description:Bucket is the Schema for the buckets API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:BucketSpec defines the desired state of an S3 compatible
bucket
properties:
accessFrom:
description:AccessFrom defines an Access Control List for allowing
cross-namespace references to this object.
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
bucketName:
description:The bucket name.
type:string
endpoint:
description:The bucket endpoint address.
type:string
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
insecure:
description:Insecure allows connecting to a non-TLS S3 HTTP endpoint.
type:boolean
interval:
description:The interval at which to check for bucket updates.
description:Bucket is the Schema for the buckets API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:BucketSpec specifies the required configuration to produce
an Artifact for an object storage bucket.
properties:
accessFrom:
description:'AccessFrom specifies an Access Control List for allowing
cross-namespace references to this object. NOTE:Not implemented,
provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
bucketName:
description:BucketName is the name of the object storage bucket.
type:string
endpoint:
description:Endpoint is the object storage address the BucketName
is located at.
type:string
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
insecure:
description:Insecure allows connecting to a non-TLS HTTP Endpoint.
type:boolean
interval:
description:Interval at which the Bucket Endpoint is checked for
updates. This interval is approximate and may be subject to jitter
to ensure efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
prefix:
description:Prefix to use for server-side filtering of files in the
Bucket.
type:string
provider:
default:generic
description:Provider of the object storage bucket. Defaults to 'generic',
which expects an S3 (API) compatible object storage.
enum:
- generic
- aws
- gcp
- azure
type:string
region:
description:Region of the Endpoint where the BucketName is located
in.
type:string
secretRef:
description:SecretRef specifies the Secret containing authentication
credentials for the Bucket.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend the reconciliation
of this Bucket.
type:boolean
timeout:
default:60s
description:Timeout for fetch operations, defaults to 60s.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
required:
- bucketName
- endpoint
- interval
type:object
status:
default:
observedGeneration:-1
description:BucketStatus records the observed state of a Bucket.
properties:
artifact:
description:Artifact represents the last successful Bucket reconciliation.
properties:
digest:
description:Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
description:GitRepository is the Schema for the gitrepositories API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:GitRepositorySpec specifies the required configuration to
produce an Artifact for a Git repository.
properties:
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
include:
description:Include specifies a list of GitRepository resources which
Artifacts should be included in the Artifact produced for this GitRepository.
items:
description:GitRepositoryInclude specifies a local reference to
a GitRepository which Artifact (sub-)contents must be included,
and where they should be placed.
properties:
fromPath:
description:FromPath specifies the path to copy contents from,
defaults to the root of the Artifact.
type:string
repository:
description:GitRepositoryRef specifies the GitRepository which
Artifact contents must be included.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
toPath:
description:ToPath specifies the path to copy contents to,
defaults to the name of the GitRepositoryRef.
type:string
required:
- repository
type:object
type:array
interval:
description:Interval at which the GitRepository URL is checked for
updates. This interval is approximate and may be subject to jitter
to ensure efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
proxySecretRef:
description:ProxySecretRef specifies the Secret containing the proxy
configuration to use while communicating with the Git server.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
recurseSubmodules:
description:RecurseSubmodules enables the initialization of all submodules
within the GitRepository as cloned from the URL, using their default
settings.
type:boolean
ref:
description:Reference specifies the Git reference to resolve and
monitor for changes, defaults to the 'master' branch.
properties:
branch:
description:Branch to check out, defaults to 'master' if no other
field is defined.
type:string
commit:
description:"Commit SHA to check out, takes precedence over all
reference fields. \n This can be combined with Branch to shallow
clone the branch, in which the commit is expected to exist."
type:string
name:
description:"Name of the reference to check out; takes precedence
over Branch, Tag and SemVer. \n It must be a valid Git reference:
deprecationWarning:v1beta1 GitRepository is deprecated, upgrade to v1
name:v1beta1
schema:
openAPIV3Schema:
description:GitRepository is the Schema for the gitrepositories API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:GitRepositorySpec defines the desired state of a Git repository.
properties:
accessFrom:
description:AccessFrom defines an Access Control List for allowing
cross-namespace references to this object.
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
gitImplementation:
default:go-git
description:Determines which git client library to use. Defaults
to go-git, valid values are ('go-git', 'libgit2').
enum:
- go-git
- libgit2
type:string
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
include:
description:Extra git repositories to map into the repository
items:
description:GitRepositoryInclude defines a source with a from and
to path.
properties:
fromPath:
description:The path to copy contents from, defaults to the
root directory.
type:string
repository:
description:Reference to a GitRepository to include.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
toPath:
description:The path to copy contents to, defaults to the name
of the source ref.
type:string
required:
- repository
type:object
type:array
interval:
description:The interval at which to check for repository updates.
type:string
recurseSubmodules:
description:When enabled, after the clone is created, initializes
all submodules within, using their default settings. This option
is available only when using the 'go-git' GitImplementation.
type:boolean
ref:
description:The Git reference to checkout and monitor for changes,
defaults to master branch.
properties:
branch:
description:The Git branch to checkout, defaults to master.
type:string
commit:
description:The Git commit SHA to checkout, if specified Tag
filters will be ignored.
type:string
semver:
description:The Git tag semver expression, takes precedence over
Tag.
type:string
tag:
description:The Git tag to checkout, takes precedence over Branch.
type:string
type:object
secretRef:
description:The secret name containing the Git credentials. For HTTPS
repositories the secret must contain username and password fields.
