2 # This manifest was generated by flux. DO NOT EDIT.
4 # Components: source-controller,kustomize-controller,helm-controller,notification-controller
9 app.kubernetes.io/instance: flux-system
10 app.kubernetes.io/part-of: flux
11 app.kubernetes.io/version: v2.4.0
12 pod-security.kubernetes.io/warn: restricted
13 pod-security.kubernetes.io/warn-version: latest
16 apiVersion: networking.k8s.io/v1
20 app.kubernetes.io/instance: flux-system
21 app.kubernetes.io/part-of: flux
22 app.kubernetes.io/version: v2.4.0
24 namespace: flux-system
36 apiVersion: networking.k8s.io/v1
40 app.kubernetes.io/instance: flux-system
41 app.kubernetes.io/part-of: flux
42 app.kubernetes.io/version: v2.4.0
44 namespace: flux-system
48 - namespaceSelector: {}
56 apiVersion: networking.k8s.io/v1
60 app.kubernetes.io/instance: flux-system
61 app.kubernetes.io/part-of: flux
62 app.kubernetes.io/version: v2.4.0
64 namespace: flux-system
68 - namespaceSelector: {}
71 app: notification-controller
79 app.kubernetes.io/instance: flux-system
80 app.kubernetes.io/part-of: flux
81 app.kubernetes.io/version: v2.4.0
82 name: critical-pods-flux-system
83 namespace: flux-system
90 scopeName: PriorityClass
92 - system-node-critical
93 - system-cluster-critical
95 apiVersion: rbac.authorization.k8s.io/v1
99 app.kubernetes.io/instance: flux-system
100 app.kubernetes.io/part-of: flux
101 app.kubernetes.io/version: v2.4.0
102 name: crd-controller-flux-system
105 - source.toolkit.fluxcd.io
111 - kustomize.toolkit.fluxcd.io
117 - helm.toolkit.fluxcd.io
123 - notification.toolkit.fluxcd.io
129 - image.toolkit.fluxcd.io
173 - coordination.k8s.io
189 apiVersion: rbac.authorization.k8s.io/v1
193 app.kubernetes.io/instance: flux-system
194 app.kubernetes.io/part-of: flux
195 app.kubernetes.io/version: v2.4.0
196 rbac.authorization.k8s.io/aggregate-to-admin: "true"
197 rbac.authorization.k8s.io/aggregate-to-edit: "true"
198 name: flux-edit-flux-system
201 - notification.toolkit.fluxcd.io
202 - source.toolkit.fluxcd.io
203 - helm.toolkit.fluxcd.io
204 - image.toolkit.fluxcd.io
205 - kustomize.toolkit.fluxcd.io
215 apiVersion: rbac.authorization.k8s.io/v1
219 app.kubernetes.io/instance: flux-system
220 app.kubernetes.io/part-of: flux
221 app.kubernetes.io/version: v2.4.0
222 rbac.authorization.k8s.io/aggregate-to-admin: "true"
223 rbac.authorization.k8s.io/aggregate-to-edit: "true"
224 rbac.authorization.k8s.io/aggregate-to-view: "true"
225 name: flux-view-flux-system
228 - notification.toolkit.fluxcd.io
229 - source.toolkit.fluxcd.io
230 - helm.toolkit.fluxcd.io
231 - image.toolkit.fluxcd.io
232 - kustomize.toolkit.fluxcd.io
240 apiVersion: rbac.authorization.k8s.io/v1
241 kind: ClusterRoleBinding
244 app.kubernetes.io/instance: flux-system
245 app.kubernetes.io/part-of: flux
246 app.kubernetes.io/version: v2.4.0
247 name: cluster-reconciler-flux-system
249 apiGroup: rbac.authorization.k8s.io
253 - kind: ServiceAccount
254 name: kustomize-controller
255 namespace: flux-system
256 - kind: ServiceAccount
257 name: helm-controller
258 namespace: flux-system
260 apiVersion: rbac.authorization.k8s.io/v1
261 kind: ClusterRoleBinding
264 app.kubernetes.io/instance: flux-system
265 app.kubernetes.io/part-of: flux
266 app.kubernetes.io/version: v2.4.0
267 name: crd-controller-flux-system
269 apiGroup: rbac.authorization.k8s.io
271 name: crd-controller-flux-system
273 - kind: ServiceAccount
274 name: kustomize-controller
275 namespace: flux-system
276 - kind: ServiceAccount
277 name: helm-controller
278 namespace: flux-system
279 - kind: ServiceAccount
280 name: source-controller
281 namespace: flux-system
282 - kind: ServiceAccount
283 name: notification-controller
284 namespace: flux-system
285 - kind: ServiceAccount
286 name: image-reflector-controller
287 namespace: flux-system
288 - kind: ServiceAccount
289 name: image-automation-controller
290 namespace: flux-system
292 apiVersion: apiextensions.k8s.io/v1
293 kind: CustomResourceDefinition
296 controller-gen.kubebuilder.io/version: v0.16.1
298 app.kubernetes.io/component: source-controller
299 app.kubernetes.io/instance: flux-system
300 app.kubernetes.io/part-of: flux
301 app.kubernetes.io/version: v2.4.0
302 name: buckets.source.toolkit.fluxcd.io
304 group: source.toolkit.fluxcd.io
312 - additionalPrinterColumns:
313 - jsonPath: .spec.endpoint
316 - jsonPath: .metadata.creationTimestamp
319 - jsonPath: .status.conditions[?(@.type=="Ready")].status
322 - jsonPath: .status.conditions[?(@.type=="Ready")].message
328 description: Bucket is the Schema for the buckets API.
332 APIVersion defines the versioned schema of this representation of an object.
333 Servers should convert recognized schemas to the latest internal value, and
334 may reject unrecognized values.
335 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
339 Kind is a string value representing the REST resource this object represents.
340 Servers may infer this from the endpoint the client submits requests to.
343 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
349 BucketSpec specifies the required configuration to produce an Artifact for
350 an object storage bucket.
353 description: BucketName is the name of the object storage bucket.
357 CertSecretRef can be given the name of a Secret containing
360 - a PEM-encoded client certificate (`tls.crt`) and private
362 - a PEM-encoded CA certificate (`ca.crt`)
364 and whichever are supplied, will be used for connecting to the
365 bucket. The client cert and key are useful if you are
366 authenticating with a certificate; the CA cert is useful if
367 you are using a self-signed server certificate. The Secret must
368 be of type `Opaque` or `kubernetes.io/tls`.
370 This field is only supported for the `generic` provider.
373 description: Name of the referent.
379 description: Endpoint is the object storage address the BucketName
384 Ignore overrides the set of excluded patterns in the .sourceignore format
385 (which is the same as .gitignore). If not provided, a default will be used,
386 consult the documentation for your version to find out what those are.
389 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
393 Interval at which the Bucket Endpoint is checked for updates.
394 This interval is approximate and may be subject to jitter to ensure
395 efficient use of resources.
396 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
399 description: Prefix to use for server-side filtering of files in the
405 Provider of the object storage bucket.
406 Defaults to 'generic', which expects an S3 (API) compatible object
416 ProxySecretRef specifies the Secret containing the proxy configuration
417 to use while communicating with the Bucket server.
420 description: Name of the referent.
426 description: Region of the Endpoint where the BucketName is located
431 SecretRef specifies the Secret containing authentication credentials
435 description: Name of the referent.
442 STS specifies the required configuration to use a Security Token
443 Service for fetching temporary credentials to authenticate in a
446 This field is only supported for the `aws` and `generic` providers.
450 CertSecretRef can be given the name of a Secret containing
453 - a PEM-encoded client certificate (`tls.crt`) and private
455 - a PEM-encoded CA certificate (`ca.crt`)
457 and whichever are supplied, will be used for connecting to the
458 STS endpoint. The client cert and key are useful if you are
459 authenticating with a certificate; the CA cert is useful if
460 you are using a self-signed server certificate. The Secret must
461 be of type `Opaque` or `kubernetes.io/tls`.
463 This field is only supported for the `ldap` provider.
466 description: Name of the referent.
473 Endpoint is the HTTP/S endpoint of the Security Token Service from
474 where temporary credentials will be fetched.
475 pattern: ^(http|https)://.*$
478 description: Provider of the Security Token Service.
485 SecretRef specifies the Secret containing authentication credentials
486 for the STS endpoint. This Secret must contain the fields `username`
487 and `password` and is supported only for the `ldap` provider.
490 description: Name of the referent.
501 Suspend tells the controller to suspend the reconciliation of this
506 description: Timeout for fetch operations, defaults to 60s.
507 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
514 x-kubernetes-validations:
515 - message: STS configuration is only supported for the 'aws' and 'generic'
517 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
518 - message: '''aws'' is the only supported STS provider for the ''aws''
520 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
522 - message: '''ldap'' is the only supported STS provider for the ''generic''
524 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
526 - message: spec.sts.secretRef is not required for the 'aws' STS provider
527 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
528 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
529 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
532 observedGeneration: -1
533 description: BucketStatus records the observed state of a Bucket.
536 description: Artifact represents the last successful Bucket reconciliation.
539 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
540 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
544 LastUpdateTime is the timestamp corresponding to the last update of the
549 additionalProperties:
551 description: Metadata holds upstream information such as OCI annotations.
555 Path is the relative file path of the Artifact. It can be used to locate
556 the file in the root of the Artifact storage on the local file system of
557 the controller managing the Source.
561 Revision is a human-readable identifier traceable in the origin source
562 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
565 description: Size is the number of bytes in the file.
570 URL is the HTTP address of the Artifact as exposed by the controller
571 managing the Source. It can be used to retrieve the Artifact for
572 consumption, e.g. by another controller applying the Artifact contents.
581 description: Conditions holds the conditions for the Bucket.
583 description: Condition contains details for one aspect of the current
584 state of this API Resource.
588 lastTransitionTime is the last time the condition transitioned from one status to another.
589 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
594 message is a human readable message indicating details about the transition.
595 This may be an empty string.
600 observedGeneration represents the .metadata.generation that the condition was set based upon.
601 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
602 with respect to the current state of the instance.
608 reason contains a programmatic identifier indicating the reason for the condition's last transition.
609 Producers of specific condition types may define expected values and meanings for this field,
610 and whether the values are considered a guaranteed API.
611 The value should be a CamelCase string.
612 This field may not be empty.
615 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
618 description: status of the condition, one of True, False, Unknown.
625 description: type of condition in CamelCase or in foo.example.com/CamelCase.
627 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
637 lastHandledReconcileAt:
639 LastHandledReconcileAt holds the value of the most recent
640 reconcile request value, so a change of the annotation value
644 description: ObservedGeneration is the last observed generation of
650 ObservedIgnore is the observed exclusion patterns used for constructing
655 URL is the dynamic fetch link for the latest Artifact.
656 It is provided on a "best effort" basis, and using the precise
657 BucketStatus.Artifact data is recommended.
665 - additionalPrinterColumns:
666 - jsonPath: .spec.endpoint
669 - jsonPath: .status.conditions[?(@.type=="Ready")].status
672 - jsonPath: .status.conditions[?(@.type=="Ready")].message
675 - jsonPath: .metadata.creationTimestamp
679 deprecationWarning: v1beta1 Bucket is deprecated, upgrade to v1
683 description: Bucket is the Schema for the buckets API
687 APIVersion defines the versioned schema of this representation of an object.
688 Servers should convert recognized schemas to the latest internal value, and
689 may reject unrecognized values.
690 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
694 Kind is a string value representing the REST resource this object represents.
695 Servers may infer this from the endpoint the client submits requests to.
698 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
703 description: BucketSpec defines the desired state of an S3 compatible
707 description: AccessFrom defines an Access Control List for allowing
708 cross-namespace references to this object.
712 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
713 Items in this list are evaluated using a logical OR operation.
716 NamespaceSelector selects the namespaces to which this ACL applies.
717 An empty map of MatchLabels matches all namespaces in a cluster.
720 additionalProperties:
723 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
724 map is equivalent to an element of matchExpressions, whose key field is "key", the
725 operator is "In", and the values array contains only "value". The requirements are ANDed.
733 description: The bucket name.
736 description: The bucket endpoint address.
740 Ignore overrides the set of excluded patterns in the .sourceignore format
741 (which is the same as .gitignore). If not provided, a default will be used,
742 consult the documentation for your version to find out what those are.
745 description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
748 description: The interval at which to check for bucket updates.
752 description: The S3 compatible storage provider name, default ('generic').
759 description: The bucket region.
763 The name of the secret containing authentication credentials
767 description: Name of the referent.
773 description: This flag tells the controller to suspend the reconciliation
778 description: The timeout for download operations, defaults to 60s.
787 observedGeneration: -1
788 description: BucketStatus defines the observed state of a bucket
791 description: Artifact represents the output of the last successful
795 description: Checksum is the SHA256 checksum of the artifact.
799 LastUpdateTime is the timestamp corresponding to the last update of this
804 description: Path is the relative file path of this artifact.
808 Revision is a human readable identifier traceable in the origin source
809 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
813 description: URL is the HTTP address of this artifact.
821 description: Conditions holds the conditions for the Bucket.
823 description: Condition contains details for one aspect of the current
824 state of this API Resource.
828 lastTransitionTime is the last time the condition transitioned from one status to another.
829 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
834 message is a human readable message indicating details about the transition.
835 This may be an empty string.
840 observedGeneration represents the .metadata.generation that the condition was set based upon.
841 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
842 with respect to the current state of the instance.
848 reason contains a programmatic identifier indicating the reason for the condition's last transition.
849 Producers of specific condition types may define expected values and meanings for this field,
850 and whether the values are considered a guaranteed API.
851 The value should be a CamelCase string.
852 This field may not be empty.
855 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
858 description: status of the condition, one of True, False, Unknown.
865 description: type of condition in CamelCase or in foo.example.com/CamelCase.
867 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
877 lastHandledReconcileAt:
879 LastHandledReconcileAt holds the value of the most recent
880 reconcile request value, so a change of the annotation value
884 description: ObservedGeneration is the last observed generation.
888 description: URL is the download link for the artifact output of the
897 - additionalPrinterColumns:
898 - jsonPath: .spec.endpoint
901 - jsonPath: .metadata.creationTimestamp
904 - jsonPath: .status.conditions[?(@.type=="Ready")].status
907 - jsonPath: .status.conditions[?(@.type=="Ready")].message
911 deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1
915 description: Bucket is the Schema for the buckets API.
919 APIVersion defines the versioned schema of this representation of an object.
920 Servers should convert recognized schemas to the latest internal value, and
921 may reject unrecognized values.
922 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
926 Kind is a string value representing the REST resource this object represents.
927 Servers may infer this from the endpoint the client submits requests to.
930 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
936 BucketSpec specifies the required configuration to produce an Artifact for
937 an object storage bucket.
941 AccessFrom specifies an Access Control List for allowing cross-namespace
942 references to this object.
943 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
947 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
948 Items in this list are evaluated using a logical OR operation.
951 NamespaceSelector selects the namespaces to which this ACL applies.
952 An empty map of MatchLabels matches all namespaces in a cluster.
955 additionalProperties:
958 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
959 map is equivalent to an element of matchExpressions, whose key field is "key", the
960 operator is "In", and the values array contains only "value". The requirements are ANDed.
968 description: BucketName is the name of the object storage bucket.
972 CertSecretRef can be given the name of a Secret containing
975 - a PEM-encoded client certificate (`tls.crt`) and private
977 - a PEM-encoded CA certificate (`ca.crt`)
979 and whichever are supplied, will be used for connecting to the
980 bucket. The client cert and key are useful if you are
981 authenticating with a certificate; the CA cert is useful if
982 you are using a self-signed server certificate. The Secret must
983 be of type `Opaque` or `kubernetes.io/tls`.
985 This field is only supported for the `generic` provider.
988 description: Name of the referent.
994 description: Endpoint is the object storage address the BucketName
999 Ignore overrides the set of excluded patterns in the .sourceignore format
1000 (which is the same as .gitignore). If not provided, a default will be used,
1001 consult the documentation for your version to find out what those are.
1004 description: Insecure allows connecting to a non-TLS HTTP Endpoint.
1008 Interval at which the Bucket Endpoint is checked for updates.
1009 This interval is approximate and may be subject to jitter to ensure
1010 efficient use of resources.
1011 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1014 description: Prefix to use for server-side filtering of files in the
1020 Provider of the object storage bucket.
1021 Defaults to 'generic', which expects an S3 (API) compatible object
1031 ProxySecretRef specifies the Secret containing the proxy configuration
1032 to use while communicating with the Bucket server.
1035 description: Name of the referent.
1041 description: Region of the Endpoint where the BucketName is located
1046 SecretRef specifies the Secret containing authentication credentials
1050 description: Name of the referent.
1057 STS specifies the required configuration to use a Security Token
1058 Service for fetching temporary credentials to authenticate in a
1061 This field is only supported for the `aws` and `generic` providers.
1065 CertSecretRef can be given the name of a Secret containing
1068 - a PEM-encoded client certificate (`tls.crt`) and private
1070 - a PEM-encoded CA certificate (`ca.crt`)
1072 and whichever are supplied, will be used for connecting to the
1073 STS endpoint. The client cert and key are useful if you are
1074 authenticating with a certificate; the CA cert is useful if
1075 you are using a self-signed server certificate. The Secret must
1076 be of type `Opaque` or `kubernetes.io/tls`.
1078 This field is only supported for the `ldap` provider.
1081 description: Name of the referent.
1088 Endpoint is the HTTP/S endpoint of the Security Token Service from
1089 where temporary credentials will be fetched.
1090 pattern: ^(http|https)://.*$
1093 description: Provider of the Security Token Service.
1100 SecretRef specifies the Secret containing authentication credentials
1101 for the STS endpoint. This Secret must contain the fields `username`
1102 and `password` and is supported only for the `ldap` provider.
1105 description: Name of the referent.
1116 Suspend tells the controller to suspend the reconciliation of this
1121 description: Timeout for fetch operations, defaults to 60s.
1122 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1129 x-kubernetes-validations:
1130 - message: STS configuration is only supported for the 'aws' and 'generic'
1132 rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)
1133 - message: '''aws'' is the only supported STS provider for the ''aws''
1135 rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider
1137 - message: '''ldap'' is the only supported STS provider for the ''generic''
1139 rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider
1141 - message: spec.sts.secretRef is not required for the 'aws' STS provider
1142 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)'
1143 - message: spec.sts.certSecretRef is not required for the 'aws' STS provider
1144 rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)'
1147 observedGeneration: -1
1148 description: BucketStatus records the observed state of a Bucket.
1151 description: Artifact represents the last successful Bucket reconciliation.
1154 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1155 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1159 LastUpdateTime is the timestamp corresponding to the last update of the
1164 additionalProperties:
1166 description: Metadata holds upstream information such as OCI annotations.
1170 Path is the relative file path of the Artifact. It can be used to locate
1171 the file in the root of the Artifact storage on the local file system of
1172 the controller managing the Source.
1176 Revision is a human-readable identifier traceable in the origin source
1177 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1180 description: Size is the number of bytes in the file.
1185 URL is the HTTP address of the Artifact as exposed by the controller
1186 managing the Source. It can be used to retrieve the Artifact for
1187 consumption, e.g. by another controller applying the Artifact contents.
1196 description: Conditions holds the conditions for the Bucket.
1198 description: Condition contains details for one aspect of the current
1199 state of this API Resource.
1203 lastTransitionTime is the last time the condition transitioned from one status to another.
1204 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1209 message is a human readable message indicating details about the transition.
1210 This may be an empty string.
1215 observedGeneration represents the .metadata.generation that the condition was set based upon.
1216 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1217 with respect to the current state of the instance.
1223 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1224 Producers of specific condition types may define expected values and meanings for this field,
1225 and whether the values are considered a guaranteed API.
1226 The value should be a CamelCase string.
1227 This field may not be empty.
1230 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1233 description: status of the condition, one of True, False, Unknown.
1240 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1242 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1245 - lastTransitionTime
1252 lastHandledReconcileAt:
1254 LastHandledReconcileAt holds the value of the most recent
1255 reconcile request value, so a change of the annotation value
1259 description: ObservedGeneration is the last observed generation of
1265 ObservedIgnore is the observed exclusion patterns used for constructing
1266 the source artifact.
1270 URL is the dynamic fetch link for the latest Artifact.
1271 It is provided on a "best effort" basis, and using the precise
1272 BucketStatus.Artifact data is recommended.
1281 apiVersion: apiextensions.k8s.io/v1
1282 kind: CustomResourceDefinition
1285 controller-gen.kubebuilder.io/version: v0.16.1
1287 app.kubernetes.io/component: source-controller
1288 app.kubernetes.io/instance: flux-system
1289 app.kubernetes.io/part-of: flux
1290 app.kubernetes.io/version: v2.4.0
1291 name: gitrepositories.source.toolkit.fluxcd.io
1293 group: source.toolkit.fluxcd.io
1296 listKind: GitRepositoryList
1297 plural: gitrepositories
1300 singular: gitrepository
1303 - additionalPrinterColumns:
1304 - jsonPath: .spec.url
1307 - jsonPath: .metadata.creationTimestamp
1310 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1313 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1319 description: GitRepository is the Schema for the gitrepositories API.
1323 APIVersion defines the versioned schema of this representation of an object.
1324 Servers should convert recognized schemas to the latest internal value, and
1325 may reject unrecognized values.
1326 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1330 Kind is a string value representing the REST resource this object represents.
1331 Servers may infer this from the endpoint the client submits requests to.
1334 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1340 GitRepositorySpec specifies the required configuration to produce an
1341 Artifact for a Git repository.
1345 Ignore overrides the set of excluded patterns in the .sourceignore format
1346 (which is the same as .gitignore). If not provided, a default will be used,
1347 consult the documentation for your version to find out what those are.
1351 Include specifies a list of GitRepository resources which Artifacts
1352 should be included in the Artifact produced for this GitRepository.
1355 GitRepositoryInclude specifies a local reference to a GitRepository which
1356 Artifact (sub-)contents must be included, and where they should be placed.
1360 FromPath specifies the path to copy contents from, defaults to the root
1365 GitRepositoryRef specifies the GitRepository which Artifact contents
1369 description: Name of the referent.
1376 ToPath specifies the path to copy contents to, defaults to the name of
1377 the GitRepositoryRef.
1385 Interval at which the GitRepository URL is checked for updates.
1386 This interval is approximate and may be subject to jitter to ensure
1387 efficient use of resources.
1388 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
1392 Provider used for authentication, can be 'azure', 'generic'.
1393 When not specified, defaults to 'generic'.
1400 ProxySecretRef specifies the Secret containing the proxy configuration
1401 to use while communicating with the Git server.
1404 description: Name of the referent.
1411 RecurseSubmodules enables the initialization of all submodules within
1412 the GitRepository as cloned from the URL, using their default settings.
1416 Reference specifies the Git reference to resolve and monitor for
1417 changes, defaults to the 'master' branch.
1420 description: Branch to check out, defaults to 'master' if no other
1425 Commit SHA to check out, takes precedence over all reference fields.
1427 This can be combined with Branch to shallow clone the branch, in which
1428 the commit is expected to exist.
1432 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
1434 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
1435 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
1438 description: SemVer tag expression to check out, takes precedence
1442 description: Tag to check out, takes precedence over Branch.
1447 SecretRef specifies the Secret containing authentication credentials for
1449 For HTTPS repositories the Secret must contain 'username' and 'password'
1450 fields for basic auth or 'bearerToken' field for token auth.
1451 For SSH repositories the Secret must contain 'identity'
1452 and 'known_hosts' fields.
1455 description: Name of the referent.
1462 Suspend tells the controller to suspend the reconciliation of this
1467 description: Timeout for Git operations like cloning, defaults to
1469 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
1472 description: URL specifies the Git repository URL, it can be an HTTP/S
1474 pattern: ^(http|https|ssh)://.*$
1478 Verification specifies the configuration to verify the Git commit
1484 Mode specifies which Git object(s) should be verified.
1486 The variants "head" and "HEAD" both imply the same thing, i.e. verify
1487 the commit that the HEAD of the Git repository points to. The variant
1488 "head" solely exists to ensure backwards compatibility.
1497 SecretRef specifies the Secret containing the public keys of trusted Git
1501 description: Name of the referent.
1515 observedGeneration: -1
1516 description: GitRepositoryStatus records the observed state of a Git repository.
1519 description: Artifact represents the last successful GitRepository
1523 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
1524 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1528 LastUpdateTime is the timestamp corresponding to the last update of the
1533 additionalProperties:
1535 description: Metadata holds upstream information such as OCI annotations.
1539 Path is the relative file path of the Artifact. It can be used to locate
1540 the file in the root of the Artifact storage on the local file system of
1541 the controller managing the Source.
1545 Revision is a human-readable identifier traceable in the origin source
1546 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1549 description: Size is the number of bytes in the file.
1554 URL is the HTTP address of the Artifact as exposed by the controller
1555 managing the Source. It can be used to retrieve the Artifact for
1556 consumption, e.g. by another controller applying the Artifact contents.
1565 description: Conditions holds the conditions for the GitRepository.
1567 description: Condition contains details for one aspect of the current
1568 state of this API Resource.
1572 lastTransitionTime is the last time the condition transitioned from one status to another.
1573 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1578 message is a human readable message indicating details about the transition.
1579 This may be an empty string.
1584 observedGeneration represents the .metadata.generation that the condition was set based upon.
1585 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1586 with respect to the current state of the instance.
1592 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1593 Producers of specific condition types may define expected values and meanings for this field,
1594 and whether the values are considered a guaranteed API.
1595 The value should be a CamelCase string.
1596 This field may not be empty.
1599 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1602 description: status of the condition, one of True, False, Unknown.
1609 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1611 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1614 - lastTransitionTime
1623 IncludedArtifacts contains a list of the last successfully included
1624 Artifacts as instructed by GitRepositorySpec.Include.
1626 description: Artifact represents the output of a Source reconciliation.
