metadata. - The secret must be of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: |- - ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate - the image pull if the service account has attached pull secrets. For more information: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: |- - URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - properties: - matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. - items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. - properties: - issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. - type: string - subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: |- - ContentConfigChecksum is a checksum of all the configurations related to - the content of the source artifact: - - .spec.ignore - - .spec.layerSelector - observed in .status.observedGeneration version of the object. This can - be used to determine if the content configuration has changed and the - artifact needs to be rebuilt. - It has the format of `:`, for example: `sha256:`. - - Deprecated: Replaced with explicit fields for observed artifact content - config in the status. - type: string - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. - type: string - observedLayerSelector: - description: |- - ObservedLayerSelector is the observed layer selector used for constructing - the source artifact. - properties: - mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. - type: string - operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} diff --git a/docs/api/v1beta2/source.md b/docs/api/v1beta2/source.md deleted file mode 100644 index 8234f7014..000000000 --- a/docs/api/v1beta2/source.md +++ /dev/null @@ -1,3604 +0,0 @@ -

Source API reference v1beta2

-

Packages:

- -

source.toolkit.fluxcd.io/v1beta2

-

Package v1beta2 contains API Schema definitions for the source v1beta2 API group

-Resource Types: - -

Bucket -

-

Bucket is the Schema for the buckets API.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 -source.toolkit.fluxcd.io/v1beta2 -
-kind
-string -		 -Bucket -
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -BucketSpec - - -		 -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-provider
- -string - -		 -(Optional) -

Provider of the object storage bucket. -Defaults to ‘generic’, which expects an S3 (API) compatible object -storage.

-
-bucketName
- -string - -		 -

BucketName is the name of the object storage bucket.

-
-endpoint
- -string - -		 -

Endpoint is the object storage address the BucketName is located at.

-
-sts
- - -BucketSTSSpec - - -		 -(Optional) -

STS specifies the required configuration to use a Security Token -Service for fetching temporary credentials to authenticate in a -Bucket provider.

-

This field is only supported for the aws and generic providers.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP Endpoint.

-
-region
- -string - -		 -(Optional) -

Region of the Endpoint where the BucketName is located in.

-
-prefix
- -string - -		 -(Optional) -

Prefix to use for server-side filtering of files in the Bucket.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials -for the Bucket.

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -bucket. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

This field is only supported for the generic provider.

-
-proxySecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

ProxySecretRef specifies the Secret containing the proxy configuration -to use while communicating with the Bucket server.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the Bucket Endpoint is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout for fetch operations, defaults to 60s.

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -Bucket.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-
-status
- - -BucketStatus - - -		 -
-
-
-

GitRepository -

-

GitRepository is the Schema for the gitrepositories API.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 -source.toolkit.fluxcd.io/v1beta2 -
-kind
-string -		 -GitRepository -
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -GitRepositorySpec - - -		 -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-url
- -string - -		 -

URL specifies the Git repository URL, it can be an HTTP/S or SSH address.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials for -the GitRepository. -For HTTPS repositories the Secret must contain ‘username’ and ‘password’ -fields for basic auth or ‘bearerToken’ field for token auth. -For SSH repositories the Secret must contain ‘identity’ -and ‘known_hosts’ fields.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which to check the GitRepository for updates.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout for Git operations like cloning, defaults to 60s.

-
-ref
- - -GitRepositoryRef - - -		 -(Optional) -

Reference specifies the Git reference to resolve and monitor for -changes, defaults to the ‘master’ branch.

-
-verify
- - -GitRepositoryVerification - - -		 -(Optional) -

Verification specifies the configuration to verify the Git commit -signature(s).

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -GitRepository.

-
-gitImplementation
- -string - -		 -(Optional) -

GitImplementation specifies which Git client library implementation to -use. Defaults to ‘go-git’, valid values are (‘go-git’, ‘libgit2’). -Deprecated: gitImplementation is deprecated now that ‘go-git’ is the -only supported implementation.

-
-recurseSubmodules
- -bool - -		 -(Optional) -

RecurseSubmodules enables the initialization of all submodules within -the GitRepository as cloned from the URL, using their default settings.