For SSH repositories the secret must contain identity and known_hosts
fields.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:This flag tells the controller to suspend the reconciliation
of this source.
type:boolean
timeout:
default:60s
description:The timeout for remote Git operations like cloning, defaults
to 60s.
type:string
url:
description:The repository URL, can be a HTTP/S or SSH address.
pattern:^(http|https|ssh)://.*$
type:string
verify:
description:Verify OpenPGP signature for the Git commit HEAD points
to.
properties:
mode:
description:Mode describes what git object should be verified,
currently ('head').
enum:
- head
type:string
secretRef:
description:The secret name containing the public keys of all
trusted Git authors.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- mode
type:object
required:
- interval
- url
type:object
status:
default:
observedGeneration:-1
description:GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
description:Artifact represents the output of the last successful
repository sync.
properties:
checksum:
description:Checksum is the SHA256 checksum of the artifact.
type:string
lastUpdateTime:
description:LastUpdateTime is the timestamp corresponding to
the last update of this artifact.
format:date-time
type:string
path:
description:Path is the relative file path of this artifact.
type:string
revision:
description:Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
tag, a Helm index timestamp, a Helm chart version, etc.
type:string
url:
description:URL is the HTTP address of this artifact.
type:string
required:
- path
- url
type:object
conditions:
description:Conditions holds the conditions for the GitRepository.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
deprecationWarning:v1beta2 GitRepository is deprecated, upgrade to v1
name:v1beta2
schema:
openAPIV3Schema:
description:GitRepository is the Schema for the gitrepositories API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:GitRepositorySpec specifies the required configuration to
produce an Artifact for a Git repository.
properties:
accessFrom:
description:'AccessFrom specifies an Access Control List for allowing
cross-namespace references to this object. NOTE:Not implemented,
provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
gitImplementation:
default:go-git
description:'GitImplementation specifies which Git client library
implementation to use. Defaults to ''go-git'', valid values are
(''go-git'', ''libgit2''). Deprecated:gitImplementation is deprecated
now that ''go-git'' is the only supported implementation.'
enum:
- go-git
- libgit2
type:string
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
include:
description:Include specifies a list of GitRepository resources which
Artifacts should be included in the Artifact produced for this GitRepository.
items:
description:GitRepositoryInclude specifies a local reference to
a GitRepository which Artifact (sub-)contents must be included,
and where they should be placed.
properties:
fromPath:
description:FromPath specifies the path to copy contents from,
defaults to the root of the Artifact.
type:string
repository:
description:GitRepositoryRef specifies the GitRepository which
Artifact contents must be included.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
toPath:
description:ToPath specifies the path to copy contents to,
defaults to the name of the GitRepositoryRef.
type:string
required:
- repository
type:object
type:array
interval:
description:Interval at which to check the GitRepository for updates.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
recurseSubmodules:
description:RecurseSubmodules enables the initialization of all submodules
within the GitRepository as cloned from the URL, using their default
settings.
type:boolean
ref:
description:Reference specifies the Git reference to resolve and
monitor for changes, defaults to the 'master' branch.
properties:
branch:
description:Branch to check out, defaults to 'master' if no other
field is defined.
type:string
commit:
description:"Commit SHA to check out, takes precedence over all
reference fields. \n This can be combined with Branch to shallow
clone the branch, in which the commit is expected to exist."
type:string
name:
description:"Name of the reference to check out; takes precedence
over Branch, Tag and SemVer. \n It must be a valid Git reference:
description:HelmChart is the Schema for the helmcharts API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmChartSpec defines the desired state of a Helm chart.
properties:
accessFrom:
description:AccessFrom defines an Access Control List for allowing
cross-namespace references to this object.
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
chart:
description:The name or path the Helm chart is available at in the
SourceRef.
type:string
interval:
description:The interval at which to check the Source for updates.
type:string
reconcileStrategy:
default:ChartVersion
description:Determines what enables the creation of a new artifact.
Valid values are ('ChartVersion', 'Revision'). See the documentation
of the values for an explanation on their behavior. Defaults to
ChartVersion when omitted.
enum:
- ChartVersion
- Revision
type:string
sourceRef:
description:The reference to the Source the chart is available at.
properties:
apiVersion:
description:APIVersion of the referent.
type:string
kind:
description:Kind of the referent, valid values are ('HelmRepository',
'GitRepository','Bucket').
enum:
- HelmRepository
- GitRepository
- Bucket
type:string
name:
description:Name of the referent.
type:string
required:
- kind
- name
type:object
suspend:
description:This flag tells the controller to suspend the reconciliation
of this source.
type:boolean
valuesFile:
description:Alternative values file to use as the default chart values,
expected to be a relative path in the SourceRef. Deprecated in favor
of ValuesFiles, for backwards compatibility the file defined here
is merged before the ValuesFiles items. Ignored when omitted.
type:string
valuesFiles:
description:Alternative list of values files to use as the chart
values (values.yaml is not included by default), expected to be
a relative path in the SourceRef. Values files are merged in the
order of this list with the last file overriding the first. Ignored
when omitted.
items:
type:string
type:array
version:
default:'*'
description:The chart version semver expression, ignored for charts
from GitRepository and Bucket sources. Defaults to latest when omitted.
type:string
required:
- chart
- interval
- sourceRef
type:object
status:
default:
observedGeneration:-1
description:HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
description:Artifact represents the output of the last successful
chart sync.
properties:
checksum:
description:Checksum is the SHA256 checksum of the artifact.
type:string
lastUpdateTime:
description:LastUpdateTime is the timestamp corresponding to
the last update of this artifact.
format:date-time
type:string
path:
description:Path is the relative file path of this artifact.
type:string
revision:
description:Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
tag, a Helm index timestamp, a Helm chart version, etc.
type:string
url:
description:URL is the HTTP address of this artifact.
type:string
required:
- path
- url
type:object
conditions:
description:Conditions holds the conditions for the HelmChart.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
description:HelmChart is the Schema for the helmcharts API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmChartSpec specifies the desired state of a Helm chart.
properties:
accessFrom:
description:'AccessFrom specifies an Access Control List for allowing
cross-namespace references to this object. NOTE:Not implemented,
provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
chart:
description:Chart is the name or path the Helm chart is available
at in the SourceRef.
type:string
interval:
description:Interval at which the HelmChart SourceRef is checked
for updates. This interval is approximate and may be subject to
jitter to ensure efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
reconcileStrategy:
default:ChartVersion
description:ReconcileStrategy determines what enables the creation
of a new artifact. Valid values are ('ChartVersion', 'Revision').