1629 description: Digest is the digest of the file in the form of
1630 '<algorithm>:<checksum>'.
1631 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
1635 LastUpdateTime is the timestamp corresponding to the last update of the
1640 additionalProperties:
1642 description: Metadata holds upstream information such as OCI
1647 Path is the relative file path of the Artifact. It can be used to locate
1648 the file in the root of the Artifact storage on the local file system of
1649 the controller managing the Source.
1653 Revision is a human-readable identifier traceable in the origin source
1654 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
1657 description: Size is the number of bytes in the file.
1662 URL is the HTTP address of the Artifact as exposed by the controller
1663 managing the Source. It can be used to retrieve the Artifact for
1664 consumption, e.g. by another controller applying the Artifact contents.
1673 lastHandledReconcileAt:
1675 LastHandledReconcileAt holds the value of the most recent
1676 reconcile request value, so a change of the annotation value
1681 ObservedGeneration is the last observed generation of the GitRepository
1687 ObservedIgnore is the observed exclusion patterns used for constructing
1688 the source artifact.
1692 ObservedInclude is the observed list of GitRepository resources used to
1693 produce the current Artifact.
1696 GitRepositoryInclude specifies a local reference to a GitRepository which
1697 Artifact (sub-)contents must be included, and where they should be placed.
1701 FromPath specifies the path to copy contents from, defaults to the root
1706 GitRepositoryRef specifies the GitRepository which Artifact contents
1710 description: Name of the referent.
1717 ToPath specifies the path to copy contents to, defaults to the name of
1718 the GitRepositoryRef.
1724 observedRecurseSubmodules:
1726 ObservedRecurseSubmodules is the observed resource submodules
1727 configuration used to produce the current Artifact.
1729 sourceVerificationMode:
1731 SourceVerificationMode is the last used verification mode indicating
1732 which Git object(s) have been verified.
1740 - additionalPrinterColumns:
1741 - jsonPath: .spec.url
1744 - jsonPath: .status.conditions[?(@.type=="Ready")].status
1747 - jsonPath: .status.conditions[?(@.type=="Ready")].message
1750 - jsonPath: .metadata.creationTimestamp
1754 deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1
1758 description: GitRepository is the Schema for the gitrepositories API
1762 APIVersion defines the versioned schema of this representation of an object.
1763 Servers should convert recognized schemas to the latest internal value, and
1764 may reject unrecognized values.
1765 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1769 Kind is a string value representing the REST resource this object represents.
1770 Servers may infer this from the endpoint the client submits requests to.
1773 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1778 description: GitRepositorySpec defines the desired state of a Git repository.
1781 description: AccessFrom defines an Access Control List for allowing
1782 cross-namespace references to this object.
1786 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
1787 Items in this list are evaluated using a logical OR operation.
1790 NamespaceSelector selects the namespaces to which this ACL applies.
1791 An empty map of MatchLabels matches all namespaces in a cluster.
1794 additionalProperties:
1797 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
1798 map is equivalent to an element of matchExpressions, whose key field is "key", the
1799 operator is "In", and the values array contains only "value". The requirements are ANDed.
1804 - namespaceSelectors
1809 Determines which git client library to use.
1810 Defaults to go-git, valid values are ('go-git', 'libgit2').
1817 Ignore overrides the set of excluded patterns in the .sourceignore format
1818 (which is the same as .gitignore). If not provided, a default will be used,
1819 consult the documentation for your version to find out what those are.
1822 description: Extra git repositories to map into the repository
1824 description: GitRepositoryInclude defines a source with a from and
1828 description: The path to copy contents from, defaults to the
1832 description: Reference to a GitRepository to include.
1835 description: Name of the referent.
1841 description: The path to copy contents to, defaults to the name
1849 description: The interval at which to check for repository updates.
1853 When enabled, after the clone is created, initializes all submodules within,
1854 using their default settings.
1855 This option is available only when using the 'go-git' GitImplementation.
1859 The Git reference to checkout and monitor for changes, defaults to
1863 description: The Git branch to checkout, defaults to master.
1866 description: The Git commit SHA to checkout, if specified Tag
1867 filters will be ignored.
1870 description: The Git tag semver expression, takes precedence over
1874 description: The Git tag to checkout, takes precedence over Branch.
1879 The secret name containing the Git credentials.
1880 For HTTPS repositories the secret must contain username and password
1882 For SSH repositories the secret must contain identity and known_hosts
1886 description: Name of the referent.
1892 description: This flag tells the controller to suspend the reconciliation
1897 description: The timeout for remote Git operations like cloning, defaults
1901 description: The repository URL, can be a HTTP/S or SSH address.
1902 pattern: ^(http|https|ssh)://.*$
1905 description: Verify OpenPGP signature for the Git commit HEAD points
1909 description: Mode describes what git object should be verified,
1915 description: The secret name containing the public keys of all
1916 trusted Git authors.
1919 description: Name of the referent.
1933 observedGeneration: -1
1934 description: GitRepositoryStatus defines the observed state of a Git repository.
1937 description: Artifact represents the output of the last successful
1941 description: Checksum is the SHA256 checksum of the artifact.
1945 LastUpdateTime is the timestamp corresponding to the last update of this
1950 description: Path is the relative file path of this artifact.
1954 Revision is a human readable identifier traceable in the origin source
1955 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
1959 description: URL is the HTTP address of this artifact.
1967 description: Conditions holds the conditions for the GitRepository.
1969 description: Condition contains details for one aspect of the current
1970 state of this API Resource.
1974 lastTransitionTime is the last time the condition transitioned from one status to another.
1975 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1980 message is a human readable message indicating details about the transition.
1981 This may be an empty string.
1986 observedGeneration represents the .metadata.generation that the condition was set based upon.
1987 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1988 with respect to the current state of the instance.
1994 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1995 Producers of specific condition types may define expected values and meanings for this field,
1996 and whether the values are considered a guaranteed API.
1997 The value should be a CamelCase string.
1998 This field may not be empty.
2001 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2004 description: status of the condition, one of True, False, Unknown.
2011 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2013 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2016 - lastTransitionTime
2024 description: IncludedArtifacts represents the included artifacts from
2025 the last successful repository sync.
2027 description: Artifact represents the output of a source synchronisation.
2030 description: Checksum is the SHA256 checksum of the artifact.
2034 LastUpdateTime is the timestamp corresponding to the last update of this
2039 description: Path is the relative file path of this artifact.
2043 Revision is a human readable identifier traceable in the origin source
2044 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
2048 description: URL is the HTTP address of this artifact.
2056 lastHandledReconcileAt:
2058 LastHandledReconcileAt holds the value of the most recent
2059 reconcile request value, so a change of the annotation value
2063 description: ObservedGeneration is the last observed generation.
2068 URL is the download link for the artifact output of the last repository
2077 - additionalPrinterColumns:
2078 - jsonPath: .spec.url
2081 - jsonPath: .metadata.creationTimestamp
2084 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2087 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2091 deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1
2095 description: GitRepository is the Schema for the gitrepositories API.
2099 APIVersion defines the versioned schema of this representation of an object.
2100 Servers should convert recognized schemas to the latest internal value, and
2101 may reject unrecognized values.
2102 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2106 Kind is a string value representing the REST resource this object represents.
2107 Servers may infer this from the endpoint the client submits requests to.
2110 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2116 GitRepositorySpec specifies the required configuration to produce an
2117 Artifact for a Git repository.
2121 AccessFrom specifies an Access Control List for allowing cross-namespace
2122 references to this object.
2123 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
2127 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2128 Items in this list are evaluated using a logical OR operation.
2131 NamespaceSelector selects the namespaces to which this ACL applies.
2132 An empty map of MatchLabels matches all namespaces in a cluster.
2135 additionalProperties:
2138 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2139 map is equivalent to an element of matchExpressions, whose key field is "key", the
2140 operator is "In", and the values array contains only "value". The requirements are ANDed.
2145 - namespaceSelectors
2150 GitImplementation specifies which Git client library implementation to
2151 use. Defaults to 'go-git', valid values are ('go-git', 'libgit2').
2152 Deprecated: gitImplementation is deprecated now that 'go-git' is the
2153 only supported implementation.
2160 Ignore overrides the set of excluded patterns in the .sourceignore format
2161 (which is the same as .gitignore). If not provided, a default will be used,
2162 consult the documentation for your version to find out what those are.
2166 Include specifies a list of GitRepository resources which Artifacts
2167 should be included in the Artifact produced for this GitRepository.
2170 GitRepositoryInclude specifies a local reference to a GitRepository which
2171 Artifact (sub-)contents must be included, and where they should be placed.
2175 FromPath specifies the path to copy contents from, defaults to the root
2180 GitRepositoryRef specifies the GitRepository which Artifact contents
2184 description: Name of the referent.
2191 ToPath specifies the path to copy contents to, defaults to the name of
2192 the GitRepositoryRef.
2199 description: Interval at which to check the GitRepository for updates.
2200 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2204 RecurseSubmodules enables the initialization of all submodules within
2205 the GitRepository as cloned from the URL, using their default settings.
2209 Reference specifies the Git reference to resolve and monitor for
2210 changes, defaults to the 'master' branch.
2213 description: Branch to check out, defaults to 'master' if no other
2218 Commit SHA to check out, takes precedence over all reference fields.
2220 This can be combined with Branch to shallow clone the branch, in which
2221 the commit is expected to exist.
2225 Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
2227 It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
2228 Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head"
2231 description: SemVer tag expression to check out, takes precedence
2235 description: Tag to check out, takes precedence over Branch.
2240 SecretRef specifies the Secret containing authentication credentials for
2242 For HTTPS repositories the Secret must contain 'username' and 'password'
2243 fields for basic auth or 'bearerToken' field for token auth.
2244 For SSH repositories the Secret must contain 'identity'
2245 and 'known_hosts' fields.
2248 description: Name of the referent.
2255 Suspend tells the controller to suspend the reconciliation of this
2260 description: Timeout for Git operations like cloning, defaults to
2262 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
2265 description: URL specifies the Git repository URL, it can be an HTTP/S
2267 pattern: ^(http|https|ssh)://.*$
2271 Verification specifies the configuration to verify the Git commit
2275 description: Mode specifies what Git object should be verified,
2282 SecretRef specifies the Secret containing the public keys of trusted Git
2286 description: Name of the referent.
2301 observedGeneration: -1
2302 description: GitRepositoryStatus records the observed state of a Git repository.
2305 description: Artifact represents the last successful GitRepository
2309 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2310 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2314 LastUpdateTime is the timestamp corresponding to the last update of the
2319 additionalProperties:
2321 description: Metadata holds upstream information such as OCI annotations.
2325 Path is the relative file path of the Artifact. It can be used to locate
2326 the file in the root of the Artifact storage on the local file system of
2327 the controller managing the Source.
2331 Revision is a human-readable identifier traceable in the origin source
2332 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2335 description: Size is the number of bytes in the file.
2340 URL is the HTTP address of the Artifact as exposed by the controller
2341 managing the Source. It can be used to retrieve the Artifact for
2342 consumption, e.g. by another controller applying the Artifact contents.
2351 description: Conditions holds the conditions for the GitRepository.
2353 description: Condition contains details for one aspect of the current
2354 state of this API Resource.
2358 lastTransitionTime is the last time the condition transitioned from one status to another.
2359 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2364 message is a human readable message indicating details about the transition.
2365 This may be an empty string.
2370 observedGeneration represents the .metadata.generation that the condition was set based upon.
2371 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2372 with respect to the current state of the instance.
2378 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2379 Producers of specific condition types may define expected values and meanings for this field,
2380 and whether the values are considered a guaranteed API.
2381 The value should be a CamelCase string.
2382 This field may not be empty.
2385 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2388 description: status of the condition, one of True, False, Unknown.
2395 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2397 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2400 - lastTransitionTime
2407 contentConfigChecksum:
2409 ContentConfigChecksum is a checksum of all the configurations related to
2410 the content of the source artifact:
2412 - .spec.recurseSubmodules
2413 - .spec.included and the checksum of the included artifacts
2414 observed in .status.observedGeneration version of the object. This can
2415 be used to determine if the content of the included repository has
2417 It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
2419 Deprecated: Replaced with explicit fields for observed artifact content
2420 config in the status.
2424 IncludedArtifacts contains a list of the last successfully included
2425 Artifacts as instructed by GitRepositorySpec.Include.
2427 description: Artifact represents the output of a Source reconciliation.
2430 description: Digest is the digest of the file in the form of
2431 '<algorithm>:<checksum>'.
2432 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2436 LastUpdateTime is the timestamp corresponding to the last update of the
2441 additionalProperties:
2443 description: Metadata holds upstream information such as OCI
2448 Path is the relative file path of the Artifact. It can be used to locate
2449 the file in the root of the Artifact storage on the local file system of
2450 the controller managing the Source.
2454 Revision is a human-readable identifier traceable in the origin source
2455 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2458 description: Size is the number of bytes in the file.
2463 URL is the HTTP address of the Artifact as exposed by the controller
2464 managing the Source. It can be used to retrieve the Artifact for
2465 consumption, e.g. by another controller applying the Artifact contents.
2474 lastHandledReconcileAt:
2476 LastHandledReconcileAt holds the value of the most recent
2477 reconcile request value, so a change of the annotation value
2482 ObservedGeneration is the last observed generation of the GitRepository
2488 ObservedIgnore is the observed exclusion patterns used for constructing
2489 the source artifact.
2493 ObservedInclude is the observed list of GitRepository resources used to
2494 to produce the current Artifact.
2497 GitRepositoryInclude specifies a local reference to a GitRepository which
2498 Artifact (sub-)contents must be included, and where they should be placed.
2502 FromPath specifies the path to copy contents from, defaults to the root
2507 GitRepositoryRef specifies the GitRepository which Artifact contents
2511 description: Name of the referent.
2518 ToPath specifies the path to copy contents to, defaults to the name of
2519 the GitRepositoryRef.
2525 observedRecurseSubmodules:
2527 ObservedRecurseSubmodules is the observed resource submodules
2528 configuration used to produce the current Artifact.
2532 URL is the dynamic fetch link for the latest Artifact.
2533 It is provided on a "best effort" basis, and using the precise
2534 GitRepositoryStatus.Artifact data is recommended.
2543 apiVersion: apiextensions.k8s.io/v1
2544 kind: CustomResourceDefinition
2547 controller-gen.kubebuilder.io/version: v0.16.1
2549 app.kubernetes.io/component: source-controller
2550 app.kubernetes.io/instance: flux-system
2551 app.kubernetes.io/part-of: flux
2552 app.kubernetes.io/version: v2.4.0
2553 name: helmcharts.source.toolkit.fluxcd.io
2555 group: source.toolkit.fluxcd.io
2558 listKind: HelmChartList
2565 - additionalPrinterColumns:
2566 - jsonPath: .spec.chart
2569 - jsonPath: .spec.version
2572 - jsonPath: .spec.sourceRef.kind
2575 - jsonPath: .spec.sourceRef.name
2578 - jsonPath: .metadata.creationTimestamp
2581 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2584 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2590 description: HelmChart is the Schema for the helmcharts API.
2594 APIVersion defines the versioned schema of this representation of an object.
2595 Servers should convert recognized schemas to the latest internal value, and
2596 may reject unrecognized values.
2597 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2601 Kind is a string value representing the REST resource this object represents.
2602 Servers may infer this from the endpoint the client submits requests to.
2605 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2610 description: HelmChartSpec specifies the desired state of a Helm chart.
2614 Chart is the name or path the Helm chart is available at in the
2617 ignoreMissingValuesFiles:
2619 IgnoreMissingValuesFiles controls whether to silently ignore missing values
2620 files rather than failing.
2624 Interval at which the HelmChart SourceRef is checked for updates.
2625 This interval is approximate and may be subject to jitter to ensure
2626 efficient use of resources.
2627 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
2630 default: ChartVersion
2632 ReconcileStrategy determines what enables the creation of a new artifact.
2633 Valid values are ('ChartVersion', 'Revision').
2634 See the documentation of the values for an explanation on their behavior.
2635 Defaults to ChartVersion when omitted.
2641 description: SourceRef is the reference to the Source the chart is
2645 description: APIVersion of the referent.
2649 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
2657 description: Name of the referent.
2665 Suspend tells the controller to suspend the reconciliation of this
2670 ValuesFiles is an alternative list of values files to use as the chart
2671 values (values.yaml is not included by default), expected to be a
2672 relative path in the SourceRef.
2673 Values files are merged in the order of this list with the last file
2674 overriding the first. Ignored when omitted.
2680 Verify contains the secret name containing the trusted public keys
2681 used to verify the signature and specifies which provider to use to check
2682 whether OCI image is authentic.
2683 This field is only supported when using HelmRepository source with spec.type 'oci'.
2684 Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
2688 MatchOIDCIdentity specifies the identity matching criteria to use
2689 while verifying an OCI artifact which was signed using Cosign keyless
2690 signing. The artifact's identity is deemed to be verified if any of the
2691 specified matchers match against the identity.
2694 OIDCIdentityMatch specifies options for verifying the certificate identity,
2695 i.e. the issuer and the subject of the certificate.
2699 Issuer specifies the regex pattern to match against to verify
2700 the OIDC issuer in the Fulcio certificate. The pattern must be a
2701 valid Go regular expression.
2705 Subject specifies the regex pattern to match against to verify
2706 the identity subject in the Fulcio certificate. The pattern must
2707 be a valid Go regular expression.
2716 description: Provider specifies the technology used to sign the
2724 SecretRef specifies the Kubernetes Secret containing the
2725 trusted public keys.
2728 description: Name of the referent.
2739 Version is the chart version semver expression, ignored for charts from
2740 GitRepository and Bucket sources. Defaults to latest when omitted.
2749 observedGeneration: -1
2750 description: HelmChartStatus records the observed state of the HelmChart.
2753 description: Artifact represents the output of the last successful
2757 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
2758 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
2762 LastUpdateTime is the timestamp corresponding to the last update of the
2767 additionalProperties:
2769 description: Metadata holds upstream information such as OCI annotations.
2773 Path is the relative file path of the Artifact. It can be used to locate
2774 the file in the root of the Artifact storage on the local file system of
2775 the controller managing the Source.
2779 Revision is a human-readable identifier traceable in the origin source
2780 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
2783 description: Size is the number of bytes in the file.
2788 URL is the HTTP address of the Artifact as exposed by the controller
2789 managing the Source. It can be used to retrieve the Artifact for
2790 consumption, e.g. by another controller applying the Artifact contents.
2799 description: Conditions holds the conditions for the HelmChart.
2801 description: Condition contains details for one aspect of the current
2802 state of this API Resource.
2806 lastTransitionTime is the last time the condition transitioned from one status to another.
2807 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2812 message is a human readable message indicating details about the transition.
2813 This may be an empty string.
2818 observedGeneration represents the .metadata.generation that the condition was set based upon.
2819 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
2820 with respect to the current state of the instance.
2826 reason contains a programmatic identifier indicating the reason for the condition's last transition.
2827 Producers of specific condition types may define expected values and meanings for this field,
2828 and whether the values are considered a guaranteed API.
2829 The value should be a CamelCase string.
2830 This field may not be empty.
2833 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2836 description: status of the condition, one of True, False, Unknown.
2843 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2845 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2848 - lastTransitionTime
2855 lastHandledReconcileAt:
2857 LastHandledReconcileAt holds the value of the most recent
2858 reconcile request value, so a change of the annotation value
2863 ObservedChartName is the last observed chart name as specified by the
2864 resolved chart reference.
2868 ObservedGeneration is the last observed generation of the HelmChart
2872 observedSourceArtifactRevision:
2874 ObservedSourceArtifactRevision is the last observed Artifact.Revision
2875 of the HelmChartSpec.SourceRef.
2877 observedValuesFiles:
2879 ObservedValuesFiles are the observed value files of the last successful
2881 It matches the chart in the last successfully reconciled artifact.
2887 URL is the dynamic fetch link for the latest Artifact.
2888 It is provided on a "best effort" basis, and using the precise
2889 BucketStatus.Artifact data is recommended.
2897 - additionalPrinterColumns:
2898 - jsonPath: .spec.chart
2901 - jsonPath: .spec.version
2904 - jsonPath: .spec.sourceRef.kind
2907 - jsonPath: .spec.sourceRef.name
2910 - jsonPath: .status.conditions[?(@.type=="Ready")].status
2913 - jsonPath: .status.conditions[?(@.type=="Ready")].message
2916 - jsonPath: .metadata.creationTimestamp
2920 deprecationWarning: v1beta1 HelmChart is deprecated, upgrade to v1
2924 description: HelmChart is the Schema for the helmcharts API
2928 APIVersion defines the versioned schema of this representation of an object.
2929 Servers should convert recognized schemas to the latest internal value, and
2930 may reject unrecognized values.
2931 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
2935 Kind is a string value representing the REST resource this object represents.
2936 Servers may infer this from the endpoint the client submits requests to.
2939 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2944 description: HelmChartSpec defines the desired state of a Helm chart.
2947 description: AccessFrom defines an Access Control List for allowing
2948 cross-namespace references to this object.
2952 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
2953 Items in this list are evaluated using a logical OR operation.
2956 NamespaceSelector selects the namespaces to which this ACL applies.
2957 An empty map of MatchLabels matches all namespaces in a cluster.
2960 additionalProperties:
2963 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2964 map is equivalent to an element of matchExpressions, whose key field is "key", the
2965 operator is "In", and the values array contains only "value". The requirements are ANDed.
2970 - namespaceSelectors
2973 description: The name or path the Helm chart is available at in the
2977 description: The interval at which to check the Source for updates.
2980 default: ChartVersion
2982 Determines what enables the creation of a new artifact. Valid values are
2983 ('ChartVersion', 'Revision').
2984 See the documentation of the values for an explanation on their behavior.
2985 Defaults to ChartVersion when omitted.
2991 description: The reference to the Source the chart is available at.
2994 description: APIVersion of the referent.
2998 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
3006 description: Name of the referent.
3013 description: This flag tells the controller to suspend the reconciliation
3018 Alternative values file to use as the default chart values, expected to
3019 be a relative path in the SourceRef. Deprecated in favor of ValuesFiles,
3020 for backwards compatibility the file defined here is merged before the
3021 ValuesFiles items. Ignored when omitted.
3025 Alternative list of values files to use as the chart values (values.yaml
3026 is not included by default), expected to be a relative path in the SourceRef.
3027 Values files are merged in the order of this list with the last file overriding
3028 the first. Ignored when omitted.
3035 The chart version semver expression, ignored for charts from GitRepository
3036 and Bucket sources. Defaults to latest when omitted.
3045 observedGeneration: -1
3046 description: HelmChartStatus defines the observed state of the HelmChart.
3049 description: Artifact represents the output of the last successful
3053 description: Checksum is the SHA256 checksum of the artifact.
3057 LastUpdateTime is the timestamp corresponding to the last update of this
3062 description: Path is the relative file path of this artifact.
3066 Revision is a human readable identifier traceable in the origin source
3067 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
3071 description: URL is the HTTP address of this artifact.
3079 description: Conditions holds the conditions for the HelmChart.
3081 description: Condition contains details for one aspect of the current
3082 state of this API Resource.
3086 lastTransitionTime is the last time the condition transitioned from one status to another.
3087 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3092 message is a human readable message indicating details about the transition.
3093 This may be an empty string.
3098 observedGeneration represents the .metadata.generation that the condition was set based upon.
3099 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3100 with respect to the current state of the instance.
3106 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3107 Producers of specific condition types may define expected values and meanings for this field,
3108 and whether the values are considered a guaranteed API.
3109 The value should be a CamelCase string.
3110 This field may not be empty.
3113 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3116 description: status of the condition, one of True, False, Unknown.
3123 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3125 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3128 - lastTransitionTime
3135 lastHandledReconcileAt:
3137 LastHandledReconcileAt holds the value of the most recent
3138 reconcile request value, so a change of the annotation value
3142 description: ObservedGeneration is the last observed generation.
3146 description: URL is the download link for the last chart pulled.
3154 - additionalPrinterColumns:
3155 - jsonPath: .spec.chart
3158 - jsonPath: .spec.version
3161 - jsonPath: .spec.sourceRef.kind
3164 - jsonPath: .spec.sourceRef.name
3167 - jsonPath: .metadata.creationTimestamp
3170 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3173 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3177 deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1
3181 description: HelmChart is the Schema for the helmcharts API.
3185 APIVersion defines the versioned schema of this representation of an object.
3186 Servers should convert recognized schemas to the latest internal value, and
3187 may reject unrecognized values.
3188 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3192 Kind is a string value representing the REST resource this object represents.
3193 Servers may infer this from the endpoint the client submits requests to.
3196 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3201 description: HelmChartSpec specifies the desired state of a Helm chart.
3205 AccessFrom specifies an Access Control List for allowing cross-namespace
3206 references to this object.
3207 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3211 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3212 Items in this list are evaluated using a logical OR operation.
3215 NamespaceSelector selects the namespaces to which this ACL applies.
3216 An empty map of MatchLabels matches all namespaces in a cluster.
3219 additionalProperties:
3222 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3223 map is equivalent to an element of matchExpressions, whose key field is "key", the
3224 operator is "In", and the values array contains only "value". The requirements are ANDed.
3229 - namespaceSelectors
3233 Chart is the name or path the Helm chart is available at in the
3236 ignoreMissingValuesFiles:
3238 IgnoreMissingValuesFiles controls whether to silently ignore missing values
3239 files rather than failing.
3243 Interval at which the HelmChart SourceRef is checked for updates.
3244 This interval is approximate and may be subject to jitter to ensure
3245 efficient use of resources.
3246 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3249 default: ChartVersion
3251 ReconcileStrategy determines what enables the creation of a new artifact.
3252 Valid values are ('ChartVersion', 'Revision').
3253 See the documentation of the values for an explanation on their behavior.
3254 Defaults to ChartVersion when omitted.
3260 description: SourceRef is the reference to the Source the chart is
3264 description: APIVersion of the referent.
3268 Kind of the referent, valid values are ('HelmRepository', 'GitRepository',
3276 description: Name of the referent.