-
-include
- - -[]GitRepositoryInclude - - -		 -

Include specifies a list of GitRepository resources which Artifacts -should be included in the Artifact produced for this GitRepository.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-
-status
- - -GitRepositoryStatus - - -		 -
-
-
-

HelmChart -

-

HelmChart is the Schema for the helmcharts API.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 -source.toolkit.fluxcd.io/v1beta2 -
-kind
-string -		 -HelmChart -
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -HelmChartSpec - - -		 -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-chart
- -string - -		 -

Chart is the name or path the Helm chart is available at in the -SourceRef.

-
-version
- -string - -		 -(Optional) -

Version is the chart version semver expression, ignored for charts from -GitRepository and Bucket sources. Defaults to latest when omitted.

-
-sourceRef
- - -LocalHelmChartSourceReference - - -		 -

SourceRef is the reference to the Source the chart is available at.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the HelmChart SourceRef is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-reconcileStrategy
- -string - -		 -(Optional) -

ReconcileStrategy determines what enables the creation of a new artifact. -Valid values are (‘ChartVersion’, ‘Revision’). -See the documentation of the values for an explanation on their behavior. -Defaults to ChartVersion when omitted.

-
-valuesFiles
- -[]string - -		 -(Optional) -

ValuesFiles is an alternative list of values files to use as the chart -values (values.yaml is not included by default), expected to be a -relative path in the SourceRef. -Values files are merged in the order of this list with the last file -overriding the first. Ignored when omitted.

-
-valuesFile
- -string - -		 -(Optional) -

ValuesFile is an alternative values file to use as the default chart -values, expected to be a relative path in the SourceRef. Deprecated in -favor of ValuesFiles, for backwards compatibility the file specified here -is merged before the ValuesFiles items. Ignored when omitted.

-
-ignoreMissingValuesFiles
- -bool - -		 -(Optional) -

IgnoreMissingValuesFiles controls whether to silently ignore missing values -files rather than failing.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -source.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-verify
- - -github.com/fluxcd/source-controller/api/v1.OCIRepositoryVerification - - -		 -(Optional) -

Verify contains the secret name containing the trusted public keys -used to verify the signature and specifies which provider to use to check -whether OCI image is authentic. -This field is only supported when using HelmRepository source with spec.type ‘oci’. -Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.

-
-
-status
- - -HelmChartStatus - - -		 -
-
-
-

HelmRepository -

-

HelmRepository is the Schema for the helmrepositories API.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 -source.toolkit.fluxcd.io/v1beta2 -
-kind
-string -		 -HelmRepository -
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -HelmRepositorySpec - - -		 -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-url
- -string - -		 -

URL of the Helm repository, a valid URL contains at least a protocol and -host.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials -for the HelmRepository. -For HTTP/S basic auth the secret must contain ‘username’ and ‘password’ -fields. -Support for TLS auth using the ‘certFile’ and ‘keyFile’, and/or ‘caFile’ -keys is deprecated. Please use .spec.certSecretRef instead.

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -registry. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

It takes precedence over the values specified in the Secret referred -to by .spec.secretRef.

-
-passCredentials
- -bool - -		 -(Optional) -

PassCredentials allows the credentials from the SecretRef to be passed -on to a host that does not match the host as defined in URL. -This may be required if the host of the advertised chart URLs in the -index differ from the defined URL. -Enabling this should be done with caution, as it can potentially result -in credentials getting stolen in a MITM-attack.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Interval at which the HelmRepository URL is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP container registry. -This field is only taken into account if the .spec.type field is set to ‘oci’.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout is used for the index fetch operation for an HTTPS helm repository, -and for remote OCI Repository operations like pulling for an OCI helm -chart by the associated HelmChart. -Its default value is 60s.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -HelmRepository.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-type
- -string - -		 -(Optional) -

Type of the HelmRepository. -When this field is set to “oci”, the URL field value must be prefixed with “oci://”.

-
-provider
- -string - -		 -(Optional) -

Provider used for authentication, can be ‘aws’, ‘azure’, ‘gcp’ or ‘generic’. -This field is optional, and only taken into account if the .spec.type field is set to ‘oci’. -When not specified, defaults to ‘generic’.