See the documentation of the values for an explanation on their
behavior. Defaults to ChartVersion when omitted.
enum:
- ChartVersion
- Revision
type:string
sourceRef:
description:SourceRef is the reference to the Source the chart is
available at.
properties:
apiVersion:
description:APIVersion of the referent.
type:string
kind:
description:Kind of the referent, valid values are ('HelmRepository',
'GitRepository','Bucket').
enum:
- HelmRepository
- GitRepository
- Bucket
type:string
name:
description:Name of the referent.
type:string
required:
- kind
- name
type:object
suspend:
description:Suspend tells the controller to suspend the reconciliation
of this source.
type:boolean
valuesFile:
description:ValuesFile is an alternative values file to use as the
default chart values, expected to be a relative path in the SourceRef.
Deprecated in favor of ValuesFiles, for backwards compatibility
the file specified here is merged before the ValuesFiles items.
Ignored when omitted.
type:string
valuesFiles:
description:ValuesFiles is an alternative list of values files to
use as the chart values (values.yaml is not included by default),
expected to be a relative path in the SourceRef. Values files are
merged in the order of this list with the last file overriding the
first. Ignored when omitted.
items:
type:string
type:array
verify:
description:Verify contains the secret name containing the trusted
public keys used to verify the signature and specifies which provider
to use to check whether OCI image is authentic. This field is only
supported when using HelmRepository source with spec.type 'oci'.
Chart dependencies, which are not bundled in the umbrella chart
artifact, are not verified.
properties:
matchOIDCIdentity:
description:MatchOIDCIdentity specifies the identity matching
criteria to use while verifying an OCI artifact which was signed
using Cosign keyless signing. The artifact's identity is deemed
to be verified if any of the specified matchers match against
the identity.
items:
description:OIDCIdentityMatch specifies options for verifying
the certificate identity, i.e. the issuer and the subject
of the certificate.
properties:
issuer:
description:Issuer specifies the regex pattern to match
against to verify the OIDC issuer in the Fulcio certificate.
The pattern must be a valid Go regular expression.
type:string
subject:
description:Subject specifies the regex pattern to match
against to verify the identity subject in the Fulcio certificate.
The pattern must be a valid Go regular expression.
type:string
required:
- issuer
- subject
type:object
type:array
provider:
default:cosign
description:Provider specifies the technology used to sign the
OCI Artifact.
enum:
- cosign
type:string
secretRef:
description:SecretRef specifies the Kubernetes Secret containing
the trusted public keys.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- provider
type:object
version:
default:'*'
description:Version is the chart version semver expression, ignored
for charts from GitRepository and Bucket sources. Defaults to latest
when omitted.
type:string
required:
- chart
- interval
- sourceRef
type:object
status:
default:
observedGeneration:-1
description:HelmChartStatus records the observed state of the HelmChart.
properties:
artifact:
description:Artifact represents the output of the last successful
reconciliation.
properties:
digest:
description:Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
description:HelmRepository is the Schema for the helmrepositories API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmRepositorySpec defines the reference to a Helm repository.
properties:
accessFrom:
description:AccessFrom defines an Access Control List for allowing
cross-namespace references to this object.
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
interval:
description:The interval at which to check the upstream for updates.
type:string
passCredentials:
description:PassCredentials allows the credentials from the SecretRef
to be passed on to a host that does not match the host as defined
in URL. This may be required if the host of the advertised chart
URLs in the index differ from the defined URL. Enabling this should
be done with caution, as it can potentially result in credentials
getting stolen in a MITM-attack.
type:boolean
secretRef:
description:The name of the secret containing authentication credentials
for the Helm repository. For HTTP/S basic auth the secret must contain
username and password fields. For TLS the secret must contain a
certFile and keyFile, and/or caFile fields.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:This flag tells the controller to suspend the reconciliation
of this source.
type:boolean
timeout:
default:60s
description:The timeout of index downloading, defaults to 60s.
type:string
url:
description:The Helm repository URL, a valid URL contains at least
a protocol and host.
type:string
required:
- interval
- url
type:object
status:
default:
observedGeneration:-1
description:HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
description:Artifact represents the output of the last successful
repository sync.
properties:
checksum:
description:Checksum is the SHA256 checksum of the artifact.
type:string
lastUpdateTime:
description:LastUpdateTime is the timestamp corresponding to
the last update of this artifact.
format:date-time
type:string
path:
description:Path is the relative file path of this artifact.
type:string
revision:
description:Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
tag, a Helm index timestamp, a Helm chart version, etc.
type:string
url:
description:URL is the HTTP address of this artifact.
type:string
required:
- path
- url
type:object
conditions:
description:Conditions holds the conditions for the HelmRepository.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
description:HelmRepository is the Schema for the helmrepositories API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmRepositorySpec specifies the required configuration to
produce an Artifact for a Helm repository index YAML.
properties:
accessFrom:
description:'AccessFrom specifies an Access Control List for allowing
cross-namespace references to this object. NOTE:Not implemented,
provisional as of https://github.com/fluxcd/flux2/pull/2092'
properties:
namespaceSelectors:
description:NamespaceSelectors is the list of namespace selectors
to which this ACL applies. Items in this list are evaluated
using a logical OR operation.
items:
description:NamespaceSelector selects the namespaces to which
this ACL applies. An empty map of MatchLabels matches all
namespaces in a cluster.
properties:
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key",the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type:object
type:object
type:array
required:
- namespaceSelectors
type:object
certSecretRef:
description:"CertSecretRef can be given the name of a Secret containing
either or both of \n - a PEM-encoded client certificate (`tls.crt`)
and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
\n and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are authenticating
with a certificate; the CA cert is useful if you are using a self-signed
server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
\n It takes precedence over the values specified in the Secret referred
to by `.spec.secretRef`."
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
insecure:
description:Insecure allows connecting to a non-TLS HTTP container
registry. This field is only taken into account if the .spec.type
field is set to 'oci'.
type:boolean
interval:
description:Interval at which the HelmRepository URL is checked for
updates. This interval is approximate and may be subject to jitter
to ensure efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
passCredentials:
description:PassCredentials allows the credentials from the SecretRef
to be passed on to a host that does not match the host as defined
in URL. This may be required if the host of the advertised chart
URLs in the index differ from the defined URL. Enabling this should
be done with caution, as it can potentially result in credentials
getting stolen in a MITM-attack.
type:boolean
provider:
default:generic
description:Provider used for authentication, can be 'aws', 'azure',
'gcp'or 'generic'. This field is optional, and only taken into
account if the .spec.type field is set to 'oci'. When not specified,
defaults to 'generic'.
enum:
- generic
- aws
- azure
- gcp
type:string
secretRef:
description:SecretRef specifies the Secret containing authentication
credentials for the HelmRepository. For HTTP/S basic auth the secret
must contain 'username' and 'password' fields. Support for TLS auth
using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated.