3284 Suspend tells the controller to suspend the reconciliation of this
3289 ValuesFile is an alternative values file to use as the default chart
3290 values, expected to be a relative path in the SourceRef. Deprecated in
3291 favor of ValuesFiles, for backwards compatibility the file specified here
3292 is merged before the ValuesFiles items. Ignored when omitted.
3296 ValuesFiles is an alternative list of values files to use as the chart
3297 values (values.yaml is not included by default), expected to be a
3298 relative path in the SourceRef.
3299 Values files are merged in the order of this list with the last file
3300 overriding the first. Ignored when omitted.
3306 Verify contains the secret name containing the trusted public keys
3307 used to verify the signature and specifies which provider to use to check
3308 whether OCI image is authentic.
3309 This field is only supported when using HelmRepository source with spec.type 'oci'.
3310 Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
3314 MatchOIDCIdentity specifies the identity matching criteria to use
3315 while verifying an OCI artifact which was signed using Cosign keyless
3316 signing. The artifact's identity is deemed to be verified if any of the
3317 specified matchers match against the identity.
3320 OIDCIdentityMatch specifies options for verifying the certificate identity,
3321 i.e. the issuer and the subject of the certificate.
3325 Issuer specifies the regex pattern to match against to verify
3326 the OIDC issuer in the Fulcio certificate. The pattern must be a
3327 valid Go regular expression.
3331 Subject specifies the regex pattern to match against to verify
3332 the identity subject in the Fulcio certificate. The pattern must
3333 be a valid Go regular expression.
3342 description: Provider specifies the technology used to sign the
3350 SecretRef specifies the Kubernetes Secret containing the
3351 trusted public keys.
3354 description: Name of the referent.
3365 Version is the chart version semver expression, ignored for charts from
3366 GitRepository and Bucket sources. Defaults to latest when omitted.
3375 observedGeneration: -1
3376 description: HelmChartStatus records the observed state of the HelmChart.
3379 description: Artifact represents the output of the last successful
3383 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3384 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3388 LastUpdateTime is the timestamp corresponding to the last update of the
3393 additionalProperties:
3395 description: Metadata holds upstream information such as OCI annotations.
3399 Path is the relative file path of the Artifact. It can be used to locate
3400 the file in the root of the Artifact storage on the local file system of
3401 the controller managing the Source.
3405 Revision is a human-readable identifier traceable in the origin source
3406 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3409 description: Size is the number of bytes in the file.
3414 URL is the HTTP address of the Artifact as exposed by the controller
3415 managing the Source. It can be used to retrieve the Artifact for
3416 consumption, e.g. by another controller applying the Artifact contents.
3425 description: Conditions holds the conditions for the HelmChart.
3427 description: Condition contains details for one aspect of the current
3428 state of this API Resource.
3432 lastTransitionTime is the last time the condition transitioned from one status to another.
3433 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3438 message is a human readable message indicating details about the transition.
3439 This may be an empty string.
3444 observedGeneration represents the .metadata.generation that the condition was set based upon.
3445 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3446 with respect to the current state of the instance.
3452 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3453 Producers of specific condition types may define expected values and meanings for this field,
3454 and whether the values are considered a guaranteed API.
3455 The value should be a CamelCase string.
3456 This field may not be empty.
3459 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3462 description: status of the condition, one of True, False, Unknown.
3469 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3471 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3474 - lastTransitionTime
3481 lastHandledReconcileAt:
3483 LastHandledReconcileAt holds the value of the most recent
3484 reconcile request value, so a change of the annotation value
3489 ObservedChartName is the last observed chart name as specified by the
3490 resolved chart reference.
3494 ObservedGeneration is the last observed generation of the HelmChart
3498 observedSourceArtifactRevision:
3500 ObservedSourceArtifactRevision is the last observed Artifact.Revision
3501 of the HelmChartSpec.SourceRef.
3503 observedValuesFiles:
3505 ObservedValuesFiles are the observed value files of the last successful
3507 It matches the chart in the last successfully reconciled artifact.
3513 URL is the dynamic fetch link for the latest Artifact.
3514 It is provided on a "best effort" basis, and using the precise
3515 BucketStatus.Artifact data is recommended.
3524 apiVersion: apiextensions.k8s.io/v1
3525 kind: CustomResourceDefinition
3528 controller-gen.kubebuilder.io/version: v0.16.1
3530 app.kubernetes.io/component: source-controller
3531 app.kubernetes.io/instance: flux-system
3532 app.kubernetes.io/part-of: flux
3533 app.kubernetes.io/version: v2.4.0
3534 name: helmrepositories.source.toolkit.fluxcd.io
3536 group: source.toolkit.fluxcd.io
3538 kind: HelmRepository
3539 listKind: HelmRepositoryList
3540 plural: helmrepositories
3543 singular: helmrepository
3546 - additionalPrinterColumns:
3547 - jsonPath: .spec.url
3550 - jsonPath: .metadata.creationTimestamp
3553 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3556 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3562 description: HelmRepository is the Schema for the helmrepositories API.
3566 APIVersion defines the versioned schema of this representation of an object.
3567 Servers should convert recognized schemas to the latest internal value, and
3568 may reject unrecognized values.
3569 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3573 Kind is a string value representing the REST resource this object represents.
3574 Servers may infer this from the endpoint the client submits requests to.
3577 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3583 HelmRepositorySpec specifies the required configuration to produce an
3584 Artifact for a Helm repository index YAML.
3588 AccessFrom specifies an Access Control List for allowing cross-namespace
3589 references to this object.
3590 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
3594 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3595 Items in this list are evaluated using a logical OR operation.
3598 NamespaceSelector selects the namespaces to which this ACL applies.
3599 An empty map of MatchLabels matches all namespaces in a cluster.
3602 additionalProperties:
3605 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3606 map is equivalent to an element of matchExpressions, whose key field is "key", the
3607 operator is "In", and the values array contains only "value". The requirements are ANDed.
3612 - namespaceSelectors
3616 CertSecretRef can be given the name of a Secret containing
3619 - a PEM-encoded client certificate (`tls.crt`) and private
3621 - a PEM-encoded CA certificate (`ca.crt`)
3623 and whichever are supplied, will be used for connecting to the
3624 registry. The client cert and key are useful if you are
3625 authenticating with a certificate; the CA cert is useful if
3626 you are using a self-signed server certificate. The Secret must
3627 be of type `Opaque` or `kubernetes.io/tls`.
3629 It takes precedence over the values specified in the Secret referred
3630 to by `.spec.secretRef`.
3633 description: Name of the referent.
3640 Insecure allows connecting to a non-TLS HTTP container registry.
3641 This field is only taken into account if the .spec.type field is set to 'oci'.
3645 Interval at which the HelmRepository URL is checked for updates.
3646 This interval is approximate and may be subject to jitter to ensure
3647 efficient use of resources.
3648 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
3652 PassCredentials allows the credentials from the SecretRef to be passed
3653 on to a host that does not match the host as defined in URL.
3654 This may be required if the host of the advertised chart URLs in the
3655 index differ from the defined URL.
3656 Enabling this should be done with caution, as it can potentially result
3657 in credentials getting stolen in a MITM-attack.
3662 Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
3663 This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
3664 When not specified, defaults to 'generic'.
3673 SecretRef specifies the Secret containing authentication credentials
3674 for the HelmRepository.
3675 For HTTP/S basic auth the secret must contain 'username' and 'password'
3677 Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
3678 keys is deprecated. Please use `.spec.certSecretRef` instead.
3681 description: Name of the referent.
3688 Suspend tells the controller to suspend the reconciliation of this
3693 Timeout is used for the index fetch operation for an HTTPS helm repository,
3694 and for remote OCI Repository operations like pulling for an OCI helm
3695 chart by the associated HelmChart.
3696 Its default value is 60s.
3697 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
3701 Type of the HelmRepository.
3702 When this field is set to "oci", the URL field value must be prefixed with "oci://".
3709 URL of the Helm repository, a valid URL contains at least a protocol and
3711 pattern: ^(http|https|oci)://.*$
3718 observedGeneration: -1
3719 description: HelmRepositoryStatus records the observed state of the HelmRepository.
3722 description: Artifact represents the last successful HelmRepository
3726 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
3727 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
3731 LastUpdateTime is the timestamp corresponding to the last update of the
3736 additionalProperties:
3738 description: Metadata holds upstream information such as OCI annotations.
3742 Path is the relative file path of the Artifact. It can be used to locate
3743 the file in the root of the Artifact storage on the local file system of
3744 the controller managing the Source.
3748 Revision is a human-readable identifier traceable in the origin source
3749 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
3752 description: Size is the number of bytes in the file.
3757 URL is the HTTP address of the Artifact as exposed by the controller
3758 managing the Source. It can be used to retrieve the Artifact for
3759 consumption, e.g. by another controller applying the Artifact contents.
3768 description: Conditions holds the conditions for the HelmRepository.
3770 description: Condition contains details for one aspect of the current
3771 state of this API Resource.
3775 lastTransitionTime is the last time the condition transitioned from one status to another.
3776 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3781 message is a human readable message indicating details about the transition.
3782 This may be an empty string.
3787 observedGeneration represents the .metadata.generation that the condition was set based upon.
3788 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
3789 with respect to the current state of the instance.
3795 reason contains a programmatic identifier indicating the reason for the condition's last transition.
3796 Producers of specific condition types may define expected values and meanings for this field,
3797 and whether the values are considered a guaranteed API.
3798 The value should be a CamelCase string.
3799 This field may not be empty.
3802 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3805 description: status of the condition, one of True, False, Unknown.
3812 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3814 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3817 - lastTransitionTime
3824 lastHandledReconcileAt:
3826 LastHandledReconcileAt holds the value of the most recent
3827 reconcile request value, so a change of the annotation value
3832 ObservedGeneration is the last observed generation of the HelmRepository
3838 URL is the dynamic fetch link for the latest Artifact.
3839 It is provided on a "best effort" basis, and using the precise
3840 HelmRepositoryStatus.Artifact data is recommended.
3848 - additionalPrinterColumns:
3849 - jsonPath: .spec.url
3852 - jsonPath: .status.conditions[?(@.type=="Ready")].status
3855 - jsonPath: .status.conditions[?(@.type=="Ready")].message
3858 - jsonPath: .metadata.creationTimestamp
3862 deprecationWarning: v1beta1 HelmRepository is deprecated, upgrade to v1
3866 description: HelmRepository is the Schema for the helmrepositories API
3870 APIVersion defines the versioned schema of this representation of an object.
3871 Servers should convert recognized schemas to the latest internal value, and
3872 may reject unrecognized values.
3873 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
3877 Kind is a string value representing the REST resource this object represents.
3878 Servers may infer this from the endpoint the client submits requests to.
3881 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3886 description: HelmRepositorySpec defines the reference to a Helm repository.
3889 description: AccessFrom defines an Access Control List for allowing
3890 cross-namespace references to this object.
3894 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
3895 Items in this list are evaluated using a logical OR operation.
3898 NamespaceSelector selects the namespaces to which this ACL applies.
3899 An empty map of MatchLabels matches all namespaces in a cluster.
3902 additionalProperties:
3905 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3906 map is equivalent to an element of matchExpressions, whose key field is "key", the
3907 operator is "In", and the values array contains only "value". The requirements are ANDed.
3912 - namespaceSelectors
3915 description: The interval at which to check the upstream for updates.
3919 PassCredentials allows the credentials from the SecretRef to be passed on to
3920 a host that does not match the host as defined in URL.
3921 This may be required if the host of the advertised chart URLs in the index
3922 differ from the defined URL.
3923 Enabling this should be done with caution, as it can potentially result in
3924 credentials getting stolen in a MITM-attack.
3928 The name of the secret containing authentication credentials for the Helm
3930 For HTTP/S basic auth the secret must contain username and
3932 For TLS the secret must contain a certFile and keyFile, and/or
3936 description: Name of the referent.
3942 description: This flag tells the controller to suspend the reconciliation
3947 description: The timeout of index downloading, defaults to 60s.
3950 description: The Helm repository URL, a valid URL contains at least
3951 a protocol and host.
3959 observedGeneration: -1
3960 description: HelmRepositoryStatus defines the observed state of the HelmRepository.
3963 description: Artifact represents the output of the last successful
3967 description: Checksum is the SHA256 checksum of the artifact.
3971 LastUpdateTime is the timestamp corresponding to the last update of this
3976 description: Path is the relative file path of this artifact.
3980 Revision is a human readable identifier traceable in the origin source
3981 system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm
3985 description: URL is the HTTP address of this artifact.
3993 description: Conditions holds the conditions for the HelmRepository.
3995 description: Condition contains details for one aspect of the current
3996 state of this API Resource.
4000 lastTransitionTime is the last time the condition transitioned from one status to another.
4001 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4006 message is a human readable message indicating details about the transition.
4007 This may be an empty string.
4012 observedGeneration represents the .metadata.generation that the condition was set based upon.
4013 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4014 with respect to the current state of the instance.
4020 reason contains a programmatic identifier indicating the reason for the condition's last transition.
4021 Producers of specific condition types may define expected values and meanings for this field,
4022 and whether the values are considered a guaranteed API.
4023 The value should be a CamelCase string.
4024 This field may not be empty.
4027 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4030 description: status of the condition, one of True, False, Unknown.
4037 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4039 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4042 - lastTransitionTime
4049 lastHandledReconcileAt:
4051 LastHandledReconcileAt holds the value of the most recent
4052 reconcile request value, so a change of the annotation value
4056 description: ObservedGeneration is the last observed generation.
4060 description: URL is the download link for the last index fetched.
4068 - additionalPrinterColumns:
4069 - jsonPath: .spec.url
4072 - jsonPath: .metadata.creationTimestamp
4075 - jsonPath: .status.conditions[?(@.type=="Ready")].status
4078 - jsonPath: .status.conditions[?(@.type=="Ready")].message
4082 deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1
4086 description: HelmRepository is the Schema for the helmrepositories API.
4090 APIVersion defines the versioned schema of this representation of an object.
4091 Servers should convert recognized schemas to the latest internal value, and
4092 may reject unrecognized values.
4093 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4097 Kind is a string value representing the REST resource this object represents.
4098 Servers may infer this from the endpoint the client submits requests to.
4101 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4107 HelmRepositorySpec specifies the required configuration to produce an
4108 Artifact for a Helm repository index YAML.
4112 AccessFrom specifies an Access Control List for allowing cross-namespace
4113 references to this object.
4114 NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
4118 NamespaceSelectors is the list of namespace selectors to which this ACL applies.
4119 Items in this list are evaluated using a logical OR operation.
4122 NamespaceSelector selects the namespaces to which this ACL applies.
4123 An empty map of MatchLabels matches all namespaces in a cluster.
4126 additionalProperties:
4129 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
4130 map is equivalent to an element of matchExpressions, whose key field is "key", the
4131 operator is "In", and the values array contains only "value". The requirements are ANDed.
4136 - namespaceSelectors
4140 CertSecretRef can be given the name of a Secret containing
4143 - a PEM-encoded client certificate (`tls.crt`) and private
4145 - a PEM-encoded CA certificate (`ca.crt`)
4147 and whichever are supplied, will be used for connecting to the
4148 registry. The client cert and key are useful if you are
4149 authenticating with a certificate; the CA cert is useful if
4150 you are using a self-signed server certificate. The Secret must
4151 be of type `Opaque` or `kubernetes.io/tls`.
4153 It takes precedence over the values specified in the Secret referred
4154 to by `.spec.secretRef`.
4157 description: Name of the referent.
4164 Insecure allows connecting to a non-TLS HTTP container registry.
4165 This field is only taken into account if the .spec.type field is set to 'oci'.
4169 Interval at which the HelmRepository URL is checked for updates.
4170 This interval is approximate and may be subject to jitter to ensure
4171 efficient use of resources.
4172 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
4176 PassCredentials allows the credentials from the SecretRef to be passed
4177 on to a host that does not match the host as defined in URL.
4178 This may be required if the host of the advertised chart URLs in the
4179 index differ from the defined URL.
4180 Enabling this should be done with caution, as it can potentially result
4181 in credentials getting stolen in a MITM-attack.
4186 Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
4187 This field is optional, and only taken into account if the .spec.type field is set to 'oci'.
4188 When not specified, defaults to 'generic'.
4197 SecretRef specifies the Secret containing authentication credentials
4198 for the HelmRepository.
4199 For HTTP/S basic auth the secret must contain 'username' and 'password'
4201 Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'
4202 keys is deprecated. Please use `.spec.certSecretRef` instead.
4205 description: Name of the referent.
4212 Suspend tells the controller to suspend the reconciliation of this
4217 Timeout is used for the index fetch operation for an HTTPS helm repository,
4218 and for remote OCI Repository operations like pulling for an OCI helm
4219 chart by the associated HelmChart.
4220 Its default value is 60s.
4221 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
4225 Type of the HelmRepository.
4226 When this field is set to "oci", the URL field value must be prefixed with "oci://".
4233 URL of the Helm repository, a valid URL contains at least a protocol and
4235 pattern: ^(http|https|oci)://.*$
4242 observedGeneration: -1
4243 description: HelmRepositoryStatus records the observed state of the HelmRepository.
4246 description: Artifact represents the last successful HelmRepository
4250 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
4251 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
4255 LastUpdateTime is the timestamp corresponding to the last update of the
4260 additionalProperties:
4262 description: Metadata holds upstream information such as OCI annotations.
4266 Path is the relative file path of the Artifact. It can be used to locate
4267 the file in the root of the Artifact storage on the local file system of
4268 the controller managing the Source.
4272 Revision is a human-readable identifier traceable in the origin source
4273 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
4276 description: Size is the number of bytes in the file.
4281 URL is the HTTP address of the Artifact as exposed by the controller
4282 managing the Source. It can be used to retrieve the Artifact for
4283 consumption, e.g. by another controller applying the Artifact contents.
4292 description: Conditions holds the conditions for the HelmRepository.
4294 description: Condition contains details for one aspect of the current
4295 state of this API Resource.
4299 lastTransitionTime is the last time the condition transitioned from one status to another.
4300 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4305 message is a human readable message indicating details about the transition.
4306 This may be an empty string.
4311 observedGeneration represents the .metadata.generation that the condition was set based upon.
4312 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4313 with respect to the current state of the instance.
4319 reason contains a programmatic identifier indicating the reason for the condition's last transition.
4320 Producers of specific condition types may define expected values and meanings for this field,
4321 and whether the values are considered a guaranteed API.
4322 The value should be a CamelCase string.
4323 This field may not be empty.
4326 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4329 description: status of the condition, one of True, False, Unknown.
4336 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4338 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4341 - lastTransitionTime
4348 lastHandledReconcileAt:
4350 LastHandledReconcileAt holds the value of the most recent
4351 reconcile request value, so a change of the annotation value
4356 ObservedGeneration is the last observed generation of the HelmRepository
4362 URL is the dynamic fetch link for the latest Artifact.
4363 It is provided on a "best effort" basis, and using the precise
4364 HelmRepositoryStatus.Artifact data is recommended.
4373 apiVersion: apiextensions.k8s.io/v1
4374 kind: CustomResourceDefinition
4377 controller-gen.kubebuilder.io/version: v0.16.1
4379 app.kubernetes.io/component: source-controller
4380 app.kubernetes.io/instance: flux-system
4381 app.kubernetes.io/part-of: flux
4382 app.kubernetes.io/version: v2.4.0
4383 name: ocirepositories.source.toolkit.fluxcd.io
4385 group: source.toolkit.fluxcd.io
4388 listKind: OCIRepositoryList
4389 plural: ocirepositories
4392 singular: ocirepository
4395 - additionalPrinterColumns:
4396 - jsonPath: .spec.url
4399 - jsonPath: .status.conditions[?(@.type=="Ready")].status
4402 - jsonPath: .status.conditions[?(@.type=="Ready")].message
4405 - jsonPath: .metadata.creationTimestamp
4411 description: OCIRepository is the Schema for the ocirepositories API
4415 APIVersion defines the versioned schema of this representation of an object.
4416 Servers should convert recognized schemas to the latest internal value, and
4417 may reject unrecognized values.
4418 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4422 Kind is a string value representing the REST resource this object represents.
4423 Servers may infer this from the endpoint the client submits requests to.
4426 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4431 description: OCIRepositorySpec defines the desired state of OCIRepository
4435 CertSecretRef can be given the name of a Secret containing
4438 - a PEM-encoded client certificate (`tls.crt`) and private
4440 - a PEM-encoded CA certificate (`ca.crt`)
4442 and whichever are supplied, will be used for connecting to the
4443 registry. The client cert and key are useful if you are
4444 authenticating with a certificate; the CA cert is useful if
4445 you are using a self-signed server certificate. The Secret must
4446 be of type `Opaque` or `kubernetes.io/tls`.
4448 Note: Support for the `caFile`, `certFile` and `keyFile` keys have
4452 description: Name of the referent.
4459 Ignore overrides the set of excluded patterns in the .sourceignore format
4460 (which is the same as .gitignore). If not provided, a default will be used,
4461 consult the documentation for your version to find out what those are.
4464 description: Insecure allows connecting to a non-TLS HTTP container
4469 Interval at which the OCIRepository URL is checked for updates.
4470 This interval is approximate and may be subject to jitter to ensure
4471 efficient use of resources.
4472 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
4476 LayerSelector specifies which layer should be extracted from the OCI artifact.
4477 When not specified, the first layer found in the artifact is selected.
4481 MediaType specifies the OCI media type of the layer
4482 which should be extracted from the OCI Artifact. The
4483 first layer matching this type is selected.
4487 Operation specifies how the selected layer should be processed.
4488 By default, the layer compressed content is extracted to storage.
4489 When the operation is set to 'copy', the layer compressed content
4490 is persisted to storage as it is.
4499 The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
4500 When not specified, defaults to 'generic'.
4509 ProxySecretRef specifies the Secret containing the proxy configuration
4510 to use while communicating with the container registry.
4513 description: Name of the referent.
4520 The OCI reference to pull and monitor for changes,
4521 defaults to the latest tag.
4525 Digest is the image digest to pull, takes precedence over SemVer.
4526 The value should be in the format 'sha256:<HASH>'.
4530 SemVer is the range of tags to pull selecting the latest within
4531 the range, takes precedence over Tag.
4534 description: SemverFilter is a regex pattern to filter the tags
4535 within the SemVer range.
4538 description: Tag is the image tag to pull, defaults to latest.
4543 SecretRef contains the secret name containing the registry login
4544 credentials to resolve image metadata.
4545 The secret must be of type kubernetes.io/dockerconfigjson.
4548 description: Name of the referent.
4555 ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate
4556 the image pull if the service account has attached pull secrets. For more information:
4557 https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
4560 description: This flag tells the controller to suspend the reconciliation
4565 description: The timeout for remote OCI Repository operations like
4566 pulling, defaults to 60s.
4567 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
4571 URL is a reference to an OCI artifact repository hosted
4572 on a remote container registry.
4577 Verify contains the secret name containing the trusted public keys
4578 used to verify the signature and specifies which provider to use to check
4579 whether OCI image is authentic.
4583 MatchOIDCIdentity specifies the identity matching criteria to use
4584 while verifying an OCI artifact which was signed using Cosign keyless
4585 signing. The artifact's identity is deemed to be verified if any of the
4586 specified matchers match against the identity.
4589 OIDCIdentityMatch specifies options for verifying the certificate identity,
4590 i.e. the issuer and the subject of the certificate.
4594 Issuer specifies the regex pattern to match against to verify
4595 the OIDC issuer in the Fulcio certificate. The pattern must be a
4596 valid Go regular expression.
4600 Subject specifies the regex pattern to match against to verify
4601 the identity subject in the Fulcio certificate. The pattern must
4602 be a valid Go regular expression.
4611 description: Provider specifies the technology used to sign the
4619 SecretRef specifies the Kubernetes Secret containing the
4620 trusted public keys.
4623 description: Name of the referent.
4637 observedGeneration: -1
4638 description: OCIRepositoryStatus defines the observed state of OCIRepository
4641 description: Artifact represents the output of the last successful
4642 OCI Repository sync.
4645 description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
4646 pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$
4650 LastUpdateTime is the timestamp corresponding to the last update of the
4655 additionalProperties:
4657 description: Metadata holds upstream information such as OCI annotations.
4661 Path is the relative file path of the Artifact. It can be used to locate
4662 the file in the root of the Artifact storage on the local file system of
4663 the controller managing the Source.
4667 Revision is a human-readable identifier traceable in the origin source
4668 system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.
4671 description: Size is the number of bytes in the file.
4676 URL is the HTTP address of the Artifact as exposed by the controller
4677 managing the Source. It can be used to retrieve the Artifact for
4678 consumption, e.g. by another controller applying the Artifact contents.
4687 description: Conditions holds the conditions for the OCIRepository.
4689 description: Condition contains details for one aspect of the current
4690 state of this API Resource.
4694 lastTransitionTime is the last time the condition transitioned from one status to another.
4695 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4700 message is a human readable message indicating details about the transition.
4701 This may be an empty string.
4706 observedGeneration represents the .metadata.generation that the condition was set based upon.
4707 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
4708 with respect to the current state of the instance.
4714 reason contains a programmatic identifier indicating the reason for the condition's last transition.
4715 Producers of specific condition types may define expected values and meanings for this field,
4716 and whether the values are considered a guaranteed API.
4717 The value should be a CamelCase string.
4718 This field may not be empty.
4721 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4724 description: status of the condition, one of True, False, Unknown.
4731 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4733 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4736 - lastTransitionTime
4743 contentConfigChecksum:
4745 ContentConfigChecksum is a checksum of all the configurations related to
4746 the content of the source artifact:
4748 - .spec.layerSelector
4749 observed in .status.observedGeneration version of the object. This can
4750 be used to determine if the content configuration has changed and the
4751 artifact needs to be rebuilt.
4752 It has the format of `<algo>:<checksum>`, for example: `sha256:<checksum>`.
4754 Deprecated: Replaced with explicit fields for observed artifact content
4755 config in the status.