-
-
-status
- - -HelmRepositoryStatus - - -		 -
-
-
-

OCIRepository -

-

OCIRepository is the Schema for the ocirepositories API

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 -source.toolkit.fluxcd.io/v1beta2 -
-kind
-string -		 -OCIRepository -
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -OCIRepositorySpec - - -		 -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-url
- -string - -		 -

URL is a reference to an OCI artifact repository hosted -on a remote container registry.

-
-ref
- - -OCIRepositoryRef - - -		 -(Optional) -

The OCI reference to pull and monitor for changes, -defaults to the latest tag.

-
-layerSelector
- - -OCILayerSelector - - -		 -(Optional) -

LayerSelector specifies which layer should be extracted from the OCI artifact. -When not specified, the first layer found in the artifact is selected.

-
-provider
- -string - -		 -(Optional) -

The provider used for authentication, can be ‘aws’, ‘azure’, ‘gcp’ or ‘generic’. -When not specified, defaults to ‘generic’.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef contains the secret name containing the registry login -credentials to resolve image metadata. -The secret must be of type kubernetes.io/dockerconfigjson.

-
-verify
- - -github.com/fluxcd/source-controller/api/v1.OCIRepositoryVerification - - -		 -(Optional) -

Verify contains the secret name containing the trusted public keys -used to verify the signature and specifies which provider to use to check -whether OCI image is authentic.

-
-serviceAccountName
- -string - -		 -(Optional) -

ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate -the image pull if the service account has attached pull secrets. For more information: -https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -registry. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

Note: Support for the caFile, certFile and keyFile keys have -been deprecated.

-
-proxySecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

ProxySecretRef specifies the Secret containing the proxy configuration -to use while communicating with the container registry.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the OCIRepository URL is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

The timeout for remote OCI Repository operations like pulling, defaults to 60s.

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP container registry.

-
-suspend
- -bool - -		 -(Optional) -

This flag tells the controller to suspend the reconciliation of this source.

-
-
-status
- - -OCIRepositoryStatus - - -		 -
-
-
-

Artifact -

-

Artifact represents the output of a Source reconciliation.

-

Deprecated: use Artifact from api/v1 instead. This type will be removed in -a future release.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-path
- -string - -		 -

Path is the relative file path of the Artifact. It can be used to locate -the file in the root of the Artifact storage on the local file system of -the controller managing the Source.

-
-url
- -string - -		 -

URL is the HTTP address of the Artifact as exposed by the controller -managing the Source. It can be used to retrieve the Artifact for -consumption, e.g. by another controller applying the Artifact contents.

-
-revision
- -string - -		 -(Optional) -

Revision is a human-readable identifier traceable in the origin source -system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.

-
-checksum
- -string - -		 -(Optional) -

Checksum is the SHA256 checksum of the Artifact file. -Deprecated: use Artifact.Digest instead.

-
-digest
- -string - -		 -(Optional) -

Digest is the digest of the file in the form of ‘:’.

-
-lastUpdateTime
- - -Kubernetes meta/v1.Time - - -		 -

LastUpdateTime is the timestamp corresponding to the last update of the -Artifact.

-
-size
- -int64 - -		 -(Optional) -

Size is the number of bytes in the file.

-
-metadata
- -map[string]string - -		 -(Optional) -

Metadata holds upstream information such as OCI annotations.

-
-
-
-

BucketSTSSpec -

-

-(Appears on: -BucketSpec) -

-

BucketSTSSpec specifies the required configuration to use a Security Token -Service for fetching temporary credentials to authenticate in a Bucket -provider.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-provider
- -string - -		 -

Provider of the Security Token Service.

-
-endpoint
- -string - -		 -

Endpoint is the HTTP/S endpoint of the Security Token Service from -where temporary credentials will be fetched.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials -for the STS endpoint. This Secret must contain the fields username -and password and is supported only for the ldap provider.

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -STS endpoint. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

This field is only supported for the ldap provider.

-
-
-
-

BucketSpec -

-

-(Appears on: -Bucket) -

-

BucketSpec specifies the required configuration to produce an Artifact for -an object storage bucket.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-provider
- -string - -		 -(Optional) -

Provider of the object storage bucket. -Defaults to ‘generic’, which expects an S3 (API) compatible object -storage.

-
-bucketName
- -string - -		 -

BucketName is the name of the object storage bucket.

-
-endpoint
- -string - -		 -

Endpoint is the object storage address the BucketName is located at.