Please use `.spec.certSecretRef` instead.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend the reconciliation
of this HelmRepository.
type:boolean
timeout:
description:Timeout is used for the index fetch operation for an
HTTPS helm repository, and for remote OCI Repository operations
like pulling for an OCI helm chart by the associated HelmChart.
Its default value is 60s.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
type:
description:Type of the HelmRepository. When this field is set to "oci",
the URL field value must be prefixed with "oci://".
enum:
- default
- oci
type:string
url:
description:URL of the Helm repository, a valid URL contains at least
a protocol and host.
pattern:^(http|https|oci)://.*$
type:string
required:
- url
type:object
status:
default:
observedGeneration:-1
description:HelmRepositoryStatus records the observed state of the HelmRepository.
properties:
artifact:
description:Artifact represents the last successful HelmRepository
reconciliation.
properties:
digest:
description:Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
description:OCIRepository is the Schema for the ocirepositories API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:OCIRepositorySpec defines the desired state of OCIRepository
properties:
certSecretRef:
description:"CertSecretRef can be given the name of a Secret containing
either or both of \n - a PEM-encoded client certificate (`tls.crt`)
and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`)
\n and whichever are supplied, will be used for connecting to the
registry. The client cert and key are useful if you are authenticating
with a certificate; the CA cert is useful if you are using a self-signed
server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
\n Note:Support for the `caFile`, `certFile` and `keyFile` keys
have been deprecated."
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
ignore:
description:Ignore overrides the set of excluded patterns in the
.sourceignore format (which is the same as .gitignore). If not provided,
a default will be used, consult the documentation for your version
to find out what those are.
type:string
insecure:
description:Insecure allows connecting to a non-TLS HTTP container
registry.
type:boolean
interval:
description:Interval at which the OCIRepository URL is checked for
updates. This interval is approximate and may be subject to jitter
to ensure efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
layerSelector:
description:LayerSelector specifies which layer should be extracted
from the OCI artifact. When not specified, the first layer found
in the artifact is selected.
properties:
mediaType:
description:MediaType specifies the OCI media type of the layer
which should be extracted from the OCI Artifact. The first layer
matching this type is selected.
type:string
operation:
description:Operation specifies how the selected layer should
be processed. By default, the layer compressed content is extracted
to storage. When the operation is set to 'copy', the layer compressed
content is persisted to storage as it is.
enum:
- extract
- copy
type:string
type:object
provider:
default:generic
description:The provider used for authentication, can be 'aws', 'azure',
'gcp'or 'generic'. When not specified, defaults to 'generic'.
enum:
- generic
- aws
- azure
- gcp
type:string
ref:
description:The OCI reference to pull and monitor for changes, defaults
to the latest tag.
properties:
digest:
description:Digest is the image digest to pull, takes precedence
over SemVer. The value should be in the format 'sha256:<HASH>'.
type:string
semver:
description:SemVer is the range of tags to pull selecting the
latest within the range, takes precedence over Tag.
type:string
tag:
description:Tag is the image tag to pull, defaults to latest.
type:string
type:object
secretRef:
description:SecretRef contains the secret name containing the registry
login credentials to resolve image metadata. The secret must be
of type kubernetes.io/dockerconfigjson.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
serviceAccountName:
description:'ServiceAccountName is the name of the Kubernetes ServiceAccount
used to authenticate the image pull if the service account has attached
pull secrets. For more information:https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
type:string
suspend:
description:This flag tells the controller to suspend the reconciliation
of this source.
type:boolean
timeout:
default:60s
description:The timeout for remote OCI Repository operations like
pulling, defaults to 60s.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
url:
description:URL is a reference to an OCI artifact repository hosted
ona remote container registry.
pattern:^oci://.*$
type:string
verify:
description:Verify contains the secret name containing the trusted
public keys used to verify the signature and specifies which provider
to use to check whether OCI image is authentic.
properties:
matchOIDCIdentity:
description:MatchOIDCIdentity specifies the identity matching
criteria to use while verifying an OCI artifact which was signed
using Cosign keyless signing. The artifact's identity is deemed
to be verified if any of the specified matchers match against
the identity.
items:
description:OIDCIdentityMatch specifies options for verifying
the certificate identity, i.e. the issuer and the subject
of the certificate.
properties:
issuer:
description:Issuer specifies the regex pattern to match
against to verify the OIDC issuer in the Fulcio certificate.
The pattern must be a valid Go regular expression.
type:string
subject:
description:Subject specifies the regex pattern to match
against to verify the identity subject in the Fulcio certificate.
The pattern must be a valid Go regular expression.
type:string
required:
- issuer
- subject
type:object
type:array
provider:
default:cosign
description:Provider specifies the technology used to sign the
OCI Artifact.
enum:
- cosign
type:string
secretRef:
description:SecretRef specifies the Kubernetes Secret containing
the trusted public keys.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- provider
type:object
required:
- interval
- url
type:object
status:
default:
observedGeneration:-1
description:OCIRepositoryStatus defines the observed state of OCIRepository
properties:
artifact:
description:Artifact represents the output of the last successful
OCI Repository sync.
properties:
digest:
description:Digest is the digest of the file in the form of '<algorithm>:<checksum>'.
description:Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:KustomizationSpec defines the configuration to calculate
the desired state from a Source using Kustomize.
properties:
commonMetadata:
description:CommonMetadata specifies the common labels and annotations
that are applied to all resources. Any existing label or annotation
will be overridden if its key matches a common one.
properties:
annotations:
additionalProperties:
type:string
description:Annotations to be added to the object's metadata.
type:object
labels:
additionalProperties:
type:string
description:Labels to be added to the object's metadata.