4757 lastHandledReconcileAt:
4759 LastHandledReconcileAt holds the value of the most recent
4760 reconcile request value, so a change of the annotation value
4764 description: ObservedGeneration is the last observed generation.
4769 ObservedIgnore is the observed exclusion patterns used for constructing
4770 the source artifact.
4772 observedLayerSelector:
4774 ObservedLayerSelector is the observed layer selector used for constructing
4775 the source artifact.
4779 MediaType specifies the OCI media type of the layer
4780 which should be extracted from the OCI Artifact. The
4781 first layer matching this type is selected.
4785 Operation specifies how the selected layer should be processed.
4786 By default, the layer compressed content is extracted to storage.
4787 When the operation is set to 'copy', the layer compressed content
4788 is persisted to storage as it is.
4795 description: URL is the download link for the artifact output of the
4796 last OCI Repository sync.
4806 kind: ServiceAccount
4809 app.kubernetes.io/component: source-controller
4810 app.kubernetes.io/instance: flux-system
4811 app.kubernetes.io/part-of: flux
4812 app.kubernetes.io/version: v2.4.0
4813 name: source-controller
4814 namespace: flux-system
4820 app.kubernetes.io/component: source-controller
4821 app.kubernetes.io/instance: flux-system
4822 app.kubernetes.io/part-of: flux
4823 app.kubernetes.io/version: v2.4.0
4824 control-plane: controller
4825 name: source-controller
4826 namespace: flux-system
4834 app: source-controller
4841 app.kubernetes.io/component: source-controller
4842 app.kubernetes.io/instance: flux-system
4843 app.kubernetes.io/part-of: flux
4844 app.kubernetes.io/version: v2.4.0
4845 control-plane: controller
4846 name: source-controller
4847 namespace: flux-system
4852 app: source-controller
4858 prometheus.io/port: "8080"
4859 prometheus.io/scrape: "true"
4861 app: source-controller
4865 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
4866 - --watch-all-namespaces=true
4868 - --log-encoding=json
4869 - --enable-leader-election
4870 - --storage-path=/data
4871 - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
4873 - name: RUNTIME_NAMESPACE
4876 fieldPath: metadata.namespace
4878 value: /tmp/.sigstore
4882 containerName: manager
4883 resource: limits.cpu
4887 containerName: manager
4888 resource: limits.memory
4889 image: ghcr.io/fluxcd/source-controller:v1.4.1
4890 imagePullPolicy: IfNotPresent
4897 - containerPort: 9090
4900 - containerPort: 8080
4903 - containerPort: 9440
4918 allowPrivilegeEscalation: false
4922 readOnlyRootFilesystem: true
4925 type: RuntimeDefault
4932 kubernetes.io/os: linux
4933 priorityClassName: system-cluster-critical
4936 serviceAccountName: source-controller
4937 terminationGracePeriodSeconds: 10
4944 apiVersion: apiextensions.k8s.io/v1
4945 kind: CustomResourceDefinition
4948 controller-gen.kubebuilder.io/version: v0.16.1
4950 app.kubernetes.io/component: kustomize-controller
4951 app.kubernetes.io/instance: flux-system
4952 app.kubernetes.io/part-of: flux
4953 app.kubernetes.io/version: v2.4.0
4954 name: kustomizations.kustomize.toolkit.fluxcd.io
4956 group: kustomize.toolkit.fluxcd.io
4959 listKind: KustomizationList
4960 plural: kustomizations
4963 singular: kustomization
4966 - additionalPrinterColumns:
4967 - jsonPath: .metadata.creationTimestamp
4970 - jsonPath: .status.conditions[?(@.type=="Ready")].status
4973 - jsonPath: .status.conditions[?(@.type=="Ready")].message
4979 description: Kustomization is the Schema for the kustomizations API.
4983 APIVersion defines the versioned schema of this representation of an object.
4984 Servers should convert recognized schemas to the latest internal value, and
4985 may reject unrecognized values.
4986 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
4990 Kind is a string value representing the REST resource this object represents.
4991 Servers may infer this from the endpoint the client submits requests to.
4994 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5000 KustomizationSpec defines the configuration to calculate the desired state
5001 from a Source using Kustomize.
5005 CommonMetadata specifies the common labels and annotations that are
5006 applied to all resources. Any existing label or annotation will be
5007 overridden if its key matches a common one.
5010 additionalProperties:
5012 description: Annotations to be added to the object's metadata.
5015 additionalProperties:
5017 description: Labels to be added to the object's metadata.
5021 description: Components specifies relative paths to specifications
5022 of other Components.
5027 description: Decrypt Kubernetes secrets before applying them on the
5031 description: Provider is the name of the decryption engine.
5036 description: The secret name containing the private OpenPGP keys
5037 used for decryption.
5040 description: Name of the referent.
5050 DependsOn may contain a meta.NamespacedObjectReference slice
5051 with references to Kustomization resources that must be ready before this
5052 Kustomization can be reconciled.
5055 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
5059 description: Name of the referent.
5062 description: Namespace of the referent, when not specified it
5063 acts as LocalObjectReference.
5072 Force instructs the controller to recreate resources
5073 when patching fails due to an immutable field change.
5076 description: A list of resources to be included in the health assessment.
5079 NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
5083 description: API version of the referent, if not specified the
5084 Kubernetes preferred version will be used.
5087 description: Kind of the referent.
5090 description: Name of the referent.
5093 description: Namespace of the referent, when not specified it
5094 acts as LocalObjectReference.
5103 Images is a list of (image name, new name, new tag or digest)
5104 for changing image names, tags or digests. This can also be achieved with a
5105 patch, but this operator is simpler to specify.
5107 description: Image contains an image name, a new name, a new tag
5108 or digest, which will replace the original name and tag.
5112 Digest is the value used to replace the original image tag.
5113 If digest is present NewTag value is ignored.
5116 description: Name is a tag-less image name.
5119 description: NewName is the value used to replace the original
5123 description: NewTag is the value used to replace the original
5132 The interval at which to reconcile the Kustomization.
5133 This interval is approximate and may be subject to jitter to ensure
5134 efficient use of resources.
5135 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
5139 The KubeConfig for reconciling the Kustomization on a remote cluster.
5140 When used in combination with KustomizationSpec.ServiceAccountName,
5141 forces the controller to act on behalf of that Service Account at the
5143 If the --default-service-account flag is set, its value will be used as
5144 a controller level fallback for when KustomizationSpec.ServiceAccountName
5149 SecretRef holds the name of a secret that contains a key with
5150 the kubeconfig file as the value. If no key is set, the key will default
5152 It is recommended that the kubeconfig is self-contained, and the secret
5153 is regularly updated if credentials such as a cloud-access-token expire.
5154 Cloud specific `cmd-path` auth helpers will not function without adding
5155 binaries and credentials to the Pod that is responsible for reconciling
5156 Kubernetes resources.
5159 description: Key in the Secret, when not specified an implementation-specific
5160 default key is used.
5163 description: Name of the Secret.
5172 description: NamePrefix will prefix the names of all managed resources.
5177 description: NameSuffix will suffix the names of all managed resources.
5183 Strategic merge and JSON patches, defined as inline YAML objects,
5184 capable of targeting objects based on kind, label and annotation selectors.
5187 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
5192 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
5193 an array of operation objects.
5196 description: Target points to the resources that the patch document
5197 should be applied to.
5201 AnnotationSelector is a string that follows the label selection expression
5202 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5203 It matches with the resource annotations.
5207 Group is the API group to select resources from.
5208 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
5209 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5213 Kind of the API Group to select resources from.
5214 Together with Group and Version it is capable of unambiguously
5215 identifying and/or selecting resources.
5216 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5220 LabelSelector is a string that follows the label selection expression
5221 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5222 It matches with the resource labels.
5225 description: Name to match resources with.
5228 description: Namespace to select resources from.
5232 Version of the API Group to select resources from.
5233 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
5234 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5243 Path to the directory containing the kustomization.yaml file, or the
5244 set of plain YAMLs a kustomization.yaml should be generated for.
5245 Defaults to 'None', which translates to the root path of the SourceRef.
5249 PostBuild describes which actions to perform on the YAML manifest
5250 generated by building the kustomize overlay.
5253 additionalProperties:
5256 Substitute holds a map of key/value pairs.
5257 The variables defined in your YAML manifests that match any of the keys
5258 defined in the map will be substituted with the set value.
5259 Includes support for bash string replacement functions
5260 e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
5264 SubstituteFrom holds references to ConfigMaps and Secrets containing
5265 the variables and their values to be substituted in the YAML manifests.
5266 The ConfigMap and the Secret data keys represent the var names, and they
5267 must match the vars declared in the manifests for the substitution to
5271 SubstituteReference contains a reference to a resource containing
5272 the variables name and value.
5275 description: Kind of the values referent, valid values are
5276 ('Secret', 'ConfigMap').
5283 Name of the values referent. Should reside in the same namespace as the
5291 Optional indicates whether the referenced resource must exist, or whether to
5292 tolerate its absence. If true and the referenced resource is absent, proceed
5293 as if the resource was present but empty, without any variables defined.
5302 description: Prune enables garbage collection.
5306 The interval at which to retry a previously failed reconciliation.
5307 When not specified, the controller uses the KustomizationSpec.Interval
5308 value to retry failures.
5309 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
5313 The name of the Kubernetes service account to impersonate
5314 when reconciling this Kustomization.
5317 description: Reference of the source where the kustomization file
5321 description: API version of the referent.
5324 description: Kind of the referent.
5331 description: Name of the referent.
5335 Namespace of the referent, defaults to the namespace of the Kubernetes
5336 resource object that contains the reference.
5344 This flag tells the controller to suspend subsequent kustomize executions,
5345 it does not apply to already started executions. Defaults to false.
5349 TargetNamespace sets or overrides the namespace in the
5350 kustomization.yaml file.
5356 Timeout for validation, apply and health checking operations.
5357 Defaults to 'Interval' duration.
5358 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
5362 Wait instructs the controller to check the health of all the reconciled
5363 resources. When enabled, the HealthChecks are ignored. Defaults to false.
5372 observedGeneration: -1
5373 description: KustomizationStatus defines the observed state of a kustomization.
5377 description: Condition contains details for one aspect of the current
5378 state of this API Resource.
5382 lastTransitionTime is the last time the condition transitioned from one status to another.
5383 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
5388 message is a human readable message indicating details about the transition.
5389 This may be an empty string.
5394 observedGeneration represents the .metadata.generation that the condition was set based upon.
5395 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
5396 with respect to the current state of the instance.
5402 reason contains a programmatic identifier indicating the reason for the condition's last transition.
5403 Producers of specific condition types may define expected values and meanings for this field,
5404 and whether the values are considered a guaranteed API.
5405 The value should be a CamelCase string.
5406 This field may not be empty.
5409 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
5412 description: status of the condition, one of True, False, Unknown.
5419 description: type of condition in CamelCase or in foo.example.com/CamelCase.
5421 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
5424 - lastTransitionTime
5433 Inventory contains the list of Kubernetes resource object references that
5434 have been successfully applied.
5437 description: Entries of Kubernetes resource object references.
5439 description: ResourceRef contains the information necessary
5440 to locate a resource within a cluster.
5444 ID is the string representation of the Kubernetes resource object's metadata,
5445 in the format '<namespace>_<name>_<group>_<kind>'.
5448 description: Version is the API version of the Kubernetes
5449 resource object's kind.
5459 lastAppliedRevision:
5461 The last successfully applied revision.
5462 Equals the Revision of the applied Artifact from the referenced Source.
5464 lastAttemptedRevision:
5465 description: LastAttemptedRevision is the revision of the last reconciliation
5468 lastHandledReconcileAt:
5470 LastHandledReconcileAt holds the value of the most recent
5471 reconcile request value, so a change of the annotation value
5475 description: ObservedGeneration is the last reconciled generation.
5484 - additionalPrinterColumns:
5485 - jsonPath: .status.conditions[?(@.type=="Ready")].status
5488 - jsonPath: .status.conditions[?(@.type=="Ready")].message
5491 - jsonPath: .metadata.creationTimestamp
5495 deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1
5499 description: Kustomization is the Schema for the kustomizations API.
5503 APIVersion defines the versioned schema of this representation of an object.
5504 Servers should convert recognized schemas to the latest internal value, and
5505 may reject unrecognized values.
5506 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
5510 Kind is a string value representing the REST resource this object represents.
5511 Servers may infer this from the endpoint the client submits requests to.
5514 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5519 description: KustomizationSpec defines the desired state of a kustomization.
5522 description: Decrypt Kubernetes secrets before applying them on the
5526 description: Provider is the name of the decryption engine.
5531 description: The secret name containing the private OpenPGP keys
5532 used for decryption.
5535 description: Name of the referent.
5545 DependsOn may contain a meta.NamespacedObjectReference slice
5546 with references to Kustomization resources that must be ready before this
5547 Kustomization can be reconciled.
5550 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
5554 description: Name of the referent.
5557 description: Namespace of the referent, when not specified it
5558 acts as LocalObjectReference.
5567 Force instructs the controller to recreate resources
5568 when patching fails due to an immutable field change.
5571 description: A list of resources to be included in the health assessment.
5574 NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
5578 description: API version of the referent, if not specified the
5579 Kubernetes preferred version will be used.
5582 description: Kind of the referent.
5585 description: Name of the referent.
5588 description: Namespace of the referent, when not specified it
5589 acts as LocalObjectReference.
5598 Images is a list of (image name, new name, new tag or digest)
5599 for changing image names, tags or digests. This can also be achieved with a
5600 patch, but this operator is simpler to specify.
5602 description: Image contains an image name, a new name, a new tag
5603 or digest, which will replace the original name and tag.
5607 Digest is the value used to replace the original image tag.
5608 If digest is present NewTag value is ignored.
5611 description: Name is a tag-less image name.
5614 description: NewName is the value used to replace the original
5618 description: NewTag is the value used to replace the original
5626 description: The interval at which to reconcile the Kustomization.
5630 The KubeConfig for reconciling the Kustomization on a remote cluster.
5631 When specified, KubeConfig takes precedence over ServiceAccountName.
5635 SecretRef holds the name to a secret that contains a 'value' key with
5636 the kubeconfig file as the value. It must be in the same namespace as
5638 It is recommended that the kubeconfig is self-contained, and the secret
5639 is regularly updated if credentials such as a cloud-access-token expire.
5640 Cloud specific `cmd-path` auth helpers will not function without adding
5641 binaries and credentials to the Pod that is responsible for reconciling
5645 description: Name of the referent.
5655 Strategic merge and JSON patches, defined as inline YAML objects,
5656 capable of targeting objects based on kind, label and annotation selectors.
5659 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
5664 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
5665 an array of operation objects.
5668 description: Target points to the resources that the patch document
5669 should be applied to.
5673 AnnotationSelector is a string that follows the label selection expression
5674 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5675 It matches with the resource annotations.
5679 Group is the API group to select resources from.
5680 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
5681 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5685 Kind of the API Group to select resources from.
5686 Together with Group and Version it is capable of unambiguously
5687 identifying and/or selecting resources.
5688 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5692 LabelSelector is a string that follows the label selection expression
5693 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5694 It matches with the resource labels.
5697 description: Name to match resources with.
5700 description: Namespace to select resources from.
5704 Version of the API Group to select resources from.
5705 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
5706 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5714 description: JSON 6902 patches, defined as inline YAML objects.
5716 description: JSON6902Patch contains a JSON6902 patch and the target
5717 the patch should be applied to.
5720 description: Patch contains the JSON6902 patch document with
5721 an array of operation objects.
5724 JSON6902 is a JSON6902 operation object.
5725 https://datatracker.ietf.org/doc/html/rfc6902#section-4
5729 From contains a JSON-pointer value that references a location within the target document where the operation is
5730 performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
5734 Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
5736 https://datatracker.ietf.org/doc/html/rfc6902#section-4
5747 Path contains the JSON-pointer value that references a location within the target document where the operation
5748 is performed. The meaning of the value depends on the value of Op.
5752 Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
5753 account by all operations.
5754 x-kubernetes-preserve-unknown-fields: true
5761 description: Target points to the resources that the patch document
5762 should be applied to.
5766 AnnotationSelector is a string that follows the label selection expression
5767 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5768 It matches with the resource annotations.
5772 Group is the API group to select resources from.
5773 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
5774 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5778 Kind of the API Group to select resources from.
5779 Together with Group and Version it is capable of unambiguously
5780 identifying and/or selecting resources.
5781 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5785 LabelSelector is a string that follows the label selection expression
5786 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
5787 It matches with the resource labels.
5790 description: Name to match resources with.
5793 description: Namespace to select resources from.
5797 Version of the API Group to select resources from.
5798 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
5799 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
5807 patchesStrategicMerge:
5808 description: Strategic merge patches, defined as inline YAML objects.
5810 x-kubernetes-preserve-unknown-fields: true
5814 Path to the directory containing the kustomization.yaml file, or the
5815 set of plain YAMLs a kustomization.yaml should be generated for.
5816 Defaults to 'None', which translates to the root path of the SourceRef.
5820 PostBuild describes which actions to perform on the YAML manifest
5821 generated by building the kustomize overlay.
5824 additionalProperties:
5827 Substitute holds a map of key/value pairs.
5828 The variables defined in your YAML manifests
5829 that match any of the keys defined in the map
5830 will be substituted with the set value.
5831 Includes support for bash string replacement functions
5832 e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
5836 SubstituteFrom holds references to ConfigMaps and Secrets containing
5837 the variables and their values to be substituted in the YAML manifests.
5838 The ConfigMap and the Secret data keys represent the var names and they
5839 must match the vars declared in the manifests for the substitution to happen.
5842 SubstituteReference contains a reference to a resource containing
5843 the variables name and value.
5846 description: Kind of the values referent, valid values are
5847 ('Secret', 'ConfigMap').
5854 Name of the values referent. Should reside in the same namespace as the
5866 description: Prune enables garbage collection.
5870 The interval at which to retry a previously failed reconciliation.
5871 When not specified, the controller uses the KustomizationSpec.Interval
5872 value to retry failures.
5876 The name of the Kubernetes service account to impersonate
5877 when reconciling this Kustomization.
5880 description: Reference of the source where the kustomization file
5884 description: API version of the referent
5887 description: Kind of the referent
5893 description: Name of the referent
5896 description: Namespace of the referent, defaults to the Kustomization
5905 This flag tells the controller to suspend subsequent kustomize executions,
5906 it does not apply to already started executions. Defaults to false.
5910 TargetNamespace sets or overrides the namespace in the
5911 kustomization.yaml file.
5917 Timeout for validation, apply and health checking operations.
5918 Defaults to 'Interval' duration.
5922 Validate the Kubernetes objects before applying them on the cluster.
5923 The validation strategy can be 'client' (local dry-run), 'server'
5924 (APIServer dry-run) or 'none'.
5925 When 'Force' is 'true', validation will fallback to 'client' if set to
5926 'server' because server-side validation is not supported in this scenario.
5939 observedGeneration: -1
5940 description: KustomizationStatus defines the observed state of a kustomization.
5944 description: Condition contains details for one aspect of the current
5945 state of this API Resource.
5949 lastTransitionTime is the last time the condition transitioned from one status to another.
5950 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
5955 message is a human readable message indicating details about the transition.
5956 This may be an empty string.
5961 observedGeneration represents the .metadata.generation that the condition was set based upon.
5962 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
5963 with respect to the current state of the instance.
5969 reason contains a programmatic identifier indicating the reason for the condition's last transition.
5970 Producers of specific condition types may define expected values and meanings for this field,
5971 and whether the values are considered a guaranteed API.
5972 The value should be a CamelCase string.
5973 This field may not be empty.
5976 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
5979 description: status of the condition, one of True, False, Unknown.
5986 description: type of condition in CamelCase or in foo.example.com/CamelCase.
5988 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
5991 - lastTransitionTime
5998 lastAppliedRevision:
6000 The last successfully applied revision.
6001 The revision format for Git sources is <branch|tag>/<commit-sha>.
6003 lastAttemptedRevision:
6004 description: LastAttemptedRevision is the revision of the last reconciliation
6007 lastHandledReconcileAt:
6009 LastHandledReconcileAt holds the value of the most recent
6010 reconcile request value, so a change of the annotation value
6014 description: ObservedGeneration is the last reconciled generation.
6018 description: The last successfully applied revision metadata.
6021 description: The manifests sha1 checksum.
6024 description: A list of Kubernetes kinds grouped by namespace.
6027 Snapshot holds the metadata of namespaced
6031 additionalProperties:
6033 description: The list of Kubernetes kinds.
6036 description: The namespace of this entry.
6052 - additionalPrinterColumns:
6053 - jsonPath: .metadata.creationTimestamp
6056 - jsonPath: .status.conditions[?(@.type=="Ready")].status
6059 - jsonPath: .status.conditions[?(@.type=="Ready")].message
6063 deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1
6067 description: Kustomization is the Schema for the kustomizations API.
6071 APIVersion defines the versioned schema of this representation of an object.
6072 Servers should convert recognized schemas to the latest internal value, and
6073 may reject unrecognized values.
6074 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
6078 Kind is a string value representing the REST resource this object represents.
6079 Servers may infer this from the endpoint the client submits requests to.
6082 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
6087 description: KustomizationSpec defines the configuration to calculate
6088 the desired state from a Source using Kustomize.
6092 CommonMetadata specifies the common labels and annotations that are applied to all resources.
6093 Any existing label or annotation will be overridden if its key matches a common one.
6096 additionalProperties:
6098 description: Annotations to be added to the object's metadata.
6101 additionalProperties:
6103 description: Labels to be added to the object's metadata.
6107 description: Components specifies relative paths to specifications
6108 of other Components.
6113 description: Decrypt Kubernetes secrets before applying them on the
6117 description: Provider is the name of the decryption engine.
6122 description: The secret name containing the private OpenPGP keys
6123 used for decryption.
6126 description: Name of the referent.
6136 DependsOn may contain a meta.NamespacedObjectReference slice
6137 with references to Kustomization resources that must be ready before this
6138 Kustomization can be reconciled.
6141 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
6145 description: Name of the referent.
6148 description: Namespace of the referent, when not specified it
6149 acts as LocalObjectReference.
6158 Force instructs the controller to recreate resources
6159 when patching fails due to an immutable field change.
6162 description: A list of resources to be included in the health assessment.
6165 NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
6169 description: API version of the referent, if not specified the
6170 Kubernetes preferred version will be used.
6173 description: Kind of the referent.
6176 description: Name of the referent.
6179 description: Namespace of the referent, when not specified it
6180 acts as LocalObjectReference.
6189 Images is a list of (image name, new name, new tag or digest)
6190 for changing image names, tags or digests. This can also be achieved with a
6191 patch, but this operator is simpler to specify.
6193 description: Image contains an image name, a new name, a new tag
6194 or digest, which will replace the original name and tag.
6198 Digest is the value used to replace the original image tag.
6199 If digest is present NewTag value is ignored.
6202 description: Name is a tag-less image name.
6205 description: NewName is the value used to replace the original
6209 description: NewTag is the value used to replace the original
6217 description: The interval at which to reconcile the Kustomization.
6218 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
6222 The KubeConfig for reconciling the Kustomization on a remote cluster.
6223 When used in combination with KustomizationSpec.ServiceAccountName,
6224 forces the controller to act on behalf of that Service Account at the
6226 If the --default-service-account flag is set, its value will be used as
6227 a controller level fallback for when KustomizationSpec.ServiceAccountName
6232 SecretRef holds the name of a secret that contains a key with
6233 the kubeconfig file as the value. If no key is set, the key will default
6235 It is recommended that the kubeconfig is self-contained, and the secret
6236 is regularly updated if credentials such as a cloud-access-token expire.
6237 Cloud specific `cmd-path` auth helpers will not function without adding
6238 binaries and credentials to the Pod that is responsible for reconciling
6239 Kubernetes resources.
6242 description: Key in the Secret, when not specified an implementation-specific
6243 default key is used.
6246 description: Name of the Secret.
6256 Strategic merge and JSON patches, defined as inline YAML objects,
6257 capable of targeting objects based on kind, label and annotation selectors.
6260 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
6265 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
6266 an array of operation objects.
6269 description: Target points to the resources that the patch document
6270 should be applied to.
6274 AnnotationSelector is a string that follows the label selection expression
6275 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
6276 It matches with the resource annotations.
6280 Group is the API group to select resources from.
6281 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
6282 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6286 Kind of the API Group to select resources from.
6287 Together with Group and Version it is capable of unambiguously
6288 identifying and/or selecting resources.
6289 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6293 LabelSelector is a string that follows the label selection expression
6294 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
6295 It matches with the resource labels.
6298 description: Name to match resources with.
6301 description: Namespace to select resources from.
6305 Version of the API Group to select resources from.
6306 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
6307 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6316 JSON 6902 patches, defined as inline YAML objects.
6317 Deprecated: Use Patches instead.
6319 description: JSON6902Patch contains a JSON6902 patch and the target
6320 the patch should be applied to.
6323 description: Patch contains the JSON6902 patch document with
6324 an array of operation objects.
6327 JSON6902 is a JSON6902 operation object.
6328 https://datatracker.ietf.org/doc/html/rfc6902#section-4
6332 From contains a JSON-pointer value that references a location within the target document where the operation is
6333 performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
6337 Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
6339 https://datatracker.ietf.org/doc/html/rfc6902#section-4
6350 Path contains the JSON-pointer value that references a location within the target document where the operation
6351 is performed. The meaning of the value depends on the value of Op.
6355 Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
6356 account by all operations.
6357 x-kubernetes-preserve-unknown-fields: true
6364 description: Target points to the resources that the patch document
6365 should be applied to.
6369 AnnotationSelector is a string that follows the label selection expression
6370 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
6371 It matches with the resource annotations.
6375 Group is the API group to select resources from.
6376 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
6377 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6381 Kind of the API Group to select resources from.
6382 Together with Group and Version it is capable of unambiguously
6383 identifying and/or selecting resources.