-
-sts
- - -BucketSTSSpec - - -		 -(Optional) -

STS specifies the required configuration to use a Security Token -Service for fetching temporary credentials to authenticate in a -Bucket provider.

-

This field is only supported for the aws and generic providers.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP Endpoint.

-
-region
- -string - -		 -(Optional) -

Region of the Endpoint where the BucketName is located in.

-
-prefix
- -string - -		 -(Optional) -

Prefix to use for server-side filtering of files in the Bucket.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials -for the Bucket.

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -bucket. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

This field is only supported for the generic provider.

-
-proxySecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

ProxySecretRef specifies the Secret containing the proxy configuration -to use while communicating with the Bucket server.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the Bucket Endpoint is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout for fetch operations, defaults to 60s.

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -Bucket.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-
-
-

BucketStatus -

-

-(Appears on: -Bucket) -

-

BucketStatus records the observed state of a Bucket.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-observedGeneration
- -int64 - -		 -(Optional) -

ObservedGeneration is the last observed generation of the Bucket object.

-
-conditions
- - -[]Kubernetes meta/v1.Condition - - -		 -(Optional) -

Conditions holds the conditions for the Bucket.

-
-url
- -string - -		 -(Optional) -

URL is the dynamic fetch link for the latest Artifact. -It is provided on a “best effort” basis, and using the precise -BucketStatus.Artifact data is recommended.

-
-artifact
- - -github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

Artifact represents the last successful Bucket reconciliation.

-
-observedIgnore
- -string - -		 -(Optional) -

ObservedIgnore is the observed exclusion patterns used for constructing -the source artifact.

-
-ReconcileRequestStatus
- - -github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus - - -		 -

-(Members of ReconcileRequestStatus are embedded into this type.) -

-
-
-
-

GitRepositoryInclude -

-

-(Appears on: -GitRepositorySpec, -GitRepositoryStatus) -

-

GitRepositoryInclude specifies a local reference to a GitRepository which -Artifact (sub-)contents must be included, and where they should be placed.

-
-
- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-repository
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -

GitRepositoryRef specifies the GitRepository which Artifact contents -must be included.

-
-fromPath
- -string - -		 -(Optional) -

FromPath specifies the path to copy contents from, defaults to the root -of the Artifact.

-
-toPath
- -string - -		 -(Optional) -

ToPath specifies the path to copy contents to, defaults to the name of -the GitRepositoryRef.

-
-
-
-

GitRepositoryRef -

-

-(Appears on: -GitRepositorySpec) -

-

GitRepositoryRef specifies the Git reference to resolve and checkout.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-branch
- -string - -		 -(Optional) -

Branch to check out, defaults to ‘master’ if no other field is defined.

-
-tag
- -string - -		 -(Optional) -

Tag to check out, takes precedence over Branch.

-
-semver
- -string - -		 -(Optional) -

SemVer tag expression to check out, takes precedence over Tag.

-
-name
- -string - -		 -(Optional) -

Name of the reference to check out; takes precedence over Branch, Tag and SemVer.

-

It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description -Examples: “refs/heads/main”, “refs/tags/v0.1.0”, “refs/pull/420/head”, “refs/merge-requests/1/head”

-
-commit
- -string - -		 -(Optional) -

Commit SHA to check out, takes precedence over all reference fields.

-

This can be combined with Branch to shallow clone the branch, in which -the commit is expected to exist.

-
-
-
-

GitRepositorySpec -

-

-(Appears on: -GitRepository) -

-

GitRepositorySpec specifies the required configuration to produce an -Artifact for a Git repository.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-url
- -string - -		 -

URL specifies the Git repository URL, it can be an HTTP/S or SSH address.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials for -the GitRepository. -For HTTPS repositories the Secret must contain ‘username’ and ‘password’ -fields for basic auth or ‘bearerToken’ field for token auth. -For SSH repositories the Secret must contain ‘identity’ -and ‘known_hosts’ fields.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which to check the GitRepository for updates.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout for Git operations like cloning, defaults to 60s.

-
-ref
- - -GitRepositoryRef - - -		 -(Optional) -

Reference specifies the Git reference to resolve and monitor for -changes, defaults to the ‘master’ branch.