type:object
type:object
components:
description:Components specifies relative paths to specifications
of other Components.
items:
type:string
type:array
decryption:
description:Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description:Provider is the name of the decryption engine.
enum:
- sops
type:string
secretRef:
description:The secret name containing the private OpenPGP keys
used for decryption.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- provider
type:object
dependsOn:
description:DependsOn may contain a meta.NamespacedObjectReference
slice with references to Kustomization resources that must be ready
before this Kustomization can be reconciled.
items:
description:NamespacedObjectReference contains enough information
to locate the referenced Kubernetes resource object in any namespace.
properties:
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- name
type:object
type:array
force:
default:false
description:Force instructs the controller to recreate resources
when patching fails due to an immutable field change.
type:boolean
healthChecks:
description:A list of resources to be included in the health assessment.
items:
description:NamespacedObjectKindReference contains enough information
to locate the typed referenced Kubernetes resource object in any
namespace.
properties:
apiVersion:
description:API version of the referent, if not specified the
Kubernetes preferred version will be used.
type:string
kind:
description:Kind of the referent.
type:string
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- kind
- name
type:object
type:array
images:
description:Images is a list of (image name, new name, new tag or
digest) for changing image names, tags or digests. This can also
be achieved with a patch, but this operator is simpler to specify.
items:
description:Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description:Digest is the value used to replace the original
image tag. If digest is present NewTag value is ignored.
type:string
name:
description:Name is a tag-less image name.
type:string
newName:
description:NewName is the value used to replace the original
name.
type:string
newTag:
description:NewTag is the value used to replace the original
tag.
type:string
required:
- name
type:object
type:array
interval:
description:The interval at which to reconcile the Kustomization.
This interval is approximate and may be subject to jitter to ensure
efficient use of resources.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
kubeConfig:
description:The KubeConfig for reconciling the Kustomization on a
remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
forces the controller to act on behalf of that Service Account at
the target cluster. If the --default-service-account flag is set,
its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
is empty.
properties:
secretRef:
description:SecretRef holds the name of a secret that contains
a key with the kubeconfig file as the value. If no key is set,
the key will default to 'value'. It is recommended that the
kubeconfig is self-contained, and the secret is regularly updated
if credentials such as a cloud-access-token expire. Cloud specific
`cmd-path` auth helpers will not function without adding binaries
and credentials to the Pod that is responsible for reconciling
Kubernetes resources.
properties:
key:
description:Key in the Secret, when not specified an implementation-specific
default key is used.
type:string
name:
description:Name of the Secret.
type:string
required:
- name
type:object
required:
- secretRef
type:object
patches:
description:Strategic merge and JSON patches, defined as inline YAML
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
description:Patch contains an inline StrategicMerge or JSON6902
patch, and the target the patch should be applied to.
properties:
patch:
description:Patch contains an inline StrategicMerge patch or
an inline JSON6902 patch with an array of operation objects.
type:string
target:
description:Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description:AnnotationSelector is a string that follows
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type:string
group:
description:Group is the API group to select resources
from. Together with Version and Kind it is capable of
deprecationWarning:v1beta1 Kustomization is deprecated, upgrade to v1
name:v1beta1
schema:
openAPIV3Schema:
description:Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:KustomizationSpec defines the desired state of a kustomization.
properties:
decryption:
description:Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description:Provider is the name of the decryption engine.
enum:
- sops
type:string
secretRef:
description:The secret name containing the private OpenPGP keys
used for decryption.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- provider
type:object
dependsOn:
description:DependsOn may contain a meta.NamespacedObjectReference
slice with references to Kustomization resources that must be ready
before this Kustomization can be reconciled.
items:
description:NamespacedObjectReference contains enough information
to locate the referenced Kubernetes resource object in any namespace.
properties:
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- name
type:object
type:array
force:
default:false
description:Force instructs the controller to recreate resources
when patching fails due to an immutable field change.
type:boolean
healthChecks:
description:A list of resources to be included in the health assessment.
items:
description:NamespacedObjectKindReference contains enough information
to locate the typed referenced Kubernetes resource object in any
namespace.
properties:
apiVersion:
description:API version of the referent, if not specified the
Kubernetes preferred version will be used.
type:string
kind:
description:Kind of the referent.
type:string
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- kind
- name
type:object
type:array
images:
description:Images is a list of (image name, new name, new tag or
digest) for changing image names, tags or digests. This can also
be achieved with a patch, but this operator is simpler to specify.
items:
description:Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description:Digest is the value used to replace the original
image tag. If digest is present NewTag value is ignored.
type:string
name:
description:Name is a tag-less image name.
type:string
newName:
description:NewName is the value used to replace the original
name.
type:string
newTag:
description:NewTag is the value used to replace the original
tag.
type:string
required:
- name
type:object
type:array
interval:
description:The interval at which to reconcile the Kustomization.
type:string
kubeConfig:
description:The KubeConfig for reconciling the Kustomization on a
remote cluster. When specified, KubeConfig takes precedence over
ServiceAccountName.
properties:
secretRef:
description:SecretRef holds the name to a secret that contains
a 'value' key with the kubeconfig file as the value. It must
be in the same namespace as the Kustomization. It is recommended
that the kubeconfig is self-contained, and the secret is regularly
updated if credentials such as a cloud-access-token expire.