6384 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6388 LabelSelector is a string that follows the label selection expression
6389 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
6390 It matches with the resource labels.
6393 description: Name to match resources with.
6396 description: Namespace to select resources from.
6400 Version of the API Group to select resources from.
6401 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
6402 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
6410 patchesStrategicMerge:
6412 Strategic merge patches, defined as inline YAML objects.
6413 Deprecated: Use Patches instead.
6415 x-kubernetes-preserve-unknown-fields: true
6419 Path to the directory containing the kustomization.yaml file, or the
6420 set of plain YAMLs a kustomization.yaml should be generated for.
6421 Defaults to 'None', which translates to the root path of the SourceRef.
6425 PostBuild describes which actions to perform on the YAML manifest
6426 generated by building the kustomize overlay.
6429 additionalProperties:
6432 Substitute holds a map of key/value pairs.
6433 The variables defined in your YAML manifests
6434 that match any of the keys defined in the map
6435 will be substituted with the set value.
6436 Includes support for bash string replacement functions
6437 e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
6441 SubstituteFrom holds references to ConfigMaps and Secrets containing
6442 the variables and their values to be substituted in the YAML manifests.
6443 The ConfigMap and the Secret data keys represent the var names and they
6444 must match the vars declared in the manifests for the substitution to happen.
6447 SubstituteReference contains a reference to a resource containing
6448 the variables name and value.
6451 description: Kind of the values referent, valid values are
6452 ('Secret', 'ConfigMap').
6459 Name of the values referent. Should reside in the same namespace as the
6467 Optional indicates whether the referenced resource must exist, or whether to
6468 tolerate its absence. If true and the referenced resource is absent, proceed
6469 as if the resource was present but empty, without any variables defined.
6478 description: Prune enables garbage collection.
6482 The interval at which to retry a previously failed reconciliation.
6483 When not specified, the controller uses the KustomizationSpec.Interval
6484 value to retry failures.
6485 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
6489 The name of the Kubernetes service account to impersonate
6490 when reconciling this Kustomization.
6493 description: Reference of the source where the kustomization file
6497 description: API version of the referent.
6500 description: Kind of the referent.
6507 description: Name of the referent.
6510 description: Namespace of the referent, defaults to the namespace
6511 of the Kubernetes resource object that contains the reference.
6519 This flag tells the controller to suspend subsequent kustomize executions,
6520 it does not apply to already started executions. Defaults to false.
6524 TargetNamespace sets or overrides the namespace in the
6525 kustomization.yaml file.
6531 Timeout for validation, apply and health checking operations.
6532 Defaults to 'Interval' duration.
6533 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
6536 description: 'Deprecated: Not used in v1beta2.'
6544 Wait instructs the controller to check the health of all the reconciled resources.
6545 When enabled, the HealthChecks are ignored. Defaults to false.
6554 observedGeneration: -1
6555 description: KustomizationStatus defines the observed state of a kustomization.
6559 description: Condition contains details for one aspect of the current
6560 state of this API Resource.
6564 lastTransitionTime is the last time the condition transitioned from one status to another.
6565 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
6570 message is a human readable message indicating details about the transition.
6571 This may be an empty string.
6576 observedGeneration represents the .metadata.generation that the condition was set based upon.
6577 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
6578 with respect to the current state of the instance.
6584 reason contains a programmatic identifier indicating the reason for the condition's last transition.
6585 Producers of specific condition types may define expected values and meanings for this field,
6586 and whether the values are considered a guaranteed API.
6587 The value should be a CamelCase string.
6588 This field may not be empty.
6591 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
6594 description: status of the condition, one of True, False, Unknown.
6601 description: type of condition in CamelCase or in foo.example.com/CamelCase.
6603 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
6606 - lastTransitionTime
6614 description: Inventory contains the list of Kubernetes resource object
6615 references that have been successfully applied.
6618 description: Entries of Kubernetes resource object references.
6620 description: ResourceRef contains the information necessary
6621 to locate a resource within a cluster.
6625 ID is the string representation of the Kubernetes resource object's metadata,
6626 in the format '<namespace>_<name>_<group>_<kind>'.
6629 description: Version is the API version of the Kubernetes
6630 resource object's kind.
6640 lastAppliedRevision:
6642 The last successfully applied revision.
6643 Equals the Revision of the applied Artifact from the referenced Source.
6645 lastAttemptedRevision:
6646 description: LastAttemptedRevision is the revision of the last reconciliation
6649 lastHandledReconcileAt:
6651 LastHandledReconcileAt holds the value of the most recent
6652 reconcile request value, so a change of the annotation value
6656 description: ObservedGeneration is the last reconciled generation.
6667 kind: ServiceAccount
6670 app.kubernetes.io/component: kustomize-controller
6671 app.kubernetes.io/instance: flux-system
6672 app.kubernetes.io/part-of: flux
6673 app.kubernetes.io/version: v2.4.0
6674 name: kustomize-controller
6675 namespace: flux-system
6681 app.kubernetes.io/component: kustomize-controller
6682 app.kubernetes.io/instance: flux-system
6683 app.kubernetes.io/part-of: flux
6684 app.kubernetes.io/version: v2.4.0
6685 control-plane: controller
6686 name: kustomize-controller
6687 namespace: flux-system
6692 app: kustomize-controller
6696 prometheus.io/port: "8080"
6697 prometheus.io/scrape: "true"
6699 app: kustomize-controller
6703 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
6704 - --watch-all-namespaces=true
6706 - --log-encoding=json
6707 - --enable-leader-election
6709 - name: RUNTIME_NAMESPACE
6712 fieldPath: metadata.namespace
6716 containerName: manager
6717 resource: limits.cpu
6721 containerName: manager
6722 resource: limits.memory
6723 image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
6724 imagePullPolicy: IfNotPresent
6731 - containerPort: 8080
6734 - containerPort: 9440
6749 allowPrivilegeEscalation: false
6753 readOnlyRootFilesystem: true
6756 type: RuntimeDefault
6761 kubernetes.io/os: linux
6762 priorityClassName: system-cluster-critical
6765 serviceAccountName: kustomize-controller
6766 terminationGracePeriodSeconds: 60
6771 apiVersion: apiextensions.k8s.io/v1
6772 kind: CustomResourceDefinition
6775 controller-gen.kubebuilder.io/version: v0.16.1
6777 app.kubernetes.io/component: helm-controller
6778 app.kubernetes.io/instance: flux-system
6779 app.kubernetes.io/part-of: flux
6780 app.kubernetes.io/version: v2.4.0
6781 name: helmreleases.helm.toolkit.fluxcd.io
6783 group: helm.toolkit.fluxcd.io
6786 listKind: HelmReleaseList
6787 plural: helmreleases
6790 singular: helmrelease
6793 - additionalPrinterColumns:
6794 - jsonPath: .metadata.creationTimestamp
6797 - jsonPath: .status.conditions[?(@.type=="Ready")].status
6800 - jsonPath: .status.conditions[?(@.type=="Ready")].message
6806 description: HelmRelease is the Schema for the helmreleases API
6810 APIVersion defines the versioned schema of this representation of an object.
6811 Servers should convert recognized schemas to the latest internal value, and
6812 may reject unrecognized values.
6813 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
6817 Kind is a string value representing the REST resource this object represents.
6818 Servers may infer this from the endpoint the client submits requests to.
6821 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
6826 description: HelmReleaseSpec defines the desired state of a Helm release.
6830 Chart defines the template of the v1.HelmChart that should be created
6831 for this HelmRelease.
6834 description: ObjectMeta holds the template for metadata like labels
6838 additionalProperties:
6841 Annotations is an unstructured key value map stored with a resource that may be
6842 set by external tools to store and retrieve arbitrary metadata. They are not
6843 queryable and should be preserved when modifying objects.
6844 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
6847 additionalProperties:
6850 Map of string keys and values that can be used to organize and categorize
6851 (scope and select) objects.
6852 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
6856 description: Spec holds the template for the v1.HelmChartSpec
6857 for this HelmRelease.
6860 description: The name or path the Helm chart is available
6861 at in the SourceRef.
6865 ignoreMissingValuesFiles:
6866 description: IgnoreMissingValuesFiles controls whether to
6867 silently ignore missing values files rather than failing.
6871 Interval at which to check the v1.Source for updates. Defaults to
6872 'HelmReleaseSpec.Interval'.
6873 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
6876 default: ChartVersion
6878 Determines what enables the creation of a new artifact. Valid values are
6879 ('ChartVersion', 'Revision').
6880 See the documentation of the values for an explanation on their behavior.
6881 Defaults to ChartVersion when omitted.
6887 description: The name and namespace of the v1.Source the chart
6891 description: APIVersion of the referent.
6894 description: Kind of the referent.
6901 description: Name of the referent.
6906 description: Namespace of the referent.
6916 Alternative list of values files to use as the chart values (values.yaml
6917 is not included by default), expected to be a relative path in the SourceRef.
6918 Values files are merged in the order of this list with the last file overriding
6919 the first. Ignored when omitted.
6925 Verify contains the secret name containing the trusted public keys
6926 used to verify the signature and specifies which provider to use to check
6927 whether OCI image is authentic.
6928 This field is only supported for OCI sources.
6929 Chart dependencies, which are not bundled in the umbrella chart artifact,
6934 description: Provider specifies the technology used to
6935 sign the OCI Helm chart.
6942 SecretRef specifies the Kubernetes Secret containing the
6943 trusted public keys.
6946 description: Name of the referent.
6957 Version semver expression, ignored for charts from v1.GitRepository and
6958 v1beta2.Bucket sources. Defaults to latest when omitted.
6969 ChartRef holds a reference to a source controller resource containing the
6970 Helm chart artifact.
6973 description: APIVersion of the referent.
6976 description: Kind of the referent.
6982 description: Name of the referent.
6988 Namespace of the referent, defaults to the namespace of the Kubernetes
6989 resource object that contains the reference.
6999 DependsOn may contain a meta.NamespacedObjectReference slice with
7000 references to HelmRelease resources that must be ready before this HelmRelease
7004 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
7008 description: Name of the referent.
7011 description: Namespace of the referent, when not specified it
7012 acts as LocalObjectReference.
7020 DriftDetection holds the configuration for detecting and handling
7021 differences between the manifest in the Helm storage and the resources
7022 currently existing in the cluster.
7026 Ignore contains a list of rules for specifying which changes to ignore
7030 IgnoreRule defines a rule to selectively disregard specific changes during
7031 the drift detection process.
7035 Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from
7036 consideration in a Kubernetes object.
7042 Target is a selector for specifying Kubernetes objects to which this
7044 If Target is not set, the Paths will be ignored for all Kubernetes
7045 objects within the manifest of the Helm release.
7049 AnnotationSelector is a string that follows the label selection expression
7050 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
7051 It matches with the resource annotations.
7055 Group is the API group to select resources from.
7056 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
7057 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7061 Kind of the API Group to select resources from.
7062 Together with Group and Version it is capable of unambiguously
7063 identifying and/or selecting resources.
7064 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7068 LabelSelector is a string that follows the label selection expression
7069 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
7070 It matches with the resource labels.
7073 description: Name to match resources with.
7076 description: Namespace to select resources from.
7080 Version of the API Group to select resources from.
7081 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
7082 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7091 Mode defines how differences should be handled between the Helm manifest
7092 and the manifest currently applied to the cluster.
7093 If not explicitly set, it defaults to DiffModeDisabled.
7101 description: Install holds the configuration for Helm install actions
7102 for this HelmRelease.
7106 CRDs upgrade CRDs from the Helm Chart's crds directory according
7107 to the CRD upgrade policy provided here. Valid values are `Skip`,
7108 `Create` or `CreateReplace`. Default is `Create` and if omitted
7109 CRDs are installed but not updated.
7111 Skip: do neither install nor replace (update) any CRDs.
7113 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
7115 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
7118 By default, CRDs are applied (installed) during Helm install action.
7119 With this option users can opt in to CRD replace existing CRDs on Helm
7120 install actions, which is not (yet) natively supported by Helm.
7121 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
7129 CreateNamespace tells the Helm install action to create the
7130 HelmReleaseSpec.TargetNamespace if it does not exist yet.
7131 On uninstall, the namespace will not be garbage collected.
7134 description: DisableHooks prevents hooks from running during the
7135 Helm install action.
7137 disableOpenAPIValidation:
7139 DisableOpenAPIValidation prevents the Helm install action from validating
7140 rendered templates against the Kubernetes OpenAPI Schema.
7142 disableSchemaValidation:
7144 DisableSchemaValidation prevents the Helm install action from validating
7145 the values against the JSON Schema.
7149 DisableWait disables the waiting for resources to be ready after a Helm
7150 install has been performed.
7154 DisableWaitForJobs disables waiting for jobs to complete after a Helm
7155 install has been performed.
7159 Remediation holds the remediation configuration for when the Helm install
7160 action for the HelmRelease fails. The default is to not perform any action.
7164 IgnoreTestFailures tells the controller to skip remediation when the Helm
7165 tests are run after an install action but fail. Defaults to
7166 'Test.IgnoreFailures'.
7168 remediateLastFailure:
7170 RemediateLastFailure tells the controller to remediate the last failure, when
7171 no retries remain. Defaults to 'false'.
7175 Retries is the number of retries that should be attempted on failures before
7176 bailing. Remediation, using an uninstall, is performed between each attempt.
7177 Defaults to '0', a negative integer equals to unlimited retries.
7182 Replace tells the Helm install action to re-use the 'ReleaseName', but only
7183 if that name is a deleted release which remains in the history.
7187 SkipCRDs tells the Helm install action to not install any CRDs. By default,
7188 CRDs are installed if not already present.
7190 Deprecated use CRD policy (`crds`) attribute with value `Skip` instead.
7194 Timeout is the time to wait for any individual Kubernetes operation (like
7195 Jobs for hooks) during the performance of a Helm install action. Defaults to
7196 'HelmReleaseSpec.Timeout'.
7197 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7201 description: Interval at which to reconcile the Helm release.
7202 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7206 KubeConfig for reconciling the HelmRelease on a remote cluster.
7207 When used in combination with HelmReleaseSpec.ServiceAccountName,
7208 forces the controller to act on behalf of that Service Account at the
7210 If the --default-service-account flag is set, its value will be used as
7211 a controller level fallback for when HelmReleaseSpec.ServiceAccountName
7216 SecretRef holds the name of a secret that contains a key with
7217 the kubeconfig file as the value. If no key is set, the key will default
7219 It is recommended that the kubeconfig is self-contained, and the secret
7220 is regularly updated if credentials such as a cloud-access-token expire.
7221 Cloud specific `cmd-path` auth helpers will not function without adding
7222 binaries and credentials to the Pod that is responsible for reconciling
7223 Kubernetes resources.
7226 description: Key in the Secret, when not specified an implementation-specific
7227 default key is used.
7230 description: Name of the Secret.
7240 MaxHistory is the number of revisions saved by Helm for this HelmRelease.
7241 Use '0' for an unlimited number of revisions; defaults to '5'.
7245 PersistentClient tells the controller to use a persistent Kubernetes
7246 client for this release. When enabled, the client will be reused for the
7247 duration of the reconciliation, instead of being created and destroyed
7248 for each (step of a) Helm action.
7250 This can improve performance, but may cause issues with some Helm charts
7251 that for example do create Custom Resource Definitions during installation
7252 outside Helm's CRD lifecycle hooks, which are then not observed to be
7253 available by e.g. post-install hooks.
7255 If not set, it defaults to true.
7259 PostRenderers holds an array of Helm PostRenderers, which will be applied in order
7260 of their definition.
7262 description: PostRenderer contains a Helm PostRenderer specification.
7265 description: Kustomization to apply as PostRenderer.
7269 Images is a list of (image name, new name, new tag or digest)
7270 for changing image names, tags or digests. This can also be achieved with a
7271 patch, but this operator is simpler to specify.
7273 description: Image contains an image name, a new name,
7274 a new tag or digest, which will replace the original
7279 Digest is the value used to replace the original image tag.
7280 If digest is present NewTag value is ignored.
7283 description: Name is a tag-less image name.
7286 description: NewName is the value used to replace
7290 description: NewTag is the value used to replace the
7299 Strategic merge and JSON patches, defined as inline YAML objects,
7300 capable of targeting objects based on kind, label and annotation selectors.
7303 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
7308 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
7309 an array of operation objects.
7312 description: Target points to the resources that the
7313 patch document should be applied to.
7317 AnnotationSelector is a string that follows the label selection expression
7318 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
7319 It matches with the resource annotations.
7323 Group is the API group to select resources from.
7324 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
7325 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7329 Kind of the API Group to select resources from.
7330 Together with Group and Version it is capable of unambiguously
7331 identifying and/or selecting resources.
7332 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7336 LabelSelector is a string that follows the label selection expression
7337 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
7338 It matches with the resource labels.
7341 description: Name to match resources with.
7344 description: Namespace to select resources from.
7348 Version of the API Group to select resources from.
7349 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
7350 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
7362 ReleaseName used for the Helm release. Defaults to a composition of
7363 '[TargetNamespace-]Name'.
7368 description: Rollback holds the configuration for Helm rollback actions
7369 for this HelmRelease.
7373 CleanupOnFail allows deletion of new resources created during the Helm
7374 rollback action when it fails.
7377 description: DisableHooks prevents hooks from running during the
7378 Helm rollback action.
7382 DisableWait disables the waiting for resources to be ready after a Helm
7383 rollback has been performed.
7387 DisableWaitForJobs disables waiting for jobs to complete after a Helm
7388 rollback has been performed.
7391 description: Force forces resource updates through a replacement
7395 description: Recreate performs pod restarts for the resource if
7400 Timeout is the time to wait for any individual Kubernetes operation (like
7401 Jobs for hooks) during the performance of a Helm rollback action. Defaults to
7402 'HelmReleaseSpec.Timeout'.
7403 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7408 The name of the Kubernetes service account to impersonate
7409 when reconciling this HelmRelease.
7415 StorageNamespace used for the Helm storage.
7416 Defaults to the namespace of the HelmRelease.
7422 Suspend tells the controller to suspend reconciliation for this HelmRelease,
7423 it does not apply to already started reconciliations. Defaults to false.
7427 TargetNamespace to target when performing operations for the HelmRelease.
7428 Defaults to the namespace of the HelmRelease.
7433 description: Test holds the configuration for Helm test actions for
7438 Enable enables Helm test actions for this HelmRelease after an Helm install
7439 or upgrade action has been performed.
7442 description: Filters is a list of tests to run or exclude from
7445 description: Filter holds the configuration for individual Helm
7449 description: Exclude specifies whether the named test should
7453 description: Name is the name of the test.
7463 IgnoreFailures tells the controller to skip remediation when the Helm tests
7464 are run but fail. Can be overwritten for tests run after install or upgrade
7465 actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
7469 Timeout is the time to wait for any individual Kubernetes operation during
7470 the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
7471 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7476 Timeout is the time to wait for any individual Kubernetes operation (like Jobs
7477 for hooks) during the performance of a Helm action. Defaults to '5m0s'.
7478 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7481 description: Uninstall holds the configuration for Helm uninstall
7482 actions for this HelmRelease.
7484 deletionPropagation:
7487 DeletionPropagation specifies the deletion propagation policy when
7488 a Helm uninstall is performed.
7495 description: DisableHooks prevents hooks from running during the
7496 Helm rollback action.
7500 DisableWait disables waiting for all the resources to be deleted after
7501 a Helm uninstall is performed.
7505 KeepHistory tells Helm to remove all associated resources and mark the
7506 release as deleted, but retain the release history.
7510 Timeout is the time to wait for any individual Kubernetes operation (like
7511 Jobs for hooks) during the performance of a Helm uninstall action. Defaults
7512 to 'HelmReleaseSpec.Timeout'.
7513 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7517 description: Upgrade holds the configuration for Helm upgrade actions
7518 for this HelmRelease.
7522 CleanupOnFail allows deletion of new resources created during the Helm
7523 upgrade action when it fails.
7527 CRDs upgrade CRDs from the Helm Chart's crds directory according
7528 to the CRD upgrade policy provided here. Valid values are `Skip`,
7529 `Create` or `CreateReplace`. Default is `Skip` and if omitted
7530 CRDs are neither installed nor upgraded.
7532 Skip: do neither install nor replace (update) any CRDs.
7534 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
7536 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
7539 By default, CRDs are not applied during Helm upgrade action. With this
7540 option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.
7541 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
7548 description: DisableHooks prevents hooks from running during the
7549 Helm upgrade action.
7551 disableOpenAPIValidation:
7553 DisableOpenAPIValidation prevents the Helm upgrade action from validating
7554 rendered templates against the Kubernetes OpenAPI Schema.
7556 disableSchemaValidation:
7558 DisableSchemaValidation prevents the Helm upgrade action from validating
7559 the values against the JSON Schema.
7563 DisableWait disables the waiting for resources to be ready after a Helm
7564 upgrade has been performed.
7568 DisableWaitForJobs disables waiting for jobs to complete after a Helm
7569 upgrade has been performed.
7572 description: Force forces resource updates through a replacement
7577 PreserveValues will make Helm reuse the last release's values and merge in
7578 overrides from 'Values'. Setting this flag makes the HelmRelease
7583 Remediation holds the remediation configuration for when the Helm upgrade
7584 action for the HelmRelease fails. The default is to not perform any action.
7588 IgnoreTestFailures tells the controller to skip remediation when the Helm
7589 tests are run after an upgrade action but fail.
7590 Defaults to 'Test.IgnoreFailures'.
7592 remediateLastFailure:
7594 RemediateLastFailure tells the controller to remediate the last failure, when
7595 no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
7599 Retries is the number of retries that should be attempted on failures before
7600 bailing. Remediation, using 'Strategy', is performed between each attempt.
7601 Defaults to '0', a negative integer equals to unlimited retries.
7604 description: Strategy to use for failure remediation. Defaults
7613 Timeout is the time to wait for any individual Kubernetes operation (like
7614 Jobs for hooks) during the performance of a Helm upgrade action. Defaults to
7615 'HelmReleaseSpec.Timeout'.
7616 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
7620 description: Values holds the values for this Helm release.
7621 x-kubernetes-preserve-unknown-fields: true
7624 ValuesFrom holds references to resources containing Helm values for this HelmRelease,
7625 and information about how they should be merged.
7628 ValuesReference contains a reference to a resource containing Helm values,
7629 and optionally the key they can be found at.
7632 description: Kind of the values referent, valid values are ('Secret',
7640 Name of the values referent. Should reside in the same namespace as the
7647 Optional marks this ValuesReference as optional. When set, a not found error
7648 for the values reference is ignored, but any ValuesKey, TargetPath or
7649 transient error will still result in a reconciliation failure.
7653 TargetPath is the YAML dot notation path the value should be merged at. When
7654 set, the ValuesKey is expected to be a single flat value. Defaults to 'None',
7655 which results in the values getting merged at the root.
7657 pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
7661 ValuesKey is the data key where the values.yaml or a specific value can be
7662 found at. Defaults to 'values.yaml'.
7664 pattern: ^[\-._a-zA-Z0-9]+$
7674 x-kubernetes-validations:
7675 - message: either chart or chartRef must be set
7676 rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart)
7677 && has(self.chartRef))
7680 observedGeneration: -1
7681 description: HelmReleaseStatus defines the observed state of a HelmRelease.
7684 description: Conditions holds the conditions for the HelmRelease.
7686 description: Condition contains details for one aspect of the current
7687 state of this API Resource.
7691 lastTransitionTime is the last time the condition transitioned from one status to another.
7692 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
7697 message is a human readable message indicating details about the transition.
7698 This may be an empty string.
7703 observedGeneration represents the .metadata.generation that the condition was set based upon.
7704 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
7705 with respect to the current state of the instance.
7711 reason contains a programmatic identifier indicating the reason for the condition's last transition.
7712 Producers of specific condition types may define expected values and meanings for this field,
7713 and whether the values are considered a guaranteed API.
7714 The value should be a CamelCase string.
7715 This field may not be empty.
7718 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
7721 description: status of the condition, one of True, False, Unknown.
7728 description: type of condition in CamelCase or in foo.example.com/CamelCase.
7730 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
7733 - lastTransitionTime
7742 Failures is the reconciliation failure count against the latest desired
7743 state. It is reset after a successful reconciliation.
7748 HelmChart is the namespaced name of the HelmChart resource created by
7749 the controller for the HelmRelease.
7753 History holds the history of Helm releases performed for this HelmRelease
7754 up to the last successfully completed release.
7757 Snapshot captures a point-in-time copy of the status information for a Helm release,
7758 as managed by the controller.
7762 APIVersion is the API version of the Snapshot.
7763 Provisional: when the calculation method of the Digest field is changed,
7764 this field will be used to distinguish between the old and new methods.
7767 description: AppVersion is the chart app version of the release
7771 description: ChartName is the chart name of the release object
7776 ChartVersion is the chart version of the release object in
7781 ConfigDigest is the checksum of the config (better known as
7782 "values") of the release object in storage.
7783 It has the format of `<algo>:<checksum>`.
7786 description: Deleted is when the release was deleted.
7791 Digest is the checksum of the release object in storage.
7792 It has the format of `<algo>:<checksum>`.
7795 description: FirstDeployed is when the release was first deployed.
7799 description: LastDeployed is when the release was last deployed.
7803 description: Name is the name of the release.
7806 description: Namespace is the namespace the release is deployed
7810 description: OCIDigest is the digest of the OCI artifact associated
7814 description: Status is the current state of the release.
7817 additionalProperties:
7819 TestHookStatus holds the status information for a test hook as observed
7820 to be run by the controller.
7823 description: LastCompleted is the time the test hook last
7828 description: LastStarted is the time the test hook was
7833 description: Phase the test hook was observed to be in.
7837 TestHooks is the list of test hooks for the release as observed to be
7838 run by the controller.
7841 description: Version is the version of the release object in
7859 InstallFailures is the install failure count against the latest desired
7860 state. It is reset after a successful reconciliation.