-
-verify
- - -GitRepositoryVerification - - -		 -(Optional) -

Verification specifies the configuration to verify the Git commit -signature(s).

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -GitRepository.

-
-gitImplementation
- -string - -		 -(Optional) -

GitImplementation specifies which Git client library implementation to -use. Defaults to ‘go-git’, valid values are (‘go-git’, ‘libgit2’). -Deprecated: gitImplementation is deprecated now that ‘go-git’ is the -only supported implementation.

-
-recurseSubmodules
- -bool - -		 -(Optional) -

RecurseSubmodules enables the initialization of all submodules within -the GitRepository as cloned from the URL, using their default settings.

-
-include
- - -[]GitRepositoryInclude - - -		 -

Include specifies a list of GitRepository resources which Artifacts -should be included in the Artifact produced for this GitRepository.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-
-
-

GitRepositoryStatus -

-

-(Appears on: -GitRepository) -

-

GitRepositoryStatus records the observed state of a Git repository.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-observedGeneration
- -int64 - -		 -(Optional) -

ObservedGeneration is the last observed generation of the GitRepository -object.

-
-conditions
- - -[]Kubernetes meta/v1.Condition - - -		 -(Optional) -

Conditions holds the conditions for the GitRepository.

-
-url
- -string - -		 -(Optional) -

URL is the dynamic fetch link for the latest Artifact. -It is provided on a “best effort” basis, and using the precise -GitRepositoryStatus.Artifact data is recommended.

-
-artifact
- - -github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

Artifact represents the last successful GitRepository reconciliation.

-
-includedArtifacts
- - -[]github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

IncludedArtifacts contains a list of the last successfully included -Artifacts as instructed by GitRepositorySpec.Include.

-
-contentConfigChecksum
- -string - -		 -(Optional) -

ContentConfigChecksum is a checksum of all the configurations related to -the content of the source artifact: -- .spec.ignore -- .spec.recurseSubmodules -- .spec.included and the checksum of the included artifacts -observed in .status.observedGeneration version of the object. This can -be used to determine if the content of the included repository has -changed. -It has the format of <algo>:<checksum>, for example: sha256:<checksum>.

-

Deprecated: Replaced with explicit fields for observed artifact content -config in the status.

-
-observedIgnore
- -string - -		 -(Optional) -

ObservedIgnore is the observed exclusion patterns used for constructing -the source artifact.

-
-observedRecurseSubmodules
- -bool - -		 -(Optional) -

ObservedRecurseSubmodules is the observed resource submodules -configuration used to produce the current Artifact.

-
-observedInclude
- - -[]GitRepositoryInclude - - -		 -(Optional) -

ObservedInclude is the observed list of GitRepository resources used to -to produce the current Artifact.

-
-ReconcileRequestStatus
- - -github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus - - -		 -

-(Members of ReconcileRequestStatus are embedded into this type.) -

-
-
-
-

GitRepositoryVerification -

-

-(Appears on: -GitRepositorySpec) -

-

GitRepositoryVerification specifies the Git commit signature verification -strategy.

-
-
- - - - - - - - - - - - - - - - - -
FieldDescription
-mode
- -string - -		 -

Mode specifies what Git object should be verified, currently (‘head’).

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -

SecretRef specifies the Secret containing the public keys of trusted Git -authors.

-
-
-
-

HelmChartSpec -

-

-(Appears on: -HelmChart) -

-

HelmChartSpec specifies the desired state of a Helm chart.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-chart
- -string - -		 -

Chart is the name or path the Helm chart is available at in the -SourceRef.

-
-version
- -string - -		 -(Optional) -

Version is the chart version semver expression, ignored for charts from -GitRepository and Bucket sources. Defaults to latest when omitted.

-
-sourceRef
- - -LocalHelmChartSourceReference - - -		 -

SourceRef is the reference to the Source the chart is available at.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the HelmChart SourceRef is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-reconcileStrategy
- -string - -		 -(Optional) -

ReconcileStrategy determines what enables the creation of a new artifact. -Valid values are (‘ChartVersion’, ‘Revision’). -See the documentation of the values for an explanation on their behavior. -Defaults to ChartVersion when omitted.