Cloud specific `cmd-path` auth helpers will not function without
adding binaries and credentials to the Pod that is responsible
for reconciling the Kustomization.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
type:object
patches:
description:Strategic merge and JSON patches, defined as inline YAML
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
description:Patch contains an inline StrategicMerge or JSON6902
patch, and the target the patch should be applied to.
properties:
patch:
description:Patch contains an inline StrategicMerge patch or
an inline JSON6902 patch with an array of operation objects.
type:string
target:
description:Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description:AnnotationSelector is a string that follows
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type:string
group:
description:Group is the API group to select resources
from. Together with Version and Kind it is capable of
deprecationWarning:v1beta2 Kustomization is deprecated, upgrade to v1
name:v1beta2
schema:
openAPIV3Schema:
description:Kustomization is the Schema for the kustomizations API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:KustomizationSpec defines the configuration to calculate
the desired state from a Source using Kustomize.
properties:
commonMetadata:
description:CommonMetadata specifies the common labels and annotations
that are applied to all resources. Any existing label or annotation
will be overridden if its key matches a common one.
properties:
annotations:
additionalProperties:
type:string
description:Annotations to be added to the object's metadata.
type:object
labels:
additionalProperties:
type:string
description:Labels to be added to the object's metadata.
type:object
type:object
components:
description:Components specifies relative paths to specifications
of other Components.
items:
type:string
type:array
decryption:
description:Decrypt Kubernetes secrets before applying them on the
cluster.
properties:
provider:
description:Provider is the name of the decryption engine.
enum:
- sops
type:string
secretRef:
description:The secret name containing the private OpenPGP keys
used for decryption.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
required:
- provider
type:object
dependsOn:
description:DependsOn may contain a meta.NamespacedObjectReference
slice with references to Kustomization resources that must be ready
before this Kustomization can be reconciled.
items:
description:NamespacedObjectReference contains enough information
to locate the referenced Kubernetes resource object in any namespace.
properties:
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- name
type:object
type:array
force:
default:false
description:Force instructs the controller to recreate resources
when patching fails due to an immutable field change.
type:boolean
healthChecks:
description:A list of resources to be included in the health assessment.
items:
description:NamespacedObjectKindReference contains enough information
to locate the typed referenced Kubernetes resource object in any
namespace.
properties:
apiVersion:
description:API version of the referent, if not specified the
Kubernetes preferred version will be used.
type:string
kind:
description:Kind of the referent.
type:string
name:
description:Name of the referent.
type:string
namespace:
description:Namespace of the referent, when not specified it
acts as LocalObjectReference.
type:string
required:
- kind
- name
type:object
type:array
images:
description:Images is a list of (image name, new name, new tag or
digest) for changing image names, tags or digests. This can also
be achieved with a patch, but this operator is simpler to specify.
items:
description:Image contains an image name, a new name, a new tag
or digest, which will replace the original name and tag.
properties:
digest:
description:Digest is the value used to replace the original
image tag. If digest is present NewTag value is ignored.
type:string
name:
description:Name is a tag-less image name.
type:string
newName:
description:NewName is the value used to replace the original
name.
type:string
newTag:
description:NewTag is the value used to replace the original
tag.
type:string
required:
- name
type:object
type:array
interval:
description:The interval at which to reconcile the Kustomization.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
kubeConfig:
description:The KubeConfig for reconciling the Kustomization on a
remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
forces the controller to act on behalf of that Service Account at
the target cluster. If the --default-service-account flag is set,
its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
is empty.
properties:
secretRef:
description:SecretRef holds the name of a secret that contains
a key with the kubeconfig file as the value. If no key is set,
the key will default to 'value'. It is recommended that the
kubeconfig is self-contained, and the secret is regularly updated
if credentials such as a cloud-access-token expire. Cloud specific
`cmd-path` auth helpers will not function without adding binaries
and credentials to the Pod that is responsible for reconciling
Kubernetes resources.
properties:
key:
description:Key in the Secret, when not specified an implementation-specific
default key is used.
type:string
name:
description:Name of the Secret.
type:string
required:
- name
type:object
required:
- secretRef
type:object
patches:
description:Strategic merge and JSON patches, defined as inline YAML
objects, capable of targeting objects based on kind, label and annotation
selectors.
items:
description:Patch contains an inline StrategicMerge or JSON6902
patch, and the target the patch should be applied to.
properties:
patch:
description:Patch contains an inline StrategicMerge patch or
an inline JSON6902 patch with an array of operation objects.
type:string
target:
description:Target points to the resources that the patch document
should be applied to.
properties:
annotationSelector:
description:AnnotationSelector is a string that follows
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type:string
group:
description:Group is the API group to select resources
from. Together with Version and Kind it is capable of
deprecationWarning:v2beta1 HelmRelease is deprecated, upgrade to v2beta2
name:v2beta1
schema:
openAPIV3Schema:
description:HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmReleaseSpec defines the desired state of a Helm release.
properties:
chart:
description:Chart defines the template of the v1beta2.HelmChart that
should be created for this HelmRelease.
properties:
metadata:
description:ObjectMeta holds the template for metadata like labels
and annotations.
properties:
annotations:
additionalProperties:
type:string
description:'Annotations is an unstructured key value map
stored with a resource that may be set by external tools
to store and retrieve arbitrary metadata. They are not queryable
and should be preserved when modifying objects. More info:
description:HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:HelmReleaseSpec defines the desired state of a Helm release.
properties:
chart:
description:Chart defines the template of the v1beta2.HelmChart that
should be created for this HelmRelease.
properties:
metadata:
description:ObjectMeta holds the template for metadata like labels
and annotations.
properties:
annotations:
additionalProperties:
type:string
description:'Annotations is an unstructured key value map
stored with a resource that may be set by external tools
to store and retrieve arbitrary metadata. They are not queryable
and should be preserved when modifying objects. More info:
deprecationWarning:v1beta1 Alert is deprecated, upgrade to v1beta3
name:v1beta1
schema:
openAPIV3Schema:
description:Alert is the Schema for the alerts API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:AlertSpec defines an alerting rule for events involving a
list of objects
properties:
eventSeverity:
default:info
description:Filter events based on severity, defaults to ('info').