7863 lastAttemptedConfigDigest:
7865 LastAttemptedConfigDigest is the digest for the config (better known as
7866 "values") of the last reconciliation attempt.
7868 lastAttemptedGeneration:
7870 LastAttemptedGeneration is the last generation the controller attempted
7874 lastAttemptedReleaseAction:
7876 LastAttemptedReleaseAction is the last release action performed for this
7877 HelmRelease. It is used to determine the active remediation strategy.
7882 lastAttemptedRevision:
7884 LastAttemptedRevision is the Source revision of the last reconciliation
7885 attempt. For OCIRepository sources, the 12 first characters of the digest are
7886 appended to the chart version e.g. "1.2.3+1234567890ab".
7888 lastAttemptedRevisionDigest:
7890 LastAttemptedRevisionDigest is the digest of the last reconciliation attempt.
7891 This is only set for OCIRepository sources.
7893 lastAttemptedValuesChecksum:
7895 LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last
7896 reconciliation attempt.
7897 Deprecated: Use LastAttemptedConfigDigest instead.
7901 LastHandledForceAt holds the value of the most recent force request
7902 value, so a change of the annotation value can be detected.
7904 lastHandledReconcileAt:
7906 LastHandledReconcileAt holds the value of the most recent
7907 reconcile request value, so a change of the annotation value
7912 LastHandledResetAt holds the value of the most recent reset request
7913 value, so a change of the annotation value can be detected.
7915 lastReleaseRevision:
7917 LastReleaseRevision is the revision of the last successful Helm release.
7918 Deprecated: Use History instead.
7921 description: ObservedGeneration is the last observed generation.
7924 observedPostRenderersDigest:
7926 ObservedPostRenderersDigest is the digest for the post-renderers of
7927 the last successful reconciliation attempt.
7931 StorageNamespace is the namespace of the Helm release storage for the
7938 UpgradeFailures is the upgrade failure count against the latest desired
7939 state. It is reset after a successful reconciliation.
7948 - additionalPrinterColumns:
7949 - jsonPath: .metadata.creationTimestamp
7952 - jsonPath: .status.conditions[?(@.type=="Ready")].status
7955 - jsonPath: .status.conditions[?(@.type=="Ready")].message
7959 deprecationWarning: v2beta1 HelmRelease is deprecated, upgrade to v2
7963 description: HelmRelease is the Schema for the helmreleases API
7967 APIVersion defines the versioned schema of this representation of an object.
7968 Servers should convert recognized schemas to the latest internal value, and
7969 may reject unrecognized values.
7970 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
7974 Kind is a string value representing the REST resource this object represents.
7975 Servers may infer this from the endpoint the client submits requests to.
7978 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
7983 description: HelmReleaseSpec defines the desired state of a Helm release.
7987 Chart defines the template of the v1beta2.HelmChart that should be created
7988 for this HelmRelease.
7991 description: ObjectMeta holds the template for metadata like labels
7995 additionalProperties:
7998 Annotations is an unstructured key value map stored with a resource that may be
7999 set by external tools to store and retrieve arbitrary metadata. They are not
8000 queryable and should be preserved when modifying objects.
8001 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
8004 additionalProperties:
8007 Map of string keys and values that can be used to organize and categorize
8008 (scope and select) objects.
8009 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
8013 description: Spec holds the template for the v1beta2.HelmChartSpec
8014 for this HelmRelease.
8017 description: The name or path the Helm chart is available
8018 at in the SourceRef.
8022 Interval at which to check the v1beta2.Source for updates. Defaults to
8023 'HelmReleaseSpec.Interval'.
8024 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8027 default: ChartVersion
8029 Determines what enables the creation of a new artifact. Valid values are
8030 ('ChartVersion', 'Revision').
8031 See the documentation of the values for an explanation on their behavior.
8032 Defaults to ChartVersion when omitted.
8038 description: The name and namespace of the v1beta2.Source
8039 the chart is available at.
8042 description: APIVersion of the referent.
8045 description: Kind of the referent.
8052 description: Name of the referent.
8057 description: Namespace of the referent.
8067 Alternative values file to use as the default chart values, expected to
8068 be a relative path in the SourceRef. Deprecated in favor of ValuesFiles,
8069 for backwards compatibility the file defined here is merged before the
8070 ValuesFiles items. Ignored when omitted.
8074 Alternative list of values files to use as the chart values (values.yaml
8075 is not included by default), expected to be a relative path in the SourceRef.
8076 Values files are merged in the order of this list with the last file overriding
8077 the first. Ignored when omitted.
8083 Verify contains the secret name containing the trusted public keys
8084 used to verify the signature and specifies which provider to use to check
8085 whether OCI image is authentic.
8086 This field is only supported for OCI sources.
8087 Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.
8091 description: Provider specifies the technology used to
8092 sign the OCI Helm chart.
8098 SecretRef specifies the Kubernetes Secret containing the
8099 trusted public keys.
8102 description: Name of the referent.
8113 Version semver expression, ignored for charts from v1beta2.GitRepository and
8114 v1beta2.Bucket sources. Defaults to latest when omitted.
8125 ChartRef holds a reference to a source controller resource containing the
8126 Helm chart artifact.
8128 Note: this field is provisional to the v2 API, and not actively used
8129 by v2beta1 HelmReleases.
8132 description: APIVersion of the referent.
8135 description: Kind of the referent.
8141 description: Name of the referent.
8147 Namespace of the referent, defaults to the namespace of the Kubernetes
8148 resource object that contains the reference.
8158 DependsOn may contain a meta.NamespacedObjectReference slice with
8159 references to HelmRelease resources that must be ready before this HelmRelease
8163 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
8167 description: Name of the referent.
8170 description: Namespace of the referent, when not specified it
8171 acts as LocalObjectReference.
8179 DriftDetection holds the configuration for detecting and handling
8180 differences between the manifest in the Helm storage and the resources
8181 currently existing in the cluster.
8183 Note: this field is provisional to the v2beta2 API, and not actively used
8184 by v2beta1 HelmReleases.
8188 Ignore contains a list of rules for specifying which changes to ignore
8192 IgnoreRule defines a rule to selectively disregard specific changes during
8193 the drift detection process.
8197 Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from
8198 consideration in a Kubernetes object.
8204 Target is a selector for specifying Kubernetes objects to which this
8206 If Target is not set, the Paths will be ignored for all Kubernetes
8207 objects within the manifest of the Helm release.
8211 AnnotationSelector is a string that follows the label selection expression
8212 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8213 It matches with the resource annotations.
8217 Group is the API group to select resources from.
8218 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
8219 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8223 Kind of the API Group to select resources from.
8224 Together with Group and Version it is capable of unambiguously
8225 identifying and/or selecting resources.
8226 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8230 LabelSelector is a string that follows the label selection expression
8231 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8232 It matches with the resource labels.
8235 description: Name to match resources with.
8238 description: Namespace to select resources from.
8242 Version of the API Group to select resources from.
8243 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
8244 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8253 Mode defines how differences should be handled between the Helm manifest
8254 and the manifest currently applied to the cluster.
8255 If not explicitly set, it defaults to DiffModeDisabled.
8263 description: Install holds the configuration for Helm install actions
8264 for this HelmRelease.
8268 CRDs upgrade CRDs from the Helm Chart's crds directory according
8269 to the CRD upgrade policy provided here. Valid values are `Skip`,
8270 `Create` or `CreateReplace`. Default is `Create` and if omitted
8271 CRDs are installed but not updated.
8273 Skip: do neither install nor replace (update) any CRDs.
8275 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
8277 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
8280 By default, CRDs are applied (installed) during Helm install action.
8281 With this option users can opt-in to CRD replace existing CRDs on Helm
8282 install actions, which is not (yet) natively supported by Helm.
8283 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
8291 CreateNamespace tells the Helm install action to create the
8292 HelmReleaseSpec.TargetNamespace if it does not exist yet.
8293 On uninstall, the namespace will not be garbage collected.
8296 description: DisableHooks prevents hooks from running during the
8297 Helm install action.
8299 disableOpenAPIValidation:
8301 DisableOpenAPIValidation prevents the Helm install action from validating
8302 rendered templates against the Kubernetes OpenAPI Schema.
8306 DisableWait disables the waiting for resources to be ready after a Helm
8307 install has been performed.
8311 DisableWaitForJobs disables waiting for jobs to complete after a Helm
8312 install has been performed.
8316 Remediation holds the remediation configuration for when the Helm install
8317 action for the HelmRelease fails. The default is to not perform any action.
8321 IgnoreTestFailures tells the controller to skip remediation when the Helm
8322 tests are run after an install action but fail. Defaults to
8323 'Test.IgnoreFailures'.
8325 remediateLastFailure:
8327 RemediateLastFailure tells the controller to remediate the last failure, when
8328 no retries remain. Defaults to 'false'.
8332 Retries is the number of retries that should be attempted on failures before
8333 bailing. Remediation, using an uninstall, is performed between each attempt.
8334 Defaults to '0', a negative integer equals to unlimited retries.
8339 Replace tells the Helm install action to re-use the 'ReleaseName', but only
8340 if that name is a deleted release which remains in the history.
8344 SkipCRDs tells the Helm install action to not install any CRDs. By default,
8345 CRDs are installed if not already present.
8347 Deprecated use CRD policy (`crds`) attribute with value `Skip` instead.
8351 Timeout is the time to wait for any individual Kubernetes operation (like
8352 Jobs for hooks) during the performance of a Helm install action. Defaults to
8353 'HelmReleaseSpec.Timeout'.
8354 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8359 Interval at which to reconcile the Helm release.
8360 This interval is approximate and may be subject to jitter to ensure
8361 efficient use of resources.
8362 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8366 KubeConfig for reconciling the HelmRelease on a remote cluster.
8367 When used in combination with HelmReleaseSpec.ServiceAccountName,
8368 forces the controller to act on behalf of that Service Account at the
8370 If the --default-service-account flag is set, its value will be used as
8371 a controller level fallback for when HelmReleaseSpec.ServiceAccountName
8376 SecretRef holds the name of a secret that contains a key with
8377 the kubeconfig file as the value. If no key is set, the key will default
8379 It is recommended that the kubeconfig is self-contained, and the secret
8380 is regularly updated if credentials such as a cloud-access-token expire.
8381 Cloud specific `cmd-path` auth helpers will not function without adding
8382 binaries and credentials to the Pod that is responsible for reconciling
8383 Kubernetes resources.
8386 description: Key in the Secret, when not specified an implementation-specific
8387 default key is used.
8390 description: Name of the Secret.
8400 MaxHistory is the number of revisions saved by Helm for this HelmRelease.
8401 Use '0' for an unlimited number of revisions; defaults to '10'.
8405 PersistentClient tells the controller to use a persistent Kubernetes
8406 client for this release. When enabled, the client will be reused for the
8407 duration of the reconciliation, instead of being created and destroyed
8408 for each (step of a) Helm action.
8410 This can improve performance, but may cause issues with some Helm charts
8411 that for example do create Custom Resource Definitions during installation
8412 outside Helm's CRD lifecycle hooks, which are then not observed to be
8413 available by e.g. post-install hooks.
8415 If not set, it defaults to true.
8419 PostRenderers holds an array of Helm PostRenderers, which will be applied in order
8420 of their definition.
8422 description: PostRenderer contains a Helm PostRenderer specification.
8425 description: Kustomization to apply as PostRenderer.
8429 Images is a list of (image name, new name, new tag or digest)
8430 for changing image names, tags or digests. This can also be achieved with a
8431 patch, but this operator is simpler to specify.
8433 description: Image contains an image name, a new name,
8434 a new tag or digest, which will replace the original
8439 Digest is the value used to replace the original image tag.
8440 If digest is present NewTag value is ignored.
8443 description: Name is a tag-less image name.
8446 description: NewName is the value used to replace
8450 description: NewTag is the value used to replace the
8459 Strategic merge and JSON patches, defined as inline YAML objects,
8460 capable of targeting objects based on kind, label and annotation selectors.
8463 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
8468 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
8469 an array of operation objects.
8472 description: Target points to the resources that the
8473 patch document should be applied to.
8477 AnnotationSelector is a string that follows the label selection expression
8478 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8479 It matches with the resource annotations.
8483 Group is the API group to select resources from.
8484 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
8485 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8489 Kind of the API Group to select resources from.
8490 Together with Group and Version it is capable of unambiguously
8491 identifying and/or selecting resources.
8492 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8496 LabelSelector is a string that follows the label selection expression
8497 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8498 It matches with the resource labels.
8501 description: Name to match resources with.
8504 description: Namespace to select resources from.
8508 Version of the API Group to select resources from.
8509 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
8510 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8518 description: JSON 6902 patches, defined as inline YAML objects.
8520 description: JSON6902Patch contains a JSON6902 patch and
8521 the target the patch should be applied to.
8524 description: Patch contains the JSON6902 patch document
8525 with an array of operation objects.
8528 JSON6902 is a JSON6902 operation object.
8529 https://datatracker.ietf.org/doc/html/rfc6902#section-4
8533 From contains a JSON-pointer value that references a location within the target document where the operation is
8534 performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
8538 Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
8540 https://datatracker.ietf.org/doc/html/rfc6902#section-4
8551 Path contains the JSON-pointer value that references a location within the target document where the operation
8552 is performed. The meaning of the value depends on the value of Op.
8556 Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
8557 account by all operations.
8558 x-kubernetes-preserve-unknown-fields: true
8565 description: Target points to the resources that the
8566 patch document should be applied to.
8570 AnnotationSelector is a string that follows the label selection expression
8571 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8572 It matches with the resource annotations.
8576 Group is the API group to select resources from.
8577 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
8578 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8582 Kind of the API Group to select resources from.
8583 Together with Group and Version it is capable of unambiguously
8584 identifying and/or selecting resources.
8585 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8589 LabelSelector is a string that follows the label selection expression
8590 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
8591 It matches with the resource labels.
8594 description: Name to match resources with.
8597 description: Namespace to select resources from.
8601 Version of the API Group to select resources from.
8602 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
8603 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
8611 patchesStrategicMerge:
8612 description: Strategic merge patches, defined as inline
8615 x-kubernetes-preserve-unknown-fields: true
8622 ReleaseName used for the Helm release. Defaults to a composition of
8623 '[TargetNamespace-]Name'.
8628 description: Rollback holds the configuration for Helm rollback actions
8629 for this HelmRelease.
8633 CleanupOnFail allows deletion of new resources created during the Helm
8634 rollback action when it fails.
8637 description: DisableHooks prevents hooks from running during the
8638 Helm rollback action.
8642 DisableWait disables the waiting for resources to be ready after a Helm
8643 rollback has been performed.
8647 DisableWaitForJobs disables waiting for jobs to complete after a Helm
8648 rollback has been performed.
8651 description: Force forces resource updates through a replacement
8655 description: Recreate performs pod restarts for the resource if
8660 Timeout is the time to wait for any individual Kubernetes operation (like
8661 Jobs for hooks) during the performance of a Helm rollback action. Defaults to
8662 'HelmReleaseSpec.Timeout'.
8663 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8668 The name of the Kubernetes service account to impersonate
8669 when reconciling this HelmRelease.
8673 StorageNamespace used for the Helm storage.
8674 Defaults to the namespace of the HelmRelease.
8680 Suspend tells the controller to suspend reconciliation for this HelmRelease,
8681 it does not apply to already started reconciliations. Defaults to false.
8685 TargetNamespace to target when performing operations for the HelmRelease.
8686 Defaults to the namespace of the HelmRelease.
8691 description: Test holds the configuration for Helm test actions for
8696 Enable enables Helm test actions for this HelmRelease after an Helm install
8697 or upgrade action has been performed.
8701 IgnoreFailures tells the controller to skip remediation when the Helm tests
8702 are run but fail. Can be overwritten for tests run after install or upgrade
8703 actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
8707 Timeout is the time to wait for any individual Kubernetes operation during
8708 the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
8709 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8714 Timeout is the time to wait for any individual Kubernetes operation (like Jobs
8715 for hooks) during the performance of a Helm action. Defaults to '5m0s'.
8716 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8719 description: Uninstall holds the configuration for Helm uninstall
8720 actions for this HelmRelease.
8722 deletionPropagation:
8725 DeletionPropagation specifies the deletion propagation policy when
8726 a Helm uninstall is performed.
8733 description: DisableHooks prevents hooks from running during the
8734 Helm rollback action.
8738 DisableWait disables waiting for all the resources to be deleted after
8739 a Helm uninstall is performed.
8743 KeepHistory tells Helm to remove all associated resources and mark the
8744 release as deleted, but retain the release history.
8748 Timeout is the time to wait for any individual Kubernetes operation (like
8749 Jobs for hooks) during the performance of a Helm uninstall action. Defaults
8750 to 'HelmReleaseSpec.Timeout'.
8751 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8755 description: Upgrade holds the configuration for Helm upgrade actions
8756 for this HelmRelease.
8760 CleanupOnFail allows deletion of new resources created during the Helm
8761 upgrade action when it fails.
8765 CRDs upgrade CRDs from the Helm Chart's crds directory according
8766 to the CRD upgrade policy provided here. Valid values are `Skip`,
8767 `Create` or `CreateReplace`. Default is `Skip` and if omitted
8768 CRDs are neither installed nor upgraded.
8770 Skip: do neither install nor replace (update) any CRDs.
8772 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
8774 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
8777 By default, CRDs are not applied during Helm upgrade action. With this
8778 option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.
8779 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
8786 description: DisableHooks prevents hooks from running during the
8787 Helm upgrade action.
8789 disableOpenAPIValidation:
8791 DisableOpenAPIValidation prevents the Helm upgrade action from validating
8792 rendered templates against the Kubernetes OpenAPI Schema.
8796 DisableWait disables the waiting for resources to be ready after a Helm
8797 upgrade has been performed.
8801 DisableWaitForJobs disables waiting for jobs to complete after a Helm
8802 upgrade has been performed.
8805 description: Force forces resource updates through a replacement
8810 PreserveValues will make Helm reuse the last release's values and merge in
8811 overrides from 'Values'. Setting this flag makes the HelmRelease
8816 Remediation holds the remediation configuration for when the Helm upgrade
8817 action for the HelmRelease fails. The default is to not perform any action.
8821 IgnoreTestFailures tells the controller to skip remediation when the Helm
8822 tests are run after an upgrade action but fail.
8823 Defaults to 'Test.IgnoreFailures'.
8825 remediateLastFailure:
8827 RemediateLastFailure tells the controller to remediate the last failure, when
8828 no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
8832 Retries is the number of retries that should be attempted on failures before
8833 bailing. Remediation, using 'Strategy', is performed between each attempt.
8834 Defaults to '0', a negative integer equals to unlimited retries.
8837 description: Strategy to use for failure remediation. Defaults
8846 Timeout is the time to wait for any individual Kubernetes operation (like
8847 Jobs for hooks) during the performance of a Helm upgrade action. Defaults to
8848 'HelmReleaseSpec.Timeout'.
8849 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
8853 description: Values holds the values for this Helm release.
8854 x-kubernetes-preserve-unknown-fields: true
8857 ValuesFrom holds references to resources containing Helm values for this HelmRelease,
8858 and information about how they should be merged.
8861 ValuesReference contains a reference to a resource containing Helm values,
8862 and optionally the key they can be found at.
8865 description: Kind of the values referent, valid values are ('Secret',
8873 Name of the values referent. Should reside in the same namespace as the
8880 Optional marks this ValuesReference as optional. When set, a not found error
8881 for the values reference is ignored, but any ValuesKey, TargetPath or
8882 transient error will still result in a reconciliation failure.
8886 TargetPath is the YAML dot notation path the value should be merged at. When
8887 set, the ValuesKey is expected to be a single flat value. Defaults to 'None',
8888 which results in the values getting merged at the root.
8890 pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
8894 ValuesKey is the data key where the values.yaml or a specific value can be
8895 found at. Defaults to 'values.yaml'.
8896 When set, must be a valid Data Key, consisting of alphanumeric characters,
8899 pattern: ^[\-._a-zA-Z0-9]+$
8912 observedGeneration: -1
8913 description: HelmReleaseStatus defines the observed state of a HelmRelease.
8916 description: Conditions holds the conditions for the HelmRelease.
8918 description: Condition contains details for one aspect of the current
8919 state of this API Resource.
8923 lastTransitionTime is the last time the condition transitioned from one status to another.
8924 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
8929 message is a human readable message indicating details about the transition.
8930 This may be an empty string.
8935 observedGeneration represents the .metadata.generation that the condition was set based upon.
8936 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
8937 with respect to the current state of the instance.
8943 reason contains a programmatic identifier indicating the reason for the condition's last transition.
8944 Producers of specific condition types may define expected values and meanings for this field,
8945 and whether the values are considered a guaranteed API.
8946 The value should be a CamelCase string.
8947 This field may not be empty.
8950 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
8953 description: status of the condition, one of True, False, Unknown.
8960 description: type of condition in CamelCase or in foo.example.com/CamelCase.
8962 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
8965 - lastTransitionTime
8974 Failures is the reconciliation failure count against the latest desired
8975 state. It is reset after a successful reconciliation.
8980 HelmChart is the namespaced name of the HelmChart resource created by
8981 the controller for the HelmRelease.
8985 History holds the history of Helm releases performed for this HelmRelease
8986 up to the last successfully completed release.
8988 Note: this field is provisional to the v2beta2 API, and not actively used
8989 by v2beta1 HelmReleases.
8992 Snapshot captures a point-in-time copy of the status information for a Helm release,
8993 as managed by the controller.
8997 APIVersion is the API version of the Snapshot.
8998 Provisional: when the calculation method of the Digest field is changed,
8999 this field will be used to distinguish between the old and new methods.
9002 description: AppVersion is the chart app version of the release
9006 description: ChartName is the chart name of the release object
9011 ChartVersion is the chart version of the release object in
9016 ConfigDigest is the checksum of the config (better known as
9017 "values") of the release object in storage.
9018 It has the format of `<algo>:<checksum>`.
9021 description: Deleted is when the release was deleted.
9026 Digest is the checksum of the release object in storage.
9027 It has the format of `<algo>:<checksum>`.
9030 description: FirstDeployed is when the release was first deployed.
9034 description: LastDeployed is when the release was last deployed.
9038 description: Name is the name of the release.
9041 description: Namespace is the namespace the release is deployed
9045 description: OCIDigest is the digest of the OCI artifact associated
9049 description: Status is the current state of the release.
9052 additionalProperties:
9054 TestHookStatus holds the status information for a test hook as observed
9055 to be run by the controller.
9058 description: LastCompleted is the time the test hook last
9063 description: LastStarted is the time the test hook was
9068 description: Phase the test hook was observed to be in.
9072 TestHooks is the list of test hooks for the release as observed to be
9073 run by the controller.
9076 description: Version is the version of the release object in
9094 InstallFailures is the install failure count against the latest desired
9095 state. It is reset after a successful reconciliation.
9098 lastAppliedRevision:
9099 description: LastAppliedRevision is the revision of the last successfully
9102 lastAttemptedConfigDigest:
9104 LastAttemptedConfigDigest is the digest for the config (better known as
9105 "values") of the last reconciliation attempt.
9107 Note: this field is provisional to the v2beta2 API, and not actively used
9108 by v2beta1 HelmReleases.
9110 lastAttemptedGeneration:
9112 LastAttemptedGeneration is the last generation the controller attempted
9115 Note: this field is provisional to the v2beta2 API, and not actively used
9116 by v2beta1 HelmReleases.
9119 lastAttemptedReleaseAction:
9121 LastAttemptedReleaseAction is the last release action performed for this
9122 HelmRelease. It is used to determine the active remediation strategy.
9124 Note: this field is provisional to the v2beta2 API, and not actively used
9125 by v2beta1 HelmReleases.
9127 lastAttemptedRevision:
9128 description: LastAttemptedRevision is the revision of the last reconciliation
9131 lastAttemptedValuesChecksum:
9133 LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last
9134 reconciliation attempt.
9138 LastHandledForceAt holds the value of the most recent force request
9139 value, so a change of the annotation value can be detected.
9141 Note: this field is provisional to the v2beta2 API, and not actively used
9142 by v2beta1 HelmReleases.
9144 lastHandledReconcileAt:
9146 LastHandledReconcileAt holds the value of the most recent
9147 reconcile request value, so a change of the annotation value
9152 LastHandledResetAt holds the value of the most recent reset request
9153 value, so a change of the annotation value can be detected.
9155 Note: this field is provisional to the v2beta2 API, and not actively used
9156 by v2beta1 HelmReleases.
9158 lastReleaseRevision:
9159 description: LastReleaseRevision is the revision of the last successful
9163 description: ObservedGeneration is the last observed generation.
9166 observedPostRenderersDigest:
9168 ObservedPostRenderersDigest is the digest for the post-renderers of
9169 the last successful reconciliation attempt.
9173 StorageNamespace is the namespace of the Helm release storage for the
9176 Note: this field is provisional to the v2beta2 API, and not actively used
9177 by v2beta1 HelmReleases.
9181 UpgradeFailures is the upgrade failure count against the latest desired
9182 state. It is reset after a successful reconciliation.
9191 - additionalPrinterColumns:
9192 - jsonPath: .metadata.creationTimestamp
9195 - jsonPath: .status.conditions[?(@.type=="Ready")].status
9198 - jsonPath: .status.conditions[?(@.type=="Ready")].message
9202 deprecationWarning: v2beta2 HelmRelease is deprecated, upgrade to v2
9206 description: HelmRelease is the Schema for the helmreleases API
9210 APIVersion defines the versioned schema of this representation of an object.
9211 Servers should convert recognized schemas to the latest internal value, and
9212 may reject unrecognized values.
9213 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
9217 Kind is a string value representing the REST resource this object represents.
9218 Servers may infer this from the endpoint the client submits requests to.
9221 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
9226 description: HelmReleaseSpec defines the desired state of a Helm release.
9230 Chart defines the template of the v1beta2.HelmChart that should be created
9231 for this HelmRelease.