-
-valuesFiles
- -[]string - -		 -(Optional) -

ValuesFiles is an alternative list of values files to use as the chart -values (values.yaml is not included by default), expected to be a -relative path in the SourceRef. -Values files are merged in the order of this list with the last file -overriding the first. Ignored when omitted.

-
-valuesFile
- -string - -		 -(Optional) -

ValuesFile is an alternative values file to use as the default chart -values, expected to be a relative path in the SourceRef. Deprecated in -favor of ValuesFiles, for backwards compatibility the file specified here -is merged before the ValuesFiles items. Ignored when omitted.

-
-ignoreMissingValuesFiles
- -bool - -		 -(Optional) -

IgnoreMissingValuesFiles controls whether to silently ignore missing values -files rather than failing.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -source.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-verify
- - -github.com/fluxcd/source-controller/api/v1.OCIRepositoryVerification - - -		 -(Optional) -

Verify contains the secret name containing the trusted public keys -used to verify the signature and specifies which provider to use to check -whether OCI image is authentic. -This field is only supported when using HelmRepository source with spec.type ‘oci’. -Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.

-
-
-
-

HelmChartStatus -

-

-(Appears on: -HelmChart) -

-

HelmChartStatus records the observed state of the HelmChart.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-observedGeneration
- -int64 - -		 -(Optional) -

ObservedGeneration is the last observed generation of the HelmChart -object.

-
-observedSourceArtifactRevision
- -string - -		 -(Optional) -

ObservedSourceArtifactRevision is the last observed Artifact.Revision -of the HelmChartSpec.SourceRef.

-
-observedChartName
- -string - -		 -(Optional) -

ObservedChartName is the last observed chart name as specified by the -resolved chart reference.

-
-observedValuesFiles
- -[]string - -		 -(Optional) -

ObservedValuesFiles are the observed value files of the last successful -reconciliation. -It matches the chart in the last successfully reconciled artifact.

-
-conditions
- - -[]Kubernetes meta/v1.Condition - - -		 -(Optional) -

Conditions holds the conditions for the HelmChart.

-
-url
- -string - -		 -(Optional) -

URL is the dynamic fetch link for the latest Artifact. -It is provided on a “best effort” basis, and using the precise -BucketStatus.Artifact data is recommended.

-
-artifact
- - -github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

Artifact represents the output of the last successful reconciliation.

-
-ReconcileRequestStatus
- - -github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus - - -		 -

-(Members of ReconcileRequestStatus are embedded into this type.) -

-
-
-
-

HelmRepositorySpec -

-

-(Appears on: -HelmRepository) -

-

HelmRepositorySpec specifies the required configuration to produce an -Artifact for a Helm repository index YAML.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-url
- -string - -		 -

URL of the Helm repository, a valid URL contains at least a protocol and -host.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef specifies the Secret containing authentication credentials -for the HelmRepository. -For HTTP/S basic auth the secret must contain ‘username’ and ‘password’ -fields. -Support for TLS auth using the ‘certFile’ and ‘keyFile’, and/or ‘caFile’ -keys is deprecated. Please use .spec.certSecretRef instead.

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -registry. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

It takes precedence over the values specified in the Secret referred -to by .spec.secretRef.

-
-passCredentials
- -bool - -		 -(Optional) -

PassCredentials allows the credentials from the SecretRef to be passed -on to a host that does not match the host as defined in URL. -This may be required if the host of the advertised chart URLs in the -index differ from the defined URL. -Enabling this should be done with caution, as it can potentially result -in credentials getting stolen in a MITM-attack.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Interval at which the HelmRepository URL is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP container registry. -This field is only taken into account if the .spec.type field is set to ‘oci’.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

Timeout is used for the index fetch operation for an HTTPS helm repository, -and for remote OCI Repository operations like pulling for an OCI helm -chart by the associated HelmChart. -Its default value is 60s.

-
-suspend
- -bool - -		 -(Optional) -

Suspend tells the controller to suspend the reconciliation of this -HelmRepository.

-
-accessFrom
- - -github.com/fluxcd/pkg/apis/acl.AccessFrom - - -		 -(Optional) -

AccessFrom specifies an Access Control List for allowing cross-namespace -references to this object. -NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092

-
-type
- -string - -		 -(Optional) -

Type of the HelmRepository. -When this field is set to “oci”, the URL field value must be prefixed with “oci://”.