If set to 'info' no events will be filtered.
enum:
- info
- error
type:string
eventSources:
description:Filter events based on the involved objects.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type:object
name:
description:Name of the referent
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- name
type:object
type:array
exclusionList:
description:A list of Golang regular expressions to be used for excluding
messages.
items:
type:string
type:array
providerRef:
description:Send events using this provider.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
summary:
description:Short description of the impact and affected cluster.
type:string
suspend:
description:This flag tells the controller to suspend subsequent
events dispatching. Defaults to false.
type:boolean
required:
- eventSources
- providerRef
type:object
status:
default:
observedGeneration:-1
description:AlertStatus defines the observed state of Alert
properties:
conditions:
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
deprecationWarning:v1beta2 Alert is deprecated, upgrade to v1beta3
name:v1beta2
schema:
openAPIV3Schema:
description:Alert is the Schema for the alerts API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:AlertSpec defines an alerting rule for events involving a
list of objects.
properties:
eventMetadata:
additionalProperties:
type:string
description:EventMetadata is an optional field for adding metadata
to events dispatched by the controller. This can be used for enhancing
the context of the event. If a field would override one already
present on the original event as generated by the emitter, then
the override doesn't happen, i.e. the original value is preserved,
and an info log is printed.
type:object
eventSeverity:
default:info
description:EventSeverity specifies how to filter events based on
severity. If set to 'info' no events will be filtered.
enum:
- info
- error
type:string
eventSources:
description:EventSources specifies how to filter events based on
the involved object kind, name and namespace.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed. MatchLabels requires the name to be set to `*`.
type:object
name:
description:Name of the referent If multiple resources are
targeted `*` may be set.
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- kind
- name
type:object
type:array
exclusionList:
description:ExclusionList specifies a list of Golang regular expressions
to be used for excluding messages.
items:
type:string
type:array
inclusionList:
description:InclusionList specifies a list of Golang regular expressions
to be used for including messages.
items:
type:string
type:array
providerRef:
description:ProviderRef specifies which Provider this Alert should
use.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
summary:
description:Summary holds a short description of the impact and affected
cluster.
maxLength:255
type:string
suspend:
description:Suspend tells the controller to suspend subsequent events
handling for this Alert.
type:boolean
required:
- eventSources
- providerRef
type:object
status:
default:
observedGeneration:-1
description:AlertStatus defines the observed state of the Alert.
properties:
conditions:
description:Conditions holds the conditions for the Alert.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
description:LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type:string
observedGeneration:
description:ObservedGeneration is the last observed generation.
format:int64
type:integer
type:object
type:object
served:true
storage:false
subresources:
status:{}
- additionalPrinterColumns:
- jsonPath:.metadata.creationTimestamp
name:Age
type:date
name:v1beta3
schema:
openAPIV3Schema:
description:Alert is the Schema for the alerts API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:AlertSpec defines an alerting rule for events involving a
list of objects.
properties:
eventMetadata:
additionalProperties:
type:string
description:EventMetadata is an optional field for adding metadata
to events dispatched by the controller. This can be used for enhancing
the context of the event. If a field would override one already
present on the original event as generated by the emitter, then
the override doesn't happen, i.e. the original value is preserved,
and an info log is printed.
type:object
eventSeverity:
default:info
description:EventSeverity specifies how to filter events based on
severity. If set to 'info' no events will be filtered.
enum:
- info
- error
type:string
eventSources:
description:EventSources specifies how to filter events based on
the involved object kind, name and namespace.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed. MatchLabels requires the name to be set to `*`.
type:object
name:
description:Name of the referent If multiple resources are
targeted `*` may be set.
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- kind
- name
type:object
type:array
exclusionList:
description:ExclusionList specifies a list of Golang regular expressions
to be used for excluding messages.
items:
type:string
type:array
inclusionList:
description:InclusionList specifies a list of Golang regular expressions
to be used for including messages.
items:
type:string
type:array
providerRef:
description:ProviderRef specifies which Provider this Alert should
use.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
summary:
description:Summary holds a short description of the impact and affected
cluster.
maxLength:255
type:string
suspend:
description:Suspend tells the controller to suspend subsequent events
deprecationWarning:v1beta1 Provider is deprecated, upgrade to v1beta3
name:v1beta1
schema:
openAPIV3Schema:
description:Provider is the Schema for the providers API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ProviderSpec defines the desired state of Provider
properties:
address:
description:HTTP/S webhook address of this provider
pattern:^(http|https)://
type:string
certSecretRef:
description:CertSecretRef can be given the name of a secret containing
a PEM-encoded CA certificate (`caFile`)
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
channel:
description:Alert channel for this provider
type:string
proxy:
description:HTTP/S address of the proxy
pattern:^(http|https)://
type:string
secretRef:
description:Secret reference containing the provider webhook URL
using "address" as data key
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:This flag tells the controller to suspend subsequent
events handling. Defaults to false.
type:boolean
timeout:
description:Timeout for sending alerts to the provider.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
type:
description:Type of provider
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- azuredevops
- googlechat
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
type:string
username:
description:Bot username for this provider
type:string
required:
- type
type:object
status:
default:
observedGeneration:-1
description:ProviderStatus defines the observed state of Provider
properties:
conditions:
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
deprecationWarning:v1beta2 Provider is deprecated, upgrade to v1beta3
name:v1beta2
schema:
openAPIV3Schema:
description:Provider is the Schema for the providers API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ProviderSpec defines the desired state of the Provider.
properties:
address:
description:Address specifies the endpoint, in a generic sense, to
where alerts are sent. What kind of endpoint depends on the specific
Provider type being used. For the generic Provider, for example,
this is an HTTP/S address. For other Provider types this could be
a project ID or a namespace.
maxLength:2048
type:string
certSecretRef:
description:"CertSecretRef specifies the Secret containing a PEM-encoded
CA certificate (in the `ca.crt` key). \n Note:Support for the `caFile`
key has been deprecated."
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
channel:
description:Channel specifies the destination channel where events
should be posted.
maxLength:2048
type:string
interval:
description:Interval at which to reconcile the Provider with its
Secret references.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
proxy:
description:Proxy the HTTP/S address of the proxy server.
maxLength:2048
pattern:^(http|https)://.*$
type:string
secretRef:
description:SecretRef specifies the Secret containing the authentication
credentials for this Provider.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend subsequent events
handling for this Provider.
type:boolean
timeout:
description:Timeout for sending alerts to the Provider.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
type:
description:Type specifies which Provider implementation to use.