9234 description: ObjectMeta holds the template for metadata like labels
9238 additionalProperties:
9241 Annotations is an unstructured key value map stored with a resource that may be
9242 set by external tools to store and retrieve arbitrary metadata. They are not
9243 queryable and should be preserved when modifying objects.
9244 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
9247 additionalProperties:
9250 Map of string keys and values that can be used to organize and categorize
9251 (scope and select) objects.
9252 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
9256 description: Spec holds the template for the v1beta2.HelmChartSpec
9257 for this HelmRelease.
9260 description: The name or path the Helm chart is available
9261 at in the SourceRef.
9265 ignoreMissingValuesFiles:
9266 description: IgnoreMissingValuesFiles controls whether to
9267 silently ignore missing values files rather than failing.
9271 Interval at which to check the v1.Source for updates. Defaults to
9272 'HelmReleaseSpec.Interval'.
9273 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9276 default: ChartVersion
9278 Determines what enables the creation of a new artifact. Valid values are
9279 ('ChartVersion', 'Revision').
9280 See the documentation of the values for an explanation on their behavior.
9281 Defaults to ChartVersion when omitted.
9287 description: The name and namespace of the v1.Source the chart
9291 description: APIVersion of the referent.
9294 description: Kind of the referent.
9301 description: Name of the referent.
9306 description: Namespace of the referent.
9316 Alternative values file to use as the default chart values, expected to
9317 be a relative path in the SourceRef. Deprecated in favor of ValuesFiles,
9318 for backwards compatibility the file defined here is merged before the
9319 ValuesFiles items. Ignored when omitted.
9323 Alternative list of values files to use as the chart values (values.yaml
9324 is not included by default), expected to be a relative path in the SourceRef.
9325 Values files are merged in the order of this list with the last file overriding
9326 the first. Ignored when omitted.
9332 Verify contains the secret name containing the trusted public keys
9333 used to verify the signature and specifies which provider to use to check
9334 whether OCI image is authentic.
9335 This field is only supported for OCI sources.
9336 Chart dependencies, which are not bundled in the umbrella chart artifact,
9341 description: Provider specifies the technology used to
9342 sign the OCI Helm chart.
9349 SecretRef specifies the Kubernetes Secret containing the
9350 trusted public keys.
9353 description: Name of the referent.
9364 Version semver expression, ignored for charts from v1beta2.GitRepository and
9365 v1beta2.Bucket sources. Defaults to latest when omitted.
9376 ChartRef holds a reference to a source controller resource containing the
9377 Helm chart artifact.
9379 Note: this field is provisional to the v2 API, and not actively used
9380 by v2beta2 HelmReleases.
9383 description: APIVersion of the referent.
9386 description: Kind of the referent.
9392 description: Name of the referent.
9398 Namespace of the referent, defaults to the namespace of the Kubernetes
9399 resource object that contains the reference.
9409 DependsOn may contain a meta.NamespacedObjectReference slice with
9410 references to HelmRelease resources that must be ready before this HelmRelease
9414 NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
9418 description: Name of the referent.
9421 description: Namespace of the referent, when not specified it
9422 acts as LocalObjectReference.
9430 DriftDetection holds the configuration for detecting and handling
9431 differences between the manifest in the Helm storage and the resources
9432 currently existing in the cluster.
9436 Ignore contains a list of rules for specifying which changes to ignore
9440 IgnoreRule defines a rule to selectively disregard specific changes during
9441 the drift detection process.
9445 Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from
9446 consideration in a Kubernetes object.
9452 Target is a selector for specifying Kubernetes objects to which this
9454 If Target is not set, the Paths will be ignored for all Kubernetes
9455 objects within the manifest of the Helm release.
9459 AnnotationSelector is a string that follows the label selection expression
9460 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9461 It matches with the resource annotations.
9465 Group is the API group to select resources from.
9466 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
9467 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9471 Kind of the API Group to select resources from.
9472 Together with Group and Version it is capable of unambiguously
9473 identifying and/or selecting resources.
9474 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9478 LabelSelector is a string that follows the label selection expression
9479 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9480 It matches with the resource labels.
9483 description: Name to match resources with.
9486 description: Namespace to select resources from.
9490 Version of the API Group to select resources from.
9491 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
9492 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9501 Mode defines how differences should be handled between the Helm manifest
9502 and the manifest currently applied to the cluster.
9503 If not explicitly set, it defaults to DiffModeDisabled.
9511 description: Install holds the configuration for Helm install actions
9512 for this HelmRelease.
9516 CRDs upgrade CRDs from the Helm Chart's crds directory according
9517 to the CRD upgrade policy provided here. Valid values are `Skip`,
9518 `Create` or `CreateReplace`. Default is `Create` and if omitted
9519 CRDs are installed but not updated.
9521 Skip: do neither install nor replace (update) any CRDs.
9523 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
9525 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
9528 By default, CRDs are applied (installed) during Helm install action.
9529 With this option users can opt in to CRD replace existing CRDs on Helm
9530 install actions, which is not (yet) natively supported by Helm.
9531 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
9539 CreateNamespace tells the Helm install action to create the
9540 HelmReleaseSpec.TargetNamespace if it does not exist yet.
9541 On uninstall, the namespace will not be garbage collected.
9544 description: DisableHooks prevents hooks from running during the
9545 Helm install action.
9547 disableOpenAPIValidation:
9549 DisableOpenAPIValidation prevents the Helm install action from validating
9550 rendered templates against the Kubernetes OpenAPI Schema.
9554 DisableWait disables the waiting for resources to be ready after a Helm
9555 install has been performed.
9559 DisableWaitForJobs disables waiting for jobs to complete after a Helm
9560 install has been performed.
9564 Remediation holds the remediation configuration for when the Helm install
9565 action for the HelmRelease fails. The default is to not perform any action.
9569 IgnoreTestFailures tells the controller to skip remediation when the Helm
9570 tests are run after an install action but fail. Defaults to
9571 'Test.IgnoreFailures'.
9573 remediateLastFailure:
9575 RemediateLastFailure tells the controller to remediate the last failure, when
9576 no retries remain. Defaults to 'false'.
9580 Retries is the number of retries that should be attempted on failures before
9581 bailing. Remediation, using an uninstall, is performed between each attempt.
9582 Defaults to '0', a negative integer equals to unlimited retries.
9587 Replace tells the Helm install action to re-use the 'ReleaseName', but only
9588 if that name is a deleted release which remains in the history.
9592 SkipCRDs tells the Helm install action to not install any CRDs. By default,
9593 CRDs are installed if not already present.
9595 Deprecated use CRD policy (`crds`) attribute with value `Skip` instead.
9599 Timeout is the time to wait for any individual Kubernetes operation (like
9600 Jobs for hooks) during the performance of a Helm install action. Defaults to
9601 'HelmReleaseSpec.Timeout'.
9602 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9606 description: Interval at which to reconcile the Helm release.
9607 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9611 KubeConfig for reconciling the HelmRelease on a remote cluster.
9612 When used in combination with HelmReleaseSpec.ServiceAccountName,
9613 forces the controller to act on behalf of that Service Account at the
9615 If the --default-service-account flag is set, its value will be used as
9616 a controller level fallback for when HelmReleaseSpec.ServiceAccountName
9621 SecretRef holds the name of a secret that contains a key with
9622 the kubeconfig file as the value. If no key is set, the key will default
9624 It is recommended that the kubeconfig is self-contained, and the secret
9625 is regularly updated if credentials such as a cloud-access-token expire.
9626 Cloud specific `cmd-path` auth helpers will not function without adding
9627 binaries and credentials to the Pod that is responsible for reconciling
9628 Kubernetes resources.
9631 description: Key in the Secret, when not specified an implementation-specific
9632 default key is used.
9635 description: Name of the Secret.
9645 MaxHistory is the number of revisions saved by Helm for this HelmRelease.
9646 Use '0' for an unlimited number of revisions; defaults to '5'.
9650 PersistentClient tells the controller to use a persistent Kubernetes
9651 client for this release. When enabled, the client will be reused for the
9652 duration of the reconciliation, instead of being created and destroyed
9653 for each (step of a) Helm action.
9655 This can improve performance, but may cause issues with some Helm charts
9656 that for example do create Custom Resource Definitions during installation
9657 outside Helm's CRD lifecycle hooks, which are then not observed to be
9658 available by e.g. post-install hooks.
9660 If not set, it defaults to true.
9664 PostRenderers holds an array of Helm PostRenderers, which will be applied in order
9665 of their definition.
9667 description: PostRenderer contains a Helm PostRenderer specification.
9670 description: Kustomization to apply as PostRenderer.
9674 Images is a list of (image name, new name, new tag or digest)
9675 for changing image names, tags or digests. This can also be achieved with a
9676 patch, but this operator is simpler to specify.
9678 description: Image contains an image name, a new name,
9679 a new tag or digest, which will replace the original
9684 Digest is the value used to replace the original image tag.
9685 If digest is present NewTag value is ignored.
9688 description: Name is a tag-less image name.
9691 description: NewName is the value used to replace
9695 description: NewTag is the value used to replace the
9704 Strategic merge and JSON patches, defined as inline YAML objects,
9705 capable of targeting objects based on kind, label and annotation selectors.
9708 Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
9713 Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
9714 an array of operation objects.
9717 description: Target points to the resources that the
9718 patch document should be applied to.
9722 AnnotationSelector is a string that follows the label selection expression
9723 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9724 It matches with the resource annotations.
9728 Group is the API group to select resources from.
9729 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
9730 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9734 Kind of the API Group to select resources from.
9735 Together with Group and Version it is capable of unambiguously
9736 identifying and/or selecting resources.
9737 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9741 LabelSelector is a string that follows the label selection expression
9742 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9743 It matches with the resource labels.
9746 description: Name to match resources with.
9749 description: Namespace to select resources from.
9753 Version of the API Group to select resources from.
9754 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
9755 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9764 JSON 6902 patches, defined as inline YAML objects.
9765 Deprecated: use Patches instead.
9767 description: JSON6902Patch contains a JSON6902 patch and
9768 the target the patch should be applied to.
9771 description: Patch contains the JSON6902 patch document
9772 with an array of operation objects.
9775 JSON6902 is a JSON6902 operation object.
9776 https://datatracker.ietf.org/doc/html/rfc6902#section-4
9780 From contains a JSON-pointer value that references a location within the target document where the operation is
9781 performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
9785 Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
9787 https://datatracker.ietf.org/doc/html/rfc6902#section-4
9798 Path contains the JSON-pointer value that references a location within the target document where the operation
9799 is performed. The meaning of the value depends on the value of Op.
9803 Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
9804 account by all operations.
9805 x-kubernetes-preserve-unknown-fields: true
9812 description: Target points to the resources that the
9813 patch document should be applied to.
9817 AnnotationSelector is a string that follows the label selection expression
9818 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9819 It matches with the resource annotations.
9823 Group is the API group to select resources from.
9824 Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
9825 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9829 Kind of the API Group to select resources from.
9830 Together with Group and Version it is capable of unambiguously
9831 identifying and/or selecting resources.
9832 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9836 LabelSelector is a string that follows the label selection expression
9837 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
9838 It matches with the resource labels.
9841 description: Name to match resources with.
9844 description: Namespace to select resources from.
9848 Version of the API Group to select resources from.
9849 Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
9850 https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
9858 patchesStrategicMerge:
9860 Strategic merge patches, defined as inline YAML objects.
9861 Deprecated: use Patches instead.
9863 x-kubernetes-preserve-unknown-fields: true
9870 ReleaseName used for the Helm release. Defaults to a composition of
9871 '[TargetNamespace-]Name'.
9876 description: Rollback holds the configuration for Helm rollback actions
9877 for this HelmRelease.
9881 CleanupOnFail allows deletion of new resources created during the Helm
9882 rollback action when it fails.
9885 description: DisableHooks prevents hooks from running during the
9886 Helm rollback action.
9890 DisableWait disables the waiting for resources to be ready after a Helm
9891 rollback has been performed.
9895 DisableWaitForJobs disables waiting for jobs to complete after a Helm
9896 rollback has been performed.
9899 description: Force forces resource updates through a replacement
9903 description: Recreate performs pod restarts for the resource if
9908 Timeout is the time to wait for any individual Kubernetes operation (like
9909 Jobs for hooks) during the performance of a Helm rollback action. Defaults to
9910 'HelmReleaseSpec.Timeout'.
9911 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9916 The name of the Kubernetes service account to impersonate
9917 when reconciling this HelmRelease.
9923 StorageNamespace used for the Helm storage.
9924 Defaults to the namespace of the HelmRelease.
9930 Suspend tells the controller to suspend reconciliation for this HelmRelease,
9931 it does not apply to already started reconciliations. Defaults to false.
9935 TargetNamespace to target when performing operations for the HelmRelease.
9936 Defaults to the namespace of the HelmRelease.
9941 description: Test holds the configuration for Helm test actions for
9946 Enable enables Helm test actions for this HelmRelease after an Helm install
9947 or upgrade action has been performed.
9950 description: Filters is a list of tests to run or exclude from
9953 description: Filter holds the configuration for individual Helm
9957 description: Exclude specifies whether the named test should
9961 description: Name is the name of the test.
9971 IgnoreFailures tells the controller to skip remediation when the Helm tests
9972 are run but fail. Can be overwritten for tests run after install or upgrade
9973 actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
9977 Timeout is the time to wait for any individual Kubernetes operation during
9978 the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
9979 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9984 Timeout is the time to wait for any individual Kubernetes operation (like Jobs
9985 for hooks) during the performance of a Helm action. Defaults to '5m0s'.
9986 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
9989 description: Uninstall holds the configuration for Helm uninstall
9990 actions for this HelmRelease.
9992 deletionPropagation:
9995 DeletionPropagation specifies the deletion propagation policy when
9996 a Helm uninstall is performed.
10003 description: DisableHooks prevents hooks from running during the
10004 Helm rollback action.
10008 DisableWait disables waiting for all the resources to be deleted after
10009 a Helm uninstall is performed.
10013 KeepHistory tells Helm to remove all associated resources and mark the
10014 release as deleted, but retain the release history.
10018 Timeout is the time to wait for any individual Kubernetes operation (like
10019 Jobs for hooks) during the performance of a Helm uninstall action. Defaults
10020 to 'HelmReleaseSpec.Timeout'.
10021 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
10025 description: Upgrade holds the configuration for Helm upgrade actions
10026 for this HelmRelease.
10030 CleanupOnFail allows deletion of new resources created during the Helm
10031 upgrade action when it fails.
10035 CRDs upgrade CRDs from the Helm Chart's crds directory according
10036 to the CRD upgrade policy provided here. Valid values are `Skip`,
10037 `Create` or `CreateReplace`. Default is `Skip` and if omitted
10038 CRDs are neither installed nor upgraded.
10040 Skip: do neither install nor replace (update) any CRDs.
10042 Create: new CRDs are created, existing CRDs are neither updated nor deleted.
10044 CreateReplace: new CRDs are created, existing CRDs are updated (replaced)
10047 By default, CRDs are not applied during Helm upgrade action. With this
10048 option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.
10049 https://helm.sh/docs/chart_best_practices/custom_resource_definitions.
10056 description: DisableHooks prevents hooks from running during the
10057 Helm upgrade action.
10059 disableOpenAPIValidation:
10061 DisableOpenAPIValidation prevents the Helm upgrade action from validating
10062 rendered templates against the Kubernetes OpenAPI Schema.
10066 DisableWait disables the waiting for resources to be ready after a Helm
10067 upgrade has been performed.
10069 disableWaitForJobs:
10071 DisableWaitForJobs disables waiting for jobs to complete after a Helm
10072 upgrade has been performed.
10075 description: Force forces resource updates through a replacement
10080 PreserveValues will make Helm reuse the last release's values and merge in
10081 overrides from 'Values'. Setting this flag makes the HelmRelease
10086 Remediation holds the remediation configuration for when the Helm upgrade
10087 action for the HelmRelease fails. The default is to not perform any action.
10089 ignoreTestFailures:
10091 IgnoreTestFailures tells the controller to skip remediation when the Helm
10092 tests are run after an upgrade action but fail.
10093 Defaults to 'Test.IgnoreFailures'.
10095 remediateLastFailure:
10097 RemediateLastFailure tells the controller to remediate the last failure, when
10098 no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
10102 Retries is the number of retries that should be attempted on failures before
10103 bailing. Remediation, using 'Strategy', is performed between each attempt.
10104 Defaults to '0', a negative integer equals to unlimited retries.
10107 description: Strategy to use for failure remediation. Defaults
10116 Timeout is the time to wait for any individual Kubernetes operation (like
10117 Jobs for hooks) during the performance of a Helm upgrade action. Defaults to
10118 'HelmReleaseSpec.Timeout'.
10119 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
10123 description: Values holds the values for this Helm release.
10124 x-kubernetes-preserve-unknown-fields: true
10127 ValuesFrom holds references to resources containing Helm values for this HelmRelease,
10128 and information about how they should be merged.
10131 ValuesReference contains a reference to a resource containing Helm values,
10132 and optionally the key they can be found at.
10135 description: Kind of the values referent, valid values are ('Secret',
10143 Name of the values referent. Should reside in the same namespace as the
10144 referring resource.
10150 Optional marks this ValuesReference as optional. When set, a not found error
10151 for the values reference is ignored, but any ValuesKey, TargetPath or
10152 transient error will still result in a reconciliation failure.
10156 TargetPath is the YAML dot notation path the value should be merged at. When
10157 set, the ValuesKey is expected to be a single flat value. Defaults to 'None',
10158 which results in the values getting merged at the root.
10160 pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$
10164 ValuesKey is the data key where the values.yaml or a specific value can be
10165 found at. Defaults to 'values.yaml'.
10167 pattern: ^[\-._a-zA-Z0-9]+$
10177 x-kubernetes-validations:
10178 - message: either chart or chartRef must be set
10179 rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart)
10180 && has(self.chartRef))
10183 observedGeneration: -1
10184 description: HelmReleaseStatus defines the observed state of a HelmRelease.
10187 description: Conditions holds the conditions for the HelmRelease.
10189 description: Condition contains details for one aspect of the current
10190 state of this API Resource.
10192 lastTransitionTime:
10194 lastTransitionTime is the last time the condition transitioned from one status to another.
10195 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
10200 message is a human readable message indicating details about the transition.
10201 This may be an empty string.
10204 observedGeneration:
10206 observedGeneration represents the .metadata.generation that the condition was set based upon.
10207 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
10208 with respect to the current state of the instance.
10214 reason contains a programmatic identifier indicating the reason for the condition's last transition.
10215 Producers of specific condition types may define expected values and meanings for this field,
10216 and whether the values are considered a guaranteed API.
10217 The value should be a CamelCase string.
10218 This field may not be empty.
10221 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10224 description: status of the condition, one of True, False, Unknown.
10231 description: type of condition in CamelCase or in foo.example.com/CamelCase.
10233 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10236 - lastTransitionTime
10245 Failures is the reconciliation failure count against the latest desired
10246 state. It is reset after a successful reconciliation.
10251 HelmChart is the namespaced name of the HelmChart resource created by
10252 the controller for the HelmRelease.
10256 History holds the history of Helm releases performed for this HelmRelease
10257 up to the last successfully completed release.
10260 Snapshot captures a point-in-time copy of the status information for a Helm release,
10261 as managed by the controller.
10265 APIVersion is the API version of the Snapshot.
10266 Provisional: when the calculation method of the Digest field is changed,
10267 this field will be used to distinguish between the old and new methods.
10270 description: AppVersion is the chart app version of the release
10274 description: ChartName is the chart name of the release object
10279 ChartVersion is the chart version of the release object in
10284 ConfigDigest is the checksum of the config (better known as
10285 "values") of the release object in storage.
10286 It has the format of `<algo>:<checksum>`.
10289 description: Deleted is when the release was deleted.
10294 Digest is the checksum of the release object in storage.
10295 It has the format of `<algo>:<checksum>`.
10298 description: FirstDeployed is when the release was first deployed.
10302 description: LastDeployed is when the release was last deployed.
10306 description: Name is the name of the release.
10309 description: Namespace is the namespace the release is deployed
10313 description: OCIDigest is the digest of the OCI artifact associated
10317 description: Status is the current state of the release.
10320 additionalProperties:
10322 TestHookStatus holds the status information for a test hook as observed
10323 to be run by the controller.
10326 description: LastCompleted is the time the test hook last
10331 description: LastStarted is the time the test hook was
10336 description: Phase the test hook was observed to be in.
10340 TestHooks is the list of test hooks for the release as observed to be
10341 run by the controller.
10344 description: Version is the version of the release object in
10362 InstallFailures is the install failure count against the latest desired
10363 state. It is reset after a successful reconciliation.
10366 lastAppliedRevision:
10368 LastAppliedRevision is the revision of the last successfully applied
10370 Deprecated: the revision can now be found in the History.
10372 lastAttemptedConfigDigest:
10374 LastAttemptedConfigDigest is the digest for the config (better known as
10375 "values") of the last reconciliation attempt.
10377 lastAttemptedGeneration:
10379 LastAttemptedGeneration is the last generation the controller attempted
10383 lastAttemptedReleaseAction:
10385 LastAttemptedReleaseAction is the last release action performed for this
10386 HelmRelease. It is used to determine the active remediation strategy.
10391 lastAttemptedRevision:
10393 LastAttemptedRevision is the Source revision of the last reconciliation
10394 attempt. For OCIRepository sources, the 12 first characters of the digest are
10395 appended to the chart version e.g. "1.2.3+1234567890ab".
10397 lastAttemptedRevisionDigest:
10399 LastAttemptedRevisionDigest is the digest of the last reconciliation attempt.
10400 This is only set for OCIRepository sources.
10402 lastAttemptedValuesChecksum:
10404 LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last
10405 reconciliation attempt.
10406 Deprecated: Use LastAttemptedConfigDigest instead.
10408 lastHandledForceAt:
10410 LastHandledForceAt holds the value of the most recent force request
10411 value, so a change of the annotation value can be detected.
10413 lastHandledReconcileAt:
10415 LastHandledReconcileAt holds the value of the most recent
10416 reconcile request value, so a change of the annotation value
10419 lastHandledResetAt:
10421 LastHandledResetAt holds the value of the most recent reset request
10422 value, so a change of the annotation value can be detected.
10424 lastReleaseRevision:
10426 LastReleaseRevision is the revision of the last successful Helm release.
10427 Deprecated: Use History instead.
10429 observedGeneration:
10430 description: ObservedGeneration is the last observed generation.
10433 observedPostRenderersDigest:
10435 ObservedPostRenderersDigest is the digest for the post-renderers of
10436 the last successful reconciliation attempt.
10440 StorageNamespace is the namespace of the Helm release storage for the
10447 UpgradeFailures is the upgrade failure count against the latest desired
10448 state. It is reset after a successful reconciliation.
10459 kind: ServiceAccount
10462 app.kubernetes.io/component: helm-controller
10463 app.kubernetes.io/instance: flux-system
10464 app.kubernetes.io/part-of: flux
10465 app.kubernetes.io/version: v2.4.0
10466 name: helm-controller
10467 namespace: flux-system
10469 apiVersion: apps/v1
10473 app.kubernetes.io/component: helm-controller
10474 app.kubernetes.io/instance: flux-system
10475 app.kubernetes.io/part-of: flux
10476 app.kubernetes.io/version: v2.4.0
10477 control-plane: controller
10478 name: helm-controller
10479 namespace: flux-system
10484 app: helm-controller
10488 prometheus.io/port: "8080"
10489 prometheus.io/scrape: "true"
10491 app: helm-controller
10495 - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
10496 - --watch-all-namespaces=true
10498 - --log-encoding=json
10499 - --enable-leader-election
10501 - name: RUNTIME_NAMESPACE
10504 fieldPath: metadata.namespace
10508 containerName: manager
10509 resource: limits.cpu
10513 containerName: manager
10514 resource: limits.memory
10515 image: ghcr.io/fluxcd/helm-controller:v1.1.0
10516 imagePullPolicy: IfNotPresent
10523 - containerPort: 8080
10526 - containerPort: 9440
10541 allowPrivilegeEscalation: false
10545 readOnlyRootFilesystem: true
10548 type: RuntimeDefault
10553 kubernetes.io/os: linux
10554 priorityClassName: system-cluster-critical
10557 serviceAccountName: helm-controller
10558 terminationGracePeriodSeconds: 600
10563 apiVersion: apiextensions.k8s.io/v1
10564 kind: CustomResourceDefinition
10567 controller-gen.kubebuilder.io/version: v0.16.1
10569 app.kubernetes.io/component: notification-controller
10570 app.kubernetes.io/instance: flux-system
10571 app.kubernetes.io/part-of: flux
10572 app.kubernetes.io/version: v2.4.0
10573 name: alerts.notification.toolkit.fluxcd.io
10575 group: notification.toolkit.fluxcd.io
10578 listKind: AlertList
10583 - additionalPrinterColumns:
10584 - jsonPath: .metadata.creationTimestamp
10587 - jsonPath: .status.conditions[?(@.type=="Ready")].status
10590 - jsonPath: .status.conditions[?(@.type=="Ready")].message
10594 deprecationWarning: v1beta1 Alert is deprecated, upgrade to v1beta3
10598 description: Alert is the Schema for the alerts API
10602 APIVersion defines the versioned schema of this representation of an object.
10603 Servers should convert recognized schemas to the latest internal value, and
10604 may reject unrecognized values.
10605 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
10609 Kind is a string value representing the REST resource this object represents.
10610 Servers may infer this from the endpoint the client submits requests to.
10613 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
10618 description: AlertSpec defines an alerting rule for events involving a
10624 Filter events based on severity, defaults to ('info').
10625 If set to 'info' no events will be filtered.
10631 description: Filter events based on the involved objects.
10634 CrossNamespaceObjectReference contains enough information to let you locate the
10635 typed referenced object at cluster level
10638 description: API version of the referent
10641 description: Kind of the referent
10651 - ImageUpdateAutomation
10655 additionalProperties:
10658 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
10659 map is equivalent to an element of matchExpressions, whose key field is "key", the
10660 operator is "In", and the values array contains only "value". The requirements are ANDed.