-
-provider
- -string - -		 -(Optional) -

Provider used for authentication, can be ‘aws’, ‘azure’, ‘gcp’ or ‘generic’. -This field is optional, and only taken into account if the .spec.type field is set to ‘oci’. -When not specified, defaults to ‘generic’.

-
-
-
-

HelmRepositoryStatus -

-

-(Appears on: -HelmRepository) -

-

HelmRepositoryStatus records the observed state of the HelmRepository.

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-observedGeneration
- -int64 - -		 -(Optional) -

ObservedGeneration is the last observed generation of the HelmRepository -object.

-
-conditions
- - -[]Kubernetes meta/v1.Condition - - -		 -(Optional) -

Conditions holds the conditions for the HelmRepository.

-
-url
- -string - -		 -(Optional) -

URL is the dynamic fetch link for the latest Artifact. -It is provided on a “best effort” basis, and using the precise -HelmRepositoryStatus.Artifact data is recommended.

-
-artifact
- - -github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

Artifact represents the last successful HelmRepository reconciliation.

-
-ReconcileRequestStatus
- - -github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus - - -		 -

-(Members of ReconcileRequestStatus are embedded into this type.) -

-
-
-
-

LocalHelmChartSourceReference -

-

-(Appears on: -HelmChartSpec) -

-

LocalHelmChartSourceReference contains enough information to let you locate -the typed referenced object at namespace level.

-
-
- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
- -string - -		 -(Optional) -

APIVersion of the referent.

-
-kind
- -string - -		 -

Kind of the referent, valid values are (‘HelmRepository’, ‘GitRepository’, -‘Bucket’).

-
-name
- -string - -		 -

Name of the referent.

-
-
-
-

OCILayerSelector -

-

-(Appears on: -OCIRepositorySpec, -OCIRepositoryStatus) -

-

OCILayerSelector specifies which layer should be extracted from an OCI Artifact

-
-
- - - - - - - - - - - - - - - - - -
FieldDescription
-mediaType
- -string - -		 -(Optional) -

MediaType specifies the OCI media type of the layer -which should be extracted from the OCI Artifact. The -first layer matching this type is selected.

-
-operation
- -string - -		 -(Optional) -

Operation specifies how the selected layer should be processed. -By default, the layer compressed content is extracted to storage. -When the operation is set to ‘copy’, the layer compressed content -is persisted to storage as it is.

-
-
-
-

OCIRepositoryRef -

-

-(Appears on: -OCIRepositorySpec) -

-

OCIRepositoryRef defines the image reference for the OCIRepository’s URL

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-digest
- -string - -		 -(Optional) -

Digest is the image digest to pull, takes precedence over SemVer. -The value should be in the format ‘sha256:’.

-
-semver
- -string - -		 -(Optional) -

SemVer is the range of tags to pull selecting the latest within -the range, takes precedence over Tag.

-
-semverFilter
- -string - -		 -(Optional) -

SemverFilter is a regex pattern to filter the tags within the SemVer range.

-
-tag
- -string - -		 -(Optional) -

Tag is the image tag to pull, defaults to latest.

-
-
-
-

OCIRepositorySpec -

-

-(Appears on: -OCIRepository) -

-

OCIRepositorySpec defines the desired state of OCIRepository

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-url
- -string - -		 -

URL is a reference to an OCI artifact repository hosted -on a remote container registry.

-
-ref
- - -OCIRepositoryRef - - -		 -(Optional) -

The OCI reference to pull and monitor for changes, -defaults to the latest tag.

-
-layerSelector
- - -OCILayerSelector - - -		 -(Optional) -

LayerSelector specifies which layer should be extracted from the OCI artifact. -When not specified, the first layer found in the artifact is selected.

-
-provider
- -string - -		 -(Optional) -

The provider used for authentication, can be ‘aws’, ‘azure’, ‘gcp’ or ‘generic’. -When not specified, defaults to ‘generic’.

-
-secretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

SecretRef contains the secret name containing the registry login -credentials to resolve image metadata. -The secret must be of type kubernetes.io/dockerconfigjson.

-
-verify
- - -github.com/fluxcd/source-controller/api/v1.OCIRepositoryVerification - - -		 -(Optional) -

Verify contains the secret name containing the trusted public keys -used to verify the signature and specifies which provider to use to check -whether OCI image is authentic.