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- gitea
- bitbucketserver
- bitbucket
- azuredevops
- googlechat
- googlepubsub
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
- pagerduty
- datadog
type:string
username:
description:Username specifies the name under which events are posted.
maxLength:2048
type:string
required:
- type
type:object
status:
default:
observedGeneration:-1
description:ProviderStatus defines the observed state of the Provider.
properties:
conditions:
description:Conditions holds the conditions for the Provider.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
description:LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value can
be detected.
type:string
observedGeneration:
description:ObservedGeneration is the last reconciled generation.
format:int64
type:integer
type:object
type:object
served:true
storage:false
subresources:
status:{}
- additionalPrinterColumns:
- jsonPath:.metadata.creationTimestamp
name:Age
type:date
name:v1beta3
schema:
openAPIV3Schema:
description:Provider is the Schema for the providers API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ProviderSpec defines the desired state of the Provider.
properties:
address:
description:Address specifies the endpoint, in a generic sense, to
where alerts are sent. What kind of endpoint depends on the specific
Provider type being used. For the generic Provider, for example,
this is an HTTP/S address. For other Provider types this could be
a project ID or a namespace.
maxLength:2048
type:string
certSecretRef:
description:"CertSecretRef specifies the Secret containing a PEM-encoded
CA certificate (in the `ca.crt` key). \n Note:Support for the `caFile`
key has been deprecated."
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
channel:
description:Channel specifies the destination channel where events
should be posted.
maxLength:2048
type:string
interval:
description:Interval at which to reconcile the Provider with its
Secret references. Deprecated and not used in v1beta3.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
proxy:
description:Proxy the HTTP/S address of the proxy server.
maxLength:2048
pattern:^(http|https)://.*$
type:string
secretRef:
description:SecretRef specifies the Secret containing the authentication
credentials for this Provider.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend subsequent events
handling for this Provider.
type:boolean
timeout:
description:Timeout for sending alerts to the Provider.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m))+$
type:string
type:
description:Type specifies which Provider implementation to use.
enum:
- slack
- discord
- msteams
- rocket
- generic
- generic-hmac
- github
- gitlab
- gitea
- bitbucketserver
- bitbucket
- azuredevops
- googlechat
- googlepubsub
- webex
- sentry
- azureeventhub
- telegram
- lark
- matrix
- opsgenie
- alertmanager
- grafana
- githubdispatch
- pagerduty
- datadog
- nats
type:string
username:
description:Username specifies the name under which events are posted.
description:Receiver is the Schema for the receivers API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ReceiverSpec defines the desired state of the Receiver.
properties:
events:
description:Events specifies the list of event types to handle, e.g.
'push'for GitHub or 'Push Hook' for GitLab.
items:
type:string
type:array
interval:
default:10m
description:Interval at which to reconcile the Receiver with its
Secret references.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
resources:
description:A list of resources to be notified about changes.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed. MatchLabels requires the name to be set to `*`.
type:object
name:
description:Name of the referent If multiple resources are
targeted `*` may be set.
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- kind
- name
type:object
type:array
secretRef:
description:SecretRef specifies the Secret containing the token used
to validate the payload authenticity.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend subsequent events
handling for this receiver.
type:boolean
type:
description:Type of webhook sender, used to determine the validation
procedure and payload deserialization.
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
type:string
required:
- resources
- secretRef
- type
type:object
status:
default:
observedGeneration:-1
description:ReceiverStatus defines the observed state of the Receiver.
properties:
conditions:
description:Conditions holds the conditions for the Receiver.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
deprecationWarning:v1beta1 Receiver is deprecated, upgrade to v1
name:v1beta1
schema:
openAPIV3Schema:
description:Receiver is the Schema for the receivers API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ReceiverSpec defines the desired state of Receiver
properties:
events:
description:A list of events to handle, e.g. 'push' for GitHub or
'Push Hook'for GitLab.
items:
type:string
type:array
resources:
description:A list of resources to be notified about changes.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type:object
name:
description:Name of the referent
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- name
type:object
type:array
secretRef:
description:Secret reference containing the token used to validate
the payload authenticity
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:This flag tells the controller to suspend subsequent
events handling. Defaults to false.
type:boolean
type:
description:Type of webhook sender, used to determine the validation
procedure and payload deserialization.
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
type:string
required:
- resources
- type
type:object
status:
default:
observedGeneration:-1
description:ReceiverStatus defines the observed state of Receiver
properties:
conditions:
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
deprecationWarning:v1beta2 Receiver is deprecated, upgrade to v1
name:v1beta2
schema:
openAPIV3Schema:
description:Receiver is the Schema for the receivers API.
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:ReceiverSpec defines the desired state of the Receiver.
properties:
events:
description:Events specifies the list of event types to handle, e.g.
'push'for GitHub or 'Push Hook' for GitLab.
items:
type:string
type:array
interval:
description:Interval at which to reconcile the Receiver with its
Secret references.
pattern:^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
type:string
resources:
description:A list of resources to be notified about changes.
items:
description:CrossNamespaceObjectReference contains enough information
to let you locate the typed referenced object at cluster level
properties:
apiVersion:
description:API version of the referent
type:string
kind:
description:Kind of the referent
enum:
- Bucket
- GitRepository
- Kustomization
- HelmRelease
- HelmChart
- HelmRepository
- ImageRepository
- ImagePolicy
- ImageUpdateAutomation
- OCIRepository
type:string
matchLabels:
additionalProperties:
type:string
description:MatchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed. MatchLabels requires the name to be set to `*`.
type:object
name:
description:Name of the referent If multiple resources are
targeted `*` may be set.
maxLength:53
minLength:1
type:string
namespace:
description:Namespace of the referent
maxLength:53
minLength:1
type:string
required:
- kind
- name
type:object
type:array
secretRef:
description:SecretRef specifies the Secret containing the token used
to validate the payload authenticity.
properties:
name:
description:Name of the referent.
type:string
required:
- name
type:object
suspend:
description:Suspend tells the controller to suspend subsequent events
handling for this receiver.
type:boolean
type:
description:Type of webhook sender, used to determine the validation
procedure and payload deserialization.
enum:
- generic
- generic-hmac
- github
- gitlab
- bitbucket
- harbor
- dockerhub
- quay
- gcr
- nexus
- acr
type:string
required:
- resources
- type
type:object
status:
default:
observedGeneration:-1
description:ReceiverStatus defines the observed state of the Receiver.
properties:
conditions:
description:Conditions holds the conditions for the Receiver.
items:
description:"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:\"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