10663 description: Name of the referent
10668 description: Namespace of the referent
10678 description: A list of Golang regular expressions to be used for excluding
10684 description: Send events using this provider.
10687 description: Name of the referent.
10693 description: Short description of the impact and affected cluster.
10697 This flag tells the controller to suspend subsequent events dispatching.
10706 observedGeneration: -1
10707 description: AlertStatus defines the observed state of Alert
10711 description: Condition contains details for one aspect of the current
10712 state of this API Resource.
10714 lastTransitionTime:
10716 lastTransitionTime is the last time the condition transitioned from one status to another.
10717 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
10722 message is a human readable message indicating details about the transition.
10723 This may be an empty string.
10726 observedGeneration:
10728 observedGeneration represents the .metadata.generation that the condition was set based upon.
10729 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
10730 with respect to the current state of the instance.
10736 reason contains a programmatic identifier indicating the reason for the condition's last transition.
10737 Producers of specific condition types may define expected values and meanings for this field,
10738 and whether the values are considered a guaranteed API.
10739 The value should be a CamelCase string.
10740 This field may not be empty.
10743 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10746 description: status of the condition, one of True, False, Unknown.
10753 description: type of condition in CamelCase or in foo.example.com/CamelCase.
10755 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10758 - lastTransitionTime
10765 observedGeneration:
10766 description: ObservedGeneration is the last observed generation.
10775 - additionalPrinterColumns:
10776 - jsonPath: .metadata.creationTimestamp
10779 - jsonPath: .status.conditions[?(@.type=="Ready")].status
10782 - jsonPath: .status.conditions[?(@.type=="Ready")].message
10786 deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3
10790 description: Alert is the Schema for the alerts API
10794 APIVersion defines the versioned schema of this representation of an object.
10795 Servers should convert recognized schemas to the latest internal value, and
10796 may reject unrecognized values.
10797 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
10801 Kind is a string value representing the REST resource this object represents.
10802 Servers may infer this from the endpoint the client submits requests to.
10805 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
10810 description: AlertSpec defines an alerting rule for events involving a
10814 additionalProperties:
10817 EventMetadata is an optional field for adding metadata to events dispatched by the
10818 controller. This can be used for enhancing the context of the event. If a field
10819 would override one already present on the original event as generated by the emitter,
10820 then the override doesn't happen, i.e. the original value is preserved, and an info
10826 EventSeverity specifies how to filter events based on severity.
10827 If set to 'info' no events will be filtered.
10834 EventSources specifies how to filter events based
10835 on the involved object kind, name and namespace.
10838 CrossNamespaceObjectReference contains enough information to let you locate the
10839 typed referenced object at cluster level
10842 description: API version of the referent
10845 description: Kind of the referent
10855 - ImageUpdateAutomation
10859 additionalProperties:
10862 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
10863 map is equivalent to an element of matchExpressions, whose key field is "key", the
10864 operator is "In", and the values array contains only "value". The requirements are ANDed.
10865 MatchLabels requires the name to be set to `*`.
10869 Name of the referent
10870 If multiple resources are targeted `*` may be set.
10875 description: Namespace of the referent
10886 ExclusionList specifies a list of Golang regular expressions
10887 to be used for excluding messages.
10893 InclusionList specifies a list of Golang regular expressions
10894 to be used for including messages.
10899 description: ProviderRef specifies which Provider this Alert should
10903 description: Name of the referent.
10909 description: Summary holds a short description of the impact and affected
10915 Suspend tells the controller to suspend subsequent
10916 events handling for this Alert.
10924 observedGeneration: -1
10925 description: AlertStatus defines the observed state of the Alert.
10928 description: Conditions holds the conditions for the Alert.
10930 description: Condition contains details for one aspect of the current
10931 state of this API Resource.
10933 lastTransitionTime:
10935 lastTransitionTime is the last time the condition transitioned from one status to another.
10936 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
10941 message is a human readable message indicating details about the transition.
10942 This may be an empty string.
10945 observedGeneration:
10947 observedGeneration represents the .metadata.generation that the condition was set based upon.
10948 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
10949 with respect to the current state of the instance.
10955 reason contains a programmatic identifier indicating the reason for the condition's last transition.
10956 Producers of specific condition types may define expected values and meanings for this field,
10957 and whether the values are considered a guaranteed API.
10958 The value should be a CamelCase string.
10959 This field may not be empty.
10962 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10965 description: status of the condition, one of True, False, Unknown.
10972 description: type of condition in CamelCase or in foo.example.com/CamelCase.
10974 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10977 - lastTransitionTime
10984 lastHandledReconcileAt:
10986 LastHandledReconcileAt holds the value of the most recent
10987 reconcile request value, so a change of the annotation value
10990 observedGeneration:
10991 description: ObservedGeneration is the last observed generation.
11000 - additionalPrinterColumns:
11001 - jsonPath: .metadata.creationTimestamp
11007 description: Alert is the Schema for the alerts API
11011 APIVersion defines the versioned schema of this representation of an object.
11012 Servers should convert recognized schemas to the latest internal value, and
11013 may reject unrecognized values.
11014 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11018 Kind is a string value representing the REST resource this object represents.
11019 Servers may infer this from the endpoint the client submits requests to.
11022 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11027 description: AlertSpec defines an alerting rule for events involving a
11031 additionalProperties:
11034 EventMetadata is an optional field for adding metadata to events dispatched by the
11035 controller. This can be used for enhancing the context of the event. If a field
11036 would override one already present on the original event as generated by the emitter,
11037 then the override doesn't happen, i.e. the original value is preserved, and an info
11043 EventSeverity specifies how to filter events based on severity.
11044 If set to 'info' no events will be filtered.
11051 EventSources specifies how to filter events based
11052 on the involved object kind, name and namespace.
11055 CrossNamespaceObjectReference contains enough information to let you locate the
11056 typed referenced object at cluster level
11059 description: API version of the referent
11062 description: Kind of the referent
11072 - ImageUpdateAutomation
11076 additionalProperties:
11079 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
11080 map is equivalent to an element of matchExpressions, whose key field is "key", the
11081 operator is "In", and the values array contains only "value". The requirements are ANDed.
11082 MatchLabels requires the name to be set to `*`.
11086 Name of the referent
11087 If multiple resources are targeted `*` may be set.
11092 description: Namespace of the referent
11103 ExclusionList specifies a list of Golang regular expressions
11104 to be used for excluding messages.
11110 InclusionList specifies a list of Golang regular expressions
11111 to be used for including messages.
11116 description: ProviderRef specifies which Provider this Alert should
11120 description: Name of the referent.
11126 description: Summary holds a short description of the impact and affected
11132 Suspend tells the controller to suspend subsequent
11133 events handling for this Alert.
11144 apiVersion: apiextensions.k8s.io/v1
11145 kind: CustomResourceDefinition
11148 controller-gen.kubebuilder.io/version: v0.16.1
11150 app.kubernetes.io/component: notification-controller
11151 app.kubernetes.io/instance: flux-system
11152 app.kubernetes.io/part-of: flux
11153 app.kubernetes.io/version: v2.4.0
11154 name: providers.notification.toolkit.fluxcd.io
11156 group: notification.toolkit.fluxcd.io
11159 listKind: ProviderList
11164 - additionalPrinterColumns:
11165 - jsonPath: .metadata.creationTimestamp
11168 - jsonPath: .status.conditions[?(@.type=="Ready")].status
11171 - jsonPath: .status.conditions[?(@.type=="Ready")].message
11175 deprecationWarning: v1beta1 Provider is deprecated, upgrade to v1beta3
11179 description: Provider is the Schema for the providers API
11183 APIVersion defines the versioned schema of this representation of an object.
11184 Servers should convert recognized schemas to the latest internal value, and
11185 may reject unrecognized values.
11186 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11190 Kind is a string value representing the REST resource this object represents.
11191 Servers may infer this from the endpoint the client submits requests to.
11194 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11199 description: ProviderSpec defines the desired state of Provider
11202 description: HTTP/S webhook address of this provider
11203 pattern: ^(http|https)://
11207 CertSecretRef can be given the name of a secret containing
11208 a PEM-encoded CA certificate (`caFile`)
11211 description: Name of the referent.
11217 description: Alert channel for this provider
11220 description: HTTP/S address of the proxy
11221 pattern: ^(http|https)://
11225 Secret reference containing the provider webhook URL
11226 using "address" as data key
11229 description: Name of the referent.
11236 This flag tells the controller to suspend subsequent events handling.
11240 description: Timeout for sending alerts to the provider.
11241 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
11244 description: Type of provider
11269 description: Bot username for this provider
11276 observedGeneration: -1
11277 description: ProviderStatus defines the observed state of Provider
11281 description: Condition contains details for one aspect of the current
11282 state of this API Resource.
11284 lastTransitionTime:
11286 lastTransitionTime is the last time the condition transitioned from one status to another.
11287 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
11292 message is a human readable message indicating details about the transition.
11293 This may be an empty string.
11296 observedGeneration:
11298 observedGeneration represents the .metadata.generation that the condition was set based upon.
11299 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
11300 with respect to the current state of the instance.
11306 reason contains a programmatic identifier indicating the reason for the condition's last transition.
11307 Producers of specific condition types may define expected values and meanings for this field,
11308 and whether the values are considered a guaranteed API.
11309 The value should be a CamelCase string.
11310 This field may not be empty.
11313 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11316 description: status of the condition, one of True, False, Unknown.
11323 description: type of condition in CamelCase or in foo.example.com/CamelCase.
11325 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11328 - lastTransitionTime
11335 observedGeneration:
11336 description: ObservedGeneration is the last reconciled generation.
11345 - additionalPrinterColumns:
11346 - jsonPath: .metadata.creationTimestamp
11349 - jsonPath: .status.conditions[?(@.type=="Ready")].status
11352 - jsonPath: .status.conditions[?(@.type=="Ready")].message
11356 deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3
11360 description: Provider is the Schema for the providers API.
11364 APIVersion defines the versioned schema of this representation of an object.
11365 Servers should convert recognized schemas to the latest internal value, and
11366 may reject unrecognized values.
11367 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11371 Kind is a string value representing the REST resource this object represents.
11372 Servers may infer this from the endpoint the client submits requests to.
11375 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11380 description: ProviderSpec defines the desired state of the Provider.
11384 Address specifies the endpoint, in a generic sense, to where alerts are sent.
11385 What kind of endpoint depends on the specific Provider type being used.
11386 For the generic Provider, for example, this is an HTTP/S address.
11387 For other Provider types this could be a project ID or a namespace.
11392 CertSecretRef specifies the Secret containing
11393 a PEM-encoded CA certificate (in the `ca.crt` key).
11395 Note: Support for the `caFile` key has
11399 description: Name of the referent.
11405 description: Channel specifies the destination channel where events
11410 description: Interval at which to reconcile the Provider with its
11412 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
11415 description: Proxy the HTTP/S address of the proxy server.
11417 pattern: ^(http|https)://.*$
11421 SecretRef specifies the Secret containing the authentication
11422 credentials for this Provider.
11425 description: Name of the referent.
11432 Suspend tells the controller to suspend subsequent
11433 events handling for this Provider.
11436 description: Timeout for sending alerts to the Provider.
11437 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
11440 description: Type specifies which Provider implementation to use.
11470 description: Username specifies the name under which events are posted.
11478 observedGeneration: -1
11479 description: ProviderStatus defines the observed state of the Provider.
11482 description: Conditions holds the conditions for the Provider.
11484 description: Condition contains details for one aspect of the current
11485 state of this API Resource.
11487 lastTransitionTime:
11489 lastTransitionTime is the last time the condition transitioned from one status to another.
11490 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
11495 message is a human readable message indicating details about the transition.
11496 This may be an empty string.
11499 observedGeneration:
11501 observedGeneration represents the .metadata.generation that the condition was set based upon.
11502 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
11503 with respect to the current state of the instance.
11509 reason contains a programmatic identifier indicating the reason for the condition's last transition.
11510 Producers of specific condition types may define expected values and meanings for this field,
11511 and whether the values are considered a guaranteed API.
11512 The value should be a CamelCase string.
11513 This field may not be empty.
11516 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11519 description: status of the condition, one of True, False, Unknown.
11526 description: type of condition in CamelCase or in foo.example.com/CamelCase.
11528 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11531 - lastTransitionTime
11538 lastHandledReconcileAt:
11540 LastHandledReconcileAt holds the value of the most recent
11541 reconcile request value, so a change of the annotation value
11544 observedGeneration:
11545 description: ObservedGeneration is the last reconciled generation.
11554 - additionalPrinterColumns:
11555 - jsonPath: .metadata.creationTimestamp
11561 description: Provider is the Schema for the providers API
11565 APIVersion defines the versioned schema of this representation of an object.
11566 Servers should convert recognized schemas to the latest internal value, and
11567 may reject unrecognized values.
11568 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11572 Kind is a string value representing the REST resource this object represents.
11573 Servers may infer this from the endpoint the client submits requests to.
11576 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11581 description: ProviderSpec defines the desired state of the Provider.
11585 Address specifies the endpoint, in a generic sense, to where alerts are sent.
11586 What kind of endpoint depends on the specific Provider type being used.
11587 For the generic Provider, for example, this is an HTTP/S address.
11588 For other Provider types this could be a project ID or a namespace.
11593 CertSecretRef specifies the Secret containing
11594 a PEM-encoded CA certificate (in the `ca.crt` key).
11596 Note: Support for the `caFile` key has
11600 description: Name of the referent.
11606 description: Channel specifies the destination channel where events
11612 Interval at which to reconcile the Provider with its Secret references.
11613 Deprecated and not used in v1beta3.
11614 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
11617 description: Proxy the HTTP/S address of the proxy server.
11619 pattern: ^(http|https)://.*$
11623 SecretRef specifies the Secret containing the authentication
11624 credentials for this Provider.
11627 description: Name of the referent.
11634 Suspend tells the controller to suspend subsequent
11635 events handling for this Provider.
11638 description: Timeout for sending alerts to the Provider.
11639 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
11642 description: Type specifies which Provider implementation to use.
11673 description: Username specifies the name under which events are posted.
11684 apiVersion: apiextensions.k8s.io/v1
11685 kind: CustomResourceDefinition
11688 controller-gen.kubebuilder.io/version: v0.16.1
11690 app.kubernetes.io/component: notification-controller
11691 app.kubernetes.io/instance: flux-system
11692 app.kubernetes.io/part-of: flux
11693 app.kubernetes.io/version: v2.4.0
11694 name: receivers.notification.toolkit.fluxcd.io
11696 group: notification.toolkit.fluxcd.io
11699 listKind: ReceiverList
11704 - additionalPrinterColumns:
11705 - jsonPath: .metadata.creationTimestamp
11708 - jsonPath: .status.conditions[?(@.type=="Ready")].status
11711 - jsonPath: .status.conditions[?(@.type=="Ready")].message
11717 description: Receiver is the Schema for the receivers API.
11721 APIVersion defines the versioned schema of this representation of an object.
11722 Servers should convert recognized schemas to the latest internal value, and
11723 may reject unrecognized values.
11724 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11728 Kind is a string value representing the REST resource this object represents.
11729 Servers may infer this from the endpoint the client submits requests to.
11732 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11737 description: ReceiverSpec defines the desired state of the Receiver.
11741 Events specifies the list of event types to handle,
11742 e.g. 'push' for GitHub or 'Push Hook' for GitLab.
11748 description: Interval at which to reconcile the Receiver with its
11750 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
11753 description: A list of resources to be notified about changes.
11756 CrossNamespaceObjectReference contains enough information to let you locate the
11757 typed referenced object at cluster level
11760 description: API version of the referent
11763 description: Kind of the referent
11773 - ImageUpdateAutomation
11777 additionalProperties:
11780 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
11781 map is equivalent to an element of matchExpressions, whose key field is "key", the
11782 operator is "In", and the values array contains only "value". The requirements are ANDed.
11783 MatchLabels requires the name to be set to `*`.
11787 Name of the referent
11788 If multiple resources are targeted `*` may be set.
11793 description: Namespace of the referent
11804 SecretRef specifies the Secret containing the token used
11805 to validate the payload authenticity.
11808 description: Name of the referent.
11815 Suspend tells the controller to suspend subsequent
11816 events handling for this receiver.
11820 Type of webhook sender, used to determine
11821 the validation procedure and payload deserialization.
11843 observedGeneration: -1
11844 description: ReceiverStatus defines the observed state of the Receiver.
11847 description: Conditions holds the conditions for the Receiver.
11849 description: Condition contains details for one aspect of the current
11850 state of this API Resource.
11852 lastTransitionTime:
11854 lastTransitionTime is the last time the condition transitioned from one status to another.
11855 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
11860 message is a human readable message indicating details about the transition.
11861 This may be an empty string.
11864 observedGeneration:
11866 observedGeneration represents the .metadata.generation that the condition was set based upon.
11867 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
11868 with respect to the current state of the instance.
11874 reason contains a programmatic identifier indicating the reason for the condition's last transition.
11875 Producers of specific condition types may define expected values and meanings for this field,
11876 and whether the values are considered a guaranteed API.
11877 The value should be a CamelCase string.
11878 This field may not be empty.
11881 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11884 description: status of the condition, one of True, False, Unknown.
11891 description: type of condition in CamelCase or in foo.example.com/CamelCase.
11893 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11896 - lastTransitionTime
11903 lastHandledReconcileAt:
11905 LastHandledReconcileAt holds the value of the most recent
11906 reconcile request value, so a change of the annotation value
11909 observedGeneration:
11910 description: ObservedGeneration is the last observed generation of
11911 the Receiver object.
11916 WebhookPath is the generated incoming webhook address in the format
11917 of '/hook/sha256sum(token+name+namespace)'.
11925 - additionalPrinterColumns:
11926 - jsonPath: .metadata.creationTimestamp
11929 - jsonPath: .status.conditions[?(@.type=="Ready")].status
11932 - jsonPath: .status.conditions[?(@.type=="Ready")].message
11936 deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1
11940 description: Receiver is the Schema for the receivers API
11944 APIVersion defines the versioned schema of this representation of an object.
11945 Servers should convert recognized schemas to the latest internal value, and
11946 may reject unrecognized values.
11947 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
11951 Kind is a string value representing the REST resource this object represents.
11952 Servers may infer this from the endpoint the client submits requests to.
11955 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
11960 description: ReceiverSpec defines the desired state of Receiver
11964 A list of events to handle,
11965 e.g. 'push' for GitHub or 'Push Hook' for GitLab.
11970 description: A list of resources to be notified about changes.
11973 CrossNamespaceObjectReference contains enough information to let you locate the
11974 typed referenced object at cluster level
11977 description: API version of the referent
11980 description: Kind of the referent
11990 - ImageUpdateAutomation
11994 additionalProperties:
11997 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
11998 map is equivalent to an element of matchExpressions, whose key field is "key", the
11999 operator is "In", and the values array contains only "value". The requirements are ANDed.
12002 description: Name of the referent
12007 description: Namespace of the referent
12018 Secret reference containing the token used
12019 to validate the payload authenticity
12022 description: Name of the referent.
12029 This flag tells the controller to suspend subsequent events handling.
12034 Type of webhook sender, used to determine
12035 the validation procedure and payload deserialization.
12056 observedGeneration: -1
12057 description: ReceiverStatus defines the observed state of Receiver
12061 description: Condition contains details for one aspect of the current
12062 state of this API Resource.
12064 lastTransitionTime:
12066 lastTransitionTime is the last time the condition transitioned from one status to another.
12067 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
12072 message is a human readable message indicating details about the transition.
12073 This may be an empty string.
12076 observedGeneration:
12078 observedGeneration represents the .metadata.generation that the condition was set based upon.
12079 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
12080 with respect to the current state of the instance.
12086 reason contains a programmatic identifier indicating the reason for the condition's last transition.
12087 Producers of specific condition types may define expected values and meanings for this field,
12088 and whether the values are considered a guaranteed API.
12089 The value should be a CamelCase string.
12090 This field may not be empty.
12093 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
12096 description: status of the condition, one of True, False, Unknown.
12103 description: type of condition in CamelCase or in foo.example.com/CamelCase.
12105 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
12108 - lastTransitionTime
12115 observedGeneration:
12116 description: ObservedGeneration is the last observed generation.
12121 Generated webhook URL in the format
12122 of '/hook/sha256sum(token+name+namespace)'.
12130 - additionalPrinterColumns:
12131 - jsonPath: .metadata.creationTimestamp
12134 - jsonPath: .status.conditions[?(@.type=="Ready")].status
12137 - jsonPath: .status.conditions[?(@.type=="Ready")].message
12141 deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1
12145 description: Receiver is the Schema for the receivers API.
12149 APIVersion defines the versioned schema of this representation of an object.
12150 Servers should convert recognized schemas to the latest internal value, and
12151 may reject unrecognized values.
12152 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
12156 Kind is a string value representing the REST resource this object represents.
12157 Servers may infer this from the endpoint the client submits requests to.
12160 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
12165 description: ReceiverSpec defines the desired state of the Receiver.
12169 Events specifies the list of event types to handle,
12170 e.g. 'push' for GitHub or 'Push Hook' for GitLab.
12175 description: Interval at which to reconcile the Receiver with its
12177 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
12180 description: A list of resources to be notified about changes.
12183 CrossNamespaceObjectReference contains enough information to let you locate the
12184 typed referenced object at cluster level
12187 description: API version of the referent
12190 description: Kind of the referent
12200 - ImageUpdateAutomation
12204 additionalProperties:
12207 MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
12208 map is equivalent to an element of matchExpressions, whose key field is "key", the
12209 operator is "In", and the values array contains only "value". The requirements are ANDed.
12210 MatchLabels requires the name to be set to `*`.
12214 Name of the referent
12215 If multiple resources are targeted `*` may be set.
12220 description: Namespace of the referent
12231 SecretRef specifies the Secret containing the token used
12232 to validate the payload authenticity.
12235 description: Name of the referent.
12242 Suspend tells the controller to suspend subsequent
12243 events handling for this receiver.
12247 Type of webhook sender, used to determine
12248 the validation procedure and payload deserialization.
12269 observedGeneration: -1
12270 description: ReceiverStatus defines the observed state of the Receiver.
12273 description: Conditions holds the conditions for the Receiver.
12275 description: Condition contains details for one aspect of the current
12276 state of this API Resource.
12278 lastTransitionTime:
12280 lastTransitionTime is the last time the condition transitioned from one status to another.
12281 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
12286 message is a human readable message indicating details about the transition.
12287 This may be an empty string.
12290 observedGeneration:
12292 observedGeneration represents the .metadata.generation that the condition was set based upon.
12293 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
12294 with respect to the current state of the instance.
12300 reason contains a programmatic identifier indicating the reason for the condition's last transition.
12301 Producers of specific condition types may define expected values and meanings for this field,
12302 and whether the values are considered a guaranteed API.
12303 The value should be a CamelCase string.
12304 This field may not be empty.
12307 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
12310 description: status of the condition, one of True, False, Unknown.
12317 description: type of condition in CamelCase or in foo.example.com/CamelCase.
12319 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
12322 - lastTransitionTime
12329 lastHandledReconcileAt:
12331 LastHandledReconcileAt holds the value of the most recent
12332 reconcile request value, so a change of the annotation value
12335 observedGeneration:
12336 description: ObservedGeneration is the last observed generation of
12337 the Receiver object.
12342 URL is the generated incoming webhook address in the format
12343 of '/hook/sha256sum(token+name+namespace)'.
12344 Deprecated: Replaced by WebhookPath.
12348 WebhookPath is the generated incoming webhook address in the format
12349 of '/hook/sha256sum(token+name+namespace)'.
12359 kind: ServiceAccount
12362 app.kubernetes.io/component: notification-controller
12363 app.kubernetes.io/instance: flux-system
12364 app.kubernetes.io/part-of: flux
12365 app.kubernetes.io/version: v2.4.0
12366 name: notification-controller
12367 namespace: flux-system
12373 app.kubernetes.io/component: notification-controller
12374 app.kubernetes.io/instance: flux-system
12375 app.kubernetes.io/part-of: flux
12376 app.kubernetes.io/version: v2.4.0
12377 control-plane: controller
12378 name: notification-controller
12379 namespace: flux-system
12387 app: notification-controller
12394 app.kubernetes.io/component: notification-controller
12395 app.kubernetes.io/instance: flux-system
12396 app.kubernetes.io/part-of: flux
12397 app.kubernetes.io/version: v2.4.0
12398 control-plane: controller
12399 name: webhook-receiver
12400 namespace: flux-system
12406 targetPort: http-webhook
12408 app: notification-controller
12411 apiVersion: apps/v1
12415 app.kubernetes.io/component: notification-controller
12416 app.kubernetes.io/instance: flux-system
12417 app.kubernetes.io/part-of: flux
12418 app.kubernetes.io/version: v2.4.0
12419 control-plane: controller
12420 name: notification-controller
12421 namespace: flux-system
12426 app: notification-controller
12430 prometheus.io/port: "8080"
12431 prometheus.io/scrape: "true"
12433 app: notification-controller
12437 - --watch-all-namespaces=true
12439 - --log-encoding=json
12440 - --enable-leader-election
12442 - name: RUNTIME_NAMESPACE
12445 fieldPath: metadata.namespace
12449 containerName: manager
12450 resource: limits.cpu
12454 containerName: manager
12455 resource: limits.memory
12456 image: ghcr.io/fluxcd/notification-controller:v1.4.0
12457 imagePullPolicy: IfNotPresent
12464 - containerPort: 9090
12467 - containerPort: 9292
12470 - containerPort: 8080
12473 - containerPort: 9440
12488 allowPrivilegeEscalation: false
12492 readOnlyRootFilesystem: true
12495 type: RuntimeDefault
12500 kubernetes.io/os: linux
12503 serviceAccountName: notification-controller
12504 terminationGracePeriodSeconds: 10
projects / osm / devops.git / blob