-
-serviceAccountName
- -string - -		 -(Optional) -

ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate -the image pull if the service account has attached pull secrets. For more information: -https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

-
-certSecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

CertSecretRef can be given the name of a Secret containing -either or both of

-
    -
  • a PEM-encoded client certificate (tls.crt) and private -key (tls.key);
    • -
  • a PEM-encoded CA certificate (ca.crt)
    • -
-

and whichever are supplied, will be used for connecting to the -registry. The client cert and key are useful if you are -authenticating with a certificate; the CA cert is useful if -you are using a self-signed server certificate. The Secret must -be of type Opaque or kubernetes.io/tls.

-

Note: Support for the caFile, certFile and keyFile keys have -been deprecated.

-
-proxySecretRef
- - -github.com/fluxcd/pkg/apis/meta.LocalObjectReference - - -		 -(Optional) -

ProxySecretRef specifies the Secret containing the proxy configuration -to use while communicating with the container registry.

-
-interval
- - -Kubernetes meta/v1.Duration - - -		 -

Interval at which the OCIRepository URL is checked for updates. -This interval is approximate and may be subject to jitter to ensure -efficient use of resources.

-
-timeout
- - -Kubernetes meta/v1.Duration - - -		 -(Optional) -

The timeout for remote OCI Repository operations like pulling, defaults to 60s.

-
-ignore
- -string - -		 -(Optional) -

Ignore overrides the set of excluded patterns in the .sourceignore format -(which is the same as .gitignore). If not provided, a default will be used, -consult the documentation for your version to find out what those are.

-
-insecure
- -bool - -		 -(Optional) -

Insecure allows connecting to a non-TLS HTTP container registry.

-
-suspend
- -bool - -		 -(Optional) -

This flag tells the controller to suspend the reconciliation of this source.

-
-
-
-

OCIRepositoryStatus -

-

-(Appears on: -OCIRepository) -

-

OCIRepositoryStatus defines the observed state of OCIRepository

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-observedGeneration
- -int64 - -		 -(Optional) -

ObservedGeneration is the last observed generation.

-
-conditions
- - -[]Kubernetes meta/v1.Condition - - -		 -(Optional) -

Conditions holds the conditions for the OCIRepository.

-
-url
- -string - -		 -(Optional) -

URL is the download link for the artifact output of the last OCI Repository sync.

-
-artifact
- - -github.com/fluxcd/source-controller/api/v1.Artifact - - -		 -(Optional) -

Artifact represents the output of the last successful OCI Repository sync.

-
-contentConfigChecksum
- -string - -		 -(Optional) -

ContentConfigChecksum is a checksum of all the configurations related to -the content of the source artifact: -- .spec.ignore -- .spec.layerSelector -observed in .status.observedGeneration version of the object. This can -be used to determine if the content configuration has changed and the -artifact needs to be rebuilt. -It has the format of <algo>:<checksum>, for example: sha256:<checksum>.

-

Deprecated: Replaced with explicit fields for observed artifact content -config in the status.

-
-observedIgnore
- -string - -		 -(Optional) -

ObservedIgnore is the observed exclusion patterns used for constructing -the source artifact.

-
-observedLayerSelector
- - -OCILayerSelector - - -		 -(Optional) -

ObservedLayerSelector is the observed layer selector used for constructing -the source artifact.

-
-ReconcileRequestStatus
- - -github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus - - -		 -

-(Members of ReconcileRequestStatus are embedded into this type.) -

-
-
-
-

Source -

-

Source interface must be supported by all API types. -Source is the interface that provides generic access to the Artifact and -interval. It must be supported by all kinds of the source.toolkit.fluxcd.io -API group.

-

Deprecated: use the Source interface from api/v1 instead. This type will be -removed in a future release.

-
-

This page was automatically generated with gen-crd-api-reference-docs

-
diff --git a/docs/spec/README.md b/docs/spec/README.md index ed8cd38f3..231b0d1e1 100644 --- a/docs/spec/README.md +++ b/docs/spec/README.md @@ -3,5 +3,3 @@ ## API Specification * [v1](v1/README.md) -* [v1beta2](v1beta2/README.md) -* [v1beta1](v1beta1/README.md)